martinkennelly

#!/bin/bash
# Version 1.0 (23 Apr 2025)
# Martin Kennelly (OCP Networking)
# Designed to assist with https://issues.redhat.com/browse/OCPBUGS-42303
# Requires ovn-northd+ovn-controller to sync at least once for SNAT removal changes to propagate to data plane
# Must be executed before ovnkube-controller is started

DATE=$(date +"%Y-%m-%d-%H-%M")
echo "$DATE"
for NAT_UUID in $(ovn-nbctl --bare --column _uuid find nat external-ids:\"name\"!=\"\") ; do \

martinkennelly

#!/bin/bash
# Iterate over all Nodes and checked for stale IP allocations. Retry problamatic Nodes until success. 
# Ctrl + C to cancel
set -eu pipefail

CNI_NETWORK_DIR="/host/var/lib/cni/networks/openshift-sdn"

function is_number {
  if [ -n "$1" ] && [ "$1" -eq "$1" ] 2>/dev/null; then
    return 0

martinkennelly

#!/usr/bin/python3
# usage python3 echoTcpServer.py [bind IP]  [bind PORT]

import socket
import sys
import string
import random

# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

martinkennelly

# Get packet info thatll later be used for the trace. This info describes the flow.
1. tcpdump -XX -c1 -nn -i <dev> <some filter thatll just capture the flow you want> | ovs-tcpundump
# Lookup the port ID on which the packet is coming in
2. ovs-ofctl show <ovs bridge>
# Perform trace
ovs-appctl ofproto/trace <ovs bridge> in_port=${port id in step 2} ${pkt data from step 1}

martinkennelly

# Setup user group and user and ensure passwordless root
groupadd mk && useradd --gid mk --groups mk,users,adm --shell /bin/bash -c "mk home" --create-home mk
cat <<EOT >> /etc/sudoers.d/99-mk
mk ALL=(ALL) NOPASSWD:ALL
EOT
# Create new .ssh dir in mk home dir and add a public key to authorized_key file and set perms
chmod 400 authorized_key
chown -R mk:mk ~mk/.ssh

martinkennelly

# GetOAUTH token
https://oauth-openshift.apps.ci.l2s4.p1.openshiftapps.com/oauth/token/request
# Login with provided link
oc login..
# Login to registry (for podman)
oc registry login --to ~/.config/containers/auth.json 
# Login to registry (for docker)
oc registry login --to ~/.docker/config.json

martinkennelly

#!/bin/bash
set -eou pipefail
tag="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo '')"
echo "Tag is $tag"
docker build -f Dockerfile -t quay.io/mkennell/cluster-network-operator:$tag .
docker push quay.io/mkennell/cluster-network-operator:$tag
oc patch clusterversion version --type json -p '[{"op":"add","path":"/spec/overrides","value":[{"kind":"Deployment","group":"apps","name":"network-operator","namespace":"openshift-network-operator","unmanaged":true},{"kind":"Deployment","group":"apps","name":"openshift-controller-manager-operator","namespace":"openshift-controller-manager-operator","unmanaged":true}]}]'
oc -n openshift-network-operator set image deployment/network-operator network-operator=quay.io/mkennell/cluster-network-operator:$tag

martinkennelly

You can possibly resolve it in two ways:
1. If OVN is in HA, exec onto the pod who is the current leader and execute `ovn-nbctl --no-leader-only show`
2. Find all the instances IPs and execute `ovn-nbctl --no-leader-only --db=...`

martinkennelly

echo -e "[logging]\nlevel=TRACE\n"  > /etc/NetworkManager/conf.d/99-trace-logging.conf

martinkennelly

for f in $(oc get nodes --no-headers -o custom-columns=N:.metadata.name ) ; do oc debug node/$f --  chroot /host bash -c "echo $USER-ocp-qe-$(date -I) |  passwd --stdin core" & done