search

openshift / verification-tests

Blackbox test suite for OpenShift.
GNU General Public License v3.0
52 stars 170 forks source link

update cases OCP-47087 #3656

Closed zhaozhanqi closed 2 months ago

zhaozhanqi commented 2 months ago

the case sometimes failed if the worker0 is same with pod located hostip. so here upgrade from worker to master here cc @asood-rh

https://issues.redhat.com/browse/OCPQE-25505

zhaozhanqi commented 2 months ago

logs: https://mastern-jenkins-csb-openshift-qe.apps.ocp-c1.prod.psi.redhat.com/job/Runner-v3-smoke/7658

huiran0826 commented 2 months ago

/lgtm

asood-rh commented 2 months ago

@zhaozhanqi The test should pass if the nodeport service is accessed from node where the servicing pod is scheduled. If I understand that is intent of change.

See below:-

oc get pods -owide
NAME              READY   STATUS    RESTARTS   AGE   IP            NODE                              NOMINATED NODE   READINESS GATES
hello-pod-6gh27   1/1     Running   0          28s   10.131.0.37   asood-9101-dvcxb-worker-a-ph9ps              

oc get svc
NAME        TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
hello-pod   NodePort   172.30.81.188           27017:32021/TCP   5s

asood-9101-dvcxb-worker-a-ph9ps                                   Ready    worker                 4h47m   v1.30.4   10.0.128.3            Red Hat Enterprise Linux CoreOS 417.94.202409052158-0   5.14.0-427.35.1.el9_4.x86_64   cri-o://1.30.5-4.rhaos4.17.gitf258695.el9

oc debug node/asood-9101-dvcxb-worker-a-ph9ps -- curl 10.0.128.3:32021 --connect-timeout 5
Starting pod/asood-9101-dvcxb-worker-a-ph9ps-debug-2pmtz ...
To use host binaries, run `chroot /host`
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    17  100    17    0     0   4250      0 --:--:-- --:--:-- --:--:--  4250
Hello OpenShift!

Removing debug pod ...
zhaozhanqi commented 2 months ago

@zhaozhanqi The test should pass if the nodeport service is accessed from node where the servicing pod is scheduled. If I understand that is intent of change.

See below:-

oc get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-pod-6gh27 1/1 Running 0 28s 10.131.0.37 asood-9101-dvcxb-worker-a-ph9ps

oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-pod NodePort 172.30.81.188 27017:32021/TCP 5s

asood-9101-dvcxb-worker-a-ph9ps Ready worker 4h47m v1.30.4 10.0.128.3 Red Hat Enterprise Linux CoreOS 417.94.202409052158-0 5.14.0-427.35.1.el9_4.x86_64 cri-o://1.30.5-4.rhaos4.17.gitf258695.el9

oc debug node/asood-9101-dvcxb-worker-a-ph9ps -- curl 10.0.128.3:32021 --connect-timeout 5 Starting pod/asood-9101-dvcxb-worker-a-ph9ps-debug-2pmtz ... To use host binaries, run chroot /host % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 17 100 17 0 0 4250 0 --:--:-- --:--:-- --:--:-- 4250 Hello OpenShift!

Removing debug pod ...

no, eg. we have 3 workers, worker0, worker1, worker2, Assume the pod is located on worker0.
then,

  1. oc debug node/worker1 -- curl worker0:$nodeport --> work
  2. oc debug node/worker1 -- curl worker2:$nodeport --> NOT work
  3. oc debug node/worker1 -- curl worker1:$nodeport --> work

we main fix the no.2 .
the original issue is here we are using worker1 as cilent, however the pod is also running on worker1. So I updated the client to master.

