ovn db: join cluster with raft header backup (#6106)

Signed-off-by: zhangzujian <zhangzujian.7@gmail.com>

Author: zhangzujian

dist/images/Dockerfile.base

@@ -45,6 +45,7 @@ ADD patches/f627b7721ec282f2edaf798913b1559b939687f0.patch $SRC_DIR
 ADD patches/3f3e3a436ff5eb2eaafbeeae8ea9dc0c514fe8a3.patch $SRC_DIR
 ADD patches/a6cb8215a80635129e4fada4c0d25c25fb746bf7.patch $SRC_DIR
 ADD patches/d4d76ddb2e12cdd9e73bb5e008ebb9fd1b4d6ca6.patch $SRC_DIR
+ADD patches/53b9837f7fe89cd63af735b039b8c26107d6579d.patch $SRC_DIR
 ADD patches/ffd2328d4a55271569e2b89e54a2c18f4e186af8.patch $SRC_DIR
 ADD patches/d088c5d8c263552c5a31d87813991aee30ab74de.patch $SRC_DIR
 ADD patches/1b31f07dc60c016153fa35d936cdda0e02e58492.patch $SRC_DIR
@@ -87,6 +88,8 @@ RUN cd /usr/src/ && \
     git apply $SRC_DIR/a6cb8215a80635129e4fada4c0d25c25fb746bf7.patch && \
     # ovsdb-tool: add command fix-cluster
     git apply $SRC_DIR/d4d76ddb2e12cdd9e73bb5e008ebb9fd1b4d6ca6.patch && \
+    # ovsdb-tool: add commands db-raft-header/rejoin-cluster
+    git apply $SRC_DIR/53b9837f7fe89cd63af735b039b8c26107d6579d.patch && \
     # netdev: reduce cpu utilization for getting device addresses
     git apply $SRC_DIR/ffd2328d4a55271569e2b89e54a2c18f4e186af8.patch && \
     # ovs-router: skip getting source address for kube-ipvs0

