Merge "Switch to new rolevar for run-temepst role"
diff --git a/neutron_tempest_plugin/api/base.py b/neutron_tempest_plugin/api/base.py
index 4833c71..216ccfc 100644
--- a/neutron_tempest_plugin/api/base.py
+++ b/neutron_tempest_plugin/api/base.py
@@ -125,6 +125,8 @@
cls.qos_rules = []
cls.qos_policies = []
cls.ethertype = "IPv" + str(cls._ip_version)
+ cls.address_groups = []
+ cls.admin_address_groups = []
cls.address_scopes = []
cls.admin_address_scopes = []
cls.subnetpools = []
@@ -821,6 +823,16 @@
return body['subnetpool']
@classmethod
+ def create_address_group(cls, name, is_admin=False, **kwargs):
+ if is_admin:
+ body = cls.admin_client.create_address_group(name=name, **kwargs)
+ cls.admin_address_groups.append(body['address_group'])
+ else:
+ body = cls.client.create_address_group(name=name, **kwargs)
+ cls.address_groups.append(body['address_group'])
+ return body['address_group']
+
+ @classmethod
def create_project(cls, name=None, description=None):
test_project = name or data_utils.rand_name('test_project_')
test_description = description or data_utils.rand_name('desc_')
@@ -886,6 +898,9 @@
ip_version = ip_version or cls._ip_version
default_params = (
constants.DEFAULT_SECURITY_GROUP_RULE_PARAMS[ip_version])
+ if ('remote_address_group_id' in kwargs and 'remote_ip_prefix' in
+ default_params):
+ default_params.pop('remote_ip_prefix')
for key, value in default_params.items():
kwargs.setdefault(key, value)
diff --git a/neutron_tempest_plugin/api/test_address_groups.py b/neutron_tempest_plugin/api/test_address_groups.py
new file mode 100644
index 0000000..478d3b2
--- /dev/null
+++ b/neutron_tempest_plugin/api/test_address_groups.py
@@ -0,0 +1,185 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import random
+
+from neutron_lib import constants
+from oslo_log import log
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+import testtools
+
+from neutron_tempest_plugin.api import base
+from neutron_tempest_plugin.api import base_security_groups
+
+LOG = log.getLogger(__name__)
+
+
+ADDRESS_GROUP_NAME = 'test-address-group'
+
+
+class RbacSharedAddressGroupTest(base.BaseAdminNetworkTest):
+
+ force_tenant_isolation = True
+ credentials = ['primary', 'alt', 'admin']
+ required_extensions = ['security-group', 'address-group',
+ 'rbac-address-group']
+
+ @classmethod
+ def resource_setup(cls):
+ super(RbacSharedAddressGroupTest, cls).resource_setup()
+ cls.client2 = cls.os_alt.network_client
+
+ def _create_address_group(self, is_admin=False, **kwargs):
+ name = data_utils.rand_name(ADDRESS_GROUP_NAME)
+ return self.create_address_group(name=name, is_admin=is_admin,
+ **kwargs)
+
+ def _make_admin_ag_shared_to_project_id(self, project_id):
+ ag = self._create_address_group(is_admin=True)
+ rbac_policy = self.admin_client.create_rbac_policy(
+ object_type='address_group',
+ object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=project_id,
+ )['rbac_policy']
+ return {'address_group': ag, 'rbac_policy': rbac_policy}
+
+ @decorators.idempotent_id('95f59a88-c47e-4dd9-a231-85f1782753a7')
+ def test_policy_target_update(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)
+ # change to client2
+ update_res = self.admin_client.update_rbac_policy(
+ res['rbac_policy']['id'], target_tenant=self.client2.tenant_id)
+ self.assertEqual(self.client2.tenant_id,
+ update_res['rbac_policy']['target_tenant'])
+ # make sure everything else stayed the same
+ res['rbac_policy'].pop('target_tenant')
+ update_res['rbac_policy'].pop('target_tenant')
+ self.assertEqual(res['rbac_policy'], update_res['rbac_policy'])
+
+ @decorators.idempotent_id('35a214c9-5c99-468f-9242-34d0529cabfa')
+ def test_secgrprule_presence_prevents_policy_rbac_policy_deletion(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client2.tenant_id)
+ ag_id = res['address_group']['id']
+ security_group = self.create_security_group(client=self.client2)
+ protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
+ sec_grp_rule = self.create_security_group_rule(
+ security_group=security_group,
+ client=self.client2, protocol=protocol,
+ direction=constants.INGRESS_DIRECTION,
+ remote_address_group_id=ag_id)
+
+ # a port with shared sg should prevent the deletion of an
+ # rbac-policy required for it to be shared
+ with testtools.ExpectedException(exceptions.Conflict):
+ self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
+
+ # cleanup
+ self.client2.delete_security_group_rule(sec_grp_rule['id'])
+ self.admin_client.delete_rbac_policy(res['rbac_policy']['id'])
+
+ @decorators.idempotent_id('c89db8d4-0b52-4072-ac7e-672860491843')
+ def test_regular_client_shares_to_another_regular_client(self):
+ # owned by self.admin_client
+ ag = self._create_address_group(is_admin=True)
+ with testtools.ExpectedException(exceptions.NotFound):
+ self.client.show_address_group(ag['id'])
+ rbac_policy = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client.tenant_id)['rbac_policy']
+ self.client.show_address_group(ag['id'])
+
+ self.assertIn(rbac_policy,
+ self.admin_client.list_rbac_policies()['rbac_policies'])
+ # ensure that 'client2' can't see the rbac-policy sharing the
+ # ag to it because the rbac-policy belongs to 'client'
+ self.assertNotIn(rbac_policy['id'], [p['id'] for p in
+ self.client2.list_rbac_policies()['rbac_policies']])
