Merge "Add test for default DNS zone per tenant"
diff --git a/neutron_tempest_plugin/api/base.py b/neutron_tempest_plugin/api/base.py
index 4833c71..024fe43 100644
--- a/neutron_tempest_plugin/api/base.py
+++ b/neutron_tempest_plugin/api/base.py
@@ -125,6 +125,8 @@
cls.qos_rules = []
cls.qos_policies = []
cls.ethertype = "IPv" + str(cls._ip_version)
+ cls.address_groups = []
+ cls.admin_address_groups = []
cls.address_scopes = []
cls.admin_address_scopes = []
cls.subnetpools = []
@@ -782,6 +784,15 @@
return qos_rule
@classmethod
+ def create_qos_dscp_marking_rule(cls, policy_id, dscp_mark):
+ """Wrapper utility that creates and returns a QoS dscp rule."""
+ body = cls.admin_client.create_dscp_marking_rule(
+ policy_id, dscp_mark)
+ qos_rule = body['dscp_marking_rule']
+ cls.qos_rules.append(qos_rule)
+ return qos_rule
+
+ @classmethod
def delete_router(cls, router, client=None):
client = client or cls.client
if 'routes' in router:
@@ -821,6 +832,16 @@
return body['subnetpool']
@classmethod
+ def create_address_group(cls, name, is_admin=False, **kwargs):
+ if is_admin:
+ body = cls.admin_client.create_address_group(name=name, **kwargs)
+ cls.admin_address_groups.append(body['address_group'])
+ else:
+ body = cls.client.create_address_group(name=name, **kwargs)
+ cls.address_groups.append(body['address_group'])
+ return body['address_group']
+
+ @classmethod
def create_project(cls, name=None, description=None):
test_project = name or data_utils.rand_name('test_project_')
test_description = description or data_utils.rand_name('desc_')
@@ -886,6 +907,9 @@
ip_version = ip_version or cls._ip_version
default_params = (
constants.DEFAULT_SECURITY_GROUP_RULE_PARAMS[ip_version])
+ if ('remote_address_group_id' in kwargs and 'remote_ip_prefix' in
+ default_params):
+ default_params.pop('remote_ip_prefix')
for key, value in default_params.items():
kwargs.setdefault(key, value)
diff --git a/neutron_tempest_plugin/api/test_address_groups.py b/neutron_tempest_plugin/api/test_address_groups.py
new file mode 100644
index 0000000..478d3b2
--- /dev/null
+++ b/neutron_tempest_plugin/api/test_address_groups.py
@@ -0,0 +1,185 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import random
+
+from neutron_lib import constants
+from oslo_log import log
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+import testtools
+
+from neutron_tempest_plugin.api import base
+from neutron_tempest_plugin.api import base_security_groups
+
+LOG = log.getLogger(__name__)
+
+
+ADDRESS_GROUP_NAME = 'test-address-group'
+
+
+class RbacSharedAddressGroupTest(base.BaseAdminNetworkTest):
+
+ force_tenant_isolation = True
+ credentials = ['primary', 'alt', 'admin']
+ required_extensions = ['security-group', 'address-group',
+ 'rbac-address-group']
+
+ @classmethod
+ def resource_setup(cls):
+ super(RbacSharedAddressGroupTest, cls).resource_setup()
+ cls.client2 = cls.os_alt.network_client
+
+ def _create_address_group(self, is_admin=False, **kwargs):
+ name = data_utils.rand_name(ADDRESS_GROUP_NAME)
+ return self.create_address_group(name=name, is_admin=is_admin,
+ **kwargs)
+
+ def _make_admin_ag_shared_to_project_id(self, project_id):
+ ag = self._create_address_group(is_admin=True)
+ rbac_policy = self.admin_client.create_rbac_policy(
+ object_type='address_group',
+ object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=project_id,
+ )['rbac_policy']
+ return {'address_group': ag, 'rbac_policy': rbac_policy}
+
+ @decorators.idempotent_id('95f59a88-c47e-4dd9-a231-85f1782753a7')
+ def test_policy_target_update(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)
+ # change to client2
+ update_res = self.admin_client.update_rbac_policy(
+ res['rbac_policy']['id'], target_tenant=self.client2.tenant_id)
+ self.assertEqual(self.client2.tenant_id,
+ update_res['rbac_policy']['target_tenant'])
+ # make sure everything else stayed the same
+ res['rbac_policy'].pop('target_tenant')
+ update_res['rbac_policy'].pop('target_tenant')
+ self.assertEqual(res['rbac_policy'], update_res['rbac_policy'])
+
+ @decorators.idempotent_id('35a214c9-5c99-468f-9242-34d0529cabfa')
+ def test_secgrprule_presence_prevents_policy_rbac_policy_deletion(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client2.tenant_id)
+ ag_id = res['address_group']['id']
+ security_group = self.create_security_group(client=self.client2)
+ protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
+ sec_grp_rule = self.create_security_group_rule(
+ security_group=security_group,
+ client=self.client2, protocol=protocol,
+ direction=constants.INGRESS_DIRECTION,
+ remote_address_group_id=ag_id)
+
+ # a port with shared sg should prevent the deletion of an
+ # rbac-policy required for it to be shared
+ with testtools.ExpectedException(exceptions.Conflict):
+ self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
+
+ # cleanup
+ self.client2.delete_security_group_rule(sec_grp_rule['id'])
+ self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
+
+ @decorators.idempotent_id('c89db8d4-0b52-4072-ac7e-672860491843')
+ def test_regular_client_shares_to_another_regular_client(self):
+ # owned by self.admin_client
+ ag = self._create_address_group(is_admin=True)
+ with testtools.ExpectedException(exceptions.NotFound):
+ self.client.show_address_group(ag['id'])
+ rbac_policy = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client.tenant_id)['rbac_policy']
+ self.client.show_address_group(ag['id'])
+
+ self.assertIn(rbac_policy,
+ self.admin_client.list_rbac_policies()['rbac_policies'])
+ # ensure that 'client2' can't see the rbac-policy sharing the
+ # ag to it because the rbac-policy belongs to 'client'
+ self.assertNotIn(rbac_policy['id'], [p['id'] for p in
+ self.client2.list_rbac_policies()['rbac_policies']])
+
+ @decorators.idempotent_id('55a9fbb6-3333-48e8-90e4-11ab2a49567b')
+ def test_filter_fields(self):
+ ag = self._create_address_group()
+ self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared', target_tenant=self.client2.tenant_id)
+ field_args = (('id',), ('id', 'action'), ('object_type', 'object_id'),
+ ('project_id', 'target_tenant'))
+ for fields in field_args:
+ res = self.admin_client.list_rbac_policies(fields=fields)
+ self.assertEqual(set(fields), set(res['rbac_policies'][0].keys()))
+
+ @decorators.idempotent_id('20b2706b-1cea-4724-ab72-d7452ecb1fc4')
+ def test_rbac_policy_show(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)
+ p1 = res['rbac_policy']
+ p2 = self.admin_client.create_rbac_policy(
+ object_type='address_group',
+ object_id=res['address_group']['id'],
+ action='access_as_shared',
+ target_tenant='*')['rbac_policy']
+
+ self.assertEqual(
+ p1, self.admin_client.show_rbac_policy(p1['id'])['rbac_policy'])
+ self.assertEqual(
+ p2, self.admin_client.show_rbac_policy(p2['id'])['rbac_policy'])
+
+ @decorators.idempotent_id('774fc038-486c-4507-ab04-c5aac0fca5ab')
+ def test_filter_rbac_policies(self):
+ ag = self._create_address_group()
+ rbac_pol1 = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client2.tenant_id)['rbac_policy']
+ rbac_pol2 = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.admin_client.tenant_id)['rbac_policy']
+ res1 = self.admin_client.list_rbac_policies(id=rbac_pol1['id'])[
+ 'rbac_policies']
+ res2 = self.admin_client.list_rbac_policies(id=rbac_pol2['id'])[
+ 'rbac_policies']
+ self.assertEqual(1, len(res1))
+ self.assertEqual(1, len(res2))
+ self.assertEqual(rbac_pol1['id'], res1[0]['id'])
+ self.assertEqual(rbac_pol2['id'], res2[0]['id'])
+
+ @decorators.idempotent_id('a0f3a01a-e2c7-47d6-9385-0cd7a7f0c996')
+ def test_regular_client_blocked_from_sharing_anothers_policy(self):
+ ag = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)['address_group']
+ with testtools.ExpectedException(exceptions.BadRequest):
+ self.client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client2.tenant_id)
+
+ # make sure the rbac-policy is invisible to the tenant for which it's
+ # being shared
+ self.assertFalse(self.client.list_rbac_policies()['rbac_policies'])
+
+ @decorators.idempotent_id('f39e32d9-4733-48ec-b550-07f0ec4998a9')
+ def test_regular_client_blocked_from_updating_shared_address_group(self):
+ # owned by self.admin_client
+ ag = self._create_address_group(is_admin=True)
+ self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client.tenant_id)['rbac_policy']
+ self.client.show_address_group(ag['id'])
+ with testtools.ExpectedException(exceptions.NotFound):
+ self.client.update_address_group(ag['id'], name='new_name')
diff --git a/neutron_tempest_plugin/api/test_allowed_address_pair.py b/neutron_tempest_plugin/api/test_allowed_address_pair.py
deleted file mode 100644
index 7b11638..0000000
--- a/neutron_tempest_plugin/api/test_allowed_address_pair.py
+++ /dev/null
@@ -1,121 +0,0 @@
-# Copyright 2014 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from tempest.lib import decorators
-
-from neutron_tempest_plugin.api import base
-
-
-class AllowedAddressPairTestJSON(base.BaseNetworkTest):
-
- """AllowedAddressPairTestJSON class
-
- Tests the Neutron Allowed Address Pair API extension using the Tempest
- REST client. The following API operations are tested with this extension:
-
- create port
- list ports
- update port
- show port
-
- v2.0 of the Neutron API is assumed. It is also assumed that the following
- options are defined in the [network-feature-enabled] section of
- etc/tempest.conf
-
- api_extensions
- """
-
- required_extensions = ['allowed-address-pairs']
-
- @classmethod
- def resource_setup(cls):
