tests/network-ovn: Fix tests for long-lived ports (#261)

See canonical/lxd#13900

tests/network-ovn

@@ -216,11 +216,12 @@ ovn_basic_tests() {
     lxc network unset dummy ipv6.routes.anycast --project default
 
     lxc init "${IMAGE}" u1 --project testovn -s default
-    lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn
 
-    echo "==> Record NAT rules count before u1 started"
-    natRulesBefore=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
+    echo "==> Record NAT rules count before u1 eth0 NIC added"
+    out="$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat)"
+    natRulesBefore="$(wc -l <<< "${out}")"
 
+    lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn
     lxc start u1 --project testovn
 
     echo "==> Test external IPs allocated and published using dnat"
@@ -230,9 +231,11 @@ ovn_basic_tests() {
     ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | grep "${U1_EXT_IPV4},${U1_EXT_IPV4},dnat_and_snat"
     ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | grep "${U1_EXT_IPV6},${U1_EXT_IPV6},dnat_and_snat"
     lxc stop -f u1 --project testovn
+    lxc config device remove u1 eth0 --project testovn
 
     echo "==> Check NAT rules got cleaned up"
-    natRulesAfter=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
+    out="$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat)"
+    natRulesAfter="$(wc -l <<< "${out}")"
     if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then
         echo "NAT rules left over. Started with ${natRulesBefore} now have ${natRulesAfter}"
         false
@@ -246,7 +249,10 @@ ovn_basic_tests() {
         ipv6.nat=true
 
     echo "==> Record NAT rules count before u1 started again"
-    natRulesBefore=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
+    out="$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat)"
+    natRulesBefore="$(wc -l <<< "${out}")"
+
+    lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn
 
     echo "==> Check external routes are not too big (when using l2proxy uplink ingress mode)"
     ! lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project testovn || false
@@ -308,7 +314,9 @@ ovn_basic_tests() {
     lxc start u1 --project testovn
 
     echo "==> Check DNAT_AND_SNAT NAT rules get removed when switching to routed ingress mode"
-    natRulesBeforeRouted=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
+    out="$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat)"
+    natRulesBeforeRouted="$(wc -l <<< "${out}")"
+
     lxc network set dummy ovn.ingress_mode=routed
     natRulesAfterRouted=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
     if [ "$natRulesAfterRouted" -ne "4" ]; then
@@ -325,6 +333,7 @@ ovn_basic_tests() {
     fi
 
     lxc stop -f u1 --project testovn
+    lxc config device remove u1 eth0 --project testovn
 
     echo "==> Check NAT rules got cleaned up"
     natRulesAfter=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l)
@@ -334,6 +343,7 @@ ovn_basic_tests() {
     fi
 
     echo "==> Check routed ingress mode allows larger subnets and doesn't add DNAT rules"
+    lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn
     lxc network set dummy ovn.ingress_mode=routed
     lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project testovn
     lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 --project testovn
@@ -590,6 +600,7 @@ ovn_basic_tests() {
 
     lxc project switch default
     lxc project delete testovn
+    lxc profile device remove default root
 }
 
 ovn_forward_tests() {
@@ -1222,18 +1233,35 @@ ovn_peering_tests() {
     ovn-nbctl list address_set | grep -F 198.51.100.2/32
     ovn-nbctl list address_set | grep -F 2001:db8:1:2::2/128
 
-    echo "==> Check address set entries deleted for instance NIC when stopped and added when started again"
+    echo "==> Check address set entries deleted for instance NIC when removed and added when added again"
     lxc stop -f ovn1 --project=ovn1
+    lxc config device remove ovn1 eth0 --project=ovn1
     ! ovn-nbctl list address_set | grep -F 198.51.100.1/32 || false
     ! ovn-nbctl list address_set | grep -F 2001:db8:1:2::1/128 || false
     ! ovn-nbctl list address_set | grep -F 198.51.100.2/32 || false
     ! ovn-nbctl list address_set | grep -F 2001:db8:1:2::2/128 || false
-    lxc start ovn1 --project=ovn1
+    lxc config device add ovn1 eth0 nic --project=ovn1 \
+        network=ovn1 \
+        ipv4.routes=198.51.100.1/32 \
+        ipv6.routes=2001:db8:1:2::1/128 \
+        ipv4.routes.external=198.51.100.2/32 \
+        ipv6.routes.external=2001:db8:1:2::2/128
+
+    # If LXD 5.0 then NIC port is only added on instance start.
+    if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^5\.0/"; then
+        lxc start ovn1 --project=ovn1
+    fi
+
     ovn-nbctl list address_set | grep -F 198.51.100.1/32
     ovn-nbctl list address_set | grep -F 2001:db8:1:2::1/128
     ovn-nbctl list address_set | grep -F 198.51.100.2/32
     ovn-nbctl list address_set | grep -F 2001:db8:1:2::2/128
 
+    # If LXD 5.21 or later then NIC port is only added on NIC add not instance start.
+    if ! echo "${LXD_SNAP_CHANNEL}" | grep -qE "^5\.0/"; then
+        lxc start ovn1 --project=ovn1
+    fi
+
     echo "==> Check security policies prevent spoofed packets using peer connection"
     waitInstanceBooted ovn1 ovn1
     ovn1NICIPv4="$(lxc list ovn1 -c4 --format=csv --project=ovn1 | cut -d' ' -f1)"
@@ -2128,7 +2156,6 @@ else
     ovn_leases_tests
 fi
 
-lxc profile device get default root type && lxc profile device remove default root
 lxc storage delete default
 
 # shellcheck disable=SC2034