Merge "Add "-d 1" option to the ncat client."
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index d5f9b77..ed9ff8c 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -17,6 +17,7 @@
from neutron_lib import constants
import testtools
+from oslo_log import log
from tempest.common import utils as tempest_utils
from tempest.common import waiters
from tempest.lib.common.utils import data_utils
@@ -32,7 +33,7 @@
from neutron_tempest_plugin.scenario import constants as const
CONF = config.CONF
-
+LOG = log.getLogger(__name__)
EPHEMERAL_PORT_RANGE = {'min': 32768, 'max': 65535}
@@ -96,10 +97,18 @@
def resource_setup(cls):
super(BaseNetworkSecGroupTest, cls).resource_setup()
# setup basic topology for servers we can log into it
+ cls.reserve_external_subnet_cidrs()
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.router = cls.create_router_by_client()
cls.create_router_interface(cls.router['id'], cls.subnet['id'])
+ if cls.ipv6_mode:
+ cls.subnet_v6 = cls.create_subnet(
+ cls.network,
+ ip_version=constants.IP_VERSION_6,
+ ipv6_ra_mode=cls.ipv6_mode,
+ ipv6_address_mode=cls.ipv6_mode)
+ cls.create_router_interface(cls.router['id'], cls.subnet_v6['id'])
cls.keypair = cls.create_keypair()
def setUp(self):
@@ -332,6 +341,7 @@
self.assertTrue(ext_net_ip)
self.check_remote_connectivity(server_ssh_clients[0], ext_net_ip,
servers=servers)
+ return server_ssh_clients, fips, servers
def _test_protocol_number_rule(self):
# protocol number is added instead of str in security rule creation
@@ -739,6 +749,7 @@
class StatefulNetworkSecGroupTest(BaseNetworkSecGroupTest):
stateless_sg = False
+ ipv6_mode = None
@decorators.idempotent_id('3d73ec1a-2ec6-45a9-b0f8-04a283d9d764')
def test_default_sec_grp_scenarios(self):
@@ -922,9 +933,10 @@
CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'None'],
"Firewall driver other than 'openvswitch' is required to use "
"stateless security groups.")
-class StatelessNetworkSecGroupTest(BaseNetworkSecGroupTest):
+class StatelessNetworkSecGroupIPv4Test(BaseNetworkSecGroupTest):
required_extensions = ['security-group', 'stateful-security-group']
stateless_sg = True
+ ipv6_mode = None
@decorators.idempotent_id('9e193e3f-56f2-4f4e-886c-988a147958ef')
def test_default_sec_grp_scenarios(self):
@@ -1123,3 +1135,57 @@
ssh_clients['client'], fips['server']['fixed_ip_address'],
mtu=self.network['mtu'] + 1, fragmentation=True,
should_succeed=True)
+
+
+class StatelessSecGroupDualStackSlaacTest(BaseNetworkSecGroupTest):
+ required_extensions = ['security-group', 'stateful-security-group']
+ stateless_sg = True
+ ipv6_mode = 'slaac'
+
+ def _get_port_cidrs(self, port):
+ ips = []
+ subnet_cidrs = {}
+ for fixed_ip in port['fixed_ips']:
+ subnet_id = fixed_ip['subnet_id']
+ subnet_cidr = subnet_cidrs.get('subnet_id')
+ if not subnet_cidr:
+ subnet = self.client.show_subnet(subnet_id)['subnet']
+ subnet_cidr = netaddr.IPNetwork(subnet['cidr'])
+ subnet_cidrs[subnet_id] = subnet_cidr
+ ips.append(
+ netaddr.IPNetwork(
+ "%s/%s" % (fixed_ip['ip_address'], subnet_cidr.prefixlen)))
+ LOG.debug("On port %s found IP cidrs: %s", port['id'], ips)
+ return ips
+
+ def _test_default_sec_grp_scenarios(self):
+ # Make "regular" test like for IPv4 case
+ server_ssh_clients, _, servers = (
+ super()._test_default_sec_grp_scenarios())
+
+ # And additionally ensure that IPv6 addresses are configured properly
+ # in the VM
+ for ssh_client, server in zip(server_ssh_clients, servers):