+
+ @decorators.idempotent_id('55a9fbb6-3333-48e8-90e4-11ab2a49567b')
+ def test_filter_fields(self):
+ ag = self._create_address_group()
+ self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared', target_tenant=self.client2.tenant_id)
+ field_args = (('id',), ('id', 'action'), ('object_type', 'object_id'),
+ ('project_id', 'target_tenant'))
+ for fields in field_args:
+ res = self.admin_client.list_rbac_policies(fields=fields)
+ self.assertEqual(set(fields), set(res['rbac_policies'][0].keys()))
+
+ @decorators.idempotent_id('20b2706b-1cea-4724-ab72-d7452ecb1fc4')
+ def test_rbac_policy_show(self):
+ res = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)
+ p1 = res['rbac_policy']
+ p2 = self.admin_client.create_rbac_policy(
+ object_type='address_group',
+ object_id=res['address_group']['id'],
+ action='access_as_shared',
+ target_tenant='*')['rbac_policy']
+
+ self.assertEqual(
+ p1, self.admin_client.show_rbac_policy(p1['id'])['rbac_policy'])
+ self.assertEqual(
+ p2, self.admin_client.show_rbac_policy(p2['id'])['rbac_policy'])
+
+ @decorators.idempotent_id('774fc038-486c-4507-ab04-c5aac0fca5ab')
+ def test_filter_rbac_policies(self):
+ ag = self._create_address_group()
+ rbac_pol1 = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client2.tenant_id)['rbac_policy']
+ rbac_pol2 = self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.admin_client.tenant_id)['rbac_policy']
+ res1 = self.admin_client.list_rbac_policies(id=rbac_pol1['id'])[
+ 'rbac_policies']
+ res2 = self.admin_client.list_rbac_policies(id=rbac_pol2['id'])[
+ 'rbac_policies']
+ self.assertEqual(1, len(res1))
+ self.assertEqual(1, len(res2))
+ self.assertEqual(rbac_pol1['id'], res1[0]['id'])
+ self.assertEqual(rbac_pol2['id'], res2[0]['id'])
+
+ @decorators.idempotent_id('a0f3a01a-e2c7-47d6-9385-0cd7a7f0c996')
+ def test_regular_client_blocked_from_sharing_anothers_policy(self):
+ ag = self._make_admin_ag_shared_to_project_id(
+ self.client.tenant_id)['address_group']
+ with testtools.ExpectedException(exceptions.BadRequest):
+ self.client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client2.tenant_id)
+
+ # make sure the rbac-policy is invisible to the tenant for which it's
+ # being shared
+ self.assertFalse(self.client.list_rbac_policies()['rbac_policies'])
+
+ @decorators.idempotent_id('f39e32d9-4733-48ec-b550-07f0ec4998a9')
+ def test_regular_client_blocked_from_updating_shared_address_group(self):
+ # owned by self.admin_client
+ ag = self._create_address_group(is_admin=True)
+ self.admin_client.create_rbac_policy(
+ object_type='address_group', object_id=ag['id'],
+ action='access_as_shared',
+ target_tenant=self.client.tenant_id)['rbac_policy']
+ self.client.show_address_group(ag['id'])
+ with testtools.ExpectedException(exceptions.NotFound):
+ self.client.update_address_group(ag['id'], name='new_name')
diff --git a/neutron_tempest_plugin/config.py b/neutron_tempest_plugin/config.py
index 2290d0f..36fec30 100644
--- a/neutron_tempest_plugin/config.py
+++ b/neutron_tempest_plugin/config.py
@@ -68,6 +68,11 @@
default=None,
choices=['None', 'linuxbridge', 'ovs', 'sriov'],
help='Agent used for devstack@q-agt.service'),
+ cfg.StrOpt('firewall_driver',
+ default=None,
+ choices=['None', 'openvswitch', 'ovn',
+ 'iptables_hybrid', 'iptables'],
+ help='Driver for security groups firewall in the L2 agent'),
# Multicast tests settings
cfg.StrOpt('multicast_group_range',
@@ -92,6 +97,9 @@
cfg.IntOpt('ssh_proxy_jump_port',
default=22,
help='Port used to connect to "ssh_proxy_jump_host".'),
+ cfg.IntOpt('reboots_in_test',
+ default=1,
+ help='Number of reboots to apply if tests requires reboots'),
# Options for special, "advanced" image like e.g. Ubuntu. Such image can be
# used in tests which require some more advanced tool than available in
diff --git a/neutron_tempest_plugin/scenario/base.py b/neutron_tempest_plugin/scenario/base.py
index 127701c..334d543 100644
--- a/neutron_tempest_plugin/scenario/base.py
+++ b/neutron_tempest_plugin/scenario/base.py
@@ -158,13 +158,14 @@
if sg['name'] == constants.DEFAULT_SECURITY_GROUP:
secgroup_id = sg['id']
break
-
+ resp = []
for rule in rule_list:
direction = rule.pop('direction')
- client.create_security_group_rule(
- direction=direction,
- security_group_id=secgroup_id,
- **rule)
+ resp.append(client.create_security_group_rule(
+ direction=direction,
+ security_group_id=secgroup_id,
+ **rule)['security_group_rule'])
+ return resp
@classmethod
def create_loginable_secgroup_rule(cls, secgroup_id=None,
@@ -207,6 +208,21 @@
LOG.debug("Created router %s", router['name'])
return router
+ @classmethod
+ def skip_if_no_extension_enabled_in_l3_agents(cls, extension):
+ l3_agents = cls.os_admin.network_client.list_agents(
+ binary='neutron-l3-agent')['agents']
+ if not l3_agents:
+ # the tests should not be skipped when neutron-l3-agent does not
+ # exist (this validation doesn't apply to the setups like
+ # e.g. ML2/OVN)
+ return
+ for agent in l3_agents:
+ if extension in agent['configurations'].get('extensions', []):
+ return
+ raise cls.skipTest("No L3 agent with '%s' extension enabled found." %
+ extension)
+
@removals.remove(version='Stein',
message="Please use create_floatingip method instead of "
"create_and_associate_floatingip.")