dist/images/patches/53b9837f7fe89cd63af735b039b8c26107d6579d.patch

@@ -0,0 +1,138 @@
+From 53b9837f7fe89cd63af735b039b8c26107d6579d Mon Sep 17 00:00:00 2001
+From: zhangzujian <zhangzujian.7@gmail.com>
+Date: Fri, 26 Dec 2025 08:24:04 +0000
+Subject: [PATCH] ovsdb-tool: add commands db-raft-header/rejoin-cluster
+
+Signed-off-by: zhangzujian <zhangzujian.7@gmail.com>
+---
+ ovsdb/ovsdb-tool.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 93 insertions(+)
+
+diff --git a/ovsdb/ovsdb-tool.c b/ovsdb/ovsdb-tool.c
+index bfd54a97f..9ec2c5d48 100644
+--- a/ovsdb/ovsdb-tool.c
++++ b/ovsdb/ovsdb-tool.c
+@@ -358,6 +358,63 @@ do_join_cluster(struct ovs_cmdl_context *ctx)
+     sset_destroy(&remote_addrs);
+ }
+ 
++static void
++do_rejoin_cluster(struct ovs_cmdl_context *ctx)
++{
++    const char *db_file_name = ctx->argv[1];
++    const char *hdr_file_name = ctx->argv[2];
++    const char *local = ctx->argv[3];
++    struct json *remote_addrs = json_array_create_empty();
++    for (size_t i = 4; i < ctx->argc; i++) {
++        json_array_add(remote_addrs, json_string_create(ctx->argv[i]));
++    }
++
++    FILE *fp = fopen(hdr_file_name, "r");
++    if (fp == NULL) {
++        ovs_fatal(errno, "failed to open %s for reading", hdr_file_name);
++    }
++
++    char data[4096];
++    size_t n = fread(data, 1, sizeof data, fp);
++    if (n == 0 && ferror(fp)) {
++        ovs_fatal(errno, "failed to read from %s", hdr_file_name);
++    }
++    fclose(fp);
++    if (n == sizeof data) {
++        ovs_fatal(0, "%s: header file too large", hdr_file_name);
++    }
++    data[n] = '\0';
++    struct json *hdr = parse_json(data);
++    if (hdr->type != JSON_OBJECT) {
++        ovs_fatal(0, "%s: expected JSON object", hdr_file_name);
++    }
++    json_object_put(hdr, "remote_addresses", remote_addrs);
++
++    struct raft_header h;
++    check_ovsdb_error(raft_header_from_json(&h, hdr));
++    json_destroy(hdr);
++
++    if (!h.name || !*h.name) {
++        ovs_fatal(0, "%s: missing or empty database name", hdr_file_name);
++    }
++    if (!ovsdb_parser_is_id(h.name)) {
++        ovs_fatal(0, "%s: not a valid schema name", h.name);
++    }
++    if (uuid_is_zero(&h.cid)) {
++        ovs_fatal(0, "%s: missing or zero cluster ID", hdr_file_name);
++    }
++    if (uuid_is_zero(&h.sid)) {
++        ovs_fatal(0, "%s: missing or zero server ID", hdr_file_name);
++    }
++
++    /* Create database file. */
++    check_ovsdb_error(raft_join_cluster(db_file_name, h.name, local,
++                                        &h.remote_addresses,
++                                        uuid_is_zero(&h.cid) ? NULL : &h.cid,
++                                        uuid_is_zero(&h.sid) ? NULL : &h.sid));
++    raft_header_uninit(&h);
++}
++
+ static struct ovsdb_error *
+ write_standalone_db(const char *file_name, const char *comment,
+                     const struct ovsdb *db)
+@@ -584,6 +641,39 @@ do_db_local_address(struct ovs_cmdl_context *ctx)
+     raft_metadata_destroy(&md);
+ }
+ 
++static void
++do_db_raft_header(struct ovs_cmdl_context *ctx)
++{
++    const char *db_file_name = ctx->argv[1];
++    struct ovsdb_log *log;
++
++    check_ovsdb_error(ovsdb_log_open(db_file_name, OVSDB_MAGIC"|"RAFT_MAGIC,
++                                     OVSDB_LOG_READ_ONLY, -1, &log));
++    if (strcmp(ovsdb_log_get_magic(log), RAFT_MAGIC)) {
++        ovs_fatal(0, "%s: not a clustered database", db_file_name);
++    }
++
++    struct json *header;
++    check_ovsdb_error(ovsdb_log_read(log, &header));
++    ovsdb_log_close(log);
++
++    struct raft_header h;
++    check_ovsdb_error(raft_header_from_json(&h, header));
++    json_destroy(header);
++    raft_entry_uninit(&h.snap);
++    h.snap.data.full_json = NULL;
++    h.snap.data.serialized = NULL;
++    h.snap.servers = NULL;
++    h.snap_index = 0;
++
++    header = raft_header_to_json(&h);
++    raft_header_uninit(&h);
++    char *s = json_to_string(header, JSSF_PRETTY);
++    json_destroy(header);
++    puts(s);
++    free(s);
++}
++
+ static void
+ do_db_has_magic(struct ovs_cmdl_context *ctx, const char *magic)
+ {
+@@ -2153,6 +2243,8 @@ static const struct ovs_cmdl_command all_commands[] = {
+     { "create-cluster", "db contents local", 3, 3, do_create_cluster, OVS_RW },
+     { "join-cluster", "db name local remote...", 4, INT_MAX, do_join_cluster,
+       OVS_RW },
++    { "rejoin-cluster", "db hdr local remote...", 4, INT_MAX, do_rejoin_cluster,
++      OVS_RW },
+     { "compact", "[db [dst]]", 0, 2, do_compact, OVS_RW },
+     { "convert", "[db [schema [dst]]]", 0, 3, do_convert, OVS_RW },
+     { "needs-conversion", NULL, 0, 2, do_needs_conversion, OVS_RO },
+@@ -2162,6 +2254,7 @@ static const struct ovs_cmdl_command all_commands[] = {
+     { "db-cid", "db", 1, 1, do_db_cid, OVS_RO },
+     { "db-sid", "db", 1, 1, do_db_sid, OVS_RO },
+     { "db-local-address", "db", 1, 1, do_db_local_address, OVS_RO },
++    { "db-raft-header", "db", 1, 1, do_db_raft_header, OVS_RO },
+     { "db-is-clustered", "db", 1, 1, do_db_is_clustered, OVS_RO },
+     { "db-is-standalone", "db", 1, 1, do_db_is_standalone, OVS_RO },
+     { "schema-name", "[schema]", 0, 1, do_schema_name, OVS_RO },
+-- 
+2.43.0
+

dist/images/start-db.sh

@@ -115,10 +115,10 @@ function ovndb_query_leader {
 
     eval port="\$${db_eval}_PORT"
     query='["_Server",{"table":"Database","where":[["name","==","'$db'"]],"columns":["leader"],"op":"select"}]'
-    if [[ "$ENABLE_SSL" == "false" ]]; then 
-        timeout 10 ovsdb-client query $(gen_conn_addr $i $port) "$query"
+    if [[ "$ENABLE_SSL" == "false" ]]; then
+        timeout 10 ovsdb-client query $(gen_conn_addr $2 $port) "$query"
     else
-        timeout 10 ovsdb-client $SSL_OPTIONS query $(gen_conn_addr $i $port) "$query"
+        timeout 10 ovsdb-client $SSL_OPTIONS query $(gen_conn_addr $2 $port) "$query"
     fi
 }
 
