From patchwork Mon May 29 13:25:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ales Musil <amusil@redhat.com>
X-Patchwork-Id: 1787114
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.133; helo=smtp2.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=eI/NDts9;
	dkim-atps=neutral
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QVGVR0qgDz20Pc
	for <incoming@patchwork.ozlabs.org>; Mon, 29 May 2023 23:25:18 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp2.osuosl.org (Postfix) with ESMTP id 812DB41C74;
	Mon, 29 May 2023 13:25:16 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 812DB41C74
Authentication-Results: smtp2.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=eI/NDts9
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
	by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 3H3KTWyXcnpy; Mon, 29 May 2023 13:25:15 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp2.osuosl.org (Postfix) with ESMTPS id 778914063C;
	Mon, 29 May 2023 13:25:14 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 778914063C
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 43706C0036;
	Mon, 29 May 2023 13:25:14 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 6E398C002A
 for <dev@openvswitch.org>; Mon, 29 May 2023 13:25:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 429F560A99
 for <dev@openvswitch.org>; Mon, 29 May 2023 13:25:12 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 429F560A99
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=eI/NDts9
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 57VqcyenoJ8j for <dev@openvswitch.org>;
 Mon, 29 May 2023 13:25:11 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 2045260A84
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 2045260A84
 for <dev@openvswitch.org>; Mon, 29 May 2023 13:25:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1685366709;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=bzHxbI8t9LW8pIT3/SA4q9h3mOsVgaa1DtuNi3LH1Ck=;
 b=eI/NDts9uoTEFYkYOEL2rRSb9eqZcYVJy864LTVaP1BduLJvRpr5ZB7ERbFiDg95KlslP6
 hd9cZ2d7u/BO+DFsXsvXrbRRqBNPFFD9QOQkV9EteKUZrkt1Mo8xrfLxJGDbpopPFs2+uI
 7gU+RbK189bN6nRA1jmMB0CcOOvHuMA=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-319-Fbfam3bJPnStIb1-325ORg-1; Mon, 29 May 2023 09:25:08 -0400
X-MC-Unique: Fbfam3bJPnStIb1-325ORg-1
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2C762380670B
 for <dev@openvswitch.org>; Mon, 29 May 2023 13:25:08 +0000 (UTC)
Received: from amusil.redhat.com (unknown [10.45.225.9])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 4C9C7492B0A;
 Mon, 29 May 2023 13:25:07 +0000 (UTC)
From: Ales Musil <amusil@redhat.com>
To: dev@openvswitch.org
Date: Mon, 29 May 2023 15:25:05 +0200
Message-Id: <20230529132506.301650-1-amusil@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH ovn 1/2] system-tests: Prevent flakiness in Tiered
	ACLS
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The "Tiered ACLs" test was syncing on sb and in one
case it wasn't syncing at all. That could lead to
some packets passing/being dropped due to race
between the northd creating the flows and controller
installing them.

Fixes: 119f14e05cb4 ("northd: Add tiered ACL support.")
Signed-off-by: Ales Musil <amusil@redhat.com>
---
 tests/system-ovn.at | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index c2490008d..6f9406c5e 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -11361,7 +11361,7 @@ acl_test() {
 0% packet loss
 ])
     # Add an untiered drop ACL. This should cause pings to fail.
-    check ovn-nbctl --wait=sb $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" drop
+    check ovn-nbctl --wait=hv $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" drop
     acl1_uuid=$(ovn-nbctl --bare --columns _uuid find ACL priority=1000)
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
@@ -11370,7 +11370,7 @@ acl_test() {
 
     # Change the tier to 3. Despite there being "holes" in tiers 0, 1, and 2,
     # the ACL should still apply, and pings should fail.
-    check ovn-nbctl --wait=sb set ACL $acl1_uuid tier=3
+    check ovn-nbctl --wait=hv set ACL $acl1_uuid tier=3
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 100% packet loss
@@ -11387,21 +11387,21 @@ acl_test() {
     # Add a higher-priority tier-0 ACL that passes. This should cause the traffic
     # to pass over the lower-priority tier-0 "allow" ACL, and move to the tier-3
     # ACL that drops the traffic.
-    check ovn-nbctl --wait=sb $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" pass
+    check ovn-nbctl --wait=hv $options acl-add $thing $direction 1000 "ip4.dst == 10.0.0.2" pass
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 100% packet loss
 ])
 
     # Remove the "pass" ACL, and the "allow" rule should kick back in.
-    check ovn-nbctl --wait=sb --tier=0 acl-del $thing $direction 1000 "ip4.dst == 10.0.0.2"
+    check ovn-nbctl --wait=hv --tier=0 acl-del $thing $direction 1000 "ip4.dst == 10.0.0.2"
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 0% packet loss
 ])
 
     # Removing the remaining 0-tier ACL should make traffic go back to being dropped.
-    check ovn-nbctl --wait=sb acl-del $thing $direction 4 "ip4.dst == 10.0.0.2"
+    check ovn-nbctl --wait=hv acl-del $thing $direction 4 "ip4.dst == 10.0.0.2"
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 100% packet loss
@@ -11410,14 +11410,14 @@ acl_test() {
     # Adding a higher-priority "pass" ACL at tier 3 should result in using the
     # default ACL action. Currently, the default is to allow traffic, so the
     # traffic should be allowed.
-    check ovn-nbctl --wait=sb --tier=3 $options acl-add $thing $direction 2000 "ip4.dst == 10.0.0.2" pass
+    check ovn-nbctl --wait=hv --tier=3 $options acl-add $thing $direction 2000 "ip4.dst == 10.0.0.2" pass
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 0% packet loss
 ])
 
     # Change the default ACL action to drop, and now the traffic should be dropped.
-    check ovn-nbctl set NB_Global . options:default_acl_drop=true
+    check ovn-nbctl --wait=hv set NB_Global . options:default_acl_drop=true
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 100% packet loss
@@ -11426,7 +11426,7 @@ acl_test() {
     # Removing all ACLs (and setting the default acl drop back to false) should
     # make traffic go back to passing.
     check ovn-nbctl clear NB_Global . options
-    check ovn-nbctl --wait=sb acl-del $thing
+    check ovn-nbctl --wait=hv acl-del $thing
     NS_CHECK_EXEC([lsp1], [ping -q -c 3 -i 0.3 -w 2 10.0.0.2 | PING_PCT], \
 [0], [dnl
 0% packet loss