app_nonat test by sadov · Pull Request #591 · lf-edge/eden

sadov · 2021-04-21T10:54:43Z

At this time blocked by #589.

Signed-off-by: Oleg Sadov oleg@zededa.com

sadov · 2021-04-26T09:11:38Z

The test fails in the current state. EVE configs from this test:

"apps": [
        {
"interfaces": [
...
        {
    "name": "default",
    "networkId": "512839bd-a655-46ad-988d-fde5da33c3bb",
    "acls": [
        {
            "matches": [    
                {               
                    "type": "ip",   
                    "value": "0.0.0.0/0"
                }               
            ],
            "id": 1         
        }
    ]
}
]
...
"networkInstances": [
...
{
    "uuidandversion": {
        "uuid": "512839bd-a655-46ad-988d-fde5da33c3bb",
        "version": "1"
    },
    "displayname": "direct",
    "instType": 1,
    "activate": true,
    "port": {
        "type": 1,
        "name": "eth0"
    },
    "cfg": {},
    "ipType": 1,
    "ip": {}
}
...

and ztest:

"apps": [
       {
"interfaces": [
...
{
   "name": "direct",
   "networkId": "72a14885-73c4-4fe7-a4b2-f919c05bf065",
   "addr": "",
   "hostname": "",
   "cryptoEid": "",
   "lispsignature": "",
   "pemcert": null,
   "pemprivatekey": null,
   "macAddress": "",
   "acls": [
       {
           "matches": [
               {
                   "type": "ip",
                   "value": "0.0.0.0/0"
               }
           ],
           "actions": [],
           "name": "",
           "id": 3,
           "dir": "BOTH"
       }
   ]
}
]
...
"networkInstances": [
...
{
   "uuidandversion": {
       "uuid": "72a14885-73c4-4fe7-a4b2-f919c05bf065",
       "version": ""
   },
   "displayname": "TestAppNonat-sc-supermicro-e100-8-NI-2021-04-14T02-00-25",
   "instType": "ZnetInstSwitch",
   "activate": true,
   "port": {
       "type": "PhyIoNoop",
       "name": "eth0"
   },
   "cfg": {
       "oconfig": "",
       "lispConfig": null,
       "type": "ZNetOConfigVPN"
   },
   "ipType": "IPV4", 
   "ip": null,
   "dns": []
}
...

looks more or less similar, but pings through eth1 not passed.

Log file:
eden_test-app_nonat.015.log

sadov · 2021-04-26T20:38:31Z

After adding the default gw route for eth1 to the test, the ping passes. But it still gets through after removing the acl rules from the direct network.

zed-sadov · 2021-04-28T08:37:42Z

With a such changes on EVE:
lf-edge/eve#2042
test passed:

eden test tests/eclient/ -e app_nonat -v debug

giggsoff · 2021-05-12T07:50:25Z

+message 'Switching network'
+eden pod modify eclient --networks indirect --networks=direct --acl='direct:'
+test eden.app.test -test.v -timewait 30m RUNNING eclient
+


@sadov please add here

message 'Checking accessibility' exec -t 5m bash wait_ssh.sh

eden pod modify will restart app in this case, so we must wait for ssh

giggsoff

Please add wait for ssh after pod modify and take a look at my comments

giggsoff · 2021-05-12T07:51:59Z

+! exec -t 1m bash ping.sh
+stdout '100% packet loss'
+
+message 'Resource cleanng'


cleanng->cleaning

giggsoff · 2021-05-12T07:52:28Z

+EDEN={{EdenConfig "eden.root"}}/{{EdenConfig "eden.bin-dist"}}/{{EdenConfig "eden.eden-bin"}}
+HOST=$($EDEN eve ip)
+
+for p in $*


Any reason to use this loop here?

This was developed empirically - in some cases, the system did not fully initialize after going into the RUNNING state. We use such loops in many tests.

We have the inner loop here for that (for i in seq 20), right?

giggsoff · 2021-05-12T07:54:14Z

+exec -t 1m bash ping.sh
+stdout '0% packet loss'
+
+message 'Switching network'


Please add comment, that we remove all ACLs for direct network for which one eth1 of eclient connected.

Sure -- mentioning the ACL here will make sense, but the exact wording will need to be coordinated with the network documentation and the second is planned to be created.

Well, I think if we remove all ACLs, we can be independent from spelling, we just remove them.

giggsoff · 2021-05-12T07:54:49Z

+#echo {{template "ssh"}}$HOST route add default gw 192.168.0.2 dev eth1
+#{{template "ssh"}}$HOST route add default gw 192.168.0.2 dev eth1


Should we remove comments here?

giggsoff · 2021-05-12T13:36:04Z

GCP test failed again with changes in your PR. Seems, we cannot use switch with uplink on GCP, it allocates only one address per VM. Alias IPs only usable with manual ip setting, it is not useful in our case.
So, I suggest to move the test onto large-only branch.

Signed-off-by: Oleg Sadov <oleg@zededa.com>

sadov · 2021-05-12T14:07:12Z

OK - moved to "large".

sadov changed the title ~~WIP app_nonat test~~ [WIP] app_nonat test Apr 21, 2021

sadov force-pushed the test_app_nonat branch 3 times, most recently from a152362 to f135296 Compare April 23, 2021 22:01

sadov force-pushed the test_app_nonat branch from f135296 to 7db282d Compare April 26, 2021 20:13

giggsoff mentioned this pull request Apr 26, 2021

set default route for no classless lf-edge/eve#2042

Merged

sadov force-pushed the test_app_nonat branch from 7db282d to 901743e Compare April 27, 2021 21:54

sadov force-pushed the test_app_nonat branch 2 times, most recently from e6a2015 to 3fc77ff Compare May 10, 2021 12:18

sadov changed the title ~~[WIP] app_nonat test~~ app_nonat test May 10, 2021

sadov force-pushed the test_app_nonat branch 4 times, most recently from bdc1b56 to 0509adb Compare May 11, 2021 22:45

giggsoff reviewed May 12, 2021

View reviewed changes

giggsoff requested changes May 12, 2021

View reviewed changes

sadov force-pushed the test_app_nonat branch 2 times, most recently from 8f76765 to ed1a925 Compare May 12, 2021 08:50

app_nonat test

846fea6

Signed-off-by: Oleg Sadov <oleg@zededa.com>

sadov force-pushed the test_app_nonat branch from ed1a925 to 846fea6 Compare May 12, 2021 14:05

mydatascience merged commit 5e382ce into lf-edge:master May 12, 2021

		#echo {{template "ssh"}}$HOST route add default gw 192.168.0.2 dev eth1
		#{{template "ssh"}}$HOST route add default gw 192.168.0.2 dev eth1

Conversation

sadov commented Apr 21, 2021

Uh oh!

sadov commented Apr 26, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sadov commented Apr 26, 2021

Uh oh!

zed-sadov commented Apr 28, 2021

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

giggsoff left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

sadov May 12, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

giggsoff commented May 12, 2021

Uh oh!

sadov commented May 12, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

sadov commented Apr 26, 2021 •

edited

Loading

sadov May 12, 2021 •

edited

Loading