The current version of the tests only initializes the SB DB and instruments it directly. This does not work with SSL+RBAC as northd must run to program the RBAC rules into the SB DB.
Run tests both for C and ddlog version of northd. Add workaround for ovn-controller not re-reading certificates to 'ovn-controller - Chassis other_config' test. Signed-off-by: Frode Nordahl <[email protected]> --- tests/ovn-controller.at | 50 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 2cd3e261f..1dd1553cd 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -1,8 +1,9 @@ AT_BANNER([ovn-controller]) +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - ovn-bridge-mappings]) AT_KEYWORDS([ovn]) -ovn_init_db ovn-sb +ovn_start net_add n1 sim_add hv as hv @@ -54,6 +55,14 @@ check_bridge_mappings () { OVS_WAIT_UNTIL([test x"${local_mappings}" = x$(ovn-sbctl get Chassis ${sysid} other_config:ovn-bridge-mappings | sed -e 's/\"//g')]) } +# NOTE: This test originally ran with only the SB-DB and no northd. For the +# test to be successfull with SSL+RBAC we need to initially run northd to get +# the RBAC rules programmed into the SB-DB. The test instruments the SB-DB +# directly and we need to stop northd to avoid overwriting the instrumentation. +kill `cat northd/ovn-northd.pid` +kill `cat northd-backup/ovn-northd.pid` +kill `cat ovn-nb/ovsdb-server.pid` + # Initially there should be no patch ports. check_patches @@ -116,12 +125,14 @@ as ovn-sb OVS_APP_EXIT_AND_WAIT([ovsdb-server]) AT_CLEANUP +]) # Checks that ovn-controller populates datapath-type and iface-types # correctly in the Chassis other_config column. +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - Chassis other_config]) AT_KEYWORDS([ovn]) -ovn_init_db ovn-sb +ovn_start net_add n1 sim_add hv @@ -192,7 +203,21 @@ OVS_WAIT_UNTIL([ # chassis_private records. Until that happens ovn-controller fails to # create the records due to constraint violation on the Encap table. sysid=${sysid}-foo -ovs-vsctl set Open_vSwitch . external-ids:system-id="${sysid}" +current_remote=`ovs-vsctl get Open_vSwitch . external-ids:ovn-remote` +if test X$HAVE_OPENSSL = Xyes; then + # To change chassis name we need to change certificate with matching CN + ovs-vsctl set-ssl \ + $PKIDIR/testpki-${sysid}-privkey.pem \ + $PKIDIR/testpki-${sysid}-cert.pem \ + $PKIDIR/testpki-cacert.pem + # force reconnect which makes OVN controller read the new certificates + # TODO implement check for change of certificates in ovn-controller + # and remove this workaround. + ovs-vsctl set Open_vSwitch . external-ids:ovn-remote=unix:/dev/null +fi +ovs-vsctl -- set Open_vSwitch . external-ids:hostname="${sysid}" \ + -- set Open_vSwitch . external-ids:system-id="${sysid}" \ + -- set Open_vSwitch . external-ids:ovn-remote="${current_remote}" OVS_WAIT_UNTIL([ grep -q 'Transaction causes multiple rows in \\"Encap\\" table to have identical values' hv/ovn-controller.log @@ -216,12 +241,14 @@ as ovn-sb OVS_APP_EXIT_AND_WAIT([ovsdb-server]) AT_CLEANUP +]) # Checks that ovn-controller correctly maintains the mapping from the Encap # table in the Southbound database to OVS in the face of changes on both sides +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - change Encap properties]) AT_KEYWORDS([ovn]) -ovn_init_db ovn-sb +ovn_start net_add n1 sim_add hv @@ -271,11 +298,13 @@ as ovn-sb OVS_APP_EXIT_AND_WAIT([ovsdb-server]) AT_CLEANUP +]) # Check ovn-controller connection status to Southbound database +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - check sbdb connection]) AT_KEYWORDS([ovn]) -ovn_init_db ovn-sb +ovn_start net_add n1 sim_add hv @@ -305,11 +334,13 @@ as ovn-sb OVS_APP_EXIT_AND_WAIT([ovsdb-server]) AT_CLEANUP +]) # Checks that ovn-controller recreates its chassis record when deleted externally. +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - Chassis self record]) AT_KEYWORDS([ovn]) -ovn_init_db ovn-sb +ovn_start net_add n1 sim_add hv @@ -360,8 +391,10 @@ OVS_WAIT_UNTIL([test x0 = x`ovn-sbctl --columns nb_cfg --bare find chassis`]) OVN_CLEANUP([hv]) AT_CLEANUP +]) # Test unix command: debug/delay-nb-cfg-report +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn-controller - debug/delay-nb-cfg-report]) AT_KEYWORDS([ovn]) ovn_start @@ -393,7 +426,9 @@ AT_CHECK([ovn-nbctl --timeout=1 --wait=hv sync]) OVN_CLEANUP([hv]) AT_CLEANUP +]) +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn -- nb_cfg sync to OVS]) ovn_start @@ -414,7 +449,9 @@ OVS_WAIT_UNTIL([ovs-vsctl get Bridge br-int external_ids:ovn-nb-cfg], [0], [1]) OVN_CLEANUP([hv1]) AT_CLEANUP +]) +OVN_FOR_EACH_NORTHD([ AT_SETUP([ovn -- features]) AT_KEYWORDS([features]) ovn_start @@ -431,3 +468,4 @@ OVS_WAIT_UNTIL([ OVN_CLEANUP([hv1]) AT_CLEANUP +]) -- 2.30.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
