edf3cba046
Due to related bug it may happend that HA router will become active on one of the L3 agents after few minutes since it was created. And during that time when it's in "standby" mode, VM can be spawned, it will try to get metadata but haproxy in the router namespace is still not running so there will be no metadata available. That will end up with SSH authentication error as there will be no proper SSH key configured in the VM. Originally this patch was intended just as a workaround for the related bug but I think it's worth to keep it even if that bug will be solved on the Neutron's side as it may give us more clear information about the real problem in the future if something similar will happen and HA router will not be active on any of the L3 agents. Related-Bug: #1923633 Change-Id: I8c8b7c11c63ffeee4f776695f32ae686793299b3
54 lines
2.2 KiB
Python
54 lines
2.2 KiB
Python
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from tempest.lib import decorators
|
|
|
|
from neutron_tempest_plugin import config
|
|
from neutron_tempest_plugin.scenario import base
|
|
|
|
CONF = config.CONF
|
|
|
|
|
|
class PortSecurityTest(base.BaseTempestTestCase):
|
|
credentials = ['primary', 'admin']
|
|
required_extensions = ['port-security']
|
|
|
|
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
|
|
def test_port_security_removed_added(self):
|
|
"""Test connection works after port security has been removed
|
|
|
|
Initial test that vm is accessible. Then port security is removed,
|
|
checked connectivity. Port security is added back and checked
|
|
connectivity again.
|
|
"""
|
|
self.setup_network_and_server()
|
|
self.check_connectivity(self.fip['floating_ip_address'],
|
|
CONF.validation.image_ssh_user,
|
|
self.keypair['private_key'])
|
|
sec_group_id = self.security_groups[0]['id']
|
|
|
|
self.port = self.update_port(port=self.port,
|
|
port_security_enabled=False,
|
|
security_groups=[])
|
|
self.check_connectivity(self.fip['floating_ip_address'],
|
|
CONF.validation.image_ssh_user,
|
|
self.keypair['private_key'])
|
|
|
|
self.port = self.update_port(port=self.port,
|
|
port_security_enabled=True,
|
|
security_groups=[sec_group_id])
|
|
self.check_connectivity(self.fip['floating_ip_address'],
|
|
CONF.validation.image_ssh_user,
|
|
self.keypair['private_key'])
|