commit da1d874e19fab72705ab68d276f70840e2178bb6
author Oleksandr Kononenko <okononenko@mirantis.com> Thu Nov 13 17:30:10 2025 +0200
committer Mykyta Karpin <mkarpin@mirantis.com> Thu Jan 15 08:09:25 2026 +0000
tree 623e6a5222150eb8f578b35f21b5c6903517986f
parent 00d913e84aae66b9c59a3ad3226dca0a92d7aab9

Update _test_alpn_tls_traffic metod

  Add retry for test connection to the loadbalancer.
  It allows to eliminate test fails when LB unreachable just after
  switching in ACTIVE state because keepalived didn't have time to
  check HA proxy state and update VIP address for loadbalancer

Related-Prod: PRODX-55468
Change-Id: I6651319434ea91fb1c10f490c69aa077c2d530c6
(cherry picked from commit 64d66686f476319bfc24741878ac7226f61c1f82)

octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py

diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 8a95810..a27f2b2 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@@ -17,6 +17,7 @@
 import socket
 import ssl
 import tempfile
+import time
 
 from cryptography.hazmat.primitives import serialization
 import httpx
@@ -29,6 +30,7 @@
 from tempest import config
 from tempest.lib.common.utils import data_utils
 from tempest.lib import decorators
+from tempest.lib import exceptions
 import testtools
 
 from octavia_tempest_plugin.common import barbican_client_mgr
@@ -1239,11 +1241,35 @@
 
         context = ssl.SSLContext(ssl.PROTOCOL_TLS)
         context.set_alpn_protocols(c_protos)
-        s = socket.socket()
-        ssl_sock = context.wrap_socket(s)
-        ssl_sock.connect((self.lb_vip_address, 443))
-        selected_proto = ssl_sock.selected_alpn_protocol()
 
+        def _wait_for_lb_connection_proto():
+            timeout = 10
+            # NOTE(okononenko) Timeout for waiter should be greater then
+            # vrrp_check_interval parameter in keepalived_vrrp section of
+            # octavia.conf
+            finish = int(time.time()) + timeout
+            while int(time.time()) < finish:
+                s = socket.socket()
+                s.settimeout(2)
+                ssl_sock = context.wrap_socket(s)
+                try:
+                    ssl_sock.connect((self.lb_vip_address, 443))
+                    return ssl_sock.selected_alpn_protocol()
+                # NOTE(okononenko): it might take some time by keepalived to
+                # update VIP for loadbalancer. Retry on any exception here.
+                except Exception as exc:
+                    LOG.debug(
+                        'Failed to connect to socket %s:443: %s',
+                        self.lb_vip_address, exc
+                    )
+                finally:
+                    ssl_sock.close()
+                time.sleep(1)
+            raise exceptions.TimeoutException(
+                f"Timed out after {timeout} seconds waiting"
+            )
+
+        selected_proto = _wait_for_lb_connection_proto()
         self.assertEqual(expected_proto, selected_proto)
 
     def _test_http_versions_tls_traffic(self, http_version, alpn_protos):