diff --git a/neutron_tempest_plugin/scenario/test_floatingip.py b/neutron_tempest_plugin/scenario/test_floatingip.py
index 262f429..9902b68 100644
--- a/neutron_tempest_plugin/scenario/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/test_floatingip.py
@@ -217,7 +217,6 @@
def resource_setup(cls):
super(FloatingIPPortDetailsTest, cls).resource_setup()
- @test.unstable_test("bug 1815585")
@decorators.idempotent_id('a663aeee-dd81-492b-a207-354fd6284dbe')
def test_floatingip_port_details(self):
"""Tests the following:
@@ -341,14 +340,10 @@
def resource_setup(cls):
super(FloatingIPQosTest, cls).resource_setup()
- def skip_if_no_extension_enabled_in_l3_agents(self, extension):
- l3_agents = self.os_admin.network_client.list_agents(
- binary='neutron-l3-agent')['agents']
- for agent in l3_agents:
- if extension in agent['configurations'].get('extensions', []):
- return
- raise self.skipTest("No L3 agent with '%s' extension enabled found." %
- extension)
+ @classmethod
+ def setup_clients(cls):
+ super(FloatingIPQosTest, cls).setup_clients()
+ cls.admin_client = cls.os_admin.network_client
@decorators.idempotent_id('5eb48aea-eaba-4c20-8a6f-7740070a0aa3')
def test_qos(self):
@@ -363,8 +358,12 @@
self.skip_if_no_extension_enabled_in_l3_agents("fip_qos")
self._test_basic_resources()
+
+ # Create a new QoS policy
policy_id = self._create_qos_policy()
ssh_client = self._create_ssh_client()
+
+ # As admin user create a new QoS rules
self.os_admin.network_client.create_bandwidth_limit_rule(
policy_id, max_kbps=constants.LIMIT_KILO_BITS_PER_SECOND,
max_burst_kbps=constants.LIMIT_KILO_BYTES,
@@ -382,6 +381,7 @@
self.fip['id'])['floatingip']
self.assertEqual(self.port['id'], fip['port_id'])
+ # Associate QoS to the FIP
self.os_admin.network_client.update_floatingip(
self.fip['id'],
qos_policy_id=policy_id)
@@ -390,12 +390,38 @@
self.fip['id'])['floatingip']
self.assertEqual(policy_id, fip['qos_policy_id'])
+ # Basic test, Check that actual BW while downloading file
+ # is as expected (Original BW)
common_utils.wait_until_true(lambda: self._check_bw(
ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT),
timeout=120,
- sleep=1)
+ sleep=1,
+ exception=RuntimeError(
+ 'Failed scenario: "Create a QoS policy associated with FIP" '
+ 'Actual BW is not as expected!'))
+
+ # As admin user update QoS rules
+ for rule in rules['bandwidth_limit_rules']:
+ self.os_admin.network_client.update_bandwidth_limit_rule(
+ policy_id,
+ rule['id'],
+ max_kbps=constants.LIMIT_KILO_BITS_PER_SECOND * 2,
+ max_burst_kbps=constants.LIMIT_KILO_BITS_PER_SECOND * 2)
+
+ # Check that actual BW while downloading file
+ # is as expected (Update BW)
+ common_utils.wait_until_true(lambda: self._check_bw(
+ ssh_client,
+ self.fip['floating_ip_address'],
+ port=self.NC_PORT,
+ expected_bw=test_qos.QoSTestMixin.LIMIT_BYTES_SEC * 2),
+ timeout=120,
+ sleep=1,
+ exception=RuntimeError(
+ 'Failed scenario: "Update QoS policy associated with FIP" '
+ 'Actual BW is not as expected!'))
class TestFloatingIPUpdate(FloatingIpTestCasesMixin,
diff --git a/neutron_tempest_plugin/scenario/test_multicast.py b/neutron_tempest_plugin/scenario/test_multicast.py
index 79f835e..b0da235 100644
--- a/neutron_tempest_plugin/scenario/test_multicast.py
+++ b/neutron_tempest_plugin/scenario/test_multicast.py
@@ -15,11 +15,11 @@
import netaddr
from neutron_lib import constants
-from neutron_lib.utils import test
from oslo_log import log
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
+from neutron_tempest_plugin.common import ip
from neutron_tempest_plugin.common import ssh
from neutron_tempest_plugin.common import utils
from neutron_tempest_plugin import config
@@ -111,11 +111,12 @@
'result_file': result_file}
-def get_unregistered_script(group, result_file):
+def get_unregistered_script(interface, group, result_file):
return """#!/bin/bash
export LC_ALL=en_US.UTF-8
-tcpdump -i any -s0 -vv host %(group)s -vvneA -s0 -l &> %(result_file)s &
- """ % {'group': group,
+tcpdump -i %(interface)s host %(group)s -vvneA -s0 -l -c1 &> %(result_file)s &
+ """ % {'interface': interface,
+ 'group': group,
'result_file': result_file}
@@ -202,9 +203,9 @@
)['server']
self.wait_for_server_active(server)
self.wait_for_guest_os_ready(server)
- port = self.client.list_ports(
+ server['port'] = self.client.list_ports(
network_id=self.network['id'], device_id=server['id'])['ports'][0]
- server['fip'] = self.create_floatingip(port=port)
+ server['fip'] = self.create_floatingip(port=server['port'])
server['ssh_client'] = ssh.Client(server['fip']['floating_ip_address'],
self.username,
pkey=self.keypair['private_key'])
@@ -242,18 +243,21 @@
'echo "%s" > /tmp/multicast_traffic_receiver.py' % check_script)
def _prepare_unregistered(self, server, mcast_address):
- check_script = get_unregistered_script(
- group=mcast_address, result_file=self.unregistered_output_file)
ssh_client = ssh.Client(
server['fip']['floating_ip_address'],
self.username,
pkey=self.keypair['private_key'])
+ ip_command = ip.IPCommand(ssh_client=ssh_client)
+ addresses = ip_command.list_addresses(port=server['port'])
+ port_iface = ip.get_port_device_name(addresses, server['port'])
+ check_script = get_unregistered_script(
+ interface=port_iface, group=mcast_address,
+ result_file=self.unregistered_output_file)
self._check_cmd_installed_on_server(ssh_client, server['id'],
'tcpdump')
server['ssh_client'].execute_script(
'echo "%s" > /tmp/unregistered_traffic_receiver.sh' % check_script)
- @test.unstable_test("bug 1850288")
@decorators.idempotent_id('113486fc-24c9-4be4-8361-03b1c9892867')
def test_multicast_between_vms_on_same_network(self):
"""Test multicast messaging between two servers on the same network
@@ -343,19 +347,40 @@
for receiver_id in receiver_ids:
self.assertIn(receiver_id, replies_result)
- # Kill the tcpdump command running on the unregistered node so
- # tcpdump flushes its output to the output file
- unregistered['ssh_client'].execute_script(
- "killall tcpdump && sleep 2", become_root=True)
+ def check_unregistered_host():
+ unregistered_result = unregistered['ssh_client'].execute_script(
+ "cat {path} || echo '{path} not exists yet'".format(
+ path=self.unregistered_output_file))
+ LOG.debug("Unregistered VM result: %s", unregistered_result)
+ return expected_result in unregistered_result
- unregistered_result = unregistered['ssh_client'].execute_script(
- "cat {path} || echo '{path} not exists yet'".format(
- path=self.unregistered_output_file))
- LOG.debug("Unregistered VM result: %s", unregistered_result)
- expected_result = '0 packets captured'
- if self._is_multicast_traffic_expected(mcast_address):
- expected_result = '1 packet captured'
- self.assertIn(expected_result, unregistered_result)
+ expected_result = '1 packet captured'
+ unregistered_error_message = (
+ 'Unregistered server did not received expected packet.')
