def credentials(setup_session, fuel_master_ip):
Credentials = namedtuple(
'Credentials',
['fuel_ip', 'controller_ip', 'keystone_url', 'username', 'password',
'project', 'cert'])
fuel = get_fuel_client(fuel_master_ip)
env = fuel.get_last_created_cluster()
controller_ip = env.get_primary_controller_ip()
cert = env.certificate
if cert is None:
keystone_url = 'http://{0}:5000/v2.0/'.format(controller_ip)
path_to_cert = None
else:
keystone_url = 'https://{0}:5000/v2.0/'.format(controller_ip)
with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f:
f.write(cert)
path_to_cert = f.name
return Credentials(fuel_ip=fuel_master_ip,
controller_ip=controller_ip,
keystone_url=keystone_url,
username='******',
password='******',
project='admin',
cert=path_to_cert)
def test_tunnel_established(self, router):
"""Check that VxLAN is established on nodes and VNI matching
the segmentation_id of a network
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create router01, add interface for net01 and set gateway to
external network
3. Boot instance vm1_1 in net01
4. Look on what node l3 agent for this router01 is
5. Check that tunnel is established on controller
6. Check that tunnel is established on compute
7. On node with l3 agent find namespace qrouter
8. Add rules for ping and ssh connection
9. Go to the compute with vm_1 and run
tcpdump -vvni any port 4789 -w vxlan.log
10. Ping from qrouter namespace vm1
11. Copy vxlan.log for your computer and open it with Wireshark.
Press right button, choose Decode as, Transport
and choose VXLAN
"""
# Create network and instance
compute_node = self.zone.hosts.keys()[0]
network = self.os_conn.create_network(name='net01')
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'], name='net01__subnet',
cidr="10.1.1.0/24")
self.os_conn.router_interface_add(router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
server = self.os_conn.create_server(
name='server01',
availability_zone='{}:{}'.format(self.zone.zoneName, compute_node),
key_name=self.instance_keypair.name,
nics=[{'net-id': network['network']['id']}],
security_groups=[self.security_group.id])
router_node = self.os_conn.get_l3_agent_hosts(router['router']['id'])[
0]
controller = self.env.find_node_by_fqdn(router_node)
compute = self.env.find_node_by_fqdn(compute_node)
# Check controller and compute
for node in (controller, compute):
with self.env.get_ssh_to_node(node.data['ip']) as remote:
result = remote.execute('ovs-vsctl show | grep -q br-tun')
assert result['exit_code'] == 0
log_file = gen_temp_file(prefix='vxlan', suffix='.log')
with ExitStack() as stack:
stack.enter_context(tcpdump_vxlan(node=compute,
log_path=log_file.name))
remote = stack.enter_context(controller.ssh())
vm_ip = self.os_conn.get_nova_instance_ips(server)['fixed']
result = remote.check_call(
'ip netns exec qrouter-{router_id} ping -c1 {ip}'.format(
router_id=router['router']['id'], ip=vm_ip))
# Check log
vni = network['network']['provider:segmentation_id']
check_all_traffic_has_vni(vni, log_file.name)
def credentials(setup_session, fuel_master_ip):
Credentials = namedtuple('Credentials', [
'fuel_ip', 'controller_ip', 'keystone_url', 'username', 'password',
'project', 'cert'
])
fuel = get_fuel_client(fuel_master_ip)
env = fuel.get_last_created_cluster()
controller_ip = env.get_primary_controller_ip()
cert = env.certificate
if cert is None:
keystone_url = 'http://{0}:5000/v2.0/'.format(controller_ip)
path_to_cert = None
else:
keystone_url = 'https://{0}:5000/v2.0/'.format(controller_ip)
with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f:
f.write(cert)
path_to_cert = f.name
return Credentials(fuel_ip=fuel_master_ip,
controller_ip=controller_ip,
keystone_url=keystone_url,
username='******',
password='******',
project='admin',
cert=path_to_cert)
def admin_ssh_keys_paths(self):
if self._admin_ssh_keys_paths is None:
self._admin_ssh_keys_paths = []
for key in self.admin_ssh_keys:
keyfile = gen_temp_file(prefix="fuel_key_", suffix=".rsa")
path = keyfile.name
key.write_private_key_file(path)
self._admin_ssh_keys_paths.append(path)
return self._admin_ssh_keys_paths
def admin_ssh_keys_paths(self):
if self._admin_ssh_keys_paths is None:
self._admin_ssh_keys_paths = []
for key in self.admin_ssh_keys:
keyfile = gen_temp_file(prefix="fuel_key_", suffix=".rsa")
path = keyfile.name
key.write_private_key_file(path)
self._admin_ssh_keys_paths.append(path)
return self._admin_ssh_keys_paths
def __init__(self,
controller_ip,
user='******',
password='******',
tenant='admin',
cert=None,
env=None,
proxy_session=None):
logger.debug('Init OpenStack clients on {0}'.format(controller_ip))
self.controller_ip = controller_ip
self.username = user
self.password = password
self.tenant = tenant
if cert is None:
auth_url = 'http://{0}:5000/v2.0/'.format(self.controller_ip)
self.path_to_cert = None
self.insecure = True
else:
auth_url = 'https://{0}:5000/v2.0/'.format(self.controller_ip)
with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f:
f.write(cert)
self.path_to_cert = f.name
self.insecure = False
logger.debug('Auth URL is {0}'.format(auth_url))
auth = KeystonePassword(username=user,
password=password,
auth_url=auth_url,
tenant_name=tenant)
self.session = session.Session(auth=auth, verify=self.path_to_cert)
self.keystone = KeystoneClient(session=self.session)
self.keystone.management_url = auth_url
self.nova = nova_client.Client(version=2, session=self.session)
self.cinder = cinderclient.Client(version=2, session=self.session)
self.neutron = neutron_client.Client(session=self.session)
self.glance = GlanceClient(session=self.session)
endpoint_url = self.session.get_endpoint(service_type='orchestration',
endpoint_type='publicURL')
token = self.session.get_token()
self.heat = HeatClient(endpoint=endpoint_url, token=token)
self.env = env
def __init__(self, controller_ip, user='******', password='******',
tenant='admin', cert=None, env=None, proxy_session=None):
logger.debug('Init OpenStack clients on {0}'.format(controller_ip))
self.controller_ip = controller_ip
self.username = user
self.password = password
self.tenant = tenant
if cert is None:
auth_url = 'http://{0}:5000/v2.0/'.format(self.controller_ip)
self.path_to_cert = None
self.insecure = True
else:
auth_url = 'https://{0}:5000/v2.0/'.format(self.controller_ip)
with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f:
f.write(cert)
self.path_to_cert = f.name
self.insecure = False
logger.debug('Auth URL is {0}'.format(auth_url))
auth = KeystonePassword(username=user,
password=password,
auth_url=auth_url,
tenant_name=tenant)
self.session = session.Session(auth=auth, verify=self.path_to_cert)
self.keystone = KeystoneClient(session=self.session)
self.keystone.management_url = auth_url
self.nova = nova_client.Client(version=2, session=self.session)
self.cinder = cinderclient.Client(version=2, session=self.session)
self.neutron = neutron_client.Client(session=self.session)
self.glance = GlanceClient(session=self.session)
endpoint_url = self.session.get_endpoint(service_type='orchestration',
endpoint_type='publicURL')
token = self.session.get_token()
self.heat = HeatClient(endpoint=endpoint_url, token=token)
self.env = env
def __init__(self, controller_ip, user='******', password='******',
tenant='admin', cert=None, env=None):
logger.debug('Init OpenStack clients on {0}'.format(controller_ip))
self.controller_ip = controller_ip
self.username = user
self.password = password
self.tenant = tenant
if cert is None:
auth_url = 'http://{0}:5000/v2.0/'.format(self.controller_ip)
self.path_to_cert = None
self.insecure = True
else:
auth_url = 'https://{0}:5000/v2.0/'.format(self.controller_ip)
with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f:
f.write(cert)