- super(AllowedAddressPairTestJSON, cls).resource_setup()
- cls.network = cls.create_network()
- cls.create_subnet(cls.network)
- port = cls.create_port(cls.network)
- cls.ip_address = port['fixed_ips'][0]['ip_address']
- cls.mac_address = port['mac_address']
-
- @decorators.idempotent_id('86c3529b-1231-40de-803c-00e40882f043')
- def test_create_list_port_with_address_pair(self):
- # Create port with allowed address pair attribute
- allowed_address_pairs = [{'ip_address': self.ip_address,
- 'mac_address': self.mac_address}]
- body = self.create_port(
- self.network,
- allowed_address_pairs=allowed_address_pairs)
- port_id = body['id']
-
- # Confirm port was created with allowed address pair attribute
- body = self.client.list_ports()
- ports = body['ports']
- port = [p for p in ports if p['id'] == port_id]
- msg = 'Created port not found in list of ports returned by Neutron'
- self.assertTrue(port, msg)
- self._confirm_allowed_address_pair(port[0], self.ip_address)
-
- def _update_port_with_address(self, address, mac_address=None, **kwargs):
- # Create a port without allowed address pair
- body = self.create_port(self.network)
- port_id = body['id']
- if mac_address is None:
- mac_address = self.mac_address
-
- # Update allowed address pair attribute of port
- allowed_address_pairs = [{'ip_address': address,
- 'mac_address': mac_address}]
- if kwargs:
- allowed_address_pairs.append(kwargs['allowed_address_pairs'])
- body = self.client.update_port(
- port_id, allowed_address_pairs=allowed_address_pairs)
- allowed_address_pair = body['port']['allowed_address_pairs']
- self.assertCountEqual(allowed_address_pair, allowed_address_pairs)
-
- @decorators.idempotent_id('9599b337-272c-47fd-b3cf-509414414ac4')
- def test_update_port_with_address_pair(self):
- # Update port with allowed address pair
- self._update_port_with_address(self.ip_address)
-
- @decorators.idempotent_id('4d6d178f-34f6-4bff-a01c-0a2f8fe909e4')
- def test_update_port_with_cidr_address_pair(self):
- # Update allowed address pair with cidr
- cidr = str(next(self.get_subnet_cidrs()))
- self._update_port_with_address(cidr)
-
- @decorators.idempotent_id('b3f20091-6cd5-472b-8487-3516137df933')
- def test_update_port_with_multiple_ip_mac_address_pair(self):
- # Create an ip _address and mac_address through port create
- resp = self.create_port(self.network)
- ipaddress = resp['fixed_ips'][0]['ip_address']
- macaddress = resp['mac_address']
-
- # Update allowed address pair port with multiple ip and mac
- allowed_address_pairs = {'ip_address': ipaddress,
- 'mac_address': macaddress}
- self._update_port_with_address(
- self.ip_address, self.mac_address,
- allowed_address_pairs=allowed_address_pairs)
-
- def _confirm_allowed_address_pair(self, port, ip):
- msg = 'Port allowed address pairs should not be empty'
- self.assertTrue(port['allowed_address_pairs'], msg)
- ip_address = port['allowed_address_pairs'][0]['ip_address']
- mac_address = port['allowed_address_pairs'][0]['mac_address']
- self.assertEqual(ip_address, ip)
- self.assertEqual(mac_address, self.mac_address)
-
-
-class AllowedAddressPairIpV6TestJSON(AllowedAddressPairTestJSON):
- _ip_version = 6
diff --git a/neutron_tempest_plugin/api/test_ports_negative.py b/neutron_tempest_plugin/api/test_ports_negative.py
index e327c25..004feb9 100644
--- a/neutron_tempest_plugin/api/test_ports_negative.py
+++ b/neutron_tempest_plugin/api/test_ports_negative.py
@@ -54,10 +54,13 @@
@decorators.idempotent_id('7cf473ae-7ec8-4834-ae17-9ef6ec6b8a32')
def test_add_port_with_nonexist_network_id(self):
network = self.network
+ # Copy and restore net ID so the cleanup will delete correct net
+ original_network_id = network['id']
network['id'] = uuidutils.generate_uuid()
self.assertRaises(lib_exc.NotFound,
self.create_port,
network)
+ network['id'] = original_network_id
@decorators.attr(type='negative')
@decorators.idempotent_id('cad2d349-25fa-490e-9675-cd2ea24164bc')
diff --git a/neutron_tempest_plugin/api/test_qos_negative.py b/neutron_tempest_plugin/api/test_qos_negative.py
index f6c4afc..2d06d11 100644
--- a/neutron_tempest_plugin/api/test_qos_negative.py
+++ b/neutron_tempest_plugin/api/test_qos_negative.py
@@ -90,33 +90,122 @@
self.admin_client.delete_qos_policy, non_exist_id)
-class QosBandwidthLimitRuleNegativeTestJSON(base.BaseAdminNetworkTest):
+class QosRuleNegativeBaseTestJSON(base.BaseAdminNetworkTest):
required_extensions = [qos_apidef.ALIAS]
- @decorators.attr(type='negative')
- @decorators.idempotent_id('e9ce8042-c828-4cb9-b1f1-85bd35e6553a')
- def test_rule_update_rule_nonexistent_policy(self):
+ def _test_rule_update_rule_nonexistent_policy(self, create_params,
+ update_params):
non_exist_id = data_utils.rand_name('qos_policy')
policy = self.create_qos_policy(name='test-policy',
description='test policy',
shared=False)
- rule = self.create_qos_bandwidth_limit_rule(policy_id=policy['id'],
- max_kbps=1,
- max_burst_kbps=1)
+ rule = self.rule_create_m(policy_id=policy['id'], **create_params)
self.assertRaises(
lib_exc.NotFound,
- self.admin_client.update_bandwidth_limit_rule,
- non_exist_id, rule['id'], max_kbps=200, max_burst_kbps=1337)
+ self.rule_update_m,
+ non_exist_id, rule['id'], **update_params)
- @decorators.attr(type='negative')
- @decorators.idempotent_id('a2c72066-0c32-4f28-be7f-78fa721588b6')
- def test_rule_update_rule_nonexistent_rule(self):
+ def _test_rule_create_rule_non_existent_policy(self, create_params):
+ non_exist_id = data_utils.rand_name('qos_policy')
+ self.assertRaises(
+ lib_exc.NotFound,
+ self.rule_create_m,
+ non_exist_id, **create_params)
+
+ def _test_rule_update_rule_nonexistent_rule(self, update_params):
non_exist_id = data_utils.rand_name('qos_rule')
policy = self.create_qos_policy(name='test-policy',
description='test policy',
shared=False)
self.assertRaises(
lib_exc.NotFound,
- self.admin_client.update_bandwidth_limit_rule,
- policy['id'], non_exist_id, max_kbps=200, max_burst_kbps=1337)
+ self.rule_update_m,
+ policy['id'], non_exist_id, **update_params)
+
+
+class QosBandwidthLimitRuleNegativeTestJSON(QosRuleNegativeBaseTestJSON):
+
+ @classmethod
+ def resource_setup(cls):
+ cls.rule_create_m = cls.create_qos_bandwidth_limit_rule
+ cls.rule_update_m = cls.admin_client.update_bandwidth_limit_rule
+ super(QosBandwidthLimitRuleNegativeTestJSON, cls).resource_setup()
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('e9ce8042-c828-4cb9-b1f1-85bd35e6553a')
+ def test_rule_update_rule_nonexistent_policy(self):
+ create_params = {'max_kbps': 1, 'max_burst_kbps': 1}
+ update_params = {'max_kbps': 200, 'max_burst_kbps': 1337}
+ self._test_rule_update_rule_nonexistent_policy(
+ create_params, update_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('1b592566-745f-4e15-a439-073afe341244')
+ def test_rule_create_rule_non_existent_policy(self):
+ create_params = {'max_kbps': 200, 'max_burst_kbps': 300}
+ self._test_rule_create_rule_non_existent_policy(create_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('a2c72066-0c32-4f28-be7f-78fa721588b6')
+ def test_rule_update_rule_nonexistent_rule(self):
+ update_params = {'max_kbps': 200, 'max_burst_kbps': 1337}
+ self._test_rule_update_rule_nonexistent_rule(update_params)
+
+
+class QosMinimumBandwidthRuleNegativeTestJSON(QosRuleNegativeBaseTestJSON):
+
+ @classmethod
+ def resource_setup(cls):
+ cls.rule_create_m = cls.create_qos_minimum_bandwidth_rule
+ cls.rule_update_m = cls.admin_client.update_minimum_bandwidth_rule
+ super(QosMinimumBandwidthRuleNegativeTestJSON, cls).resource_setup()
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('08b8455b-4d4f-4119-bad3-9357085c3a80')
+ def test_rule_update_rule_nonexistent_policy(self):
+ create_params = {'min_kbps': 1}
+ update_params = {'min_kbps': 200}
+ self._test_rule_update_rule_nonexistent_policy(
+ create_params, update_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('5a714a4a-bfbc-4cf9-b0c0-13fd185204f7')
+ def test_rule_create_rule_non_existent_policy(self):
+ create_params = {'min_kbps': 200}
+ self._test_rule_create_rule_non_existent_policy(create_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('8470cbe0-8ca5-46ab-9c66-7cf69301b121')
+ def test_rule_update_rule_nonexistent_rule(self):
+ update_params = {'min_kbps': 200}
+ self._test_rule_update_rule_nonexistent_rule(update_params)
+
+
+class QosDscpRuleNegativeTestJSON(QosRuleNegativeBaseTestJSON):
+
+ @classmethod
+ def resource_setup(cls):
+ cls.rule_create_m = cls.create_qos_dscp_marking_rule
+ cls.rule_update_m = cls.admin_client.update_dscp_marking_rule
+ super(QosDscpRuleNegativeTestJSON, cls).resource_setup()
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('d47d5fbe-3e98-476f-b2fd-97818175dea5')
+ def test_rule_update_rule_nonexistent_policy(self):
+ create_params = {'dscp_mark': 26}
+ update_params = {'dscp_mark': 16}
+ self._test_rule_update_rule_nonexistent_policy(
+ create_params, update_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('07d17f09-3dc4-4c24-9bb1-49081a153c5a')
+ def test_rule_create_rule_non_existent_policy(self):
+ create_params = {'dscp_mark': 16}
+ self._test_rule_create_rule_non_existent_policy(create_params)
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('9c0bd085-5a7a-496f-a984-50dc631a64f2')
+ def test_rule_update_rule_nonexistent_rule(self):
+ update_params = {'dscp_mark': 16}
+ self._test_rule_update_rule_nonexistent_rule(update_params)
diff --git a/neutron_tempest_plugin/api/test_subnets.py b/neutron_tempest_plugin/api/test_subnets.py
