@@ -11361,7 +11361,7 @@ acl_test() {
0% packet loss
])
# Add an untiered drop ACL. This should cause pings to fail.
- check ovn-nbctl --wait=sb $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" drop
+ check ovn-nbctl --wait=hv $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" drop
acl1_uuid=$(ovn-nbctl --bare --columns _uuid find ACL priority=1000)
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
@@ -11370,7 +11370,7 @@ acl_test() {
# Change the tier to 3. Despite there being "holes" in tiers 0, 1, and 2,
# the ACL should still apply, and pings should fail.
- check ovn-nbctl --wait=sb set ACL $acl1_uuid tier=3
+ check ovn-nbctl --wait=hv set ACL $acl1_uuid tier=3
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
100% packet loss
@@ -11387,21 +11387,21 @@ acl_test() {
# Add a higher-priority tier-0 ACL that passes. This should cause the traffic
# to pass over the lower-priority tier-0 "allow" ACL, and move to the tier-3
# ACL that drops the traffic.
- check ovn-nbctl --wait=sb $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" pass
+ check ovn-nbctl --wait=hv $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" pass
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
100% packet loss
])
# Remove the "pass" ACL, and the "allow" rule should kick back in.
- check ovn-nbctl --wait=sb --tier=0 acl-del $thing $direction 1000 "ip4.dst == 10.0.0.2"
+ check ovn-nbctl --wait=hv --tier=0 acl-del $thing $direction 1000 "ip4.dst == 10.0.0.2"
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
0% packet loss
])
# Removing the remaining 0-tier ACL should make traffic go back to being dropped.
- check ovn-nbctl --wait=sb acl-del $thing $direction 4 "ip4.dst == 10.0.0.2"
+ check ovn-nbctl --wait=hv acl-del $thing $direction 4 "ip4.dst == 10.0.0.2"
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
100% packet loss
@@ -11410,14 +11410,14 @@ acl_test() {
# Adding a higher-priority "pass" ACL at tier 3 should result in using the
# default ACL action. Currently, the default is to allow traffic, so the
# traffic should be allowed.
- check ovn-nbctl --wait=sb --tier=3 $options acl-add $thing $direction 2000 "ip4.dst == 10.0.0.2" pass
+ check ovn-nbctl --wait=hv --tier=3 $options acl-add $thing $direction 2000 "ip4.dst == 10.0.0.2" pass
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
0% packet loss
])
# Change the default ACL action to drop, and now the traffic should be dropped.
- check ovn-nbctl set NB_Global . options:default_acl_drop=true
+ check ovn-nbctl --wait=hv set NB_Global . options:default_acl_drop=true
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
100% packet loss
@@ -11426,7 +11426,7 @@ acl_test() {
# Removing all ACLs (and setting the default acl drop back to false) should
# make traffic go back to passing.
check ovn-nbctl clear NB_Global . options
- check ovn-nbctl --wait=sb acl-del $thing
+ check ovn-nbctl --wait=hv acl-del $thing
NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
[0], [dnl
0% packet loss
The "Tiered ACLs" test was syncing on sb and in one case it wasn't syncing at all. That could lead to some packets passing/being dropped due to race between the northd creating the flows and controller installing them. Fixes: 119f14e05cb4 ("northd: Add tiered ACL support.") Signed-off-by: Ales Musil <amusil@redhat.com> --- tests/system-ovn.at | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)