app_nonat test

[sadov]

At this time blocked by #589.

Signed-off-by: Oleg Sadov [email protected]

[sadov]

The test fails in the current state. EVE configs from this test:

"apps": [
        {
"interfaces": [
...
        {
    "name": "default",
    "networkId": "512839bd-a655-46ad-988d-fde5da33c3bb",
    "acls": [
        {
            "matches": [    
                {               
                    "type": "ip",   
                    "value": "0.0.0.0/0"
                }               
            ],
            "id": 1         
        }
    ]
}
]
...
"networkInstances": [
...
{
    "uuidandversion": {
        "uuid": "512839bd-a655-46ad-988d-fde5da33c3bb",
        "version": "1"
    },
    "displayname": "direct",
    "instType": 1,
    "activate": true,
    "port": {
        "type": 1,
        "name": "eth0"
    },
    "cfg": {},
    "ipType": 1,
    "ip": {}
}
...

and ztest:

"apps": [
       {
"interfaces": [
...
{
   "name": "direct",
   "networkId": "72a14885-73c4-4fe7-a4b2-f919c05bf065",
   "addr": "",
   "hostname": "",
   "cryptoEid": "",
   "lispsignature": "",
   "pemcert": null,
   "pemprivatekey": null,
   "macAddress": "",
   "acls": [
       {
           "matches": [
               {
                   "type": "ip",
                   "value": "0.0.0.0/0"
               }
           ],
           "actions": [],
           "name": "",
           "id": 3,
           "dir": "BOTH"
       }
   ]
}
]
...
"networkInstances": [
...
{
   "uuidandversion": {
       "uuid": "72a14885-73c4-4fe7-a4b2-f919c05bf065",
       "version": ""
   },
   "displayname": "TestAppNonat-sc-supermicro-e100-8-NI-2021-04-14T02-00-25",
   "instType": "ZnetInstSwitch",
   "activate": true,
   "port": {
       "type": "PhyIoNoop",
       "name": "eth0"
   },
   "cfg": {
       "oconfig": "",
       "lispConfig": null,
       "type": "ZNetOConfigVPN"
   },
   "ipType": "IPV4", 
   "ip": null,
   "dns": []
}
...

looks more or less similar, but pings through eth1 not passed.

Log file:
eden_test-app_nonat.015.log

[sadov]

After adding the default gw route for eth1 to the test, the ping passes. But it still gets through after removing the acl rules from the direct network.

[zed-sadov]

With a such changes on EVE:
lf-edge/eve#2042
test passed:

eden test tests/eclient/ -e app_nonat -v debug

[giggsoff]

@sadov please add here

message 'Checking accessibility'
exec -t 5m bash wait_ssh.sh

eden pod modify will restart app in this case, so we must wait for ssh

[sadov]

Reasonably

[giggsoff]

Please add wait for ssh after pod modify and take a look at my comments

[giggsoff]

cleanng->cleaning

[sadov]

OK

[giggsoff]

Any reason to use this loop here?

[sadov]

This was developed empirically - in some cases, the system did not fully initialize after going into the RUNNING state. We use such loops in many tests.

[giggsoff]

We have the inner loop here for that (for i in seq 20), right?

[giggsoff]

Please add comment, that we remove all ACLs for direct network for which one eth1 of eclient connected.

[sadov]

Sure -- mentioning the ACL here will make sense, but the exact wording will need to be coordinated with the network documentation and the second is planned to be created.

[giggsoff]

Well, I think if we remove all ACLs, we can be independent from spelling, we just remove them.

[giggsoff]

Should we remove comments here?

[sadov]

Sure

[giggsoff]

GCP test failed again with changes in your PR. Seems, we cannot use switch with uplink on GCP, it allocates only one address per VM. Alias IPs only usable with manual ip setting, it is not useful in our case.
So, I suggest to move the test onto large-only branch.

[sadov]

OK - moved to "large".