index b8842ab..a866a09 100644
--- a/neutron_tempest_plugin/api/test_subnets.py
+++ b/neutron_tempest_plugin/api/test_subnets.py
@@ -10,6 +10,7 @@
# License for the specific language governing permissions and limitations
# under the License.
+import netaddr
from tempest.lib import decorators
from neutron_tempest_plugin.api import base
@@ -69,3 +70,38 @@
self._test_list_validation_filters(self.list_kwargs)
self._test_list_validation_filters({
'unknown_filter': 'value'}, filter_is_valid=False)
+
+
+class SubnetServiceTypeTestJSON(base.BaseNetworkTest):
+
+ required_extensions = ['service-type']
+
+ @classmethod
+ def resource_setup(cls):
+ super(SubnetServiceTypeTestJSON, cls).resource_setup()
+ cls.network = cls.create_network()
+
+ @decorators.idempotent_id('7e0edb66-1bb2-4473-ab83-d039cddced0d')
+ def test_allocate_ips_are_from_correct_subnet(self):
+ cidr_1 = netaddr.IPNetwork('192.168.1.0/24')
+ cidr_2 = netaddr.IPNetwork('192.168.2.0/24')
+
+ self.create_subnet(self.network,
+ service_types=['test:type_1'],
+ cidr=str(cidr_1))
+ self.create_subnet(self.network,
+ service_types=['test:type_2'],
+ cidr=str(cidr_2))
+ port_type_1 = self.create_port(self.network,
+ device_owner="test:type_1")
+ port_type_2 = self.create_port(self.network,
+ device_owner="test:type_2")
+
+ self.assertEqual(1, len(port_type_1['fixed_ips']))
+ self.assertEqual(1, len(port_type_2['fixed_ips']))
+ self.assertIn(
+ netaddr.IPAddress(port_type_1['fixed_ips'][0]['ip_address']),
+ cidr_1)
+ self.assertIn(
+ netaddr.IPAddress(port_type_2['fixed_ips'][0]['ip_address']),
+ cidr_2)
diff --git a/neutron_tempest_plugin/common/ip.py b/neutron_tempest_plugin/common/ip.py
index 7b172b0..9fe49db 100644
--- a/neutron_tempest_plugin/common/ip.py
+++ b/neutron_tempest_plugin/common/ip.py
@@ -383,6 +383,23 @@
return arp_table
+def list_iptables(version=constants.IP_VERSION_4, namespace=None):
+ cmd = ''
+ if namespace:
+ cmd = 'sudo ip netns exec %s ' % namespace
+ cmd += ('iptables-save' if version == constants.IP_VERSION_4 else
+ 'ip6tables-save')
+ return shell.execute(cmd).stdout
+
+
+def list_listening_sockets(namespace=None):
+ cmd = ''
+ if namespace:
+ cmd = 'sudo ip netns exec %s ' % namespace
+ cmd += 'netstat -nlp'
+ return shell.execute(cmd).stdout
+
+
class Route(HasProperties,
collections.namedtuple('Route',
['dest', 'properties'])):
diff --git a/neutron_tempest_plugin/common/utils.py b/neutron_tempest_plugin/common/utils.py
index f03762c..1526ecf 100644
--- a/neutron_tempest_plugin/common/utils.py
+++ b/neutron_tempest_plugin/common/utils.py
@@ -136,3 +136,74 @@
def call_url_remote(ssh_client, url):
cmd = "curl %s --retry 3 --connect-timeout 2" % url
return ssh_client.exec_command(cmd)
+
+
+class StatefulConnection:
+ """Class to test connection that should remain opened
+
+ Can be used to perform some actions while the initiated connection
+ remain opened
+ """
+
+ def __init__(self, client_ssh, server_ssh, target_ip, target_port):
+ self.client_ssh = client_ssh
+ self.server_ssh = server_ssh
+ self.ip = target_ip
+ self.port = target_port
+ self.connection_started = False
+ self.test_attempt = 0
+
+ def __enter__(self):
+ return self
+
+ @property
+ def test_str(self):
+ return 'attempt_{}'.format(str(self.test_attempt).zfill(3))
+
+ def _start_connection(self):
+ self.server_ssh.exec_command(
+ 'echo "{}" > input.txt'.format(self.test_str))
+ self.server_ssh.exec_command('tail -f input.txt | nc -lp '
+ '{} &> output.txt &'.format(self.port))
+ self.client_ssh.exec_command(
+ 'echo "{}" > input.txt'.format(self.test_str))
+ self.client_ssh.exec_command('tail -f input.txt | nc {} {} &>'
+ 'output.txt &'.format(self.ip, self.port))
+
+ def _test_connection(self):
+ if not self.connection_started:
+ self._start_connection()
+ else:
+ self.server_ssh.exec_command(
+ 'echo "{}" >> input.txt'.format(self.test_str))
+ self.client_ssh.exec_command(
+ 'echo "{}" >> input.txt & sleep 1'.format(self.test_str))
+ try:
+ self.server_ssh.exec_command(
+ 'grep {} output.txt'.format(self.test_str))
+ self.client_ssh.exec_command(
+ 'grep {} output.txt'.format(self.test_str))
+ if not self.should_pass:
+ return False
+ else:
+ if not self.connection_started:
+ self.connection_started = True
+ return True
+ except exceptions.SSHExecCommandFailed:
+ if self.should_pass:
+ return False
+ else:
+ return True
+ finally:
+ self.test_attempt += 1
+
+ def test_connection(self, should_pass=True, timeout=10, sleep_timer=1):
+ self.should_pass = should_pass
+ wait_until_true(
+ self._test_connection, timeout=timeout, sleep=sleep_timer)
+
+ def __exit__(self, type, value, traceback):
+ self.server_ssh.exec_command('sudo killall nc || killall nc')
+ self.server_ssh.exec_command('sudo killall tail || killall tail')
+ self.client_ssh.exec_command('sudo killall nc || killall nc')
+ self.client_ssh.exec_command('sudo killall tail || killall tail')
diff --git a/neutron_tempest_plugin/config.py b/neutron_tempest_plugin/config.py
index 2290d0f..36fec30 100644
--- a/neutron_tempest_plugin/config.py
+++ b/neutron_tempest_plugin/config.py
@@ -68,6 +68,11 @@
default=None,
choices=['None', 'linuxbridge', 'ovs', 'sriov'],
help='Agent used for devstack@q-agt.service'),
+ cfg.StrOpt('firewall_driver',
+ default=None,
+ choices=['None', 'openvswitch', 'ovn',
+ 'iptables_hybrid', 'iptables'],
+ help='Driver for security groups firewall in the L2 agent'),
# Multicast tests settings
cfg.StrOpt('multicast_group_range',
@@ -92,6 +97,9 @@
cfg.IntOpt('ssh_proxy_jump_port',
default=22,
help='Port used to connect to "ssh_proxy_jump_host".'),
+ cfg.IntOpt('reboots_in_test',
+ default=1,
+ help='Number of reboots to apply if tests requires reboots'),
# Options for special, "advanced" image like e.g. Ubuntu. Such image can be
# used in tests which require some more advanced tool than available in
diff --git a/neutron_tempest_plugin/scenario/base.py b/neutron_tempest_plugin/scenario/base.py
index 127701c..fad85ad 100644
--- a/neutron_tempest_plugin/scenario/base.py
+++ b/neutron_tempest_plugin/scenario/base.py
@@ -158,13 +158,14 @@
if sg['name'] == constants.DEFAULT_SECURITY_GROUP:
secgroup_id = sg['id']
break
-
+ resp = []
for rule in rule_list:
direction = rule.pop('direction')
- client.create_security_group_rule(
- direction=direction,
- security_group_id=secgroup_id,
- **rule)
+ resp.append(client.create_security_group_rule(
+ direction=direction,
+ security_group_id=secgroup_id,
+ **rule)['security_group_rule'])
+ return resp
@classmethod
def create_loginable_secgroup_rule(cls, secgroup_id=None,
@@ -205,8 +206,50 @@
else:
router = cls.create_admin_router(**kwargs)
LOG.debug("Created router %s", router['name'])
+ cls._wait_for_router_ha_active(router['id'])
return router
+ @classmethod
+ def _wait_for_router_ha_active(cls, router_id):
+ router = cls.os_admin.network_client.show_router(router_id)['router']
+ if not router.get('ha'):
+ return
+
+ def _router_active_on_l3_agent():
+ agents = cls.os_admin.network_client.list_l3_agents_hosting_router(
+ router_id)['agents']
+ return "active" in [agent['ha_state'] for agent in agents]
+
+ error_msg = (
+ "Router %s is not active on any of the L3 agents" % router_id)
+ # NOTE(slaweq): Due to bug
+ # the bug https://launchpad.net/bugs/1923633 let's temporary skip test
+ # if router will not become active on any of the L3 agents in 600
+ # seconds. When that bug will be fixed, we should get rid of that skip
+ # and lower timeout to e.g. 300 seconds, or even less
+ try:
+ utils.wait_until_true(
+ _router_active_on_l3_agent,
+ timeout=600, sleep=5,
+ exception=lib_exc.TimeoutException(error_msg))
+ except lib_exc.TimeoutException:
+ raise cls.skipException("Bug 1923633. %s" % error_msg)
+
+ @classmethod
+ def skip_if_no_extension_enabled_in_l3_agents(cls, extension):
+ l3_agents = cls.os_admin.network_client.list_agents(
+ binary='neutron-l3-agent')['agents']
+ if not l3_agents:
+ # the tests should not be skipped when neutron-l3-agent does not
+ # exist (this validation doesn't apply to the setups like
+ # e.g. ML2/OVN)
+ return
+ for agent in l3_agents:
+ if extension in agent['configurations'].get('extensions', []):
+ return
+ raise cls.skipTest("No L3 agent with '%s' extension enabled found." %
+ extension)
+
@removals.remove(version='Stein',
message="Please use create_floatingip method instead of "
"create_and_associate_floatingip.")
@@ -309,7 +352,9 @@
try:
local_ips = ip_utils.IPCommand(namespace=ns_name).list_addresses()
local_routes = ip_utils.IPCommand(namespace=ns_name).list_routes()
- arp_table = ip_utils.arp_table()
+ arp_table = ip_utils.arp_table(namespace=ns_name)
+ iptables = ip_utils.list_iptables(namespace=ns_name)
+ lsockets = ip_utils.list_listening_sockets(namespace=ns_name)
except exceptions.ShellCommandFailed:
LOG.debug('Namespace %s has been deleted synchronously during the '
'host network collection process', ns_name)
@@ -321,6 +366,8 @@
ns_name, '\n'.join(str(r) for r in local_routes))
LOG.debug('Namespace %s; Local ARP table:\n%s',
ns_name, '\n'.join(str(r) for r in arp_table))
+ LOG.debug('Namespace %s; Local iptables:\n%s', ns_name, iptables)
+ LOG.debug('Namespace %s; Listening sockets:\n%s', ns_name, lsockets)
def _check_remote_connectivity(self, source, dest, count,
should_succeed=True,
diff --git a/neutron_tempest_plugin/scenario/test_basic.py b/neutron_tempest_plugin/scenario/test_basic.py
index 38bc40b..7583f88 100644
--- a/neutron_tempest_plugin/scenario/test_basic.py
+++ b/neutron_tempest_plugin/scenario/test_basic.py
@@ -24,7 +24,7 @@
class NetworkBasicTest(base.BaseTempestTestCase):
- credentials = ['primary']
+ credentials = ['primary', 'admin']
force_tenant_isolation = False
# Default to ipv4.
diff --git a/neutron_tempest_plugin/scenario/test_connectivity.py b/neutron_tempest_plugin/scenario/test_connectivity.py
index 66c4789..ca7d755 100644
--- a/neutron_tempest_plugin/scenario/test_connectivity.py
+++ b/neutron_tempest_plugin/scenario/test_connectivity.py
@@ -88,6 +88,8 @@
ap2_rt = self.create_router(
router_name=data_utils.rand_name("ap2_rt"),
admin_state_up=True)
+ self._wait_for_router_ha_active(ap1_rt['id'])
+ self._wait_for_router_ha_active(ap2_rt['id'])
ap1_internal_port = self.create_port(
ap1_net, security_groups=[self.secgroup['id']])
@@ -140,6 +142,7 @@
router_name=data_utils.rand_name("east_west_traffic_router"),
admin_state_up=True,
external_network_id=CONF.network.public_network_id)
+ self._wait_for_router_ha_active(router['id'])
internal_port_1 = self.create_port(
net_1, security_groups=[self.secgroup['id']])
diff --git a/neutron_tempest_plugin/scenario/test_dns_integration.py b/neutron_tempest_plugin/scenario/test_dns_integration.py
index f7db822..79c0993 100644
--- a/neutron_tempest_plugin/scenario/test_dns_integration.py
+++ b/neutron_tempest_plugin/scenario/test_dns_integration.py
@@ -42,7 +42,7 @@
class BaseDNSIntegrationTests(base.BaseTempestTestCase, DNSMixin):
- credentials = ['primary']
+ credentials = ['primary', 'admin']
@classmethod
def setup_clients(cls):
diff --git a/neutron_tempest_plugin/scenario/test_floatingip.py b/neutron_tempest_plugin/scenario/test_floatingip.py
index 262f429..9902b68 100644
--- a/neutron_tempest_plugin/scenario/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/test_floatingip.py
@@ -217,7 +217,6 @@
def resource_setup(cls):
super(FloatingIPPortDetailsTest, cls).resource_setup()
- @test.unstable_test("bug 1815585")
@decorators.idempotent_id('a663aeee-dd81-492b-a207-354fd6284dbe')
def test_floatingip_port_details(self):
"""Tests the following:
@@ -341,14 +340,10 @@
def resource_setup(cls):
super(FloatingIPQosTest, cls).resource_setup()
- def skip_if_no_extension_enabled_in_l3_agents(self, extension):
- l3_agents = self.os_admin.network_client.list_agents(
- binary='neutron-l3-agent')['agents']
- for agent in l3_agents:
- if extension in agent['configurations'].get('extensions', []):
- return
- raise self.skipTest("No L3 agent with '%s' extension enabled found." %
- extension)
+ @classmethod
+ def setup_clients(cls):
+ super(FloatingIPQosTest, cls).setup_clients()
+ cls.admin_client = cls.os_admin.network_client
@decorators.idempotent_id('5eb48aea-eaba-4c20-8a6f-7740070a0aa3')
def test_qos(self):
@@ -363,8 +358,12 @@
self.skip_if_no_extension_enabled_in_l3_agents("fip_qos")
self._test_basic_resources()
+
+ # Create a new QoS policy
policy_id = self._create_qos_policy()
ssh_client = self._create_ssh_client()
+
+ # As admin user create a new QoS rules
self.os_admin.network_client.create_bandwidth_limit_rule(
policy_id, max_kbps=constants.LIMIT_KILO_BITS_PER_SECOND,
max_burst_kbps=constants.LIMIT_KILO_BYTES,
@@ -382,6 +381,7 @@
self.fip['id'])['floatingip']
self.assertEqual(self.port['id'], fip['port_id'])
+ # Associate QoS to the FIP
self.os_admin.network_client.update_floatingip(
self.fip['id'],
qos_policy_id=policy_id)
@@ -390,12 +390,38 @@
self.fip['id'])['floatingip']
self.assertEqual(policy_id, fip['qos_policy_id'])
+ # Basic test, Check that actual BW while downloading file
+ # is as expected (Original BW)
common_utils.wait_until_true(lambda: self._check_bw(
ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT),
timeout=120,
- sleep=1)
+ sleep=1,
+ exception=RuntimeError(
+ 'Failed scenario: "Create a QoS policy associated with FIP" '
+ 'Actual BW is not as expected!'))
