ovn-tester: extend netpol for ovn-ic

Signed-off-by: Lorenzo Bianconi <[email protected]>

ovn-tester/cms/ovn_kubernetes/tests/netpol.py

@@ -2,6 +2,7 @@
 from ovn_context import Context
 from ovn_workload import Namespace
 from ovn_ext_cmd import ExtCmd
+from itertools import chain
 import ovn_exceptions
 
 NpCfg = namedtuple('NpCfg', ['n_ns', 'n_labels', 'pods_ns_ratio'])
@@ -23,33 +24,26 @@ def __init__(self, name, config, clusters):
         self.name = name
         self.all_labels = dict()
         self.all_ns = []
-        self.ports = []
+        self.ports = [[] for _ in range(self.config.n_ns)]
 
     def init(self, clusters, global_cfg):
-        ovn = clusters[0]
         with Context(clusters, f'{self.name}_startup', brief_report=True) as _:
-            self.ports = ovn.provision_ports(
-                self.config.pods_ns_ratio * self.config.n_ns
-            )
-            for i in range(self.config.pods_ns_ratio * self.config.n_ns):
-                self.all_labels.setdefault(
-                    i % self.config.n_labels, []
-                ).append(self.ports[i])
-
             for i in range(self.config.n_ns):
+                az_index = i % len(clusters)
+                ovn = clusters[az_index]
+                self.ports[i] = ovn.provision_ports(self.config.pods_ns_ratio)
                 ns = Namespace(clusters, f'NS_{self.name}_{i}', global_cfg)
-                ns.add_ports(
-                    self.ports[
-                        i
-                        * self.config.pods_ns_ratio : (i + 1)
-                        * self.config.pods_ns_ratio
-                    ]
-                )
-                ns.default_deny(4)
+                ns.add_ports(self.ports[i], az_index)
+                ns.default_deny(4, az_index)
                 self.all_ns.append(ns)
+                for i, port in enumerate(
+                    list(chain.from_iterable(self.ports))
+                ):
+                    self.all_labels.setdefault(
+                        i % self.config.n_labels, []
+                    ).append(port)
 
     def run(self, clusters, global_cfg, exclude=False):
-        ovn = clusters[0]
         with Context(clusters, self.name, self.config.n_ns, test=self) as ctx:
             for i in ctx:
                 ns = self.all_ns[i]
@@ -60,7 +54,9 @@ def run(self, clusters, global_cfg, exclude=False):
                     n = (lbl + 1) % self.config.n_labels
                     if exclude:
                         ex_label = label + self.all_labels[n]
-                        nlabel = [p for p in self.ports if p not in ex_label]
+                        nlabel = [
+                            p for p in self.ports[i] if p not in ex_label
+                        ]
                     else:
                         nlabel = self.all_labels[n]
                     sub_ns_dst = ns.create_sub_ns(nlabel, global_cfg)
@@ -71,9 +67,9 @@ def run(self, clusters, global_cfg, exclude=False):
                         ns.allow_sub_namespace(sub_ns_src, sub_ns_dst, 6)
                     worker = label[0].metadata
                     if label[0].ip and nlabel[0].ip:
-                        worker.ping_port(ovn, label[0], nlabel[0].ip)
+                        worker.ping_port(clusters[0], label[0], nlabel[0].ip)
                     if label[0].ip6 and nlabel[0].ip6:
-                        worker.ping_port(ovn, label[0], nlabel[0].ip6)
+                        worker.ping_port(clusters[0], label[0], nlabel[0].ip6)
 
         if not global_cfg.cleanup:
             return

ovn-tester/ovn_workload.py

@@ -482,8 +482,8 @@ def __init__(self, clusters, name, global_cfg):
             )
             for nbctl in self.nbctl
         ]
-        self.sub_as = []
-        self.sub_pg = []
+        self.sub_as = [[] for _ in range(len(clusters))]
+        self.sub_pg = [[] for _ in range(len(clusters))]
         self.load_balancer = None
         for cluster in self.clusters:
             cluster.n_ns += 1
@@ -527,11 +527,8 @@ def unprovision(self):
                 nbctl.address_set_del(self.addr_set4[i])
             if self.addr_set6:
                 nbctl.address_set_del(self.addr_set6[i])
-            # FIXME
-            for pg in self.sub_pg:
-                nbctl.port_group_del(pg)
-            for addr_set in self.sub_as:
-                nbctl.address_set_del(addr_set)
+            nbctl.port_group_del(self.sub_pg[i])
+            nbctl.address_set_del(self.sub_as[i])
 
