CORENET-5568: Update IPsec CI lane configuration for IPsec tests #61740
Conversation
|
/pj-rehearse |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
pperiyasamy
force-pushed
the
e2e-aws-ovn-ipsec-external-serial
branch
from
ab827ec to
9ef3af4
Compare
pperiyasamy
changed the title
|
/pj-rehearse |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
pperiyasamy
force-pushed
the
e2e-aws-ovn-ipsec-external-serial
branch
from
9ef3af4 to
53d7051
Compare
pperiyasamy
changed the title
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
The ci/rehearse/openshift/origin/release-4.20/e2e-aws-ovn-ipsec-external-mode failure happened because cluster version is not actually greater than >= 4.15, so no ipsec machine configs rolled out. that is the reason ipsec cert import machine config deployment is also failed because there is no ipsec packages installed on the host. so this will be fixed once versioning is done properly for 4.20. so we can safely ignore this error for now. |
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
pperiyasamy
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@pperiyasamy: This pull request references CORENET-5568 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-cluster-network-operator-release-4.19-e2e-aws-ovn-ipsec-serial |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-cluster-network-operator-release-4.20-e2e-aws-ovn-ipsec-serial |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-cluster-network-operator-master-e2e-aws-ovn-ipsec-serial |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse pull-ci-openshift-cluster-network-operator-release-4.20-e2e-aws-ovn-ipsec-serial |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
/pj-rehearse more |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
| @@ -340,6 +340,42 @@ function suite() { | |||
| set +x | |||
| } | |||
|
|
|||
| function ensureipsecfullenabled() { | |||
There was a problem hiding this comment.
this bash files seems to follow snake_case for functions.
This also doesn't really do anything else than waiting so maybe something like this would be better?
| function ensureipsecfullenabled() { | |
| function wait_for_ipsec_full_mode() { |
this also applies to the other functions being introduced.
| @@ -340,6 +340,42 @@ function suite() { | |||
| set +x | |||
| } | |||
|
|
|||
| function ensureipsecfullenabled() { | |||
| CUR_NUM_SCHEDULED=$(oc get daemonset/ovn-ipsec-host -n openshift-ovn-kubernetes -o jsonpath='{.status.currentNumberScheduled}' 2>/dev/null || echo 0) | |||
There was a problem hiding this comment.
Have you considered using oc rollout status instead?
There was a problem hiding this comment.
didn't know about oc rollout status command before, using it now, thanks.
| # Rollout IPsec Full mode and run the suite. | ||
| echo "Rolling out IPsec Full mode" | ||
| oc patch networks.operator.openshift.io cluster --type=merge -p='{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"ipsecConfig":{"mode":"Full"}}}}}' | ||
| ensureipsecfullenabled |
There was a problem hiding this comment.
What if the ensureipsecfullenabled function is called before CNO made the changes to the daemonset? Won't it just return before the daemonset rolled out?
There was a problem hiding this comment.
@kyrtapz , The wait_for_ipsec_full_mode function waits until ovn-ipsec-host rollout is complete (and added check now to confirm if IPsec is moved from containerized to host deployment) and COs are in ready state. That confirms IPsec full mode is set on the cluster.
As per changes in openshift/origin#29437 for IPsec E2E tests, each IPsec mode Full and External must be tested separately, so this commit updates openshift-e2e-test step with new test type called ipsec-suite and ipsec test suite is executed under this test type for each ipsec modes. Signed-off-by: Periyasamy Palanisamy <[email protected]>
pperiyasamy
force-pushed
the
e2e-aws-ovn-ipsec-external-serial
branch
from
b9e5772 to
1fcddfa
Compare
|
[REHEARSALNOTIFIER]
A total of 13376 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
/pj-rehearse |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
|
@pperiyasamy: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz, martinkennelly, neisw, pperiyasamy, trozet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/pj-rehearse ack |
|
@pperiyasamy: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel. |
openshift-ci-robot
added
the
rehearsals-ack
openshift-merge-bot
bot
merged commit f58b74d
into
openshift:master
As per changes in openshift/origin#29437 for IPsec E2E tests, each IPsec mode Full and External must be tested separately, so this commit updates openshift-e2e-test step with new test type called ipsec-suite and ipsec test suite is executed under this test type for each ipsec modes. Signed-off-by: Periyasamy Palanisamy <[email protected]>
As per changes in openshift/origin#29437 for IPsec E2E tests, each IPsec mode
FullandExternalmust be tested separately. This is needed because IPsec mode change needs an update of theovnkube-nodedaemonset which cause traffic disturbance on the east west traffic, causes monitor test failures while it's changed as part of IPsec E2E tests.So this PR updates
openshift-e2e-testworkflow step with new test type calledipsec-suiteand this test suite does the following.Fullmode, wait for it to complete and run the ipsec test suite.Full->Externalmode, wait for rollout to complete, run the ipsec test suite.This test suite can be extended for testing various other use cases like NAT-T in the future.