fix e2e

Signed-off-by: zhangzujian <[email protected]>
kubeovn · Jul 23, 2024 · e0e98d2 · e0e98d2
1 parent 65c8d7f
commit e0e98d2
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 28 deletions.
diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base
@@ -124,12 +124,14 @@ RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages  \
     rm -rf /var/lib/openvswitch/pki/ && \
     chown -R nobody: /var/lib/logrotate && \
     setcap CAP_SYS_NICE+eip $(readlink -f $(which nice)) && \
+    setcap CAP_NET_RAW+eip $(readlink -f $(which tcpdump)) && \
     setcap CAP_SYS_MODULE+eip $(readlink -f $(which modprobe)) && \
     setcap CAP_NET_ADMIN+eip $(readlink -f $(which conntrack)) && \
     setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_MODULE+eip $(readlink -f $(which ip)) && \
     setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_MODULE+eip $(readlink -f $(which ipset)) && \
     setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_MODULE+eip $(readlink -f $(which xtables-legacy-multi)) && \
-    setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_MODULE+eip $(readlink -f $(which xtables-nft-multi))
+    setcap CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_MODULE+eip $(readlink -f $(which xtables-nft-multi)) && \
+    setcap CAP_NET_ADMIN+eip $(readlink -f $(which ovs-dpctl))
 
 ARG DEBUG=false
 RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages \

diff --git a/test/e2e/framework/exec_utils.go b/test/e2e/framework/exec_utils.go
@@ -14,6 +14,7 @@ import (
 
 // ExecCommandInContainer executes a command in the specified container.
 func ExecCommandInContainer(f *Framework, namespace, pod, container string, cmd ...string) (string, string, error) {
+	framework.Logf("Executing command %q in container %s/%s/%s", cmd, namespace, pod, container)
 	return util.ExecuteCommandInContainer(f.ClientSet, f.ClientConfig(), namespace, pod, container, cmd...)
 }
 

diff --git a/test/e2e/ha/ha_test.go b/test/e2e/ha/ha_test.go
@@ -39,29 +39,23 @@ var _ = framework.Describe("[group:ha]", func() {
 	framework.DisruptiveIt("ovn db should recover automatically from db file corruption", func() {
 		f.SkipVersionPriorTo(1, 11, "This feature was introduced in v1.11")
 
-		ginkgo.By("Getting daemonset ovs-ovn")
-		dsClient := f.DaemonSetClientNS(framework.KubeOvnNamespace)
-		ds := dsClient.Get("ovs-ovn")
+		ginkgo.By("Getting deployment kube-ovn-monitor")
+		deployClient := f.DeploymentClientNS(framework.KubeOvnNamespace)
+		monitorDeploy := deployClient.Get("kube-ovn-monitor")
+
+		ginkgo.By("Getting all pods of deployment kube-ovn-monitor")
+		pods, err := deployClient.GetPods(monitorDeploy)
+		framework.ExpectNoError(err)
+		framework.ExpectNotEmpty(pods.Items)
 
 		ginkgo.By("Getting deployment ovn-central")
-		deployClient := f.DeploymentClientNS(framework.KubeOvnNamespace)
 		deploy := deployClient.Get("ovn-central")
 		replicas := *deploy.Spec.Replicas
 		framework.ExpectNotZero(replicas)
 
 		ginkgo.By("Ensuring deployment ovn-central is ready")
 		deployClient.RolloutStatus(deploy.Name)
 
-		ginkgo.By("Getting nodes running deployment ovn-central")
-		deployClient.RolloutStatus(deploy.Name)
-		pods, err := deployClient.GetPods(deploy)
-		framework.ExpectNoError(err)
-		framework.ExpectHaveLen(pods.Items, int(replicas))
-		nodes := make([]string, 0, int(replicas))
-		for _, pod := range pods.Items {
-			nodes = append(nodes, pod.Spec.NodeName)
-		}
-
 		ginkgo.By("Setting size of deployment ovn-central to 0")
 		deployClient.SetScale(deploy.Name, 0)
 
@@ -77,11 +71,8 @@ var _ = framework.Describe("[group:ha]", func() {
 		db := "/etc/ovn/ovnnb_db.db"
 		checkCmd := fmt.Sprintf("ovsdb-tool check-cluster %s", db)
 		corruptCmd := fmt.Sprintf(`bash -c 'dd if=/dev/zero of="%s" bs=1 count=$((10+$RANDOM%%10)) seek=$(stat -c %%s "%s")'`, db, db)
-		for _, node := range nodes {
-			ginkgo.By("Getting ovs-ovn pod running on node " + node)
-			pod, err := dsClient.GetPodOnNode(ds, node)
-			framework.ExpectNoError(err)
-
+		for _, pod := range pods.Items {
+			node := pod.Spec.NodeName
 			ginkgo.By("Ensuring db file " + db + " on node " + node + " is ok")
 			stdout, stderr, err := framework.ExecShellInPod(context.Background(), f, pod.Namespace, pod.Name, checkCmd)
 			framework.ExpectNoError(err, fmt.Sprintf("failed to check db file %q: stdout = %q, stderr = %q", db, stdout, stderr))