+ ip_cmd = ip.IPCommand(ssh_client=ssh_client)
+ ports = self.client.list_ports(
+ device_id=server['server']['id'])['ports']
+ for port in ports:
+ configured_cidrs = [ip.network for ip in
+ ip_cmd.list_addresses(port=port)]
+ for port_cidr in self._get_port_cidrs(port):
+ self.assertIn(port_cidr, configured_cidrs)
+
+ @decorators.idempotent_id('e7d64384-ea6a-40aa-b454-854f0990153c')
+ def test_default_sec_grp_scenarios(self):
+ self._test_default_sec_grp_scenarios()
+
+
+class StatelessSecGroupDualStackDHCPv6StatelessTest(
+ StatelessSecGroupDualStackSlaacTest):
+ required_extensions = ['security-group', 'stateful-security-group']
+ stateless_sg = True
+ ipv6_mode = 'dhcpv6-stateless'
+
+ @decorators.idempotent_id('c61c127c-e08f-4ddf-87a3-58b3c86e5476')
+ def test_default_sec_grp_scenarios(self):
+ self._test_default_sec_grp_scenarios()
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index 6ff76be..11bdd9d 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml
@@ -38,11 +38,13 @@
# TODO(lucasagomes): Re-enable MOD_WSGI after
# https://bugs.launchpad.net/neutron/+bug/1912359 is implemented
NEUTRON_DEPLOY_MOD_WSGI: false
- # TODO(ralonsoh): remove OVN_BUILD_FROM_SOURCE once the OS packages
- # include at least OVN v20.12.0.
+ # TODO(ihrachys): remove OVN_BUILD_FROM_SOURCE once the OS packages
+ # include at least OVN v22.03.3.
OVN_BUILD_FROM_SOURCE: True
- OVN_BRANCH: "v21.03.0"
- OVS_BRANCH: "8dc1733eaea866dce033b3c44853e1b09bf59fc7"
+ # TODO(ihrachys): switch back to a tagged version when it's released
+ # OVN_BRANCH: "v22.03.3"
+ OVN_BRANCH: "36e3ab9b47e93af0599a818e9d6b2930e49473f0"
+ OVS_BRANCH: "2410b95597fcec5f733caf77febdb46f4ffacd27"
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
neutron-tempest-plugin: https://opendev.org/openstack/neutron-tempest-plugin.git
@@ -610,11 +612,13 @@
OVN_DBS_LOG_LEVEL: dbg
ENABLE_TLS: True
OVN_IGMP_SNOOPING_ENABLE: True
- # TODO(eolivare): Remove OVN_BUILD_FROM_SOURCE once vlan-transparency
- # is included in an ovn released version
+ # TODO(ihrachys): remove OVN_BUILD_FROM_SOURCE once the OS packages
+ # include at least OVN v22.03.3.
OVN_BUILD_FROM_SOURCE: True
- OVN_BRANCH: "v21.06.0"
- OVS_BRANCH: "a4b04276ab5934d087669ff2d191a23931335c87"
+ # TODO(ihrachys): switch back to a tagged version when it's released
+ # OVN_BRANCH: "v22.03.3"
+ OVN_BRANCH: "36e3ab9b47e93af0599a818e9d6b2930e49473f0"
+ OVS_BRANCH: "2410b95597fcec5f733caf77febdb46f4ffacd27"
OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
devstack_services:
br-ex-tcpdump: true
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 00eb156..9ce0212 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -2,7 +2,6 @@
name: neutron-tempest-plugin-jobs
check:
jobs:
- - neutron-tempest-plugin-linuxbridge
- neutron-tempest-plugin-openvswitch
- neutron-tempest-plugin-openvswitch-iptables_hybrid
- neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
@@ -10,7 +9,6 @@
- neutron-tempest-plugin-designate-scenario
gate:
jobs:
- - neutron-tempest-plugin-linuxbridge
- neutron-tempest-plugin-openvswitch
- neutron-tempest-plugin-ovn
- neutron-tempest-plugin-openvswitch-iptables_hybrid
@@ -19,6 +17,7 @@
# the experimental queue when it will be more stable
experimental:
jobs:
+ - neutron-tempest-plugin-linuxbridge
- neutron-tempest-plugin-dvr-multinode-scenario
- neutron-tempest-plugin-openvswitch-distributed-dhcp
- neutron-tempest-plugin-openvswitch-iptables_hybrid-distributed-dhcp