+
+ # As admin user update QoS rules
+ for rule in rules['bandwidth_limit_rules']:
+ self.os_admin.network_client.update_bandwidth_limit_rule(
+ policy_id,
+ rule['id'],
+ max_kbps=constants.LIMIT_KILO_BITS_PER_SECOND * 2,
+ max_burst_kbps=constants.LIMIT_KILO_BITS_PER_SECOND * 2)
+
+ # Check that actual BW while downloading file
+ # is as expected (Update BW)
+ common_utils.wait_until_true(lambda: self._check_bw(
+ ssh_client,
+ self.fip['floating_ip_address'],
+ port=self.NC_PORT,
+ expected_bw=test_qos.QoSTestMixin.LIMIT_BYTES_SEC * 2),
+ timeout=120,
+ sleep=1,
+ exception=RuntimeError(
+ 'Failed scenario: "Update QoS policy associated with FIP" '
+ 'Actual BW is not as expected!'))
class TestFloatingIPUpdate(FloatingIpTestCasesMixin,
diff --git a/neutron_tempest_plugin/scenario/test_internal_dns.py b/neutron_tempest_plugin/scenario/test_internal_dns.py
index 406af3d..c0a2c04 100644
--- a/neutron_tempest_plugin/scenario/test_internal_dns.py
+++ b/neutron_tempest_plugin/scenario/test_internal_dns.py
@@ -24,6 +24,7 @@
class InternalDNSTest(base.BaseTempestTestCase):
+ credentials = ['primary', 'admin']
@utils.requires_ext(extension="dns-integration", service="network")
@decorators.idempotent_id('988347de-07af-471a-abfa-65aea9f452a6')
diff --git a/neutron_tempest_plugin/scenario/test_multicast.py b/neutron_tempest_plugin/scenario/test_multicast.py
index 79f835e..726d1e0 100644
--- a/neutron_tempest_plugin/scenario/test_multicast.py
+++ b/neutron_tempest_plugin/scenario/test_multicast.py
@@ -15,11 +15,11 @@
import netaddr
from neutron_lib import constants
-from neutron_lib.utils import test
from oslo_log import log
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
+from neutron_tempest_plugin.common import ip
from neutron_tempest_plugin.common import ssh
from neutron_tempest_plugin.common import utils
from neutron_tempest_plugin import config
@@ -111,17 +111,18 @@
'result_file': result_file}
-def get_unregistered_script(group, result_file):
+def get_unregistered_script(interface, group, result_file):
return """#!/bin/bash
export LC_ALL=en_US.UTF-8
-tcpdump -i any -s0 -vv host %(group)s -vvneA -s0 -l &> %(result_file)s &
- """ % {'group': group,
+tcpdump -i %(interface)s host %(group)s -vvneA -s0 -l -c1 &> %(result_file)s &
+ """ % {'interface': interface,
+ 'group': group,
'result_file': result_file}
class BaseMulticastTest(object):
- credentials = ['primary']
+ credentials = ['primary', 'admin']
force_tenant_isolation = False
# Import configuration options
@@ -202,9 +203,9 @@
)['server']
self.wait_for_server_active(server)
self.wait_for_guest_os_ready(server)
- port = self.client.list_ports(
+ server['port'] = self.client.list_ports(
network_id=self.network['id'], device_id=server['id'])['ports'][0]
- server['fip'] = self.create_floatingip(port=port)
+ server['fip'] = self.create_floatingip(port=server['port'])
server['ssh_client'] = ssh.Client(server['fip']['floating_ip_address'],
self.username,
pkey=self.keypair['private_key'])
@@ -242,18 +243,21 @@
'echo "%s" > /tmp/multicast_traffic_receiver.py' % check_script)
def _prepare_unregistered(self, server, mcast_address):
- check_script = get_unregistered_script(
- group=mcast_address, result_file=self.unregistered_output_file)
ssh_client = ssh.Client(
server['fip']['floating_ip_address'],
self.username,
pkey=self.keypair['private_key'])
+ ip_command = ip.IPCommand(ssh_client=ssh_client)
+ addresses = ip_command.list_addresses(port=server['port'])
+ port_iface = ip.get_port_device_name(addresses, server['port'])
+ check_script = get_unregistered_script(
+ interface=port_iface, group=mcast_address,
+ result_file=self.unregistered_output_file)
self._check_cmd_installed_on_server(ssh_client, server['id'],
'tcpdump')
server['ssh_client'].execute_script(
'echo "%s" > /tmp/unregistered_traffic_receiver.sh' % check_script)
- @test.unstable_test("bug 1850288")
@decorators.idempotent_id('113486fc-24c9-4be4-8361-03b1c9892867')
def test_multicast_between_vms_on_same_network(self):
"""Test multicast messaging between two servers on the same network
@@ -343,19 +347,39 @@
for receiver_id in receiver_ids:
self.assertIn(receiver_id, replies_result)
- # Kill the tcpdump command running on the unregistered node so
- # tcpdump flushes its output to the output file
- unregistered['ssh_client'].execute_script(
- "killall tcpdump && sleep 2", become_root=True)
+ def check_unregistered_host():
+ unregistered_result = unregistered['ssh_client'].execute_script(
+ "cat {path} || echo '{path} not exists yet'".format(
+ path=self.unregistered_output_file))
+ LOG.debug("Unregistered VM result: %s", unregistered_result)
+ return expected_result in unregistered_result
- unregistered_result = unregistered['ssh_client'].execute_script(
- "cat {path} || echo '{path} not exists yet'".format(
- path=self.unregistered_output_file))
- LOG.debug("Unregistered VM result: %s", unregistered_result)
- expected_result = '0 packets captured'
- if self._is_multicast_traffic_expected(mcast_address):
- expected_result = '1 packet captured'
- self.assertIn(expected_result, unregistered_result)
+ expected_result = '1 packet captured'
+ unregistered_error_message = (
+ 'Unregistered server did not received expected packet.')
+ if not self._is_multicast_traffic_expected(mcast_address):
+ # Kill the tcpdump command runs on the unregistered node with "-c"
+ # option so it will be stopped automatically if it will receive
+ # packet matching filters,
+ # We don't expect any packets to be captured really in this case
+ # so let's kill tcpdump so it flushes its output to the output
+ # file.
+ expected_result = ('0 packets captured')
+ unregistered_error_message = (
+ 'Unregistered server received unexpected packet(s).')
+ try:
+ unregistered['ssh_client'].execute_script(
+ "killall tcpdump && sleep 2", become_root=True)
+ except exceptions.SSHScriptFailed:
+ # Probably some packet was captured by tcpdump and due to that
+ # it is already stopped
+ self.assertTrue(check_unregistered_host(),
+ unregistered_error_message)
+ return
+
+ utils.wait_until_true(
+ check_unregistered_host,
+ exception=RuntimeError(unregistered_error_message))
class MulticastTestIPv4(BaseMulticastTest, base.BaseTempestTestCase):
diff --git a/neutron_tempest_plugin/scenario/test_port_forwardings.py b/neutron_tempest_plugin/scenario/test_port_forwardings.py
index 6a5d3c9..a3adc03 100644
--- a/neutron_tempest_plugin/scenario/test_port_forwardings.py
+++ b/neutron_tempest_plugin/scenario/test_port_forwardings.py
@@ -31,11 +31,13 @@
class PortForwardingTestJSON(base.BaseTempestTestCase):
+ credentials = ['primary', 'admin']
required_extensions = ['router', 'floating-ip-port-forwarding']
@classmethod
def resource_setup(cls):
super(PortForwardingTestJSON, cls).resource_setup()
+ cls.skip_if_no_extension_enabled_in_l3_agents("port_forwarding")
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.router = cls.create_router_by_client()
diff --git a/neutron_tempest_plugin/scenario/test_ports.py b/neutron_tempest_plugin/scenario/test_ports.py
index b3aeb87..fb2d2b0 100644
--- a/neutron_tempest_plugin/scenario/test_ports.py
+++ b/neutron_tempest_plugin/scenario/test_ports.py
@@ -28,7 +28,7 @@
class PortsTest(base.BaseTempestTestCase):
- credentials = ['primary']
+ credentials = ['primary', 'admin']
@classmethod
def resource_setup(cls):
diff --git a/neutron_tempest_plugin/scenario/test_portsecurity.py b/neutron_tempest_plugin/scenario/test_portsecurity.py
index 257627c..c90db08 100644
--- a/neutron_tempest_plugin/scenario/test_portsecurity.py
+++ b/neutron_tempest_plugin/scenario/test_portsecurity.py
@@ -21,7 +21,7 @@
class PortSecurityTest(base.BaseTempestTestCase):
- credentials = ['primary']
+ credentials = ['primary', 'admin']
required_extensions = ['port-security']
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
diff --git a/neutron_tempest_plugin/scenario/test_qos.py b/neutron_tempest_plugin/scenario/test_qos.py
index 77520a7..d00210c 100644
--- a/neutron_tempest_plugin/scenario/test_qos.py
+++ b/neutron_tempest_plugin/scenario/test_qos.py
@@ -137,6 +137,7 @@
name='test-policy',
description='test-qos-policy',
shared=True)
+ self.qos_policies.append(policy['policy'])
return policy['policy']['id']
def _create_server_by_port(self, port=None):
@@ -189,6 +190,11 @@
def resource_setup(cls):
super(QoSTest, cls).resource_setup()
+ @classmethod
+ def setup_clients(cls):
+ super(QoSTest, cls).setup_clients()
+ cls.admin_client = cls.os_admin.network_client
+
@decorators.idempotent_id('00682a0c-b72e-11e8-b81e-8c16450ea513')
def test_qos_basic_and_update(self):
"""This test covers following scenarios:
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 9059a2f..e574a1b 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -12,8 +12,12 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-from neutron_lib import constants
+import netaddr
+from neutron_lib import constants
+import testtools
+
+from tempest.common import utils as tempest_utils
from tempest.common import waiters
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
@@ -273,6 +277,50 @@
'remote_ip_prefix': cidr}]
self._test_ip_prefix(rule_list, should_succeed=False)
+ @decorators.idempotent_id('01f0ddca-b049-47eb-befd-82acb502c9ec')
+ def test_established_tcp_session_after_re_attachinging_sg(self):
+ """Test existing connection remain open after sg has been re-attached
+
+ Verifies that new packets can pass over the existing connection when
+ the security group has been removed from the server and then added
+ back
+ """
+
+ ssh_sg = self.create_security_group()
+ self.create_loginable_secgroup_rule(secgroup_id=ssh_sg['id'])
+ vm_ssh, fips, vms = self.create_vm_testing_sec_grp(
+ security_groups=[{'name': ssh_sg['name']}])
+ sg = self.create_security_group()
+ nc_rule = [{'protocol': constants.PROTO_NUM_TCP,
+ 'direction': constants.INGRESS_DIRECTION,
+ 'port_range_min': 6666,
+ 'port_range_max': 6666}]
+ self.create_secgroup_rules(nc_rule, secgroup_id=sg['id'])
+ srv_port = self.client.list_ports(network_id=self.network['id'],
+ device_id=vms[1]['server']['id'])['ports'][0]
+ srv_ip = srv_port['fixed_ips'][0]['ip_address']
+ with utils.StatefulConnection(
+ vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
+ self.client.update_port(srv_port['id'],
+ security_groups=[ssh_sg['id'], sg['id']])
+ con.test_connection()
+ with utils.StatefulConnection(
+ vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
+ self.client.update_port(
+ srv_port['id'], security_groups=[ssh_sg['id']])
+ con.test_connection(should_pass=False)
+ with utils.StatefulConnection(
+ vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
+ self.client.update_port(srv_port['id'],
+ security_groups=[ssh_sg['id'], sg['id']])
+ con.test_connection()
+ self.client.update_port(srv_port['id'],
+ security_groups=[ssh_sg['id']])
+ con.test_connection(should_pass=False)
+ self.client.update_port(srv_port['id'],
+ security_groups=[ssh_sg['id'], sg['id']])
+ con.test_connection()
+
@decorators.idempotent_id('7ed39b86-006d-40fb-887a-ae46693dabc9')
def test_remote_group(self):
# create a new sec group
@@ -310,6 +358,95 @@
self.ping_ip_address(fips[0]['floating_ip_address'],
should_succeed=False)
+ @testtools.skipUnless(
+ CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
+ "Openvswitch agent is required to run this test")
+ @decorators.idempotent_id('678dd4c0-2953-4626-b89c-8e7e4110ec4b')
+ @tempest_utils.requires_ext(extension="address-group", service="network")
+ @tempest_utils.requires_ext(
+ extension="security-groups-remote-address-group", service="network")
+ def test_remote_group_and_remote_address_group(self):
+ """Test SG rules with remote group and remote address group
+
+ This test checks the ICMP connection among two servers using a security
+ group rule with remote group and another rule with remote address
+ group. The connection should be granted when at least one of the rules
+ is applied. When both rules are applied (overlapped), removing one of
+ them should not disable the connection.