@@ -128,7 +128,7 @@ function quit {
 }
 
 function is_clustered {
-    for i in $(echo -n "${NODE_IPS}" | sed 's/,/ /g'); do 
+    for i in $(echo -n "${NODE_IPS}" | sed 's/,/ /g'); do
       nb_leader=$(ovndb_query_leader nb $i)
       if [[ $nb_leader =~ "true" ]]; then
         return 0
@@ -172,9 +172,42 @@ function ovn_db_pre_start() {
         ;;
     esac
 
+    eval port="\$${db_eval}_CLUSTER_PORT"
+    local local_addr="$(gen_conn_addr $DB_CLUSTER_ADDR $port)"
+    echo "local address: $local_addr"
+
+    local remote_addr=()
+    local node_ips=$(echo -n "${NODE_IPS}" | sed 's/,/ /g')
+    for node_ip in ${node_ips[*]}; do
+        if [ ! "$node_ip" = "$DB_CLUSTER_ADDR" ]; then
+            remote_addr=(${remote_addr[*]} "$(gen_conn_addr $node_ip $port)")
+        fi
+    done
+    echo "remote addresses: ${remote_addr[*]}"
+
     local db_file="/etc/ovn/ovn${1}_db.db"
+    local hdr_file="/etc/ovn/ovn${1}_db.hdr"
     if [ -e "$db_file" ]; then
+        # check whether db file is corrupted
+        db_name=$(ovsdb-tool db-name "$db_file" || true)
+        if [ "$db_name" != "$db" ]; then
+            # db file is corrupted and we cannot get the sid from it
+            # we have a chance to rebuild it from raft header
+            echo "ovn db file $db_file is corrupted, mv it away."
+            local db_bak="$db_file.backup-$(date +%s)-$(random_str)"
+            echo "backup $db_file to $db_bak"
+            mv "$db_file" "$db_bak" || return 1
+            if [ ${#remote_addr[*]} -ne 0 -a -e "$hdr_file" ]; then
+                # rebuild db file from raft header generated by the leader check process
+                echo "generating new db file $db_file from raft header file $hdr_file"
+                ovsdb-tool rejoin-cluster "$db_file" "$hdr_file" "$local_addr" ${remote_addr[*]}
+            fi
+            return
+        fi
+
+        # check whether the db file is standalone or clustered
         if ovsdb-tool db-is-clustered "$db_file"; then
+            # if the db file is clustered, check whether it has joined the cluster
             local msg=$(ovsdb-tool check-cluster "$db_file" 2>&1) || true
             if echo $msg | grep -q 'has not joined the cluster'; then
                 local birth_time=$(stat --format=%W $db_file)
@@ -187,6 +220,7 @@ function ovn_db_pre_start() {
             fi
 
             if ! ovsdb-tool check-cluster "$db_file"; then
+                # clustered db file is corrupted
                 local db_bak="$db_file.backup-$(date +%s)-$(random_str)"
                 echo "backup $db_file to $db_bak"
                 cp "$db_file" "$db_bak" || return 1
@@ -199,39 +233,39 @@ function ovn_db_pre_start() {
                         fixed=1
                     fi
                 fi
-                if [ $fixed -ne 1 ]; then
+                if [ $fixed -ne 1 -a ${#remote_addr[*]} -ne 0 ]; then
                     echo "failed to fix database file $db_file, rebuild it."
+                    local db_new="$db_file.init-$(date +%s)-$(random_str)"
+                    if [ -e "$hdr_file" ]; then
+                        echo "generating new db file $db_new from raft header file $hdr_file"
+                        if ovsdb-tool rejoin-cluster "$db_new" "$hdr_file" "$local_addr" ${remote_addr[*]}; then
+                            echo "use new database file $db_new"
+                            mv "$db_new" "$db_file"
+                            return
+                        fi
+                    fi
+
+                    # no raft header file, try to reuse the sid from the corrupted db file
                     local sid=$(ovsdb-tool db-sid "$db_file")
                     if ! echo -n "$sid" | grep -qE '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'; then
                         echo "failed to get sid from db file $db_file"
                         return 1
                     fi
-                    echo "get local server id $sid"
-
-                    eval port="\$${db_eval}_CLUSTER_PORT"
-                    local local_addr="$(gen_conn_addr $DB_CLUSTER_ADDR $port)"
-                    echo "local address: $local_addr"
-
-                    local remote_addr=()
-                    local node_ips=$(echo -n "${NODE_IPS}" | sed 's/,/ /g')
-                    for node_ip in ${node_ips[*]}; do
-                        if [ ! "$node_ip" = "$DB_CLUSTER_ADDR" ]; then
-                            remote_addr=(${remote_addr[*]} "$(gen_conn_addr $node_ip $port)")
-                        fi
-                    done
-                    echo "remote addresses: ${remote_addr[*]}"
-
-                    local db_new="$db_file.init-$(date +%s)-$(random_str)"
-                    echo "generating new database file $db_new"
-                    if [ ${#remote_addr[*]} -ne 0 ]; then
-                        ovsdb-tool --sid $sid join-cluster "$db_new" $db $local_addr ${remote_addr[*]} || return 1
-
-                        echo "use new database file $db_new"
-                        mv "$db_new" "$db_file"
-                    fi
+                    echo "generating new database file $db_new with sid $sid"
+                    ovsdb-tool --sid $sid join-cluster "$db_new" $db $local_addr ${remote_addr[*]} || return 1
+                    echo "use new database file $db_new"
+                    mv "$db_new" "$db_file"
                 fi
             fi
         fi
+    elif [ -e "$hdr_file" ]; then
+        echo "db file $db_file is missing, while raft header file $hdr_file exists."
+        if [ ${#remote_addr[*]} -ne 0 -a -e "$hdr_file" ]; then
+            # rebuild db file from raft header generated by the leader check process
+            echo "generating new db file $db_file from raft header file $hdr_file"
+            ovsdb-tool rejoin-cluster "$db_file" "$hdr_file" "$local_addr" ${remote_addr[*]}
+        fi
+        return
     fi
 