+ if not self._is_multicast_traffic_expected(mcast_address):
+ # Kill the tcpdump command runs on the unregistered node with "-c"
+ # option so it will be stopped automatically if it will receive
+ # packet matching filters,
+ # We don't expect any packets to be captured really in this case
+ # so let's kill tcpdump so it flushes its output to the output
+ # file.
+ expected_result = (
+ '0 packets captured\n0 packets received by filter')
+ unregistered_error_message = (
+ 'Unregistered server received unexpected packet(s).')
+ try:
+ unregistered['ssh_client'].execute_script(
+ "killall tcpdump && sleep 2", become_root=True)
+ except exceptions.SSHScriptFailed:
+ # Probably some packet was captured by tcpdump and due to that
+ # it is already stopped
+ self.assertTrue(check_unregistered_host(),
+ unregistered_error_message)
+ return
+
+ utils.wait_until_true(
+ check_unregistered_host,
+ exception=RuntimeError(unregistered_error_message))
class MulticastTestIPv4(BaseMulticastTest, base.BaseTempestTestCase):
diff --git a/neutron_tempest_plugin/scenario/test_port_forwardings.py b/neutron_tempest_plugin/scenario/test_port_forwardings.py
index 6a5d3c9..a3adc03 100644
--- a/neutron_tempest_plugin/scenario/test_port_forwardings.py
+++ b/neutron_tempest_plugin/scenario/test_port_forwardings.py
@@ -31,11 +31,13 @@
class PortForwardingTestJSON(base.BaseTempestTestCase):
+ credentials = ['primary', 'admin']
required_extensions = ['router', 'floating-ip-port-forwarding']
@classmethod
def resource_setup(cls):
super(PortForwardingTestJSON, cls).resource_setup()
+ cls.skip_if_no_extension_enabled_in_l3_agents("port_forwarding")
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.router = cls.create_router_by_client()
diff --git a/neutron_tempest_plugin/scenario/test_qos.py b/neutron_tempest_plugin/scenario/test_qos.py
index 77520a7..d00210c 100644
--- a/neutron_tempest_plugin/scenario/test_qos.py
+++ b/neutron_tempest_plugin/scenario/test_qos.py
@@ -137,6 +137,7 @@
name='test-policy',
description='test-qos-policy',
shared=True)
+ self.qos_policies.append(policy['policy'])
return policy['policy']['id']
def _create_server_by_port(self, port=None):
@@ -189,6 +190,11 @@
def resource_setup(cls):
super(QoSTest, cls).resource_setup()
+ @classmethod
+ def setup_clients(cls):
+ super(QoSTest, cls).setup_clients()
+ cls.admin_client = cls.os_admin.network_client
+
@decorators.idempotent_id('00682a0c-b72e-11e8-b81e-8c16450ea513')
def test_qos_basic_and_update(self):
"""This test covers following scenarios:
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 9059a2f..8b7098e 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -12,8 +12,12 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
-from neutron_lib import constants
+import netaddr
+from neutron_lib import constants
+import testtools
+
+from tempest.common import utils as tempest_utils
from tempest.common import waiters
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
@@ -310,6 +314,95 @@
self.ping_ip_address(fips[0]['floating_ip_address'],
should_succeed=False)
+ @testtools.skipUnless(
+ CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
+ "Openvswitch agent is required to run this test")
+ @decorators.idempotent_id('678dd4c0-2953-4626-b89c-8e7e4110ec4b')
+ @tempest_utils.requires_ext(extension="address-group", service="network")
+ @tempest_utils.requires_ext(
+ extension="security-groups-remote-address-group", service="network")
+ def test_remote_group_and_remote_address_group(self):
+ """Test SG rules with remote group and remote address group
+
+ This test checks the ICMP connection among two servers using a security
+ group rule with remote group and another rule with remote address
+ group. The connection should be granted when at least one of the rules
+ is applied. When both rules are applied (overlapped), removing one of
+ them should not disable the connection.
