From faf09e53df56fd8654a4dc069c6189a242a1972c Mon Sep 17 00:00:00 2001
From: Xu Liu <xliu2@vmware.com>
Date: Mon, 4 Mar 2024 06:10:08 +0000
Subject: [PATCH] Fix logrotate user in UBI images

Logrotate will run as the user openvswitch, but we start the OVS
daemon as the root user. We can disable this behavior by specifying
`--without libcapng` in RPM builds.

Fixes: #6046

Signed-off-by: Xu Liu <xliu2@vmware.com>
---
 build/images/ovs/Dockerfile.ubi |  2 +-
 test/e2e/basic_test.go          | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/build/images/ovs/Dockerfile.ubi b/build/images/ovs/Dockerfile.ubi
index cf3a424b012..31a7e71d223 100644
--- a/build/images/ovs/Dockerfile.ubi
+++ b/build/images/ovs/Dockerfile.ubi
@@ -32,7 +32,7 @@ RUN cd /tmp/openvswitch* && \
     sed -e "s/@VERSION@/$OVS_VERSION/" rhel/openvswitch-fedora.spec.in > /tmp/ovs.spec && \
     yum-builddep -y /tmp/ovs.spec && ./boot.sh && \
     ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc && \
-    make rpm-fedora && mkdir -p /tmp/ovs-rpms && \
+    RPMBUILD_OPT="--without libcapng" make rpm-fedora && mkdir -p /tmp/ovs-rpms && \
     mv /tmp/openvswitch-$OVS_VERSION/rpm/rpmbuild/RPMS/*/*.rpm  /tmp/ovs-rpms && \
     rm -rf /tmp/openvswitch*
 
diff --git a/test/e2e/basic_test.go b/test/e2e/basic_test.go
index 058d4c54567..10f1ed3b6ff 100644
--- a/test/e2e/basic_test.go
+++ b/test/e2e/basic_test.go
@@ -56,6 +56,7 @@ func TestBasic(t *testing.T) {
 	t.Run("testDeletePreviousRoundFlowsOnStartup", func(t *testing.T) { testDeletePreviousRoundFlowsOnStartup(t, data) })
 	t.Run("testGratuitousARP", func(t *testing.T) { testGratuitousARP(t, data, data.testNamespace) })
 	t.Run("testClusterIdentity", func(t *testing.T) { testClusterIdentity(t, data) })
+	t.Run("testLogRotate", func(t *testing.T) { testLogRotate(t, data) })
 }
 
 // testPodAssignIP verifies that Antrea allocates IP addresses properly to new Pods. It does this by
@@ -892,3 +893,14 @@ func testClusterIdentity(t *testing.T, data *TestData) {
 	assert.NoError(t, err, "Failed to retrieve cluster identity information within %v", timeout)
 	assert.NotEqual(t, uuid.Nil, clusterUUID)
 }
+
+func testLogRotate(t *testing.T, data *TestData) {
+	nodeName := nodeName(0)
+	podName := getAntreaPodName(t, data, nodeName)
+	cmd := []string{"logrotate", "-vf", "/etc/logrotate.d/openvswitch-switch"}
+	stdout, stderr, err := data.RunCommandFromPod(antreaNamespace, podName, ovsContainerName, cmd)
+	if err != nil {
+		t.Fatalf("Error when running logrotate command in Pod '%s': %v, stdout: %s, stderr: %s", podName, err, stdout, stderr)
+	}
+	t.Logf("Successfully ran logrotate command in Pod '%s': stdout: %s, stderr: %s", podName, stdout, stderr)
+}