     def unprovision_ports(self, ports, az=0):
         '''Unprovision a subset of ports in the namespace without having to
@@ -552,23 +549,24 @@ def enforce(self):
             nbctl.port_group_add_ports(self.pg[i], self.ports[i])
 
     def create_sub_ns(self, ports, global_cfg, az=0):
-        n_sub_pgs = len(self.sub_pg)
+        n_sub_pgs = len(self.sub_pg[az])
         suffix = f'{self.name}_{n_sub_pgs}'
         pg = self.nbctl[az].port_group_create(f'sub_pg_{suffix}')
         self.nbctl[az].port_group_add_ports(pg, ports)
-        self.sub_pg.append(pg)
-        if global_cfg.run_ipv4:
-            addr_set = self.nbctl[az].address_set_create(f'sub_as_{suffix}')
-            self.nbctl[az].address_set_add_addrs(
-                addr_set, [str(p.ip) for p in ports]
-            )
-            self.sub_as.append(addr_set)
-        if global_cfg.run_ipv6:
-            addr_set = self.nbctl[az].address_set_create(f'sub_as_{suffix}6')
-            self.nbctl[az].address_set_add_addrs(
-                addr_set, [str(p.ip6) for p in ports]
-            )
-            self.sub_as.append(addr_set)
+        self.sub_pg[az].append(pg)
+        for i, nbctl in enumerate(self.nbctl):
+            if global_cfg.run_ipv4:
+                addr_set = nbctl.address_set_create(f'sub_as_{suffix}')
+                nbctl.address_set_add_addrs(
+                    addr_set, [str(p.ip) for p in ports]
+                )
+                self.sub_as[i].append(addr_set)
+            if global_cfg.run_ipv6:
+                addr_set = nbctl.address_set_create(f'sub_as_{suffix}6')
+                nbctl.address_set_add_addrs(
+                    addr_set, [str(p.ip6) for p in ports]
+                )
+                self.sub_as[i].append(addr_set)
         return n_sub_pgs
 
     @ovn_stats.timeit
@@ -668,17 +666,17 @@ def allow_sub_namespace(self, src, dst, family, az=0):
             'to-lport',
             ACL_NETPOL_ALLOW_PRIO,
             'port-group',
-            f'ip{family}.src == \\${self.sub_as[src].name} && '
-            f'outport == @{self.sub_pg[dst].name}',
+            f'ip{family}.src == \\${self.sub_as[az][src].name} && '
+            f'outport == @{self.sub_pg[az][dst].name}',
             'allow-related',
         )
         self.nbctl[az].acl_add(
             self.pg[az].name,
             'to-lport',
             ACL_NETPOL_ALLOW_PRIO,
             'port-group',
-            f'ip{family}.dst == \\${self.sub_as[dst].name} && '
-            f'inport == @{self.sub_pg[src].name}',
+            f'ip{family}.dst == \\${self.sub_as[az][dst].name} && '
+            f'inport == @{self.sub_pg[az][src].name}',
             'allow-related',
         )
 
@@ -746,7 +744,6 @@ def provision_vips_to_load_balancers(self, backend_lists, version, az=0):
         vip_ns_subnet = DEFAULT_NS_VIP_SUBNET
         if version == 6:
             vip_ns_subnet = DEFAULT_NS_VIP_SUBNET6
-        # FIXME
         vip_net = vip_ns_subnet.next(self.clusters[az].n_ns)
         n_vips = len(self.load_balancer.vips.keys())
         vip_ip = vip_net.ip.__add__(n_vips + 1)