[ovs-dev] [PATCH ovn v2 7/9] tests: Use ovn_start in tests/ovn-controller.at

Frode Nordahl frode.nordahl at canonical.com
Fri Mar 5 12:16:29 UTC 2021 

The current version of the tests only initializes the SB DB and
instruments it directly. This does not work with SSL+RBAC as
northd must run to program the RBAC rules into the SB DB.

Run tests both for C and ddlog version of northd.

Add workaround for ovn-controller not re-reading certificates to
'ovn-controller - Chassis other_config' test.

Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
---
 tests/ovn-controller.at | 50 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index 2cd3e261f..1dd1553cd 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -1,8 +1,9 @@
 AT_BANNER([ovn-controller])
 
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - ovn-bridge-mappings])
 AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
+ovn_start
 net_add n1
 sim_add hv
 as hv
@@ -54,6 +55,14 @@ check_bridge_mappings () {
     OVS_WAIT_UNTIL([test x"${local_mappings}" = x$(ovn-sbctl get Chassis ${sysid} other_config:ovn-bridge-mappings | sed -e 's/\"//g')])
 }
 
+# NOTE: This test originally ran with only the SB-DB and no northd. For the
+# test to be successfull with SSL+RBAC we need to initially run northd to get
+# the RBAC rules programmed into the SB-DB. The test instruments the SB-DB
+# directly and we need to stop northd to avoid overwriting the instrumentation.
+kill `cat northd/ovn-northd.pid`
+kill `cat northd-backup/ovn-northd.pid`
+kill `cat ovn-nb/ovsdb-server.pid`
+
 # Initially there should be no patch ports.
 check_patches
 
@@ -116,12 +125,14 @@ as ovn-sb
 OVS_APP_EXIT_AND_WAIT([ovsdb-server])
 
 AT_CLEANUP
+])
 
 # Checks that ovn-controller populates datapath-type and iface-types
 # correctly in the Chassis other_config column.
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - Chassis other_config])
 AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
+ovn_start
 
 net_add n1
 sim_add hv
@@ -192,7 +203,21 @@ OVS_WAIT_UNTIL([
 # chassis_private records.  Until that happens ovn-controller fails to
 # create the records due to constraint violation on the Encap table.
 sysid=${sysid}-foo
-ovs-vsctl set Open_vSwitch . external-ids:system-id="${sysid}"
+current_remote=`ovs-vsctl get Open_vSwitch . external-ids:ovn-remote`
+if test X$HAVE_OPENSSL = Xyes; then
+    # To change chassis name we need to change certificate with matching CN
+    ovs-vsctl set-ssl \
+        $PKIDIR/testpki-${sysid}-privkey.pem \
+        $PKIDIR/testpki-${sysid}-cert.pem \
+        $PKIDIR/testpki-cacert.pem
+    # force reconnect which makes OVN controller read the new certificates
+    # TODO implement check for change of certificates in ovn-controller
+    # and remove this workaround.
+    ovs-vsctl set Open_vSwitch . external-ids:ovn-remote=unix:/dev/null
+fi
+ovs-vsctl -- set Open_vSwitch . external-ids:hostname="${sysid}" \
+          -- set Open_vSwitch . external-ids:system-id="${sysid}" \
+          -- set Open_vSwitch . external-ids:ovn-remote="${current_remote}"
 
 OVS_WAIT_UNTIL([
     grep -q 'Transaction causes multiple rows in \\"Encap\\" table to have identical values' hv/ovn-controller.log
@@ -216,12 +241,14 @@ as ovn-sb
 OVS_APP_EXIT_AND_WAIT([ovsdb-server])
 
 AT_CLEANUP
+])
 
 # Checks that ovn-controller correctly maintains the mapping from the Encap
 # table in the Southbound database to OVS in the face of changes on both sides
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - change Encap properties])
 AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
+ovn_start
 
 net_add n1
 sim_add hv
@@ -271,11 +298,13 @@ as ovn-sb
 OVS_APP_EXIT_AND_WAIT([ovsdb-server])
 
 AT_CLEANUP
+])
 
 # Check ovn-controller connection status to Southbound database
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - check sbdb connection])
 AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
+ovn_start
 
 net_add n1
 sim_add hv
@@ -305,11 +334,13 @@ as ovn-sb
 OVS_APP_EXIT_AND_WAIT([ovsdb-server])
 
 AT_CLEANUP
+])
 
 # Checks that ovn-controller recreates its chassis record when deleted externally.
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - Chassis self record])
 AT_KEYWORDS([ovn])
-ovn_init_db ovn-sb
+ovn_start
 
 net_add n1
 sim_add hv
@@ -360,8 +391,10 @@ OVS_WAIT_UNTIL([test x0 = x`ovn-sbctl --columns nb_cfg --bare find chassis`])
 
 OVN_CLEANUP([hv])
 AT_CLEANUP
+])
 
 # Test unix command: debug/delay-nb-cfg-report
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn-controller - debug/delay-nb-cfg-report])
 AT_KEYWORDS([ovn])
 ovn_start
@@ -393,7 +426,9 @@ AT_CHECK([ovn-nbctl --timeout=1 --wait=hv sync])
 
 OVN_CLEANUP([hv])
 AT_CLEANUP
+])
 
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn -- nb_cfg sync to OVS])
 ovn_start
 
@@ -414,7 +449,9 @@ OVS_WAIT_UNTIL([ovs-vsctl get Bridge br-int external_ids:ovn-nb-cfg], [0], [1])
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
+])
 
+OVN_FOR_EACH_NORTHD([
 AT_SETUP([ovn -- features])
 AT_KEYWORDS([features])
 ovn_start
@@ -431,3 +468,4 @@ OVS_WAIT_UNTIL([
 
 OVN_CLEANUP([hv1])
 AT_CLEANUP
+])
-- 
2.30.0

More information about the dev mailing list