Adjust SRIOV MTU test

[sebrandon1]

Thanks to @ramperher who pointed out that the mtu value we were looking for in the prior iteration of the #2514 SRIOV MTU test was looking in the wrong place for the MTU value.

There is a network-status annotation that (if matching the NAD) can display the mtu value. So if the existing check fails, we search through the network-status annotation to see if that JSON has the mtu value.

[dcibot]

from change #2527:

• FAILURE https://www.distributed-ci.io/jobs/2651e6f7-cf42-44d2-9c62-2ec7adc6615a/jobStates

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/48058ea7-5a50-4971-a4d3-72cb37287b16/jobStates

[ramperher]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/48058ea7-5a50-4971-a4d3-72cb37287b16/jobStates

Tested with a workload using SRIOV. Even though the job passed, the test is still failing: https://www.distributed-ci.io/jobs/48058ea7-5a50-4971-a4d3-72cb37287b16/tests/414d16ad-982b-4819-8349-40aee6e2ce95?testcase=networking-network-attachment-definition-sriov-mtu

{"CompliantObjectsOut":null,"NonCompliantObjectsOut":[{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","loadbalancer-655bdff48b-9lftc"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","testpmd-app-666cfc8fb5-6hfc6"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","testpmd-app-666cfc8fb5-c9bhk"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","trexconfig-5bff5f4997-wjds5"]}]}

Some logs from certsuite execution:

[DEBUG] [Oct 23 09:54:21.024] [checksgroup.go: 158] GROUP networking - Running beforeEach for check networking-network-attachment-definition-sriov-mtu
[DEBUG] [Oct 23 09:54:21.024] [pods.go: 415] pod: loadbalancer-655bdff48b-9lftc ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[DEBUG] [Oct 23 09:54:21.027] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net3 Type:0xc00fa96100 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.027] [pods.go: 426] pod: loadbalancer-655bdff48b-9lftc ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net3",
    "type": "sriov",
    "vlan": 410,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.027] [pods.go: 415] pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[DEBUG] [Oct 23 09:54:21.031] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net1 Type:0xc00fb02140 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.031] [pods.go: 426] pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net1",
    "type": "sriov",
    "vlan": 407,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.031] [pods.go: 415] pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[DEBUG] [Oct 23 09:54:21.195] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net1 Type:0xc00fa03010 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.195] [pods.go: 426] pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net1",
    "type": "sriov",
    "vlan": 407,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.195] [pods.go: 415] pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[DEBUG] [Oct 23 09:54:21.395] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net3 Type:0xc00fa03460 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.395] [pods.go: 426] pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net3",
    "type": "sriov",
    "vlan": 410,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[INFO] [Oct 23 09:54:21.395] [check.go: 270] [networking-network-attachment-definition-sriov-mtu] Running check (labels: [faredge networking-network-attachment-definition-sriov-mtu networking])
[DEBUG] [Oct 23 09:54:21.395] [pods.go: 415] pod: loadbalancer-655bdff48b-9lftc ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[DEBUG] [Oct 23 09:54:21.596] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net3 Type:0xc00fb026f0 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.596] [pods.go: 426] pod: loadbalancer-655bdff48b-9lftc ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net3",
    "type": "sriov",
    "vlan": 410,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.596] [pods.go: 415] pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[DEBUG] [Oct 23 09:54:21.796] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net1 Type:0xc00fa96690 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.796] [pods.go: 426] pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net1",
    "type": "sriov",
    "vlan": 407,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.796] [pods.go: 415] pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[DEBUG] [Oct 23 09:54:21.995] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net1 Type:0xc00fa96ad0 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:21.995] [pods.go: 426] pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net1",
    "type": "sriov",
    "vlan": 407,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:21.995] [pods.go: 415] pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 374] Single plugin config type found: {CniVersion:1.0.0 Name:intel-numa0-net3 Type:0xc00fa96f20 Plugins:<nil>}, type=sriov
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 426] pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf: NAD config: {
    "cniVersion": "1.0.0",
    "name": "intel-numa0-net3",
    "type": "sriov",
    "vlan": 410,
    "spoofchk": "off",
    "trust": "on",
    "vlanQoS": 0,
    "capabilities": {
        "mac": true
    },
    "logLevel": "info",
    "ipam": {}
}
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 453] pod: loadbalancer-655bdff48b-9lftc ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[ERROR] [Oct 23 09:54:22.196] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: loadbalancer-655bdff48b-9lftc ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net3 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 453] pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[ERROR] [Oct 23 09:54:22.196] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: testpmd-app-666cfc8fb5-6hfc6 ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net1 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 453] pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[ERROR] [Oct 23 09:54:22.196] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: testpmd-app-666cfc8fb5-c9bhk ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net1 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 23 09:54:22.196] [pods.go: 453] pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[ERROR] [Oct 23 09:54:22.196] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: trexconfig-5bff5f4997-wjds5 ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net3 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 23 09:54:22.196] [checksgroup.go: 182] GROUP networking - Running afterEach for check networking-network-attachment-definition-sriov-mtu

