Implement nested snat validation test scenario

It's disabled for ovn because it's not, yet, implemented for the driver.

See: https://review.opendev.org/c/openstack/neutron/+/926495

(The feature also requires special configuration for the driver that we
probably won't enable in the gate. This can be discussed though.)

Related-Bug: #2051935
Change-Id: Ie2e49a53857009446e22300e2fff292355cef058
This commit is contained in:
Ihar Hrachyshka 2024-08-22 18:08:29 +00:00 committed by Ihar Hrachyshka
parent 54e4ebe02d
commit 889566aa97
3 changed files with 65 additions and 0 deletions
neutron_tempest_plugin
zuul.d

View File

@ -77,6 +77,11 @@ NeutronPluginOptions = [
default='openstackgate.local',
help='dns_domain value configured at neutron.conf, which will '
'be used for the DNS configuration of the instances'),
cfg.BoolOpt('snat_rules_apply_to_nested_networks',
default=False,
help='Whether SNAT rules apply recursively to all connected '
'networks. This is the default behavior for ovs and '
'linuxbridge drivers.'),
# Multicast tests settings
cfg.StrOpt('multicast_group_range',

View File

@ -204,6 +204,60 @@ class DefaultSnatToExternal(FloatingIpTestCasesMixin,
gateway_external_ip,
servers=[proxy, src_server])
@decorators.idempotent_id('b911b124-b6cb-449d-83d9-b34f3665741d')
@utils.requires_ext(extension='extraroute', service='network')
@testtools.skipUnless(
CONF.neutron_plugin_options.snat_rules_apply_to_nested_networks,
"Backend doesn't enable nested SNAT.")
def test_nested_snat_external_ip(self):
"""Check connectivity to an external IP from a nested network."""
gateway_external_ip = self._get_external_gateway()
if not gateway_external_ip:
raise self.skipTest("IPv4 gateway is not configured for public "
"network or public_network_id is not "
"configured")
proxy = self._create_server()
proxy_client = ssh.Client(proxy['fip']['floating_ip_address'],
CONF.validation.image_ssh_user,
pkey=self.keypair['private_key'])
# Create a nested router
router = self.create_router(
router_name=data_utils.rand_name('router'),
admin_state_up=True)
# Attach outer subnet to it
outer_port = self.create_port(self.network)
self.client.add_router_interface_with_port_id(router['id'],
outer_port['id'])
# Attach a nested subnet to it
network = self.create_network()
subnet = self.create_subnet(network)
self.create_router_interface(router['id'], subnet['id'])
# Set up static routes in both directions
self.client.update_extra_routes(
self.router['id'],
outer_port['fixed_ips'][0]['ip_address'], subnet['cidr'])
self.client.update_extra_routes(
router['id'], self.subnet['gateway_ip'], '0.0.0.0/0')
# Create a server inside the nested network
src_server = self._create_server(create_floating_ip=False,
network=network)
# Validate that it can access external gw ip (via nested snat)
src_server_ip = src_server['port']['fixed_ips'][0]['ip_address']
ssh_client = ssh.Client(src_server_ip,
CONF.validation.image_ssh_user,
pkey=self.keypair['private_key'],
proxy_client=proxy_client)
self.check_remote_connectivity(ssh_client,
gateway_external_ip,
servers=[proxy, src_server])
class FloatingIPPortDetailsTest(FloatingIpTestCasesMixin,
base.BaseTempestTestCase):

View File

@ -194,6 +194,7 @@
image_is_advanced: true
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
provider_net_base_segm_id: 1
snat_rules_apply_to_nested_networks: true
irrelevant-files:
- ^\.pylintrc$
- ^(test-|)requirements.txt$
@ -285,6 +286,7 @@
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
firewall_driver: openvswitch
snat_rules_apply_to_nested_networks: true
irrelevant-files:
- ^\.pylintrc$
- ^(test-|)requirements.txt$
@ -400,6 +402,7 @@
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
firewall_driver: iptables_hybrid
snat_rules_apply_to_nested_networks: true
irrelevant-files:
- ^\.pylintrc$
- ^(test-|)requirements.txt$
@ -575,6 +578,7 @@
available_type_drivers: flat,vlan,local,vxlan
q_agent: linuxbridge
firewall_driver: iptables
snat_rules_apply_to_nested_networks: true
irrelevant-files:
- ^\.pylintrc$
- ^(test-|)requirements.txt$
@ -715,6 +719,7 @@
available_type_drivers: local,flat,vlan,geneve
is_igmp_snooping_enabled: True
firewall_driver: ovn
snat_rules_apply_to_nested_networks: false
zuul_copy_output:
'{{ devstack_base_dir }}/data/ovs': 'logs'
'{{ devstack_base_dir }}/data/ovn': 'logs'
@ -937,6 +942,7 @@
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
l3_agent_mode: dvr_snat
firewall_driver: openvswitch
snat_rules_apply_to_nested_networks: true
group-vars:
subnode:
devstack_services: