Activate the ipsec connectivity test

Activiates this test for the network-tools image

Script will check for ipsec enablement internally and only
run if so

Signed-off-by: Andrew Stoycos <astoycos@redhat.com>

debug-scripts/common

@@ -188,13 +188,6 @@ create_host_network_pod_on_node () {
         NODE_NAME=${nodes[0]}
     fi
 
-    # if namespace provided is empty, then set it to default.
-    if [ -z $NAMESPACE ]; then NAMESPACE=default; fi
-    # If time to live is empty, then set it to 10mins.
-    # We take this precaution since this pod has access to host's netns,
-    # so that if deletion fails, it stays in completed state.
-    if [ -z $TTL ]; then TTL=600s; fi
-
     echo "INFO: Scheduling "$POD_NAME" on "$NODE_NAME""
 
     oc debug --to-namespace="$NAMESPACE" node/"$NODE_NAME" --as-root=true \
@@ -205,12 +198,3 @@ create_host_network_pod_on_node () {
     sleep 2
     oc wait -n "$NAMESPACE" --for=condition=Ready pod/"$POD_NAME" --timeout=3m
 }
-
-format_sdout () { 
-    RED='\033[0;31m'
-    GREEN='\033[0;32m'
-    BLUE='\033[0;34m'
-    NC='\033[0m' # No Color
-
-
-}

debug-scripts/network-tools

@@ -20,8 +20,7 @@ if [[ "$network_plugin" == "OVNKubernetes" ]] ; then
     # run scripts
     ovn_pod_to_pod_connectivity "$global_namespace"/"$client" "$global_namespace"/"$server"
     ovn_pod_to_svc_connectivity "$global_namespace"/"$client" "$global_namespace"/"$server"
-    # ovn_ipsec_connectivity
-    # ovn_nic_firmware
+    ovn_ipsec_connectivity "$global_namespace"
 elif [[ "$network_plugin" == "OpenShiftSDN" ]] ; then
     # run scripts
     sdn_cluster_and_node_info

debug-scripts/ovn_ipsec_connectivity

@@ -108,30 +108,14 @@ help()
 {
     # Display Help
     echo
-    echo "This script checks pod2pod connectivity on an OVN cluster.
-By default this script spins up two pods (a client and a server) in the openshift-network-tools-* namespace. You can optionally
-supply the script with a pair of source and destination names. These can either be the source and destination node names on
-which the debug pods should be scheduled or they can be existing pod names (format: <namespace/pod-name>) to run the connectivity
-test.
+    echo "This script checks that node2node traffic is encrypted when the ipsec feature is enabled an Openshift OVN-kubernetes cluster.
+By default this script spins up two pods (a client and a server) on two different nodes in the openshift-network-tools-* namespace. It also 
+spins up a host networked debug pod which runs a packet sniffer on all traffic passing between the nodes.
 
-NOTE: If existing pods are passed as arguments, make sure ping utility is installed on the <src-pod> pods.
+Method: We run a ping from the <src-pod> to <dst-pod>. The debug pod running tcpdump captures the packet as it transverses the Geneve tunnel 
+across the nodes and ensures the pack is encrypted wth the ESP protocol.  It will also dump the .pcap capture for further analysis 
+to the debug pod reguardless of a passing or failing test. "
 
-Method: We run a ping from the <src-pod> to <dst-pod>. If ping is not installed on the <src-pod> or if it fails, we run a ping command from the
-network namespace of the <src-pod> to <dst-pod> to check connectivity.
-
-If the connectivity test fails, it will run an ovnkube trace between the source and destination pods.
-"
-    echo
-    echo "Usage: oc rsh -n <NETWORK-TOOLS-NAMESPACE> <network-tools-podname> ovn_pod_to_pod <src-node-name> <dst-node-name>"
-    echo "or"
-    echo "oc adm network-tools -- ovn_pod_to_pod <src-pod-namespace/src-pod-name> <dst-pod-namespace/dst-pod-name>"
-    echo "or"
-    echo "oc adm network-tools -- ovn_pod_to_pod "" <dst-pod-namespace/dst-pod-name>"
-    echo "or"
-    echo "oc adm network-tools -- ovn_pod_to_pod <src-pod-namespace/src-pod-name>"
-    echo "or"
-    echo "podman run <IMAGE_ID> ovn_pod_to_pod"
-    echo
 }
 
 
@@ -150,4 +134,4 @@ done
 
 global_namespace="${1}"
 
-main
+main