+ """
+ # create a new sec group
+ ssh_secgrp_name = data_utils.rand_name('ssh_secgrp')
+ ssh_secgrp = self.os_primary.network_client.create_security_group(
+ name=ssh_secgrp_name)
+ # add cleanup
+ self.security_groups.append(ssh_secgrp['security_group'])
+ # configure sec group to support SSH connectivity
+ self.create_loginable_secgroup_rule(
+ secgroup_id=ssh_secgrp['security_group']['id'])
+ # spawn two instances with the sec group created
+ server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
+ security_groups=[{'name': ssh_secgrp_name}])
+ # verify SSH functionality
+ for i in range(2):
+ self.check_connectivity(fips[i]['floating_ip_address'],
+ CONF.validation.image_ssh_user,
+ self.keypair['private_key'])
+ # try to ping instances without ICMP permissions
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ should_succeed=False)
+ # add ICMP support to the remote group
+ rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
+ 'direction': constants.INGRESS_DIRECTION,
+ 'remote_group_id': ssh_secgrp['security_group']['id']}]
+ remote_sg_rid = self.create_secgroup_rules(
+ rule_list, secgroup_id=ssh_secgrp['security_group']['id'])[0]['id']
+ # verify ICMP connectivity between instances works
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # add ICMP rule with remote address group
+ test_ag = self.create_address_group(
+ name=data_utils.rand_name('test_ag'),
+ addresses=[str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))])
+ rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
+ 'direction': constants.INGRESS_DIRECTION,
+ 'remote_address_group_id': test_ag['id']}]
+ remote_ag_rid = self.create_secgroup_rules(
+ rule_list, secgroup_id=ssh_secgrp['security_group']['id'])[0]['id']
+ # verify ICMP connectivity between instances still works
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # Remove the ICMP rule with remote group
+ self.client.delete_security_group_rule(remote_sg_rid)
+ # verify ICMP connectivity between instances still works as granted
+ # by the rule with remote address group
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ servers=servers)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
+ # Remove the ICMP rule with remote address group
+ self.client.delete_security_group_rule(remote_ag_rid)
+ # verify ICMP connectivity between instances doesn't work now
+ self.check_remote_connectivity(
+ server_ssh_clients[0], fips[1]['fixed_ip_address'],
+ should_succeed=False)
+ # make sure ICMP connectivity doesn't work from framework
+ self.ping_ip_address(fips[0]['floating_ip_address'],
+ should_succeed=False)
+
@decorators.idempotent_id('f07d0159-8f9e-4faa-87f5-a869ab0ad488')
def test_multiple_ports_secgroup_inheritance(self):
"""Test multiple port security group inheritance
diff --git a/neutron_tempest_plugin/scenario/test_trunk.py b/neutron_tempest_plugin/scenario/test_trunk.py
index 8f260ea..b86c019 100644
--- a/neutron_tempest_plugin/scenario/test_trunk.py
+++ b/neutron_tempest_plugin/scenario/test_trunk.py
@@ -97,6 +97,37 @@
floating_ip=floating_ip, server=server,
ssh_client=ssh_client)
+ def _create_advanced_servers_with_trunk_port(self, num_servers=1,
+ subport_network=None,
+ segmentation_id=None,
+ vlan_subnet=None,
+ use_advanced_image=False):
+ server_list = []
+ for _ in range(0, num_servers):
+ vm = self._create_server_with_trunk_port(
+ subport_network,
+ segmentation_id,
+ use_advanced_image)
+ server_list.append(vm)
+ self._configure_vlan_subport(
+ vm=vm,
+ vlan_tag=segmentation_id,
+ vlan_subnet=vlan_subnet)
+
+ for server in server_list:
+ self.check_connectivity(
+ host=vm.floating_ip['floating_ip_address'],
+ ssh_client=vm.ssh_client)
+
+ return server_list
+
+ def _check_servers_remote_connectivity(self, vms=None,
+ should_succeed=True):
+ self.check_remote_connectivity(
+ vms[0].ssh_client,
+ vms[1].subport['fixed_ips'][0]['ip_address'],
+ should_succeed=should_succeed)
+
def _create_server_port(self, network=None, **params):
network = network or self.network
return self.create_port(network=network, name=self.rand_name,
@@ -247,53 +278,73 @@
self._wait_for_trunk(vm.trunk)
self._assert_has_ssh_connectivity(vm1.ssh_client)
+ @testtools.skipUnless(
+ (CONF.neutron_plugin_options.advanced_image_ref or
+ CONF.neutron_plugin_options.default_image_is_advanced),
+ "Advanced image is required to run this test.")
+ @testtools.skipUnless(
+ (CONF.neutron_plugin_options.reboots_in_test > 0),
+ "Number of reboots > 0 is reqired for this test")
+ @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da6680fb')
+ def test_subport_connectivity_soft_reboot(self):
+ vlan_tag = 10
+ vlan_network = self.create_network()
+ vlan_subnet = self.create_subnet(network=vlan_network, gateway=None)
+ use_advanced_image = (
+ not CONF.neutron_plugin_options.default_image_is_advanced)
+
+ # allow intra-security-group traffic
+ sg_rule = self.create_pingable_secgroup_rule(self.security_group['id'])
+ self.addCleanup(
+ self.os_primary.network_client.delete_security_group_rule,
+ sg_rule['id'])
+
+ vms = self._create_advanced_servers_with_trunk_port(
+ num_servers=2,
+ subport_network=vlan_network,
+ segmentation_id=vlan_tag,
+ vlan_subnet=vlan_subnet,
+ use_advanced_image=use_advanced_image)
+ # check remote connectivity true before reboots
+ self._check_servers_remote_connectivity(vms=vms)
+ client = self.os_tempest.compute.ServersClient()
+ for _ in range(CONF.neutron_plugin_options.reboots_in_test):
+ client.reboot_server(vms[1].server['id'],
+ **{'type': 'SOFT'})
+ self.wait_for_server_active(vms[1].server)
+ self._configure_vlan_subport(vm=vms[1],
+ vlan_tag=vlan_tag,
+ vlan_subnet=vlan_subnet)
+ self._check_servers_remote_connectivity(vms=vms)
+
@test.unstable_test("bug 1897796")
@testtools.skipUnless(
(CONF.neutron_plugin_options.advanced_image_ref or
CONF.neutron_plugin_options.default_image_is_advanced),
"Advanced image is required to run this test.")
- @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da66aafb')
+ @decorators.idempotent_id('a8a02c9b-b453-49b5-89a2-cce7da66bbcb')
def test_subport_connectivity(self):
vlan_tag = 10
vlan_network = self.create_network()
vlan_subnet = self.create_subnet(network=vlan_network, gateway=None)
-
use_advanced_image = (
not CONF.neutron_plugin_options.default_image_is_advanced)
-
- vm1 = self._create_server_with_trunk_port(
+ vms = self._create_advanced_servers_with_trunk_port(
+ num_servers=2,
subport_network=vlan_network,
segmentation_id=vlan_tag,
+ vlan_subnet=vlan_subnet,
use_advanced_image=use_advanced_image)
- vm2 = self._create_server_with_trunk_port(
- subport_network=vlan_network,
- segmentation_id=vlan_tag,
- use_advanced_image=use_advanced_image)
-
- for vm in [vm1, vm2]:
- self.check_connectivity(
- host=vm.floating_ip['floating_ip_address'],
- ssh_client=vm.ssh_client)
- self._configure_vlan_subport(vm=vm,
- vlan_tag=vlan_tag,
- vlan_subnet=vlan_subnet)
-
# Ping from server1 to server2 via VLAN interface should fail because
# we haven't allowed ICMP
- self.check_remote_connectivity(
- vm1.ssh_client,
- vm2.subport['fixed_ips'][0]['ip_address'],
- should_succeed=False)
-
+ self._check_servers_remote_connectivity(vms=vms,
+ should_succeed=False)
# allow intra-security-group traffic
sg_rule = self.create_pingable_secgroup_rule(self.security_group['id'])
self.addCleanup(
self.os_primary.network_client.delete_security_group_rule,
sg_rule['id'])
- self.check_remote_connectivity(
- vm1.ssh_client,
- vm2.subport['fixed_ips'][0]['ip_address'],
- servers=[vm1, vm2])
+ self._check_servers_remote_connectivity(vms=vms)
@testtools.skipUnless(CONF.compute_feature_enabled.cold_migration,
'Cold migration is not available.')
diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml
index cc1479b..7ee20dc 100644
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@@ -82,7 +82,7 @@
image_is_advanced: true
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
provider_net_base_segm_id: 1
- irrelevant-files: &tempest-irrelevant-files
+ irrelevant-files:
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
- ^doc/.*$
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index e545c0f..4f32c5e 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml
@@ -6,6 +6,7 @@
# neutron repository and keep it different per branch,
# then it could be removed from here
network_api_extensions_common: &api_extensions
+ - address-group
- address-scope
- agent
- allowed-address-pairs
@@ -54,6 +55,7 @@
- qos-fip
- quotas
- quota_details
+ - rbac-address-group
- rbac-address-scope
- rbac-policies
- rbac-security-groups
@@ -62,6 +64,7 @@
- router-admin-state-down-before-update
- router_availability_zone
- security-group
+ - security-groups-remote-address-group
- segment
- service-type
- sorting
@@ -85,7 +88,9 @@
devstack_services:
neutron-log: true
devstack_localrc:
- NEUTRON_DEPLOY_MOD_WSGI: true
+ # TODO(lucasagomes): Re-enable MOD_WSGI after
+ # https://bugs.launchpad.net/neutron/+bug/1912359 is implemented
+ NEUTRON_DEPLOY_MOD_WSGI: false
devstack_local_conf:
post-config:
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
@@ -96,22 +101,54 @@
tunnel_types: gre,vxlan
network_log:
local_output_log_base: /tmp/test_log.log
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/.*$
+ - ^neutron/privileged/.*$
+ - ^neutron_tempest_plugin/scenario/.*$
+
- job:
name: neutron-tempest-plugin-scenario-openvswitch
parent: neutron-tempest-plugin-scenario
timeout: 10000
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_available_features: *available_features
devstack_localrc:
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
+ l3_ha: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
# devstack-tempest job will be switched to use lib/neutron instead of
# lib/neutron-legacy
@@ -127,12 +164,44 @@
available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: openvswitch
+ irrelevant-files: &openvswitch-scenario-irrelevant-files
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/ovn/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/plugins/ml2/drivers/ovn/.*$
- job:
name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
parent: neutron-tempest-plugin-scenario
timeout: 10000
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_available_features: *available_features
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
@@ -140,12 +209,15 @@
tempest_exclude_regex: "(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)"
devstack_localrc:
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
+ l3_ha: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
# devstack-tempest job will be switched to use lib/neutron instead of
# lib/neutron-legacy
@@ -163,6 +235,24 @@
available_features: "{{ network_available_features | join(',') }}"
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
+ firewall_driver: iptables_hybrid
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/linux/openvswitch_firewall/.*$
+ - ^neutron/agent/ovn/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/plugins/ml2/drivers/ovn/.*$
- job:
name: neutron-tempest-plugin-scenario-linuxbridge
@@ -172,6 +262,21 @@
- zuul: openstack/neutron
pre-run: playbooks/linuxbridge-scenario-pre-run.yaml
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
network_api_extensions: *api_extensions
network_api_extensions_linuxbridge:
- vlan-transparent
@@ -182,12 +287,15 @@
devstack_localrc:
Q_AGENT: linuxbridge
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions + network_api_extensions_linuxbridge) | join(',') }}"
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
devstack_local_conf:
post-config:
$NEUTRON_CONF:
DEFAULT:
enable_dvr: false
vlan_transparent: true
+ l3_ha: true
AGENT:
debug_iptables_rules: true
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
@@ -204,6 +312,24 @@
neutron_plugin_options:
available_type_drivers: flat,vlan,local,vxlan
q_agent: linuxbridge
+ firewall_driver: iptables
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/linux/openvswitch_firewall/.*$
+ - ^neutron/agent/ovn/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/plugins/ml2/drivers/openvswitch/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/plugins/ml2/drivers/ovn/.*$
- job:
name: neutron-tempest-plugin-scenario-ovn
@@ -242,6 +368,7 @@
OVN_BUILD_FROM_SOURCE: True
OVN_BRANCH: "v20.12.0"
OVS_BRANCH: "branch-2.15"
+ OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
@@ -284,6 +411,38 @@
neutron_plugin_options:
available_type_drivers: local,flat,vlan,geneve
is_igmp_snooping_enabled: True
+ firewall_driver: ovn
+ zuul_copy_output:
+ '{{ devstack_base_dir }}/data/ovs': 'logs'