     # create local config

pkg/ovn_leader_checker/ovn.go

@@ -1,7 +1,9 @@
 package ovn_leader_checker
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
@@ -363,6 +365,56 @@ func compactOvnDatabase(db string) {
 	}
 }
 
+// backupRaftHeader backs up the raft header of the ovn db file.
+// The backup file name is ovn<db>_db.hdr, e.g., ovnnb_db.hdr for ovnnb database file named ovnnb_db.db.
+// Example content of the header file:
+//
+//	{
+//	  "server_id": "8d77699d-8dc6-4f32-b1ba-b66aad05ba46",
+//	  "name": "OVN_Northbound",
+//	  "local_address": "tcp:[172.18.0.2]:6643",
+//	  "cluster_id": "6d240b86-177e-4f17-aded-ed1b7b364d97"
+//	}
+func backupRaftHeader(db string) {
+	args := []string{"db-raft-header", fmt.Sprintf("/etc/ovn/ovn%s_db.db", db)}
+	hdr, err := exec.Command("ovsdb-tool", args...).CombinedOutput() // #nosec G204
+	if err != nil {
+		klog.Errorf("failed to backup raft header of ovn%s database: error = %v, output = %s", db, err, string(hdr))
+		return
+	}
+
+	var data map[string]any
+	if err = json.Unmarshal(hdr, &data); err != nil {
+		klog.Errorf("failed to unmarshal raft header json content for ovn%s database: %v", db, err)
+		return
+	}
+
+	hdr, _ = json.MarshalIndent(data, "", "  ")
+	hdrFile := fmt.Sprintf("/etc/ovn/ovn%s_db.hdr", db)
+	content, err := os.ReadFile(hdrFile)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			klog.Errorf("failed to read raft header file %s: %v", hdrFile, err)
+		}
+		klog.V(5).Infof("raft header file %s does not exist, created new one", hdrFile)
+	}
+
+	if bytes.Equal(content, hdr) {
+		klog.V(5).Infof("raft header file %s is up-to-date, no need to update", hdrFile)
+		return
+	}
+
+	klog.Infof("Found changes in raft header for ovn%s database, updating file %s", db, hdrFile)
+	klog.Infof("Previous content of raft header file %s:\n%s", hdrFile, string(content))
+
+	if err = os.WriteFile(hdrFile, hdr, 0o600); err != nil {
+		klog.Errorf("failed to write raft header file %s: %v", hdrFile, err)
+		return
+	}
+
+	klog.Infof("succeeded to backup raft header of ovn%s database to file %s with content:\n%s", db, hdrFile, string(hdr))
+}
+
 func doOvnLeaderCheck(cfg *Configuration, podName, podNamespace string) {
 	if podName == "" || podNamespace == "" {
 		util.LogFatalAndExit(nil, "env variables POD_NAME and POD_NAMESPACE must be set")
@@ -409,6 +461,9 @@ func doOvnLeaderCheck(cfg *Configuration, podName, podNamespace string) {
 			compactOvnDatabase("nb")
 			compactOvnDatabase("sb")
 		}
+
+		backupRaftHeader("nb")
+		backupRaftHeader("sb")
 	} else {
 		icNbLeader := isDBLeader(cfg.localAddress, "OVN_IC_Northbound")
 		icSbLeader := isDBLeader(cfg.localAddress, "OVN_IC_Southbound")