[Podified] Connect OVN NB DB from EDPM's ovn_controller

On podified setups, in order to send requests to OVN DBs from an EDPM
nodes (or more specifically, from the ovn_controller container running
on an EDPM node), the following parameters are needed:
- OVN NB/SB DB address obtained from the OCP ovndbcluster resource
- SSL parameters that can be obtained from the ovn_controller container

Change-Id: If65d74cc645e91f91600e795212c6bb30a281a3a

tobiko/podified/__init__.py

@@ -31,5 +31,6 @@ skip_if_podified = _topology.skip_if_podified
 
 get_dataplane_ssh_keypair = _openshift.get_dataplane_ssh_keypair
 has_podified_cp = _openshift.has_podified_cp
+get_ovndbcluter = _openshift.get_ovndbcluter
 
 get_container_runtime_name = containers.get_container_runtime_name

tobiko/podified/_openshift.py

@@ -27,6 +27,7 @@ DP_SSH_SECRET_NAME = 'secret/dataplane-ansible-ssh-private-key-secret'
 OSP_BM_HOST = 'baremetalhost.metal3.io'
 OSP_BM_CRD = 'baremetalhosts.metal3.io'
 OCP_WORKERS = 'nodes'
+OVNDBCLUSTER = 'ovndbcluster'
 
 OVN_DP_SERVICE_NAME = 'ovn'
 COMPUTE_DP_SERVICE_NAMES = ['nova', 'nova-custom', 'nova-custom-ceph']
@@ -228,3 +229,11 @@ def _wait_for_poweredOn_status(nodename, expected_status,
             LOG.debug(f"Actual poweredOn state is: '{poweredOn}' != "
                       f" '{expected_status}'")
         attempt.check_limits()
+
+
+def get_ovndbcluter(ovndbcluster_name):
+    ovndbcluter = oc.selector(f"{OVNDBCLUSTER}/{ovndbcluster_name}").objects()
+    if len(ovndbcluter) != 1:
+        tobiko.fail(f"Unexpected number of {OVNDBCLUSTER}/{ovndbcluster_name} "
+                    f"objects obtained: {len(ovndbcluter)}")
+    return ovndbcluter[0].as_dict()

tobiko/tests/scenario/neutron/test_security_groups.py

@@ -15,6 +15,7 @@
 from __future__ import absolute_import
 
 import json
+import re
 import typing
 
 from oslo_log import log
@@ -52,7 +53,28 @@ class BaseSecurityGroupTest(testtools.TestCase):
 
     @property
     def ovn_nb_db(self):
-        if not self._ovn_nb_db:
+
+        def get_podified_ovn_nb_db():
+            nb_db = podified.get_ovndbcluter(
+                'ovndbcluster-nb')['status']['dbAddress']
+            ssl_params = ''
+            if 'ssl' in nb_db:
+                # SSL options obtained from the container under test
+                command = ""
+                if topology.get_openstack_topology().has_containers:
+                    command += (f"{self.container_runtime_name} exec "
+                                f"{self.container_name} ")
+                command += "ps -o command -C ovn-controller --no-headers -ww"
+                command_result = sh.execute(command,
+                                            ssh_client=self.host_ssh_client,
+                                            sudo=True).stdout.strip()
+                for param in ('p', 'c', 'C'):
+                    # the matched strings start with a space
+                    ssl_params += re.search(r' -{} [^\s]+'.format(param),
+                                            command_result).group()
+            return nb_db + ssl_params
+
+        def get_ovn_nb_db():
             command_result = sh.execute(
                 "ovs-vsctl get open . external_ids:ovn-remote | "
                 "sed -e 's/\"//g' | sed 's/6642/6641/g'",
@@ -69,7 +91,13 @@ class BaseSecurityGroupTest(testtools.TestCase):
                     '/etc/pki/tls/private/ovn_controller.key',
                     '/etc/pki/tls/certs/ovn_controller.crt',
                     '/etc/ipa/ca.crt')
-            self._ovn_nb_db = nb_db + ssl_params
+            return nb_db + ssl_params
+
+        if not self._ovn_nb_db:
+            if podified.has_podified_cp():
+                self._ovn_nb_db = get_podified_ovn_nb_db()
+            else:
+                self._ovn_nb_db = get_ovn_nb_db()
         return self._ovn_nb_db
 
     @property