+ '{{ devstack_base_dir }}/data/ovn': 'logs'
+ '{{ devstack_log_dir }}/ovsdb-server-nb.log': 'logs'
+ '{{ devstack_log_dir }}/ovsdb-server-sb.log': 'logs'
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/dhcp/.*$
+ - ^neutron/agent/l2/.*$
+ - ^neutron/agent/l3/.*$
+ - ^neutron/agent/metadata/.*$
+ - ^neutron/agent/windows/.*$
+ - ^neutron/agent/dhcp_agent.py
+ - ^neutron/agent/l3_agent.py
+ - ^neutron/agent/metadata_agent.py
+ - ^neutron/agent/resource_cache.py
+ - ^neutron/agent/rpc.py
+ - ^neutron/agent/securitygroup_rpc.py
+ - ^neutron/plugins/ml2/drivers/linuxbridge/.*$
+ - ^neutron/plugins/ml2/drivers/openvswitch/.*$
+ - ^neutron/plugins/ml2/drivers/macvtap/.*$
+ - ^neutron/plugins/ml2/drivers/mech_sriov/.*$
+ - ^neutron/scheduler/.*$
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario
@@ -398,6 +557,7 @@
image_is_advanced: true
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
l3_agent_mode: dvr_snat
+ firewall_driver: openvswitch
group-vars:
subnode:
devstack_services:
@@ -440,16 +600,7 @@
agent_mode: dvr_snat
agent:
availability_zone: nova
- irrelevant-files: &tempest-irrelevant-files
- - ^(test-|)requirements.txt$
- - ^releasenotes/.*$
- - ^doc/.*$
- - ^setup.cfg$
- - ^.*\.rst$
- - ^neutron.*/locale/.*$
- - ^neutron.*/tests/unit/.*$
- - ^tools/.*$
- - ^tox.ini$
+ irrelevant-files: *openvswitch-scenario-irrelevant-files
- job:
name: neutron-tempest-plugin-designate-scenario
@@ -465,6 +616,8 @@
devstack_localrc:
DESIGNATE_BACKEND_DRIVER: bind9
Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
# In this job advanced image is not needed, so it's name should be
# empty
ADVANCED_IMAGE_NAME: ""
@@ -488,11 +641,40 @@
devstack_services:
cinder: false
designate: true
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
tempest_plugins:
- designate-tempest-plugin
- neutron-tempest-plugin
tempest_test_regex: ^neutron_tempest_plugin\.scenario\.test_dns_integration
- irrelevant-files: *tempest-irrelevant-files
+ irrelevant-files:
+ - ^(test-|)requirements.txt$
+ - ^releasenotes/.*$
+ - ^doc/.*$
+ - ^setup.cfg$
+ - ^.*\.rst$
+ - ^neutron/locale/.*$
+ - ^neutron/tests/unit/.*$
+ - ^tools/.*$
+ - ^tox.ini$
+ - ^neutron/agent/.*$
+ - ^neutron/cmd/.*$
+ - ^neutron/privileged/.*$
+ - ^neutron/plugins/ml2/drivers/.*$
+ - ^neutron/scheduler/.*$
+ - ^neutron/services/(?!externaldns).*$
- job:
name: neutron-tempest-plugin-sfc
@@ -563,10 +745,26 @@
- bgp_4byte_asn
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_bgp) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-meta: true
+ q-metering: true
+ q-l3: true
neutron-dr: true
neutron-dr-agent: true
- q-l3: true
tempest_concurrency: 1
tempest_test_regex: ^neutron_tempest_plugin\.neutron_dynamic_routing
@@ -591,4 +789,3 @@
devstack_localrc:
IPSEC_PACKAGE: strongswan
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_vpnaas) | join(',') }}"
- irrelevant-files: *tempest-irrelevant-files
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 973ab9f..14f1061 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -3,11 +3,6 @@
check:
jobs:
- neutron-tempest-plugin-api
- - neutron-tempest-plugin-designate-scenario:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge
- neutron-tempest-plugin-scenario-openvswitch
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
@@ -24,6 +19,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario
- project-template:
@@ -48,11 +47,6 @@
check:
jobs:
- neutron-tempest-plugin-api-rocky
- - neutron-tempest-plugin-designate-scenario-rocky:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge-rocky
- neutron-tempest-plugin-scenario-openvswitch-rocky
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-rocky
@@ -64,6 +58,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-rocky
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario-rocky
- project-template:
@@ -71,11 +69,6 @@
check:
jobs:
- neutron-tempest-plugin-api-stein
- - neutron-tempest-plugin-designate-scenario-stein:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge-stein
- neutron-tempest-plugin-scenario-openvswitch-stein
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-stein
@@ -87,6 +80,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-stein
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario-stein
- project-template:
@@ -94,11 +91,6 @@
check:
jobs:
- neutron-tempest-plugin-api-train
- - neutron-tempest-plugin-designate-scenario-train:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge-train
- neutron-tempest-plugin-scenario-openvswitch-train
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-train
@@ -110,6 +102,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-train
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario-train
- project-template:
@@ -117,11 +113,6 @@
check:
jobs:
- neutron-tempest-plugin-api-ussuri
- - neutron-tempest-plugin-designate-scenario-ussuri:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge-ussuri
- neutron-tempest-plugin-scenario-openvswitch-ussuri
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-ussuri
@@ -134,6 +125,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-ussuri
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario-ussuri
- project-template:
@@ -141,11 +136,6 @@
check:
jobs:
- neutron-tempest-plugin-api-victoria
- - neutron-tempest-plugin-designate-scenario-victoria:
- # TODO(slaweq): switch it to be voting when bug
- # https://bugs.launchpad.net/neutron/+bug/1891309
- # will be fixed
- voting: false
- neutron-tempest-plugin-scenario-linuxbridge-victoria
- neutron-tempest-plugin-scenario-openvswitch-victoria
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-victoria
@@ -158,6 +148,10 @@
experimental:
jobs:
- neutron-tempest-plugin-dvr-multinode-scenario-victoria
+ # TODO(slaweq): move it back to the check queue when bug
+ # https://bugs.launchpad.net/neutron/+bug/1891309
+ # will be fixed
+ - neutron-tempest-plugin-designate-scenario-victoria
- project:
diff --git a/zuul.d/queens_jobs.yaml b/zuul.d/queens_jobs.yaml
index e1ecc00..b4c22bc 100644
--- a/zuul.d/queens_jobs.yaml
+++ b/zuul.d/queens_jobs.yaml
@@ -10,6 +10,21 @@
override-checkout: 0.3.0
- openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/queens
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -73,6 +88,24 @@
CIRROS_VERSION: 0.3.5
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
@@ -91,6 +124,12 @@
branch_override: stable/queens
network_api_extensions: *api_extensions
network_available_features: *available_features
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
# NOTE(bcafarel): remove DNS test as queens pinned version does not have
@@ -145,6 +184,10 @@
/$NEUTRON_CORE_PLUGIN_CONF:
ml2:
