CNTR-3: Supervisor failover test

[goabhinav]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @goabhinav, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a critical new test to validate the resilience of containerized services on network devices. By simulating a control processor failover, the test ensures that deployed containers and their associated volumes maintain their state and functionality, thereby enhancing the overall stability and reliability of the system's container supervisor capabilities.

Highlights

• New Failover Test: Introduced a new test case (CNTR-3) to verify the persistence of containers and volumes across a control processor switchover (failover) event.
• Test Procedure Documentation: Added a comprehensive README file outlining the summary, detailed procedure for building the test container, and the steps for the failover test itself.
• Robust Recovery Verification: The test includes steps to deploy a container and volume, trigger a control processor switchover, and then verify that the container is still running and the volume persists after the device recovers.

Changelog

• feature/container/failover/README.md
  • Added a new README file detailing the container supervisor failover test (CNTR-3).
  • Included instructions for building the test container and the step-by-step procedure for the failover test.
  • Documented the OpenConfig RPCs covered by the test.
• feature/container/failover/failover_test.go
  • Added a new Go test file implementing the container supervisor failover test.
  • Implemented functions to deploy containers and volumes, trigger control processor switchovers, and verify post-failover state.
  • Included helper functions for finding standby RPs, verifying container states, checking volume existence, and waiting for DUT reboot.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[OpenConfigBot]

Pull Request Functional Test Report for #5071 / 1780e44

Virtual Devices

Device	Test	Test Documentation	Job	Raw Log
Arista cEOS		CNTR-3: Supervisor failover tests
Cisco 8000E		CNTR-3: Supervisor failover tests
Cisco XRd		CNTR-3: Supervisor failover tests
Juniper ncPTX		CNTR-3: Supervisor failover tests
Nokia SR Linux		CNTR-3: Supervisor failover tests
Openconfig Lemming		CNTR-3: Supervisor failover tests

Hardware Devices

Device	Test	Test Documentation	Raw Log
Arista 7808		CNTR-3: Supervisor failover tests
Cisco 8808		CNTR-3: Supervisor failover tests
Juniper PTX10008		CNTR-3: Supervisor failover tests
Nokia 7250 IXR-10e		CNTR-3: Supervisor failover tests

Help

[gemini-code-assist]

Code Review

This pull request introduces a new test for container supervisor failover (CNTR-3). The changes include a README.md file detailing the test procedure and a Go test file failover_test.go that implements the test. The test correctly follows the structure of setting up a container and volume, triggering a control processor switchover, and then verifying that the container and volume persist after recovery.

My review focuses on adherence to the repository's style guide. I've identified one instance where time.Sleep is used redundantly, which is discouraged. I've provided a suggestion to remove it to improve test efficiency. Otherwise, the code is well-written and the test logic is sound.

[alshabib]

I think we should check that RPCs to the container work as well.

[alshabib]

This is a good start but we should test several other scenarios like what happens when the backup is not available and containers are started. Do the containers get started when the backup returns?

[f-sommerauer]

The question is how can we map this to gNOI calls on the vendor devices; can we manually kill and restart a containerz instance on the individual supervisors?

Additional scenario to consider:
What happens when the primary returns after a failover? Will the original containers still be available? Are modifications to containers/volumes that only reached the backup properly replicated back to the primary?

Could be simulated by calling SwitchControlProcessor twice. Although the SwitchControlProcessor implementation may just switch the handling supervisor without actually restarting the primary.

[goabhinav]

Added a test for double switchover. I will send a separate PR which has tests with cold reboot.

[f-sommerauer]

start a container mounting that volume; Is the container in failover_test.go actually mounting the volume?

[goabhinav]

Yes in TestContainerAndVolumePersistence.

[f-sommerauer]

The question is how can we map this to gNOI calls on the vendor devices; can we manually kill and restart a containerz instance on the individual supervisors?

Additional scenario to consider:
What happens when the primary returns after a failover? Will the original containers still be available? Are modifications to containers/volumes that only reached the backup properly replicated back to the primary?

Could be simulated by calling SwitchControlProcessor twice. Although the SwitchControlProcessor implementation may just switch the handling supervisor without actually restarting the primary.

[f-sommerauer]

Suggested change

	if _, err := cli.CreateVolume(ctx, volName, "local", nil, nil); err != nil {
	t.Fatalf("Failed to create volume: %v", err)
	}
	mountOpts := map[string]string{
	"options": "bind",
	"mountpoint": "/tmp",
	}
	if _, err := cli.CreateVolume(ctx, volName, "local", nil, mountOpts); err != nil {
	t.Fatalf("Failed to create volume: %v", err)
	}

could we add mount options here? The reference implementation still has a bug where a subsequent call to StartContainer will fail unless mount options are specified.