[Test] 440_ssl_server: wait for SSL controller in suite setup

The previous attempt at killing this flake added per-test retries of
15 x 0.4s = 6s to the two controller-SSL HTTPS tests. Under heavy
parallel pabot load (4 workers + concurrent serial robot on the same
box) we have observed the controller's SSL listener take longer than
6s to start accepting after Run Rspamd's readiness check passes, and
both retry budgets get exhausted in sequence.

Run Rspamd's readiness check pings the plain normal worker and (for
configs with a control socket) waits for the controller to register
its workers with main. Neither covers the SSL listener: OpenSSL ctx
init for that listener happens after the worker is announced and
can lag by hundreds of ms in the worst case.

Move the wait into a single Suite Setup with a generous 30s budget
(60 x 0.5s) so we pay it once and the individual tests can issue a
direct HTTPS request again. The suite setup uses /ping (smallest
controller endpoint, served unauthenticated from 127.0.0.1 which is
in secure_ip). If the listener never comes up the suite fails loudly
in setup rather than every test independently exhausting a 6s retry.

Local: three back-to-back parallel pabot runs (4 processes, full
001 Merged suite) -- 6/6 pass, suite finishes in ~4-5s.

diff --git a/test/functional/cases/001_merged/440_ssl_server.robot b/test/functional/cases/001_merged/440_ssl_server.robot
index 5a37de9095ff4ea6ea57772c4f1dd6ddaa67be8c..c17079793a10f78501b2c454a147f854f79dc684 100644 (file)
--- a/test/functional/cases/001_merged/440_ssl_server.robot
+++ b/test/functional/cases/001_merged/440_ssl_server.robot
@@ -1,4 +1,5 @@
 *** Settings ***
+Suite Setup     SSL Server Suite Setup
 Library         ${RSPAMD_TESTDIR}/lib/rspamd.py
 Resource        ${RSPAMD_TESTDIR}/lib/rspamd.robot
 Variables       ${RSPAMD_TESTDIR}/lib/vars.py
@@ -10,18 +11,11 @@ ${SETTINGS_NOSYMBOLS}  {symbols_enabled = []}
 *** Test Cases ***
 Controller SSL - stat
   [Documentation]  Fetch /stat over HTTPS from the controller SSL port.
-  ...              rspamd registers workers with main slightly before
-  ...              the controller's SSL listener finishes its OpenSSL
-  ...              init and starts accepting connections; when this
-  ...              test is the first one against a fresh rspamd the
-  ...              SSL port may briefly refuse. Retry until it serves.
-  Wait Until Keyword Succeeds  15x  0.4s
-  ...  Fetch HTTPS And Expect 200  ${RSPAMD_PORT_CONTROLLER_SSL}  /stat
+  Fetch HTTPS And Expect 200  ${RSPAMD_PORT_CONTROLLER_SSL}  /stat
 
 Controller SSL - errors
   [Documentation]  Fetch /errors over HTTPS from the controller SSL port
-  Wait Until Keyword Succeeds  15x  0.4s
-  ...  Fetch HTTPS And Expect 200  ${RSPAMD_PORT_CONTROLLER_SSL}  /errors
+  Fetch HTTPS And Expect 200  ${RSPAMD_PORT_CONTROLLER_SSL}  /errors
 
 Controller plain still works alongside SSL
   [Documentation]  Plain HTTP controller port must still work when SSL port is also configured
@@ -44,6 +38,27 @@ Normal worker plain still works alongside SSL
   Expect Symbol  GTUBE
 
 *** Keywords ***
+SSL Server Suite Setup
+  [Documentation]  Run Rspamd's startup readiness check pings the plain
+  ...              normal worker and (for configs with a control socket)
+  ...              waits for the controller to register its workers with
+  ...              main. Neither of those guarantees the controller's
+  ...              SSL listener on PORT_CONTROLLER_SSL is already
+  ...              accepting -- OpenSSL context init for that listener
+  ...              can lag worker registration by hundreds of ms, and
+  ...              under parallel pabot load (4 workers + concurrent
+  ...              serial robot on the same box) we have observed lags
+  ...              past 6s, exhausting the per-test retry budget that
+  ...              previously sat in each SSL test.
+  ...
+  ...              Pay that wait once here, with a generous 30s budget,
+  ...              so individual tests can issue a single direct HTTPS
+  ...              request. If the listener never comes up the suite
+  ...              setup fails loudly instead of every test retrying
+  ...              independently.
+  Wait Until Keyword Succeeds  60x  0.5s
+  ...  Fetch HTTPS And Expect 200  ${RSPAMD_PORT_CONTROLLER_SSL}  /ping
+
 Fetch HTTPS And Expect 200
   [Arguments]  ${port}  ${path}
   @{result} =  HTTPS  GET  ${RSPAMD_LOCAL_ADDR}  ${port}  ${path}