+ """
+ # create a new sec group
+ ssh_secgrp_name = data_utils.rand_name('ssh_secgrp')
+ ssh_secgrp = self.os_primary.network_client.create_security_group(
+ name=ssh_secgrp_name)
+ # add cleanup
+ self.security_groups.append(ssh_secgrp['security_group'])
+ # configure sec group to support SSH connectivity
+ self.create_loginable_secgroup_rule(
+ secgroup_id=ssh_secgrp['security_group']['id'])
+ # spawn two instances with the sec group created
+ server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
+ security_groups=[{'name': ssh_secgrp_name}])
+ # verify SSH functionality
+ for i in range(2):
+ self.check_connectivity(fips[i]['floating_ip_address'],
+ CONF.validation.image_ssh_user,
+ self.keypair['private_key'])
+ # try to ping instances without ICMP permissions
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ should_succeed=False)
+ # add ICMP support to the remote group
+ rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
+ 'direction': constants.INGRESS_DIRECTION,
+ 'remote_group_id': ssh_secgrp['security_group']['id']}]
+ remote_sg_rid = self.create_secgroup_rules(
+ rule_list, secgroup_id=ssh_secgrp['security_group']['id'])[0]['id']
+ # verify ICMP connectivity between instances works
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # add ICMP rule with remote address group
+ test_ag = self.create_address_group(
+ name=data_utils.rand_name('test_ag'),
+ addresses=[str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))])
+ rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
+ 'direction': constants.INGRESS_DIRECTION,
+ 'remote_address_group_id': test_ag['id']}]
+ remote_ag_rid = self.create_secgroup_rules(
+ rule_list, secgroup_id=ssh_secgrp['security_group']['id'])[0]['id']
+ # verify ICMP connectivity between instances still works
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # Remove the ICMP rule with remote group
+ self.client.delete_security_group_rule(remote_sg_rid)
+ # verify ICMP connectivity between instances still works as granted
+ # by the rule with remote address group
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # Remove the ICMP rule with remote address group
+ self.client.delete_security_group_rule(remote_ag_rid)
+ # verify ICMP connectivity between instances doesn't work now
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ should_succeed=False)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
@decorators.idempotent_id('f07d0159-8f9e-4faa-87f5-a869ab0ad488')
def test_multiple_ports_secgroup_inheritance(self):
"""Test multiple port security group inheritance
diff --git a/neutron_tempest_plugin/scenario/test_trunk.py b/neutron_tempest_plugin/scenario/test_trunk.py
index 8f260ea..b86c019 100644
--- a/neutron_tempest_plugin/scenario/test_trunk.py
+++ b/neutron_tempest_plugin/scenario/test_trunk.py
@@ -97,6 +97,37 @@
floating_ip=floating_ip, server=server,
ssh_client=ssh_client)
+ def _create_advanced_servers_with_trunk_port(self, num_servers=1,
+ subport_network=None,
+ segmentation_id=None,
+ vlan_subnet=None,
+ use_advanced_image=False):
+ server_list = []
+ for _ in range(0, num_servers):
+ vm = self._create_server_with_trunk_port(
+ subport_network,
+ segmentation_id,
+ use_advanced_image)
+ server_list.append(vm)
+ self._configure_vlan_subport(
+ vm=vm,
+ vlan_tag=segmentation_id,
+ vlan_subnet=vlan_subnet)
+
+ for server in server_list:
+ self.check_connectivity(
+ host=vm.floating_ip['floating_ip_address'],
+ ssh_client=vm.ssh_client)
+
+ return server_list
+
+ def _check_servers_remote_connectivity(self, vms=None,
+ should_succeed=True):
+ self.check_remote_connectivity(
+ vms[0].ssh_client,
+ vms[1].subport['fixed_ips'][0]['ip_address'],
+ should_succeed=should_succeed)
+
def _create_server_port(self, network=None, **params):
network = network or self.network
return self.create_port(network=network, name=self.rand_name,
@@ -247,53 +278,73 @@
self._wait_for_trunk(vm.trunk)
self._assert_has_ssh_connectivity(vm1.ssh_client)
+ @testtools.skipUnless(
+ (CONF.neutron_plugin_options.advanced_image_ref or
+ CONF.neutron_plugin_options.default_image_is_advanced),
+ "Advanced image is required to run this test.")
+ @testtools.skipUnless(
+ (CONF.neutron_plugin_options.reboots_in_test > 0),
+ "Number of reboots > 0 is reqired for this test")
+ @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da6680fb')
+ def test_subport_connectivity_soft_reboot(self):
+ vlan_tag = 10
+ vlan_network = self.create_network()
+ vlan_subnet = self.create_subnet(network=vlan_network, gateway=None)
+ use_advanced_image = (
+ not CONF.neutron_plugin_options.default_image_is_advanced)
+
+ # allow intra-security-group traffic
+ sg_rule = self.create_pingable_secgroup_rule(self.security_group['id'])
+ self.addCleanup(
+ self.os_primary.network_client.delete_security_group_rule,
+ sg_rule['id'])
+
+ vms = self._create_advanced_servers_with_trunk_port(
+ num_servers=2,
+ subport_network=vlan_network,
+ segmentation_id=vlan_tag,
+ vlan_subnet=vlan_subnet,
+ use_advanced_image=use_advanced_image)
+ # check remote connectivity true before reboots
+ self._check_servers_remote_connectivity(vms=vms)
+ client = self.os_tempest.compute.ServersClient()
+ for _ in range(CONF.neutron_plugin_options.reboots_in_test):
+ client.reboot_server(vms[1].server['id'],
+ **{'type': 'SOFT'})
+ self.wait_for_server_active(vms[1].server)
+ self._configure_vlan_subport(vm=vms[1],
+ vlan_tag=vlan_tag,
+ vlan_subnet=vlan_subnet)
+ self._check_servers_remote_connectivity(vms=vms)
+
@test.unstable_test("bug 1897796")
@testtools.skipUnless(
(CONF.neutron_plugin_options.advanced_image_ref or
CONF.neutron_plugin_options.default_image_is_advanced),
"Advanced image is required to run this test.")
- @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da66aafb')
+ @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da66bbcb')
def test_subport_connectivity(self):
vlan_tag = 10
vlan_network = self.create_network()
vlan_subnet = self.create_subnet(network=vlan_network, gateway=None)
-
use_advanced_image = (
not CONF.neutron_plugin_options.default_image_is_advanced)
-
- vm1 = self._create_server_with_trunk_port(
+ vms = self._create_advanced_servers_with_trunk_port(
+ num_servers=2,
subport_network=vlan_network,
segmentation_id=vlan_tag,
+ vlan_subnet=vlan_subnet,
use_advanced_image=use_advanced_image)
- vm2 = self._create_server_with_trunk_port(
- subport_network=vlan_network,
- segmentation_id=vlan_tag,
- use_advanced_image=use_advanced_image)
-
- for vm in [vm1, vm2]:
- self.check_connectivity(
- host=vm.floating_ip['floating_ip_address'],
- ssh_client=vm.ssh_client)
- self._configure_vlan_subport(vm=vm,
- vlan_tag=vlan_tag,
- vlan_subnet=vlan_subnet)
-
# Ping from server1 to server2 via VLAN interface should fail because
# we haven't allowed ICMP
- self.check_remote_connectivity(
- vm1.ssh_client,
- vm2.subport['fixed_ips'][0]['ip_address'],
- should_succeed=False)
-
+ self._check_servers_remote_connectivity(vms=vms,
+ should_succeed=False)
# allow intra-security-group traffic
sg_rule = self.create_pingable_secgroup_rule(self.security_group['id'])
self.addCleanup(
self.os_primary.network_client.delete_security_group_rule,
sg_rule['id'])
- self.check_remote_connectivity(
- vm1.ssh_client,
- vm2.subport['fixed_ips'][0]['ip_address'],
- servers=[vm1, vm2])
+ self._check_servers_remote_connectivity(vms=vms)
@testtools.skipUnless(CONF.compute_feature_enabled.cold_migration,
'Cold migration is not available.')
diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml
index 7ee20dc..04fe323 100644
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@@ -7,7 +7,6 @@
roles:
- zuul: openstack/devstack
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- openstack/neutron-tempest-plugin
- openstack/tempest
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index 005c737..1bdb17c 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml
@@ -6,6 +6,7 @@
# neutron repository and keep it different per branch,
# then it could be removed from here
network_api_extensions_common: &api_extensions
+ - address-group
- address-scope
- agent
- allowed-address-pairs
@@ -55,6 +56,7 @@
- qos-fip
- quotas
- quota_details
+ - rbac-address-group
- rbac-address-scope
- rbac-policies
- rbac-security-groups
@@ -63,6 +65,7 @@
- router-admin-state-down-before-update
- router_availability_zone
- security-group
+ - security-groups-remote-address-group
- segment
- service-type
- sorting
@@ -84,9 +87,25 @@
- ipv6_metadata
tempest_test_regex: ^neutron_tempest_plugin\.api
devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
neutron-log: true
devstack_localrc:
- NEUTRON_DEPLOY_MOD_WSGI: true
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
devstack_local_conf:
post-config:
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
@@ -117,16 +136,34 @@
parent: neutron-tempest-plugin-scenario
timeout: 10000
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_available_features: *available_features
devstack_localrc:
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
+ l3_ha: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
# devstack-tempest job will be switched to use lib/neutron instead of
# lib/neutron-legacy
@@ -142,6 +179,7 @@
available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: openvswitch
irrelevant-files: &openvswitch-scenario-irrelevant-files
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
@@ -164,19 +202,41 @@
parent: neutron-tempest-plugin-scenario
timeout: 10000
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_available_features: *available_features
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
- tempest_black_regex: "(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)"
+ # TODO(akatz): remove established tcp session verification test when the
+ # bug https://bugzilla.redhat.com/show_bug.cgi?id=1965036 will be fixed
+ tempest_exclude_regex: "\
+ (^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)|\
+ (^neutron_tempest_plugin.scenario.test_security_groups.NetworkSecGroupTest.test_established_tcp_session_after_re_attachinging_sg)"
devstack_localrc:
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
+ l3_ha: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
# devstack-tempest job will be switched to use lib/neutron instead of
# lib/neutron-legacy
@@ -194,6 +254,7 @@
available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: iptables_hybrid
irrelevant-files:
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
@@ -220,22 +281,40 @@
- zuul: openstack/neutron
pre-run: playbooks/linuxbridge-scenario-pre-run.yaml
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_api_extensions_linuxbridge:
- vlan-transparent
network_available_features: *available_features
# TODO(eolivare): remove VLAN Transparency tests from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1907548 will be fixed
- tempest_black_regex: "(^neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest)"
+ tempest_exclude_regex: "(^neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest)"
devstack_localrc:
Q_AGENT: linuxbridge
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions + network_api_extensions_linuxbridge) | join(',') }}"
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
vlan_transparent: true
+ l3_ha: true
AGENT:
debug_iptables_rules: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
@@ -252,6 +331,7 @@
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
q_agent: linuxbridge
+ firewall_driver: iptables
irrelevant-files:
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
@@ -285,7 +365,7 @@
# be fixed
# TODO(jlibosva): Remove the NetworkWritableMtuTest test from the list
# once east/west fragmentation is supported in core OVN
- tempest_black_regex: "\
+ tempest_exclude_regex: "\
(?:neutron_tempest_plugin.scenario.test_ipv6.IPv6Test)|\
(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_trunk_subport_lifecycle)|\
(^neutron_tempest_plugin.scenario.test_mtu.NetworkWritableMtuTest)"
@@ -307,6 +387,7 @@
OVN_BUILD_FROM_SOURCE: True
OVN_BRANCH: "v20.12.0"
OVS_BRANCH: "branch-2.15"
+ OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
@@ -349,6 +430,12 @@
neutron_plugin_options:
available_type_drivers: local,flat,vlan,geneve
is_igmp_snooping_enabled: True
+ firewall_driver: ovn
+ zuul_copy_output:
+ '{{ devstack_base_dir }}/data/ovs': 'logs'
+ '{{ devstack_base_dir }}/data/ovn': 'logs'
+ '{{ devstack_log_dir }}/ovsdb-server-nb.log': 'logs'
+ '{{ devstack_log_dir }}/ovsdb-server-sb.log': 'logs'
irrelevant-files:
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
@@ -384,7 +471,6 @@
roles:
- zuul: openstack/devstack
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- openstack/neutron-tempest-plugin
- openstack/tempest
@@ -489,6 +575,7 @@
image_is_advanced: true
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
l3_agent_mode: dvr_snat
+ firewall_driver: openvswitch
group-vars:
subnode:
devstack_services:
@@ -547,6 +634,8 @@
devstack_localrc:
DESIGNATE_BACKEND_DRIVER: bind9
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
# In this job advanced image is not needed, so it's name should be
# empty
ADVANCED_IMAGE_NAME: ""
@@ -570,6 +659,20 @@
devstack_services:
cinder: false
designate: true
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
tempest_plugins:
- designate-tempest-plugin
- neutron-tempest-plugin
@@ -596,12 +699,26 @@
parent: neutron-tempest-plugin-base
timeout: 10800
required-projects:
- - openstack/devstack-gate
- openstack/networking-sfc
- openstack/neutron
- openstack/neutron-tempest-plugin
- openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Enable Neutron services that are not used by OVN
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions_common: *api_extensions
tempest_test_regex: ^neutron_tempest_plugin\.sfc
devstack_plugins:
@@ -611,6 +728,9 @@
- flow_classifier
- sfc
devstack_localrc:
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_sfc) | join(',') }}"
# TODO(bcafarel): tests still fail from time to time in parallel
# https://bugs.launchpad.net/neutron/+bug/1851500
@@ -624,12 +744,30 @@
- openstack/networking-bagpipe
- openstack/networking-bgpvpn
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Enable Neutron services that are not used by OVN
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
tempest_test_regex: ^neutron_tempest_plugin\.bgpvpn
network_api_extensions: *api_extensions
network_api_extensions_bgpvpn:
- bgpvpn
- bgpvpn-routes-control
devstack_localrc:
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORKING_BGPVPN_DRIVER: "BGPVPN:BaGPipe:networking_bgpvpn.neutron.services.service_drivers.bagpipe.bagpipe_v2.BaGPipeBGPVPNDriver:default"
BAGPIPE_DATAPLANE_DRIVER_IPVPN: "ovs"
BAGPIPE_BGP_PEERS: "-"
@@ -660,10 +798,26 @@
- bgp_4byte_asn
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_bgp) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-meta: true
+ q-metering: true
+ q-l3: true
neutron-dr: true
neutron-dr-agent: true
- q-l3: true
tempest_concurrency: 1
tempest_test_regex: ^neutron_tempest_plugin\.neutron_dynamic_routing
@@ -672,7 +826,6 @@
parent: neutron-tempest-plugin-base
timeout: 3900
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- openstack/neutron-vpnaas
- openstack/neutron-tempest-plugin
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 14f1061..969f80a 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -7,6 +7,7 @@
- neutron-tempest-plugin-scenario-openvswitch
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
- neutron-tempest-plugin-scenario-ovn
+ - neutron-tempest-plugin-designate-scenario
gate:
jobs:
- neutron-tempest-plugin-api
@@ -19,10 +20,6 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario
- project-template:
@@ -50,6 +47,7 @@
- neutron-tempest-plugin-scenario-linuxbridge-rocky
- neutron-tempest-plugin-scenario-openvswitch-rocky
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-rocky
+ - neutron-tempest-plugin-designate-scenario-rocky
gate:
jobs:
- neutron-tempest-plugin-api-rocky
@@ -58,10 +56,6 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-rocky
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario-rocky
- project-template:
@@ -72,6 +66,7 @@
- neutron-tempest-plugin-scenario-linuxbridge-stein
- neutron-tempest-plugin-scenario-openvswitch-stein
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-stein
+ - neutron-tempest-plugin-designate-scenario-stein
gate:
jobs:
- neutron-tempest-plugin-api-stein
@@ -80,10 +75,6 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-stein
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario-stein
- project-template:
@@ -94,6 +85,7 @@
- neutron-tempest-plugin-scenario-linuxbridge-train
- neutron-tempest-plugin-scenario-openvswitch-train
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-train
+ - neutron-tempest-plugin-designate-scenario-train
gate:
jobs:
- neutron-tempest-plugin-api-train
@@ -102,10 +94,6 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-train
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario-train
- project-template:
@@ -117,6 +105,7 @@
- neutron-tempest-plugin-scenario-openvswitch-ussuri
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-ussuri
- neutron-tempest-plugin-scenario-ovn-ussuri
+ - neutron-tempest-plugin-designate-scenario-ussuri
gate:
jobs:
- neutron-tempest-plugin-api-ussuri
@@ -125,10 +114,6 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-ussuri
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario-ussuri
- project-template:
@@ -140,6 +125,7 @@
- neutron-tempest-plugin-scenario-openvswitch-victoria
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-victoria
- neutron-tempest-plugin-scenario-ovn-victoria
+ - neutron-tempest-plugin-designate-scenario-victoria
gate:
jobs:
- neutron-tempest-plugin-api-victoria
@@ -148,38 +134,56 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-victoria
- # TODO(slaweq): move it back to the check queue when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- - neutron-tempest-plugin-designate-scenario-victoria
+
+
+- project-template:
+ name: neutron-tempest-plugin-jobs-wallaby
+ check:
+ jobs:
+ - neutron-tempest-plugin-api-wallaby
+ - neutron-tempest-plugin-scenario-linuxbridge-wallaby
+ - neutron-tempest-plugin-scenario-openvswitch-wallaby
+ - neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-wallaby
+ - neutron-tempest-plugin-scenario-ovn-wallaby
+ - neutron-tempest-plugin-designate-scenario-wallaby
+ gate:
+ jobs:
+ - neutron-tempest-plugin-api-wallaby
+ #TODO(slaweq): Move neutron-tempest-plugin-dvr-multinode-scenario out of
+ # the experimental queue when it will be more stable
+ experimental:
+ jobs:
+ - neutron-tempest-plugin-dvr-multinode-scenario-wallaby
- project:
templates:
- build-openstack-docs-pti
- neutron-tempest-plugin-jobs
- - neutron-tempest-plugin-jobs-train
- neutron-tempest-plugin-jobs-ussuri
- neutron-tempest-plugin-jobs-victoria
+ - neutron-tempest-plugin-jobs-wallaby
- check-requirements
- tempest-plugin-jobs
- release-notes-jobs-python3
check:
jobs:
- neutron-tempest-plugin-sfc
- - neutron-tempest-plugin-sfc-train
- neutron-tempest-plugin-sfc-ussuri
- neutron-tempest-plugin-sfc-victoria
+ - neutron-tempest-plugin-sfc-wallaby
- neutron-tempest-plugin-bgpvpn-bagpipe
- - neutron-tempest-plugin-bgpvpn-bagpipe-train
- neutron-tempest-plugin-bgpvpn-bagpipe-ussuri
- neutron-tempest-plugin-bgpvpn-bagpipe-victoria
+ - neutron-tempest-plugin-bgpvpn-bagpipe-wallaby
- neutron-tempest-plugin-dynamic-routing
- neutron-tempest-plugin-dynamic-routing-ussuri
- neutron-tempest-plugin-dynamic-routing-victoria
+ - neutron-tempest-plugin-dynamic-routing-wallaby
- neutron-tempest-plugin-vpnaas
- neutron-tempest-plugin-vpnaas-ussuri
- neutron-tempest-plugin-vpnaas-victoria
+ - neutron-tempest-plugin-vpnaas-wallaby
gate:
jobs:
@@ -189,10 +193,6 @@
experimental:
jobs:
- - neutron-tempest-plugin-fwaas-train:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1858645 will be fixed
- voting: false
- neutron-tempest-plugin-fwaas-ussuri:
# TODO(slaweq): switch it to be voting when bug
# https://bugs.launchpad.net/neutron/+bug/1858645 will be fixed
diff --git a/zuul.d/queens_jobs.yaml b/zuul.d/queens_jobs.yaml
index e1ecc00..33430c8 100644
--- a/zuul.d/queens_jobs.yaml
+++ b/zuul.d/queens_jobs.yaml
@@ -4,12 +4,26 @@
parent: neutron-tempest-plugin-api
override-checkout: stable/queens
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.3.0
- openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/queens
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -73,6 +87,24 @@
CIRROS_VERSION: 0.3.5
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
@@ -82,7 +114,6 @@
nodeset: openstack-single-node-xenial
override-checkout: stable/queens
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.3.0
@@ -91,6 +122,12 @@
branch_override: stable/queens
network_api_extensions: *api_extensions
network_available_features: *available_features
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
# NOTE(bcafarel): remove DNS test as queens pinned version does not have
@@ -113,7 +150,6 @@
- zuul: openstack/neutron
override-checkout: stable/queens
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.3.0
@@ -145,6 +181,10 @@
/$NEUTRON_CORE_PLUGIN_CONF:
ml2:
type_drivers: flat,vlan,local,vxlan
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
# NOTE: ignores linux bridge's trunk delete on bound port test
# for rocky branch (as https://review.opendev.org/#/c/605589/
@@ -160,7 +200,6 @@
nodeset: openstack-two-node-xenial
override-checkout: stable/queens
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.3.0
@@ -186,7 +225,6 @@
nodeset: openstack-single-node-xenial
override-checkout: stable/queens
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.3.0
diff --git a/zuul.d/rocky_jobs.yaml b/zuul.d/rocky_jobs.yaml
index 4b6145b..c5ccbc0 100644
--- a/zuul.d/rocky_jobs.yaml
+++ b/zuul.d/rocky_jobs.yaml
@@ -6,12 +6,26 @@
This job run on py2 for stable/rocky gate.