type_drivers: flat,vlan,local,vxlan
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
# NOTE: ignores linux bridge's trunk delete on bound port test
# for rocky branch (as https://review.opendev.org/#/c/605589/
diff --git a/zuul.d/rocky_jobs.yaml b/zuul.d/rocky_jobs.yaml
index 4b6145b..718369a 100644
--- a/zuul.d/rocky_jobs.yaml
+++ b/zuul.d/rocky_jobs.yaml
@@ -12,6 +12,21 @@
override-checkout: 0.9.0
- openstack/tempest
vars: &api_vars_rocky
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/rocky
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -79,6 +94,24 @@
USE_PYTHON3: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
# NOTE(gmann): This job run on py2 for stable/rocky gate.
branches:
- stable/rocky
@@ -115,6 +148,12 @@
USE_PYTHON3: false
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
# NOTE(bcafarel): newer tests, unstable on rocky branch
tempest_black_regex: "\
(^neutron_tempest_plugin.scenario.test_port_forwardings.PortForwardingTestJSON.test_port_forwarding_to_2_servers)|\
@@ -152,6 +191,12 @@
USE_PYTHON3: false
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
TEMPEST_PLUGINS: /opt/stack/neutron-tempest-plugin
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
# TODO(bcafarel): remove trunks subport_connectivity test from blacklist
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
# NOTE(bcafarel): other are newer tests, unstable on rocky branch
@@ -209,6 +254,10 @@
/$NEUTRON_CORE_PLUGIN_CONF:
ml2:
type_drivers: flat,vlan,local,vxlan
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Xenial keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
# NOTE: ignores linux bridge's trunk delete on bound port test
# for rocky branch (as https://review.opendev.org/#/c/605589/
diff --git a/zuul.d/stein_jobs.yaml b/zuul.d/stein_jobs.yaml
index 29dfa8a..8db4508 100644
--- a/zuul.d/stein_jobs.yaml
+++ b/zuul.d/stein_jobs.yaml
@@ -10,6 +10,21 @@
override-checkout: 1.3.0
- openstack/tempest
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/stein
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -84,6 +99,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-stein
@@ -98,6 +131,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -118,6 +156,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -138,6 +181,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
diff --git a/zuul.d/train_jobs.yaml b/zuul.d/train_jobs.yaml
index 0785924..75c8ebe 100644
--- a/zuul.d/train_jobs.yaml
+++ b/zuul.d/train_jobs.yaml
@@ -4,6 +4,21 @@
nodeset: openstack-single-node-bionic
override-checkout: stable/train
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/train
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -83,6 +98,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-train
@@ -96,6 +129,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived doesn't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -115,6 +153,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -134,6 +177,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
diff --git a/zuul.d/ussuri_jobs.yaml b/zuul.d/ussuri_jobs.yaml
index 9cc0621..88f64b6 100644
--- a/zuul.d/ussuri_jobs.yaml
+++ b/zuul.d/ussuri_jobs.yaml
@@ -4,6 +4,21 @@
nodeset: openstack-single-node-bionic
override-checkout: stable/ussuri
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/ussuri
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -87,6 +102,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
@@ -101,6 +134,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -121,6 +159,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -140,6 +183,11 @@
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
devstack_local_conf:
+ post-config:
+ $NEUTRON_L3_CONF:
+ DEFAULT:
+ # NOTE(slaweq): on Bionic keepalived don't knows this option yet
+ keepalived_use_no_track: False
test-config:
$TEMPEST_CONFIG:
network-feature-enabled:
@@ -164,6 +212,13 @@
# TODO(skaplons): v2.13.1 is incompatible with kernel 4.15.0-118, sticking to commit hash until new v2.13 tag is created
OVS_BRANCH: 0047ca3a0290f1ef954f2c76b31477cf4b9755f5
OVN_BRANCH: "v20.03.0"
+ # NOTE(slaweq): IGMP Snooping requires OVN 20.12
+ OVN_IGMP_SNOOPING_ENABLE: False
+ devstack_local_conf:
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ is_igmp_snooping_enabled: False
- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-ussuri
diff --git a/zuul.d/victoria_jobs.yaml b/zuul.d/victoria_jobs.yaml
index 5543ea7..e0e29ed 100644
--- a/zuul.d/victoria_jobs.yaml
+++ b/zuul.d/victoria_jobs.yaml
@@ -3,6 +3,21 @@
parent: neutron-tempest-plugin-api
override-checkout: stable/victoria
vars:
+ devstack_services:
+ # Disable OVN services
+ br-ex-tcpdump: false
+ br-int-flows: false
+ ovn-controller: false
+ ovn-northd: false
+ ovs-vswitchd: false
+ ovsdb-server: false
+ q-ovn-metadata-agent: false
+ # Neutron services
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
branch_override: stable/victoria
# TODO(slaweq): find a way to put this list of extensions in
# neutron repository and keep it different per branch,
@@ -86,6 +101,24 @@
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: false
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_tempest) | join(',') }}"
+ Q_AGENT: openvswitch
+ Q_ML2_TENANT_NETWORK_TYPE: vxlan
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
+ ML2_L3_PLUGIN: router
+ devstack_local_conf:
+ post-config:
+ # NOTE(slaweq): We can get rid of this hardcoded absolute path when
+ # devstack-tempest job will be switched to use lib/neutron instead of
+ # lib/neutron-legacy
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ AGENT:
+ tunnel_types: gre,vxlan
+ ml2:
+ type_drivers: flat,geneve,vlan,gre,local,vxlan
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-plugin-scenario-openvswitch-victoria