tests: Add tests for internal load balancers and forwards#560
tests: Add tests for internal load balancers and forwards#560tomponline merged 1 commit intocanonical:mainfrom
Conversation
| lxc network load-balancer port add ovn-virtual-network "${ip4AddressPrefix}.10" tcp 53 u1,u2 | ||
| lxc network load-balancer port add ovn-virtual-network "${ip6AddressPrefix}::10" tcp 53 u1,u2 |
There was a problem hiding this comment.
I'm not up to date on what LXD/OVN support so is this load-balancing taking into account the health of the targets? In other words, if we lxc stop u1, will u2 pick up the slack?
There was a problem hiding this comment.
is this load-balancing taking into account the health of the targets?
No, it does not. If we stop u1 and the request gets sent there, it will just hang and fail due to a timeout. We have a separate roadmap item for health checks that will prevent this, but it's not a part of this cycle AFAIK.
There was a problem hiding this comment.
As additional tests, would there be value to remove say u1 from the LB pool and confirm that we always get the answers from u2 (127.0.0.2 and ::2)?
There was a problem hiding this comment.
Yes, this wouldn't hurt, I'll add this
tests/network-ovn
Outdated
| lxc exec u1 -- dig a +tcp "@${ip4AddressPrefix}.10" lxd.localdomain +short | ||
| lxc exec u1 -- dig aaaa +tcp "@${ip6AddressPrefix}::10" lxd.localdomain +short | ||
| lxc exec u2 -- dig a +tcp "@${ip4AddressPrefix}.10" lxd.localdomain +short | ||
| lxc exec u2 -- dig aaaa +tcp "@${ip6AddressPrefix}::10" lxd.localdomain +short |
There was a problem hiding this comment.
Each of those lookups gets a ~50% chance of returning 127.0.0.1 (::1) or 127.0.0.2 (::2). Could we count each type of answer and at the end, require that each answer was seen at least once?
There was a problem hiding this comment.
Hm, this should work
| lxc network load-balancer port add ovn-virtual-network "${ip4AddressPrefix}.10" tcp 53 u1,u2 | ||
| lxc network load-balancer port add ovn-virtual-network "${ip6AddressPrefix}::10" tcp 53 u1,u2 |
There was a problem hiding this comment.
As additional tests, would there be value to remove say u1 from the LB pool and confirm that we always get the answers from u2 (127.0.0.2 and ::2)?
Add tests to check that internal load balancers and forwards are reachable from inside of the OVN network, but are unreachable from outside. Signed-off-by: Nikita Mezhenskyi <nikita.mezhenskyi@canonical.com>
nmezhenskyi
force-pushed
the
ovn-lb-internal
branch
from
b7865d6 to
06b559d
Compare
| for _ in $(seq 5); do | ||
| [ "$(lxc exec u1 -- dig a +tcp "@${ip4AddressPrefix}.10" lxd.localdomain +short)" = "127.0.0.1" ] && u1_ip4_seen=$((u1_ip4_seen + 1)) | ||
| [ "$(lxc exec u1 -- dig aaaa +tcp "@${ip6AddressPrefix}::10" lxd.localdomain +short)" = "::1" ] && u1_ip6_seen=$((u1_ip6_seen + 1)) | ||
| [ "$(lxc exec u2 -- dig a +tcp "@${ip4AddressPrefix}.10" lxd.localdomain +short)" = "127.0.0.2" ] && u2_ip4_seen=$((u2_ip4_seen + 1)) | ||
| [ "$(lxc exec u2 -- dig aaaa +tcp "@${ip6AddressPrefix}::10" lxd.localdomain +short)" = "::2" ] && u2_ip6_seen=$((u2_ip6_seen + 1)) | ||
| done |
There was a problem hiding this comment.
I rarely resort to bash arrays but this might have been handy to count all the answers all the time.
$ dns_replies=() # declares an array
$ answer="$(lxc exec u1 -- dig a +tcp "@${ip4AddressPrefix}.10" lxd.localdomain +short)"
$ dns_replies["${answer}"]="$((dns_replies["${answer}"] + 1))"
Then you could iterate over the expected answers and make sure they are >= 1 and also ensure the array's length (${#dns_replies[@]}) was exactly 4.
3 participants
This PR adds tests to check that internal load balancers and forwards are reachable from inside of the OVN network, but are unreachable from outside.
Follow-up to canonical/lxd#16162.
This should be merged together with canonical/lxd#16179 (adds
ovn_internal_load_balancerAPI extension for LXD).