diff --git a/test/e2e/kube-ovn/node/node.go b/test/e2e/kube-ovn/node/node.go
@@ -81,7 +81,7 @@ var _ = framework.OrderedDescribe("[group:node]", func() {
 			podName = "pod-" + framework.RandomSuffix()
 			ginkgo.By("Creating pod " + podName + " with host network on node " + node.Name)
 			cmd := []string{"sh", "-c", "sleep infinity"}
-			pod := framework.MakePod(namespaceName, podName, nil, nil, f.KubeOVNImage, cmd, nil)
+			pod := framework.MakePrivilegedPod(namespaceName, podName, nil, nil, f.KubeOVNImage, cmd, nil)
 			pod.Spec.NodeName = node.Name
 			pod.Spec.HostNetwork = true
 			pod = podClient.CreateSync(pod)

diff --git a/test/e2e/kube-ovn/pod/pod_routes.go b/test/e2e/kube-ovn/pod/pod_routes.go
@@ -138,7 +138,7 @@ var _ = framework.SerialDescribe("[group:pod]", func() {
 			util.RoutesAnnotation: string(buff),
 		}
 		cmd := []string{"sh", "-c", "sleep infinity"}
-		pod := framework.MakePod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
 		pod = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod annotations")

diff --git a/test/e2e/kube-ovn/underlay/underlay.go b/test/e2e/kube-ovn/underlay/underlay.go
@@ -436,7 +436,7 @@ var _ = framework.SerialDescribe("[group:underlay]", func() {
 
 		ginkgo.By("Creating pod " + podName)
 		cmd := []string{"sh", "-c", "sleep 600"}
-		pod := framework.MakePod(namespaceName, podName, nil, nil, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, nil, f.KubeOVNImage, cmd, nil)
 		_ = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod MTU")

diff --git a/test/e2e/multus/e2e_test.go b/test/e2e/multus/e2e_test.go
@@ -82,7 +82,7 @@ var _ = framework.SerialDescribe("[group:multus]", func() {
 		ginkgo.By("Creating pod " + podName)
 		annotations := map[string]string{nadv1.NetworkAttachmentAnnot: fmt.Sprintf("%s/%s", nad.Namespace, nad.Name)}
 		cmd := []string{"sh", "-c", "sleep infinity"}
-		pod := framework.MakePod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
 		pod = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod annotations")
@@ -185,7 +185,7 @@ var _ = framework.SerialDescribe("[group:multus]", func() {
 		ginkgo.By("Creating pod " + podName)
 		annotations := map[string]string{nadv1.NetworkAttachmentAnnot: fmt.Sprintf("%s/%s", nad.Namespace, nad.Name)}
 		cmd := []string{"sh", "-c", "sleep infinity"}
-		pod := framework.MakePod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
 		pod = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod annotations")
@@ -266,7 +266,7 @@ var _ = framework.SerialDescribe("[group:multus]", func() {
 		ginkgo.By("Creating pod " + podName)
 		annotations := map[string]string{nadv1.NetworkAttachmentAnnot: fmt.Sprintf("%s/%s", nad.Namespace, nad.Name)}
 		cmd := []string{"sh", "-c", "sleep infinity"}
-		pod := framework.MakePod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
 		pod = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod annotations")
@@ -368,7 +368,7 @@ var _ = framework.SerialDescribe("[group:multus]", func() {
 		ginkgo.By("Creating pod " + podName)
 		annotations := map[string]string{nadv1.NetworkAttachmentAnnot: fmt.Sprintf("%s/%s", nad.Namespace, nad.Name)}
 		cmd := []string{"sh", "-c", "sleep infinity"}
-		pod := framework.MakePod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
+		pod := framework.MakePrivilegedPod(namespaceName, podName, nil, annotations, f.KubeOVNImage, cmd, nil)
 		pod = podClient.CreateSync(pod)
 
 		ginkgo.By("Validating pod annotations")

diff --git a/test/e2e/security/e2e_test.go b/test/e2e/security/e2e_test.go
@@ -23,6 +23,7 @@ import (
 	"github.com/onsi/ginkgo/v2"
 
 	"github.com/kubeovn/kube-ovn/test/e2e/framework"
+	"github.com/kubeovn/kube-ovn/test/e2e/framework/docker"
 )
 
 func init() {
@@ -84,7 +85,11 @@ func checkPods(f *framework.Framework, pods []corev1.Pod, process string, ports
 		cmd += fmt.Sprintf(`| grep -E ':%s$'`, strings.Join(ports, `$|:`))
 	}
 	for _, pod := range pods {
-		stdout, _, err := framework.KubectlExec(pod.Namespace, pod.Name, cmd)
+		framework.ExpectTrue(pod.Spec.HostNetwork, "pod %s/%s is not using host network", pod.Namespace, pod.Name)
+
+		c, err := docker.ContainerInspect(pod.Spec.NodeName)
+		framework.ExpectNoError(err)
+		stdout, _, err := docker.Exec(c.ID, nil, "sh", "-c", cmd)
 		framework.ExpectNoError(err)
 
 		listenAddresses := strings.Split(string(bytes.TrimSpace(stdout)), "\n")