From 6692114613c9e616070ac346a2ec5b15067c822f Mon Sep 17 00:00:00 2001 From: Eduardo Olivares Date: Thu, 11 Jul 2024 15:20:51 +0200 Subject: [PATCH] [Podified] Connect OVN NB DB from EDPM's ovn_controller On podified setups, in order to send requests to OVN DBs from an EDPM nodes (or more specifically, from the ovn_controller container running on an EDPM node), the following parameters are needed: - OVN NB/SB DB address obtained from the OCP ovndbcluster resource - SSL parameters that can be obtained from the ovn_controller container Change-Id: If65d74cc645e91f91600e795212c6bb30a281a3a --- tobiko/podified/__init__.py | 1 + tobiko/podified/_openshift.py | 9 ++++++ .../scenario/neutron/test_security_groups.py | 32 +++++++++++++++++-- 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/tobiko/podified/__init__.py b/tobiko/podified/__init__.py index 06e39942b..a48d493c3 100644 --- a/tobiko/podified/__init__.py +++ b/tobiko/podified/__init__.py @@ -31,5 +31,6 @@ skip_if_podified = _topology.skip_if_podified get_dataplane_ssh_keypair = _openshift.get_dataplane_ssh_keypair has_podified_cp = _openshift.has_podified_cp +get_ovndbcluter = _openshift.get_ovndbcluter get_container_runtime_name = containers.get_container_runtime_name diff --git a/tobiko/podified/_openshift.py b/tobiko/podified/_openshift.py index fc21ee20f..2397e8181 100644 --- a/tobiko/podified/_openshift.py +++ b/tobiko/podified/_openshift.py @@ -27,6 +27,7 @@ DP_SSH_SECRET_NAME = 'secret/dataplane-ansible-ssh-private-key-secret' OSP_BM_HOST = 'baremetalhost.metal3.io' OSP_BM_CRD = 'baremetalhosts.metal3.io' OCP_WORKERS = 'nodes' +OVNDBCLUSTER = 'ovndbcluster' OVN_DP_SERVICE_NAME = 'ovn' COMPUTE_DP_SERVICE_NAMES = ['nova', 'nova-custom', 'nova-custom-ceph'] @@ -228,3 +229,11 @@ def _wait_for_poweredOn_status(nodename, expected_status, LOG.debug(f"Actual poweredOn state is: '{poweredOn}' != " f" '{expected_status}'") attempt.check_limits() + + +def get_ovndbcluter(ovndbcluster_name): + ovndbcluter = oc.selector(f"{OVNDBCLUSTER}/{ovndbcluster_name}").objects() + if len(ovndbcluter) != 1: + tobiko.fail(f"Unexpected number of {OVNDBCLUSTER}/{ovndbcluster_name} " + f"objects obtained: {len(ovndbcluter)}") + return ovndbcluter[0].as_dict() diff --git a/tobiko/tests/scenario/neutron/test_security_groups.py b/tobiko/tests/scenario/neutron/test_security_groups.py index 003a5ef14..0aae7dc10 100644 --- a/tobiko/tests/scenario/neutron/test_security_groups.py +++ b/tobiko/tests/scenario/neutron/test_security_groups.py @@ -15,6 +15,7 @@ from __future__ import absolute_import import json +import re import typing from oslo_log import log @@ -52,7 +53,28 @@ class BaseSecurityGroupTest(testtools.TestCase): @property def ovn_nb_db(self): - if not self._ovn_nb_db: + + def get_podified_ovn_nb_db(): + nb_db = podified.get_ovndbcluter( + 'ovndbcluster-nb')['status']['dbAddress'] + ssl_params = '' + if 'ssl' in nb_db: + # SSL options obtained from the container under test + command = "" + if topology.get_openstack_topology().has_containers: + command += (f"{self.container_runtime_name} exec " + f"{self.container_name} ") + command += "ps -o command -C ovn-controller --no-headers -ww" + command_result = sh.execute(command, + ssh_client=self.host_ssh_client, + sudo=True).stdout.strip() + for param in ('p', 'c', 'C'): + # the matched strings start with a space + ssl_params += re.search(r' -{} [^\s]+'.format(param), + command_result).group() + return nb_db + ssl_params + + def get_ovn_nb_db(): command_result = sh.execute( "ovs-vsctl get open . external_ids:ovn-remote | " "sed -e 's/\"//g' | sed 's/6642/6641/g'", @@ -69,7 +91,13 @@ class BaseSecurityGroupTest(testtools.TestCase): '/etc/pki/tls/private/ovn_controller.key', '/etc/pki/tls/certs/ovn_controller.crt', '/etc/ipa/ca.crt') - self._ovn_nb_db = nb_db + ssl_params + return nb_db + ssl_params + + if not self._ovn_nb_db: + if podified.has_podified_cp(): + self._ovn_nb_db = get_podified_ovn_nb_db() + else: + self._ovn_nb_db = get_ovn_nb_db() return self._ovn_nb_db @property