[ramperher]

Also, some more info that may be interesting for you @sebrandon1 . I think that, starting in OCP 4.14, you can see some details in the pod network annotations regarding SRIOV config, because here, in the k8s.v1.cni.cncf.io/network-status annotation, I can see the mtu attribute is defined for the networks attached to virtual functions:

Annotations:         cpu-load-balancing.crio.io: disable
                     irq-load-balancing.crio.io: disable
                     k8s.ovn.org/pod-networks:
                       {"default":{"ip_addresses":["10.131.0.65/23","fd02:0:0:4::41/64"],"mac_address":"0a:58:0a:83:00:41","gateway_ips":["10.131.0.1","fd02:0:0:...
                     k8s.v1.cni.cncf.io/network-status:
                       [{
                           "name": "ovn-kubernetes",
                           "interface": "eth0",
                           "ips": [
                               "10.131.0.65",
                               "fd02:0:0:4::41"
                           ],
                           "mac": "0a:58:0a:83:00:41",
                           "default": true,
                           "dns": {}
                       },{
                           "name": "example-cnf/intel-numa0-net3",
                           "interface": "net1",
                           "mac": "40:04:0f:f1:89:01",
                           "mtu": 9000,
                           "dns": {},
                           "device-info": {
                               "type": "pci",
                               "version": "1.1.0",
                               "pci": {
                                   "pci-address": "0000:37:0a.0"
                               }
                           }
                       },{
                           "name": "example-cnf/intel-numa0-net4",
                           "interface": "net2",
                           "mac": "40:04:0f:f1:89:02",
                           "mtu": 9000,
                           "dns": {},
                           "device-info": {
                               "type": "pci",
                               "version": "1.1.0",
                               "pci": {
                                   "pci-address": "0000:37:0b.6"
                               }
                           }
                       },{
                           "name": "example-cnf/intel-numa0-net1",
                           "interface": "net3",
                           "mac": "60:04:0f:f1:89:01",
                           "mtu": 9000,
                           "dns": {},
                           "device-info": {
                               "type": "pci",
                               "version": "1.1.0",
                               "pci": {
                                   "pci-address": "0000:37:02.6"
                               }
                           }
                       },{
                           "name": "example-cnf/intel-numa0-net2",
                           "interface": "net4",
                           "mac": "60:04:0f:f1:89:02",
                           "mtu": 9000,
                           "dns": {},
                           "device-info": {
                               "type": "pci",
                               "version": "1.1.0",
                               "pci": {
                                   "pci-address": "0000:37:03.6"
                               }
                           }
                       }]
                     k8s.v1.cni.cncf.io/networks:
                       [ { "name": "intel-numa0-net3", "mac": "40:04:0f:f1:89:01", "namespace": "example-cnf" },          { "name": "intel-numa0-net4", "mac": "4...
                     openshift.io/scc: privileged

Maybe the code you need here would be simpler, something like:

• Retrieve the NADs attached to the pod (you're already doing this)
• Check k8s.v1.cni.cncf.io/network-status pod annotation and iterate over the networks that are present
• If the network name belongs to any NAD detected before and mtu is defined, then it's fine
  • In particular, if there's any network belonging to any NAD and not defining the mtu, then the test has to fail

What do you think?

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/d7b97604-edd7-4016-9d86-2f9a8cfc125f/jobStates

[ramperher]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/d7b97604-edd7-4016-9d86-2f9a8cfc125f/jobStates

The result is now correct in a setup that is not using SRIOV, let me check in a cluster with a workload consuming from SRIOV resources.