asood-rh commented 2 months ago

@zhaozhanqi The test should pass if the nodeport service is accessed from node where the servicing pod is scheduled. If I understand that is intent of change. See below:- oc get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-pod-6gh27 1/1 Running 0 28s 10.131.0.37 asood-9101-dvcxb-worker-a-ph9ps oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-pod NodePort 172.30.81.188 27017:32021/TCP 5s asood-9101-dvcxb-worker-a-ph9ps Ready worker 4h47m v1.30.4 10.0.128.3 Red Hat Enterprise Linux CoreOS 417.94.202409052158-0 5.14.0-427.35.1.el9_4.x86_64 cri-o://1.30.5-4.rhaos4.17.gitf258695.el9 oc debug node/asood-9101-dvcxb-worker-a-ph9ps -- curl 10.0.128.3:32021 --connect-timeout 5 Starting pod/asood-9101-dvcxb-worker-a-ph9ps-debug-2pmtz ... To use host binaries, run chroot /host % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 17 100 17 0 0 4250 0 --:--:-- --:--:-- --:--:-- 4250 Hello OpenShift! Removing debug pod ...

no, eg. we have 3 workers, worker0, worker1, worker2, Assume the pod is located on worker0. then,

  1. oc debug node/worker1 -- curl worker0:$nodeport --> work
  2. oc debug node/worker1 -- curl worker2:$nodeport --> NOT work
  3. oc debug node/worker1 -- curl worker1:$nodeport --> work

we main fix the no.2 . the original issue is here we are using worker1 as cilent, however the pod is also running on worker1. So I updated the client to master.

Thanks for details @zhaozhanqi One last question in context of details abive

Which scenario do you expect connection refused? This is comment after which connection refused is seen 

#It should NOT work because its external traffic from another node and destination node DOES NOT have a backend pod on it (ETP=local respected)
<.pre>
asood-rh commented 2 months ago

/lgtm

Zhanqi will respond to question.

zhaozhanqi commented 2 months ago

@zhaozhanqi The test should pass if the nodeport service is accessed from node where the servicing pod is scheduled. If I understand that is intent of change. See below:- oc get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-pod-6gh27 1/1 Running 0 28s 10.131.0.37 asood-9101-dvcxb-worker-a-ph9ps oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-pod NodePort 172.30.81.188 27017:32021/TCP 5s asood-9101-dvcxb-worker-a-ph9ps Ready worker 4h47m v1.30.4 10.0.128.3 Red Hat Enterprise Linux CoreOS 417.94.202409052158-0 5.14.0-427.35.1.el9_4.x86_64 cri-o://1.30.5-4.rhaos4.17.gitf258695.el9 oc debug node/asood-9101-dvcxb-worker-a-ph9ps -- curl 10.0.128.3:32021 --connect-timeout 5 Starting pod/asood-9101-dvcxb-worker-a-ph9ps-debug-2pmtz ... To use host binaries, run chroot /host % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 17 100 17 0 0 4250 0 --:--:-- --:--:-- --:--:-- 4250 Hello OpenShift! Removing debug pod ...

no, eg. we have 3 workers, worker0, worker1, worker2, Assume the pod is located on worker0. then,

  1. oc debug node/worker1 -- curl worker0:$nodeport --> work
  2. oc debug node/worker1 -- curl worker2:$nodeport --> NOT work
  3. oc debug node/worker1 -- curl worker1:$nodeport --> work

we main fix the no.2 . the original issue is here we are using worker1 as cilent, however the pod is also running on worker1. So I updated the client to master.

Thanks for details @zhaozhanqi One last question in context of details abive

Which scenario do you expect connection refused? This is comment after which connection refused is seen

It should NOT work because its external traffic from another node and destination node DOES NOT have a backend pod on it (ETP=local respected)

<.pre>

  1. oc debug node/worker1 -- curl worker2:$nodeport will connection refused.
zhaozhanqi commented 2 months ago

/approve

openshift-ci[bot] commented 2 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: asood-rh, huiran0826, zhaozhanqi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[features/networking/OWNERS](https://github.com/openshift/verification-tests/blob/master/features/networking/OWNERS)~~ [zhaozhanqi] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
zhaozhanqi commented 2 months ago

/approved

openshift-ci[bot] commented 2 months ago

@zhaozhanqi: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).