override-checkout: stable/rocky
required-projects: &required-projects-rocky
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.9.0
- openstack/tempest
vars: &api_vars_rocky
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/rocky
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -79,6 +93,24 @@
USE_PYTHON3: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
# NOTE(gmann): This job run on py2 for stable/rocky gate.
branches:
- stable/rocky
@@ -100,27 +132,85 @@
- job:
name: neutron-tempest-plugin-scenario-openvswitch-rocky
- parent: neutron-tempest-plugin-scenario-openvswitch
+ parent: neutron-tempest-plugin-scenario
description: |
This job run on py2 for stable/rocky gate.
nodeset: openstack-single-node-xenial
+ timeout: 10000
override-checkout: stable/rocky
required-projects: *required-projects-rocky
vars: &scenario_vars_rocky
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/rocky
network_api_extensions: *api_extensions
network_available_features: &available_features
-
devstack_localrc:
USE_PYTHON3: false
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
- # NOTE(bcafarel): newer tests, unstable on rocky branch
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ enable_dvr: false
+ l3_ha: true
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ agent:
+ tunnel_types: vxlan,gre
+ ovs:
+ tunnel_bridge: br-tun
+ bridge_mappings: public:br-ex
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: "{{ network_available_features | join(',') }}"
+ neutron_plugin_options:
+ available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: openvswitch
tempest_black_regex: "\
(^neutron_tempest_plugin.scenario.test_port_forwardings.PortForwardingTestJSON.test_port_forwarding_to_2_servers)|\
(^neutron_tempest_plugin.scenario.test_security_groups.NetworkSecGroupTest.test_multiple_ports_portrange_remote)"
branches:
- stable/rocky
+ irrelevant-files: &openvswitch-scenario-irrelevant-files
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
- job:
name: neutron-tempest-plugin-scenario-openvswitch-rocky
@@ -136,22 +226,70 @@
devstack_localrc:
USE_PYTHON3: True
branches: ^(?!stable/rocky).*$
+ irrelevant-files: *openvswitch-scenario-irrelevant-files
- job:
name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-rocky
- parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
+ parent: neutron-tempest-plugin-scenario
nodeset: openstack-single-node-xenial
+ timeout: 10000
description: |
This job run on py2 for stable/rocky gate.
override-checkout: stable/rocky
required-projects: *required-projects-rocky
vars: &openvswitch_vars_rocky
- branch_override: stable/rocky
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
+ network_available_features: *available_features
devstack_localrc:
USE_PYTHON3: false
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ enable_dvr: false
+ l3_ha: true
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ agent:
+ tunnel_types: vxlan,gre
+ ovs:
+ tunnel_bridge: br-tun
+ bridge_mappings: public:br-ex
+ securitygroup:
+ firewall_driver: iptables_hybrid
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: "{{ network_available_features | join(',') }}"
+ neutron_plugin_options:
+ available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: iptables_hybrid
# TODO(bcafarel): remove trunks subport_connectivity test from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
# NOTE(bcafarel): other are newer tests, unstable on rocky branch
@@ -161,11 +299,27 @@
(^neutron_tempest_plugin.scenario.test_security_groups.NetworkSecGroupTest.test_multiple_ports_portrange_remote)"
branches:
- stable/rocky
+ irrelevant-files: &iptables_hybrid_irrelevant_files
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/linux/openvswitch_firewall/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
- job:
name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-rocky
- parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
+ parent: neutron-tempest-plugin-scenario
nodeset: openstack-single-node-xenial
+ timeout: 10000
description: |
This job run on py3 for other than stable/rocky gate
which is nothing but neutron-tempest-pluign master gate.
@@ -176,6 +330,7 @@
devstack_localrc:
USE_PYTHON3: True
branches: ^(?!stable/rocky).*$
+ irrelevant-files: *iptables_hybrid_irrelevant_files
- job:
name: neutron-tempest-plugin-scenario-linuxbridge-rocky
@@ -209,6 +364,10 @@
/$NEUTRON_CORE_PLUGIN_CONF:
ml2:
type_drivers: flat,vlan,local,vxlan
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
# NOTE: ignores linux bridge's trunk delete on bound port test
# for rocky branch (as https://review.opendev.org/#/c/605589/
@@ -247,28 +406,171 @@
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-rocky
- parent: neutron-tempest-plugin-dvr-multinode-scenario
+ parent: tempest-multinode-full
description: |
This job run on py2 for stable/rocky gate.
nodeset: openstack-two-node-xenial
override-checkout: stable/rocky
+ roles:
+ - zuul: openstack/devstack
required-projects: *required-projects-rocky
+ pre-run: playbooks/dvr-multinode-scenario-pre-run.yaml
+ voting: false
vars: &multinode_scenario_vars_rocky
- branch_override: stable/rocky
+ tempest_concurrency: 4
+ tox_envlist: all
+ tempest_test_regex: ^neutron_tempest_plugin\.scenario
+ # NOTE(slaweq): in case of some tests, which requires advanced image,
+ # default test timeout set to 1200 seconds may be not enough if job is
+ # run on slow node
+ tempest_test_timeout: 2400
network_api_extensions_common: *api_extensions
+ network_api_extensions_dvr:
+ - dvr
devstack_localrc:
USE_PYTHON3: false
+ NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_dvr) | join(',') }}"
+ PHYSICAL_NETWORK: default
+ CIRROS_VERSION: 0.5.1
+ IMAGE_URLS: https://cloud-images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-amd64.img
+ ADVANCED_IMAGE_NAME: ubuntu-18.04-server-cloudimg-amd64
+ ADVANCED_INSTANCE_TYPE: ds512M
+ ADVANCED_INSTANCE_USER: ubuntu
+ BUILD_TIMEOUT: 784
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ devstack_plugins:
+ neutron: https://opendev.org/openstack/neutron.git
+ neutron-tempest-plugin: https://opendev.org/openstack/neutron-tempest-plugin.git
+ tempest_plugins:
+ - neutron-tempest-plugin
+ devstack_services:
+ tls-proxy: false
+ tempest: true
+ neutron-dns: true
+ neutron-qos: true
+ neutron-segments: true
+ neutron-trunk: true
+ neutron-log: true
+ neutron-port-forwarding: true
+ # Cinder services
+ c-api: false
+ c-bak: false
+ c-sch: false
+ c-vol: false
+ cinder: false
+ # We don't need Swift to be run in the Neutron jobs
+ s-account: false
+ s-container: false
+ s-object: false
+ s-proxy: false
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ quotas:
+ quota_router: 100
+ quota_floatingip: 500
+ quota_security_group: 100
+ quota_security_group_rule: 1000
+ DEFAULT:
+ router_distributed: True
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ "/$NEUTRON_CORE_PLUGIN_CONF":
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ mechanism_drivers: openvswitch,l2population
+ ml2_type_vlan:
+ network_vlan_ranges: foo:1:10
+ ml2_type_vxlan:
+ vni_ranges: 1:2000
+ ml2_type_gre:
+ tunnel_id_ranges: 1:1000
+ agent:
+ enable_distributed_routing: True
+ l2_population: True
+ tunnel_types: vxlan,gre
+ ovs:
+ tunnel_bridge: br-tun
+ bridge_mappings: public:br-ex
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ agent_mode: dvr_snat
+ agent:
+ availability_zone: nova
+ $NEUTRON_DHCP_CONF:
+ agent:
+ availability_zone: nova
+ "/etc/neutron/api-paste.ini":
+ "composite:neutronapi_v2_0":
+ use: "call:neutron.auth:pipeline_factory"
+ noauth: "cors request_id catch_errors osprofiler extensions neutronapiapp_v2_0"
+ keystone: "cors request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0"
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: *available_features
+ neutron_plugin_options:
+ provider_vlans: foo,
+ agent_availability_zone: nova
+ image_is_advanced: true
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
+ l3_agent_mode: dvr_snat
+ firewall_driver: openvswitch
+ branch_override: stable/rocky
# NOTE(bcafarel): newer tests, unstable on rocky branch
tempest_black_regex: "\
(^neutron_tempest_plugin.scenario.test_port_forwardings.PortForwardingTestJSON.test_port_forwarding_to_2_servers)|\
(^neutron_tempest_plugin.scenario.test_security_groups.NetworkSecGroupTest.test_multiple_ports_portrange_remote)"
branches:
- stable/rocky
+ group-vars: &multinode_scenario_group_vars_rocky
+ subnode:
+ devstack_services:
+ tls-proxy: false
+ q-agt: true
+ q-l3: true
+ q-meta: true
+ neutron-qos: true
+ neutron-trunk: true
+ neutron-log: true
+ neutron-port-forwarding: true
+ # Cinder services
+ c-bak: false
+ c-vol: false
+ # We don't need Swift to be run in the Neutron jobs
+ s-account: false
+ s-container: false
+ s-object: false
+ s-proxy: false
+ devstack_localrc:
+ USE_PYTHON3: true
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ router_distributed: True
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ "/$NEUTRON_CORE_PLUGIN_CONF":
+ agent:
+ enable_distributed_routing: True
+ l2_population: True
+ tunnel_types: vxlan,gre
+ ovs:
+ tunnel_bridge: br-tun
+ bridge_mappings: public:br-ex
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ agent_mode: dvr_snat
+ agent:
+ availability_zone: nova
+ irrelevant-files: *openvswitch-scenario-irrelevant-files
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-rocky
- parent: neutron-tempest-plugin-dvr-multinode-scenario
+ parent: tempest-multinode-full
nodeset: openstack-two-node-xenial
description: |
This job run on py3 for other than stable/rocky gate
@@ -280,6 +582,7 @@
USE_PYTHON3: True
required-projects: *required-projects-rocky
group-vars:
+ <<: *multinode_scenario_group_vars_rocky
subnode:
devstack_localrc:
USE_PYTHON3: True
@@ -293,7 +596,6 @@
nodeset: openstack-single-node-xenial
override-checkout: stable/rocky
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 0.9.0
diff --git a/zuul.d/stein_jobs.yaml b/zuul.d/stein_jobs.yaml
index 29dfa8a..7a8ea25 100644
--- a/zuul.d/stein_jobs.yaml
+++ b/zuul.d/stein_jobs.yaml
@@ -4,12 +4,26 @@
nodeset: openstack-single-node-bionic
override-checkout: stable/stein
required-projects: &required-projects-stein
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 1.3.0
- openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/stein
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -84,6 +98,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-stein
@@ -98,6 +130,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -107,43 +144,170 @@
- job:
name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-stein
- parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
+ parent: neutron-tempest-plugin-scenario
nodeset: openstack-single-node-bionic
+ timeout: 10000
override-checkout: stable/stein
required-projects: *required-projects-stein
vars:
branch_override: stable/stein
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_available_features: *available_features
+ # TODO(slaweq): remove trunks subport_connectivity test from blacklist
+ # when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
+ tempest_black_regex: "(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)"
devstack_localrc:
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ enable_dvr: false
+ l3_ha: true
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ agent:
+ tunnel_types: vxlan,gre
+ ovs:
+ tunnel_bridge: br-tun
