Update and Activate ovn_ipsec_connectivity
#37
Conversation
|
/retest |
| # TODO check with oc get network.operator.openshift.io/cluster -o=jsonpath='{.items[*].spec.defaultNetwork.ovnKubernetesConfig.ipsecConfig}' | ||
| # once tests can be run with real cluster |
There was a problem hiding this comment.
we can't run it using cluster-bot now ?
There was a problem hiding this comment.
not yet unfortunately I think Mark has some work in the pipeline to be able to do so though
| } | ||
|
|
||
| help() |
There was a problem hiding this comment.
this func has to be changed in accordance to this script.
There was a problem hiding this comment.
Ack sorry missed that
debug-scripts/common
Outdated
| @@ -175,3 +199,12 @@ create_host_network_pod_on_node () { | |||
| sleep 2 | |||
| oc wait -n "$NAMESPACE" --for=condition=Ready pod/"$POD_NAME" --timeout=3m | |||
| } | |||
|
|
|||
| format_sdout () { | |||
There was a problem hiding this comment.
Yep I actually didn't mean to have the color formatting in this PR... Sorry about that!
astoycos
force-pushed
the
update-ipsec-check
branch
from
4b0fff5
to
720912a
Compare
debug-scripts/common
Outdated
| @@ -174,4 +191,4 @@ create_host_network_pod_on_node () { | |||
| # wait till pod is running | |||
| sleep 2 | |||
| oc wait -n "$NAMESPACE" --for=condition=Ready pod/"$POD_NAME" --timeout=3m | |||
| } | |||
| } | |||
There was a problem hiding this comment.
woops, we actually need the newline.
debug-scripts/ovn_ipsec_connectivity
Outdated
|
|
||
| global_namespace="${1}" | ||
|
|
||
| main |
|
/assign @rcarrillocruz |
Cleanup the info logging Make the tcpdump command run in a dedicated host-networked container copy pcap capture back to the network-tools container TODO: Copy this file out to the local machine Fix some empty fields erros In some of these functions they didn't seem to work if the namespace or other parameters were not specified This commit just adds some error checking to those functions Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
Activiates this test for the network-tools image Script will check for ipsec enablement internally and only run if so Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
astoycos
force-pushed
the
update-ipsec-check
branch
from
720912a
to
8f259c0
Compare
|
New changes are detected. LGTM label has been removed. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: astoycos, rcarrillocruz, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: astoycos, rcarrillocruz, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
Update and Activate `ovn_ipsec_connectivity`
Activate IPSEC test, and convert test to use built in functions described in the
commonscriptWhen run it will check if node to node traffic in an OVN-K cluster is encrypted with IPSEC
Output will resemble the following
This PR also adds some fixes to common functions (see commit messages for more detail)
TODO: The script generates a PCAP which should prove that the traffic is encrypted... This file is copied to the network-tools image and should be accessible to the user at some point