diff --git a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-master.yaml b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-master.yaml index b39b5471be02d..d9d3ecd4e1cc1 100644 --- a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-master.yaml +++ b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-master.yaml @@ -115,7 +115,7 @@ tests: env: EXTRA_MG_ARGS: --host-network workflow: openshift-e2e-aws-ovn-serial -- always_run: false +- always_run: true as: e2e-aws-ovn-ipsec-serial optional: true steps: diff --git a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19.yaml b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19.yaml index 419b0b76bd771..86a4cbb8b1d4c 100644 --- a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19.yaml +++ b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19.yaml @@ -115,7 +115,7 @@ tests: env: EXTRA_MG_ARGS: --host-network workflow: openshift-e2e-aws-ovn-serial -- always_run: false +- always_run: true as: e2e-aws-ovn-ipsec-serial optional: true steps: diff --git a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20.yaml b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20.yaml index 3869db4a9fcd6..e69a96ac7fdb7 100644 --- a/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20.yaml +++ b/ci-operator/config/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20.yaml @@ -116,7 +116,7 @@ tests: env: EXTRA_MG_ARGS: --host-network workflow: openshift-e2e-aws-ovn-serial -- always_run: false +- always_run: true as: e2e-aws-ovn-ipsec-serial optional: true steps: diff --git a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-master-presubmits.yaml index b1f4044c760c2..b177237543ac5 100644 --- a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-master-presubmits.yaml @@ -426,7 +426,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-ovn-hypershift-conformance,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- diff --git a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19-presubmits.yaml b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19-presubmits.yaml index d57cc2e46725a..3c23e977a3a9d 100644 --- a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.19-presubmits.yaml @@ -426,7 +426,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-ovn-hypershift-conformance,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^release-4\.19$ - ^release-4\.19- diff --git a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20-presubmits.yaml b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20-presubmits.yaml index b53751b489833..77feb95be3f80 100644 --- a/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-network-operator/openshift-cluster-network-operator-release-4.20-presubmits.yaml @@ -146,7 +146,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-ovn-hypershift-conformance,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^release-4\.20$ - ^release-4\.20- diff --git a/ci-operator/step-registry/openshift/e2e/aws/ovn/ipsec-serial/openshift-e2e-aws-ovn-ipsec-serial-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/ovn/ipsec-serial/openshift-e2e-aws-ovn-ipsec-serial-workflow.yaml index 7d68ae718d92a..e2d2fbf391982 100644 --- a/ci-operator/step-registry/openshift/e2e/aws/ovn/ipsec-serial/openshift-e2e-aws-ovn-ipsec-serial-workflow.yaml +++ b/ci-operator/step-registry/openshift/e2e/aws/ovn/ipsec-serial/openshift-e2e-aws-ovn-ipsec-serial-workflow.yaml @@ -17,8 +17,7 @@ workflow: - chain: ipi-deprovision env: NMSTATE_OPERATOR_SUB_SOURCE: qe-app-registry - TEST_SUITE: openshift/network/ipsec - TEST_ARGS: --run \[sig-network\]\[Feature:IPsec\] + TEST_TYPE: ipsec-suite documentation: |- The Openshift E2E AWS `ipsec serial` workflow executes the `openshift/network/ipsec` end-to-end IPsec test suite on AWS with the OVNKubernetes network plugin. diff --git a/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-commands.sh b/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-commands.sh index 9ab48853174b1..08cbaf61a42f5 100755 --- a/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-commands.sh +++ b/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-commands.sh @@ -331,6 +331,38 @@ function suite() { set +x } +function wait_for_ipsec_full_mode() { + until + timeout 30s oc rollout status daemonset/ovn-ipsec-host -n openshift-ovn-kubernetes && \ + oc wait --for=delete daemonset/ovn-ipsec-containerized -n openshift-ovn-kubernetes --timeout=30s; + do + echo "ovn-ipsec-host daemonset is not available yet (or) ovn-ipsec-containerized daemonset is still deployed" + sleep 30s + done + wait_for_cluster_operators_ready +} + +function wait_for_ipsec_external_mode() { + until + oc wait --for=delete daemonset/ovn-ipsec-host -n openshift-ovn-kubernetes --timeout=30s; + do + echo "ovn-ipsec-host daemonset is not removed yet" + sleep 30s + done + wait_for_cluster_operators_ready +} + +function wait_for_cluster_operators_ready() { + until + oc wait clusteroperators --all --for='condition=Available=True' --timeout=30s && \ + oc wait clusteroperators --all --for='condition=Progressing=False' --timeout=30s && \ + oc wait clusteroperators --all --for='condition=Degraded=False' --timeout=30s; + do + echo "Cluster Operators Degraded=True,Progressing=True,or Available=False" + sleep 30s + done +} + echo "$(date +%s)" > "${SHARED_DIR}/TEST_TIME_TEST_START" oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.8-kube-1.22-api-removals-in-4.9":"true"}}' --type=merge || echo 'failed to ack the 4.9 Kube v1beta1 removals; possibly API-server issue, or a pre-4.8 release image' @@ -516,6 +548,21 @@ suite-conformance) suite) suite ;; +ipsec-suite) + # Rollout IPsec Full mode and run the suite. + echo "Rolling out IPsec Full mode" + oc patch networks.operator.openshift.io cluster --type=merge -p='{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"ipsecConfig":{"mode":"Full"}}}}}' + wait_for_ipsec_full_mode + echo "IPsec Full mode rollout complete. running IPsec test suite now" + TEST_SUITE=openshift/network/ipsec TEST_ARGS="--run \[sig-network\]\[Feature:IPsec\]" suite + + # Rollout IPsec External mode and run the suite. + echo "Rolling out IPsec External mode" + oc patch networks.operator.openshift.io cluster --type=merge -p='{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"ipsecConfig":{"mode":"External"}}}}}' + wait_for_ipsec_external_mode + echo "IPsec External mode rollout complete. running IPsec test suite now" + TEST_SUITE=openshift/network/ipsec TEST_ARGS="--run \[sig-network\]\[Feature:IPsec\]" suite + ;; *) echo >&2 "Unsupported test type '${TEST_TYPE}'" exit 1 diff --git a/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-ref.yaml b/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-ref.yaml index 3dc57f521f5e4..1ddc50f610a09 100644 --- a/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-ref.yaml +++ b/ci-operator/step-registry/openshift/e2e/test/openshift-e2e-test-ref.yaml @@ -35,6 +35,9 @@ ref: an upgrade completes or have explicit logic in their test to tolerate behavior after upgrade. * 'upgrade-paused' - Perform an upgrade to the images defined by OPENSHIFT_UPGRADE_RELEASE_IMAGE_OVERRIDE with paused worker pool. + * 'ipsec-suite' - Runs IPsec test suite. The test suite is invoked separately for IPsec Full and External modes. + 1. Rollout IPsec Full mode, wait for it to complete and run the ipsec test suite. + 2. Change IPsec Full -> External mode, wait for rollout to complete, run the ipsec test suite. - name: TEST_SUITE default: openshift/conformance/parallel documentation: The test suite to run. Use 'openshift-test run --help' to list available suites.