+ bridge_mappings: public:br-ex
+ securitygroup:
+ firewall_driver: iptables_hybrid
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
- available_features: ""
+ available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
+ available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: iptables_hybrid
ipv6_metadata: False
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/linux/openvswitch_firewall/.*$
+ - ^neutron/agent/ovn/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/plugins/ml2/drivers/ovn/.*$
- job:
name: neutron-tempest-plugin-scenario-linuxbridge-stein
- parent: neutron-tempest-plugin-scenario-linuxbridge
+ parent: neutron-tempest-plugin-scenario
nodeset: openstack-single-node-bionic
+ timeout: 10000
+ roles:
+ - zuul: openstack/neutron
+ pre-run: playbooks/linuxbridge-scenario-pre-run.yaml
override-checkout: stable/stein
required-projects: *required-projects-stein
vars:
branch_override: stable/stein
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
+ network_api_extensions_linuxbridge:
+ - vlan-transparent
network_available_features: *available_features
+ # TODO(eolivare): remove VLAN Transparency tests from blacklist
+ # when bug https://bugs.launchpad.net/neutron/+bug/1907548 will be fixed
+ tempest_black_regex: "(^neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest)"
devstack_localrc:
- NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ Q_AGENT: linuxbridge
+ NETWORK_API_EXTENSIONS: "{{ (network_api_extensions + network_api_extensions_linuxbridge) | join(',') }}"
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ enable_dvr: false
+ vlan_transparent: true
+ l3_ha: true
+ AGENT:
+ debug_iptables_rules: true
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ ml2:
+ type_drivers: flat,vlan,local,vxlan
+ mechanism_drivers: linuxbridge
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
- available_features: ""
+ available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
+ available_type_drivers: flat,vlan,local,vxlan
+ q_agent: linuxbridge
+ firewall_driver: iptables
ipv6_metadata: False
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/linux/openvswitch_firewall/.*$
+ - ^neutron/agent/ovn/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/openvswitch/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/plugins/ml2/drivers/ovn/.*$
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-stein
@@ -161,7 +325,6 @@
nodeset: openstack-single-node-bionic
override-checkout: stable/stein
required-projects:
- - openstack/devstack-gate
- openstack/neutron
- name: openstack/neutron-tempest-plugin
override-checkout: 1.3.0
diff --git a/zuul.d/train_jobs.yaml b/zuul.d/train_jobs.yaml
index 0785924..b87dc8c 100644
--- a/zuul.d/train_jobs.yaml
+++ b/zuul.d/train_jobs.yaml
@@ -3,7 +3,27 @@
parent: neutron-tempest-plugin-api
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: &required-projects-train
+ - openstack/neutron
+ - name: openstack/neutron-tempest-plugin
+ override-checkout: 1.5.0
+ - openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/train
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -83,12 +103,31 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-train
parent: neutron-tempest-plugin-scenario-openvswitch
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions: *api_extensions
@@ -96,6 +135,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived doesn't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -108,6 +152,7 @@
parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions: *api_extensions
@@ -115,6 +160,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -127,6 +177,7 @@
parent: neutron-tempest-plugin-scenario-linuxbridge
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions: *api_extensions
@@ -134,6 +185,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -146,6 +202,7 @@
parent: neutron-tempest-plugin-dvr-multinode-scenario
nodeset: openstack-two-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
network_api_extensions_common: *api_extensions
branch_override: stable/train
@@ -155,6 +212,7 @@
parent: neutron-tempest-plugin-designate-scenario
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions_common: *api_extensions
@@ -164,6 +222,7 @@
parent: neutron-tempest-plugin-sfc
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions_common: *api_extensions
@@ -173,6 +232,7 @@
parent: neutron-tempest-plugin-bgpvpn-bagpipe
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions: *api_extensions
@@ -182,6 +242,7 @@
parent: neutron-tempest-plugin-fwaas-ussuri
nodeset: openstack-single-node-bionic
override-checkout: stable/train
+ required-projects: *required-projects-train
vars:
branch_override: stable/train
network_api_extensions_common: *api_extensions
diff --git a/zuul.d/ussuri_jobs.yaml b/zuul.d/ussuri_jobs.yaml
index 9cc0621..945ec25 100644
--- a/zuul.d/ussuri_jobs.yaml
+++ b/zuul.d/ussuri_jobs.yaml
@@ -4,6 +4,21 @@
nodeset: openstack-single-node-bionic
override-checkout: stable/ussuri
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/ussuri
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -87,6 +102,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
@@ -101,6 +134,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -121,6 +159,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -140,6 +183,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -164,6 +212,13 @@
# TODO(skaplons): v2.13.1 is incompatible with kernel 4.15.0-118, sticking to commit hash until new v2.13 tag is created
OVS_BRANCH: 0047ca3a0290f1ef954f2c76b31477cf4b9755f5
OVN_BRANCH: "v20.03.0"
+ # NOTE(slaweq): IGMP Snooping requires OVN 20.12
+ OVN_IGMP_SNOOPING_ENABLE: False
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ is_igmp_snooping_enabled: False
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-ussuri
@@ -208,7 +263,6 @@
timeout: 10800
override-checkout: stable/ussuri
required-projects:
- - openstack/devstack-gate
- openstack/neutron-fwaas
- openstack/neutron
- openstack/neutron-tempest-plugin
diff --git a/zuul.d/victoria_jobs.yaml b/zuul.d/victoria_jobs.yaml
index 5543ea7..e0e29ed 100644
--- a/zuul.d/victoria_jobs.yaml
+++ b/zuul.d/victoria_jobs.yaml
@@ -3,6 +3,21 @@
parent: neutron-tempest-plugin-api
override-checkout: stable/victoria
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/victoria
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -86,6 +101,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-victoria
diff --git a/zuul.d/wallaby_jobs.yaml b/zuul.d/wallaby_jobs.yaml
new file mode 100644
index 0000000..fa2ddb6
--- /dev/null
+++ b/zuul.d/wallaby_jobs.yaml
@@ -0,0 +1,198 @@
+- job:
+ name: neutron-tempest-plugin-api-wallaby
+ parent: neutron-tempest-plugin-api
+ override-checkout: stable/wallaby
+ vars:
+ # TODO(slaweq): find a way to put this list of extensions in
+ # neutron repository and keep it different per branch,
+ # then it could be removed from here
+ network_api_extensions_common: &api_extensions
+ - address-group
+ - address-scope
+ - agent
+ - allowed-address-pairs
+ - auto-allocated-topology
+ - availability_zone
+ - binding
+ - default-subnetpools
+ - dhcp_agent_scheduler
+ - dns-domain-ports
+ - dns-integration
+ - empty-string-filtering
+ - expose-port-forwarding-in-fip
+ - expose-l3-conntrack-helper
+ - ext-gw-mode
+ - external-net
+ - extra_dhcp_opt
+ - extraroute
+ - extraroute-atomic
+ - filter-validation
+ - fip-port-details
+ - flavors
+ - floating-ip-port-forwarding
+ - floatingip-pools
+ - ip-substring-filtering
+ - l3-conntrack-helper
+ - l3-flavors
+ - l3-ha
+ - l3_agent_scheduler
+ - logging
+ - metering
+ - multi-provider
+ - net-mtu
+ - net-mtu-writable
+ - network-ip-availability
+ - network_availability_zone
+ - network-segment-range
+ - pagination
+ - port-resource-request
+ - port-mac-address-regenerate
+ - port-security
+ - port-security-groups-filtering
+ - project-id
+ - provider
+ - qos
+ - qos-bw-minimum-ingress
+ - qos-fip
+ - quotas
+ - quota_details
+ - rbac-address-group
+ - rbac-address-scope
+ - rbac-policies
+ - rbac-security-groups
+ - rbac-subnetpool
+ - router
+ - router-admin-state-down-before-update
+ - router_availability_zone
+ - security-group
+ - security-groups-remote-address-group
+ - segment
+ - service-type
+ - sorting
+ - standard-attr-description
+ - standard-attr-revisions
+ - standard-attr-segment
+ - standard-attr-tag
+ - standard-attr-timestamp
+ - subnet_allocation
+ - subnet-dns-publish-fixed-ip
+ - subnetpool-prefix-ops
+ - tag-ports-during-bulk-creation
+ - trunk
+ - trunk-details
+ - uplink-status-propagation
+ network_api_extensions_tempest:
+ - dvr
+ network_available_features: &available_features
+ - ipv6_metadata
+
+- job:
+ name: neutron-tempest-plugin-scenario-openvswitch-wallaby
+ parent: neutron-tempest-plugin-scenario-openvswitch
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions: *api_extensions
+ network_available_features: *available_features
+ devstack_localrc:
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: "{{ network_available_features | join(',') }}"
+
+- job:
+ name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-wallaby
+ parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
+ override-checkout: stable-wallaby
+ vars:
+ branch_override: stable-wallaby
+ network_api_extensions: *api_extensions
+ network_available_features: *available_features
+ devstack_localrc:
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: "{{ network_available_features | join(',') }}"
+
+- job:
+ name: neutron-tempest-plugin-scenario-linuxbridge-wallaby
+ parent: neutron-tempest-plugin-scenario-linuxbridge
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions: *api_extensions
+ network_available_features: *available_features
+ devstack_localrc:
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: "{{ network_available_features | join(',') }}"
+
+- job:
+ name: neutron-tempest-plugin-scenario-ovn-wallaby
+ parent: neutron-tempest-plugin-scenario-ovn
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions: *api_extensions
+ devstack_localrc:
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ network-feature-enabled:
+ available_features: ""
+
+- job:
+ name: neutron-tempest-plugin-dvr-multinode-scenario-wallaby
+ parent: neutron-tempest-plugin-dvr-multinode-scenario
+ override-checkout: stable/wallaby
+ vars:
+ network_api_extensions_common: *api_extensions
+ branch_override: stable/wallaby
+
+- job:
+ name: neutron-tempest-plugin-designate-scenario-wallaby
+ parent: neutron-tempest-plugin-designate-scenario
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions_common: *api_extensions
+
+- job:
+ name: neutron-tempest-plugin-sfc-wallaby
+ parent: neutron-tempest-plugin-sfc
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions_common: *api_extensions
+
+- job:
+ name: neutron-tempest-plugin-bgpvpn-bagpipe-wallaby
+ parent: neutron-tempest-plugin-bgpvpn-bagpipe
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions: *api_extensions
+
+- job:
+ name: neutron-tempest-plugin-dynamic-routing-wallaby
+ parent: neutron-tempest-plugin-dynamic-routing
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions_common: *api_extensions
+
+- job:
+ name: neutron-tempest-plugin-vpnaas-wallaby
+ parent: neutron-tempest-plugin-vpnaas
+ override-checkout: stable/wallaby
+ vars:
+ branch_override: stable/wallaby
+ network_api_extensions_common: *api_extensions