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/b72a0a0b-cbdc-4ec5-895f-a933723cd9a7/jobStates

[ramperher]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/b72a0a0b-cbdc-4ec5-895f-a933723cd9a7/jobStates

Our example-cnf workload is still failing the MTU test:

{"CompliantObjectsOut":null,"NonCompliantObjectsOut":[{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","loadbalancer-f5697b557-w98qv"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","testpmd-app-59b59d9c7c-kb9n9"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","testpmd-app-59b59d9c7c-xjbfb"]},{"ObjectType":"Pod","ObjectFieldsKeys":["Reason For Non Compliance","Namespace","Pod Name"],"ObjectFieldsValues":["Failed to check if pod uses SRIOV with MTU","example-cnf","trexconfig-746b4f886f-v4n67"]}]}

The error is the same, it looks like it's not able to read the JSON input:

[DEBUG] [Oct 24 10:25:34.378] [pods.go: 453] pod: loadbalancer-f5697b557-w98qv ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[ERROR] [Oct 24 10:25:34.378] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: loadbalancer-f5697b557-w98qv ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net3 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 24 10:25:34.378] [pods.go: 453] pod: testpmd-app-59b59d9c7c-kb9n9 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[ERROR] [Oct 24 10:25:34.378] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: testpmd-app-59b59d9c7c-kb9n9 ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net1 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 24 10:25:34.378] [pods.go: 453] pod: testpmd-app-59b59d9c7c-xjbfb ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net1"
[ERROR] [Oct 24 10:25:34.378] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: testpmd-app-59b59d9c7c-xjbfb ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net1 is sriov: failed to unmarshal cni config : unexpected end of JSON input
[DEBUG] [Oct 24 10:25:34.378] [pods.go: 453] pod: trexconfig-746b4f886f-v4n67 ns: example-cnf: Reviewing network-attachment definition "intel-numa0-net3"
[ERROR] [Oct 24 10:25:34.378] [suite.go: 433] [networking-network-attachment-definition-sriov-mtu] Failed to check if pod "pod: trexconfig-746b4f886f-v4n67 ns: example-cnf" uses SRIOV with MTU, err: failed to know if network-attachment intel-numa0-net3 is sriov: failed to unmarshal cni config : unexpected end of JSON input

[sebrandon1]

I'll adjust to look at the network-status like you suggested. That seems to be the easiest way to detect the MTU.

[ramperher]

I'll adjust to look at the network-status like you suggested. That seems to be the easiest way to detect the MTU.

Cool, feel free to reach me when you want to test it. I think the most suitable way of executing the test would be 1) check if the network is SRIOV type, as you're doing right now, and 2) if it's not SRIOV type, then this is skipped, but if it's SRIOV type, then check the network annotation of the pod, find that network, and see if mtu is defined there. It should work in that way.

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/ffe07f10-28d4-4cc9-bbbe-01d30ac224de/jobStates

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/4c6dffbf-0364-4fa1-bb87-d571973f3e62/jobStates

[sebrandon1]

@ramperher Okay I pushed a new change.

The logic goes something like:

1. First check if the pod "k8s.v1.cni.cncf.io/networks" network has a spec.Config that contains MTU.
2. If that fails, then check the "k8s.v1.cni.cncf.io/network-status" annotation and see if the NAD matches the network name and MTU is set.

I think I covered those scenarios in the unit tests by spoofing the client and using fake objects.

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/0821bf17-02e1-4ed0-a7c9-f8fd2d0465bc/jobStates

[dcibot]

from change #2527:

• FAILURE https://www.distributed-ci.io/jobs/ec08565d-c4be-40fe-826e-8eb072861a3d/jobStates

[sebrandon1]

/dci-rerun

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/878bdda0-dee2-422f-81c8-4bc6859ca875/jobStates

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/73903d58-ce2e-41a1-946e-868df12c1d60/jobStates

[greyerof]

Apart from my comment regarding the mtu check, I left some suggestions to remove the nolint:gocritc comments.

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/680d3f19-ee5d-474b-9936-b3518ff8cd17/jobStates

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/abcae467-a403-4cda-aedd-2441189fcce5/jobStates

[dcibot]

from change https://github.com/dci-labs/dallas-pipelines/pull/1260:

• SUCCESS https://www.distributed-ci.io/jobs/4fdde9e6-4a5e-4197-a68e-44351a428ebf/jobStates

[ramperher]

I've re-validated the new refactor and it's working as expected, LGTM

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/137e35b8-d9bf-44ec-a71a-17a6fc187b10/jobStates

[dcibot]

from change https://github.com/dci-labs/dallas-pipelines/pull/1260:

• SUCCESS https://www.distributed-ci.io/jobs/c0d38a2f-7b04-45d5-a81c-2545265fa07b/jobStates

[ramperher]

from change dci-labs/dallas-pipelines#1260:

• SUCCESS https://www.distributed-ci.io/jobs/c0d38a2f-7b04-45d5-a81c-2545265fa07b/jobStates

Just checked and confirmed that the test is still working fine and it is

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/22117dc2-70eb-4ede-9752-c14f84282cee/jobStates

[dcibot]

from change #2527:

• SUCCESS https://www.distributed-ci.io/jobs/5ce29123-680d-4714-82ad-dfc4dcceffc4/jobStates