[ovs-dev] [PATCH ovn 1/4] ovn-northd.at: Fix test "northd ssl file change -- ovn-northd-ddlog".

Mark Michelson mmichels at redhat.com
Fri Jun 11 18:24:28 UTC 2021


Hi Han,

I'm fine with fixing the test this way, since like you said it's not 
meant to test RBAC.

Acked-by: Mark Michelson <mmichels at redhat.com>

However, based on how this sounds, there is still a bug in 
ovn-northd-ddlog wrt RBAC, and that should still be fixed since this 
could cause failures for other tests.

On 6/11/21 2:24 AM, Han Zhou wrote:
> This test fails for ovn-northd-ddlog because of the RBAC role when using
> the SSL connection. RBAC is not the purpose of the test case, so this
> patch fixes it without enabling RBAC.
> 
> Signed-off-by: Han Zhou <hzhou at ovn.org>
> ---
>   tests/ovn-northd.at | 19 +++++++++++++++++--
>   1 file changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> index 4692775ad..ad1732da3 100644
> --- a/tests/ovn-northd.at
> +++ b/tests/ovn-northd.at
> @@ -3618,9 +3618,23 @@ ovn_start --backup-northd=none
>   as northd
>   OVS_APP_EXIT_AND_WAIT([NORTHD_TYPE])
>   
> +as ovn-sb
> +OVS_APP_EXIT_AND_WAIT([ovsdb-server])
> +
> +key_server=testpki-test-privkey.pem
> +cert_server=testpki-test-cert.pem
> +cacert=testpki-cacert.pem
> +
> +cd ovn-sb
> +rm ovsdb-server.log
> +ssl_options="--remote=pssl:0:127.0.0.1 ovn-sb.db -p $PKIDIR/$key_server -c $PKIDIR/$cert_server -C $PKIDIR/$cacert"
> +AT_CHECK([ovsdb-server --detach --no-chdir --pidfile --log-file $ssl_options], [0], [], [stderr])
> +on_exit "kill `cat ovsdb-server.pid`"
> +PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
> +cd ..
> +
>   key=testpki-hv1-privkey.pem
>   cert=testpki-hv1-cert.pem
> -cacert=testpki-cacert.pem
>   
>   key2=testpki-hv2-privkey.pem
>   cert3=testpki-hv3-cert.pem
> @@ -3629,8 +3643,9 @@ cert3=testpki-hv3-cert.pem
>   cp $PKIDIR/$key2 $key
>   cp $PKIDIR/$cert3 $cert
>   cp $PKIDIR/$cacert $cacert
> +as northd
>   start_daemon ovn$NORTHD_TYPE -vjsonrpc \
> -    --ovnnb-db=$OVN_NB_DB --ovnsb-db=$SSL_OVN_SB_DB \
> +    --ovnnb-db=$OVN_NB_DB --ovnsb-db=ssl:127.0.0.1:$TCP_PORT \
>       -p $key -c $cert -C $cacert
>   
>   # SSL should not connect because of key and cert mismatch
> 



More information about the dev mailing list