Skip to content

Commit

Permalink
Fix log rotation in UBI images (antrea-io#6052)
Browse files Browse the repository at this point in the history
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <xliu2@vmware.com>
  • Loading branch information
xliuxu committed Mar 11, 2024
1 parent 265f980 commit 69cf966
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
5 changes: 4 additions & 1 deletion build/images/ovs/Dockerfile.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ RUN cd /tmp/openvswitch* && \
sed -e "s/@VERSION@/$OVS_VERSION/" rhel/openvswitch-fedora.spec.in > /tmp/ovs.spec && \
yum-builddep -y /tmp/ovs.spec && ./boot.sh && \
./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc && \
make rpm-fedora && mkdir -p /tmp/ovs-rpms && \
# logrotate needs to run as the same user as OVS to get the proper permissions of log files.
# As Antrea runs OVS as root, we disable libcapng to make logrotate also run as root.
# See https://github.com/openvswitch/ovs/blob/v2.17.7/rhel/openvswitch-fedora.spec.in#L26-L27.
RPMBUILD_OPT="--without libcapng" make rpm-fedora && mkdir -p /tmp/ovs-rpms && \
mv /tmp/openvswitch-$OVS_VERSION/rpm/rpmbuild/RPMS/*/*.rpm /tmp/ovs-rpms && \
rm -rf /tmp/openvswitch*

Expand Down
12 changes: 12 additions & 0 deletions test/e2e/basic_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ func TestBasic(t *testing.T) {
t.Run("testDeletePreviousRoundFlowsOnStartup", func(t *testing.T) { testDeletePreviousRoundFlowsOnStartup(t, data) })
t.Run("testGratuitousARP", func(t *testing.T) { testGratuitousARP(t, data, data.testNamespace) })
t.Run("testClusterIdentity", func(t *testing.T) { testClusterIdentity(t, data) })
t.Run("testLogRotate", func(t *testing.T) { testLogRotate(t, data) })
}

// testPodAssignIP verifies that Antrea allocates IP addresses properly to new Pods. It does this by
Expand Down Expand Up @@ -892,3 +893,14 @@ func testClusterIdentity(t *testing.T, data *TestData) {
assert.NoError(t, err, "Failed to retrieve cluster identity information within %v", timeout)
assert.NotEqual(t, uuid.Nil, clusterUUID)
}

func testLogRotate(t *testing.T, data *TestData) {
nodeName := nodeName(0)
podName := getAntreaPodName(t, data, nodeName)
cmd := []string{"logrotate", "-vf", "/etc/logrotate.d/openvswitch-switch"}
stdout, stderr, err := data.RunCommandFromPod(antreaNamespace, podName, ovsContainerName, cmd)
if err != nil {
t.Fatalf("Error when running logrotate command in Pod '%s': %v, stdout: %s, stderr: %s", podName, err, stdout, stderr)
}
t.Logf("Successfully ran logrotate command in Pod '%s': stdout: %s, stderr: %s", podName, stdout, stderr)
}

0 comments on commit 69cf966

Please sign in to comment.