self.path_to_cert = f.name
self.insecure = False
logger.debug('Auth URL is {0}'.format(auth_url))
self.nova = nova_client.Client(version=2,
username=user,
api_key=password,
project_id=tenant,
auth_url=auth_url,
cacert=self.path_to_cert)
self.cinder = cinderclient.Client(2, user, password,
tenant, auth_url,
cacert=self.path_to_cert)
self.neutron = neutronclient.Client(username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url,
ca_cert=self.path_to_cert)
self.keystone = self._get_keystoneclient(username=user,
password=password,
tenant_name=tenant,
auth_url=auth_url,
ca_cert=self.path_to_cert)
token = self.keystone.auth_token
glance_endpoint = self.keystone.service_catalog.url_for(
service_type='image', endpoint_type='publicURL')
logger.debug('Glance endpoint is {0}'.format(glance_endpoint))
self.glance = GlanceClient(endpoint=glance_endpoint,
token=token,
cacert=self.path_to_cert)
heat_endpoint = self.keystone.service_catalog.url_for(
service_type='orchestration', endpoint_type='publicURL')
logger.debug('Heat endpoint is {0}'.format(heat_endpoint))
self.heat = HeatClient(endpoint=heat_endpoint,
token=token,
cacert=self.path_to_cert,
ca_file=self.path_to_cert)
self.env = env
def test_broadcast_traffic_propagation_single_net(self, router):
"""Check broadcast traffic between instances placed in a single
private network and hosted on different nodes
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 in net01 and compute1
5. Boot instances vm2 in net01 and compute2
6. Boot instances vm3 in net02 and compute2
7. On the compute2 start listen traffic from vm1 fixed ip on
tap interface of vm3
8. Go to the vm1's console and initiate broadcast traffic to vm3
9. Check that ARP traffic appears on listened interface
10. On the compute2 start listen traffic from vm1 fixed ip om
tap interface of vm2
11. Go to the vm1's console and initiate broadcast traffic to vm3
12. Check that ARP traffic is absent on listened interface
"""
# Create networks
compute_nodes = self.zone.hosts.keys()[:2]
net1, subnet1 = self.create_internal_network_with_subnet(suffix=1)
net2, subnet2 = self.create_internal_network_with_subnet(suffix=2)
for subnet in (subnet1, subnet2):
self.os_conn.router_interface_add(
router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
# Create instances:
for i, (node, net) in enumerate(((compute_nodes[0], net1),
(compute_nodes[1], net1),
(compute_nodes[1], net2)), 1):
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName, node),
key_name=self.instance_keypair.name,
nics=[{'net-id': net['network']['id']}],
security_groups=[self.security_group.id])
server1 = self.os_conn.nova.servers.find(name="server01")
server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed']
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed']
server3 = self.os_conn.nova.servers.find(name="server03")
server3_ip = self.os_conn.get_nova_instance_ips(server3)['fixed']
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
server2_port = self.os_conn.get_port_by_fixed_ip(server2_ip)
server2_tap = 'tap{}'.format(server2_port['id'][:11])
# Initiate broadcast traffic from server1 to server2
broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log')
with tcpdump(
ip=compute2.data['ip'], env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=' -n src host {ip} -i {interface}'.format(
ip=server1_ip,
interface=server2_tap,)
):
cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format(
server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip,
log_file=broadcast_log_file.name)
server3_port = self.os_conn.get_port_by_fixed_ip(server3_ip)
server3_tap = 'tap{}'.format(server3_port['id'][:11])
# Initiate broadcast traffic from server1 to server3
with tcpdump(
ip=compute2.data['ip'], env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=' -n src host {ip} -i {interface}'.format(
ip=server1_ip,
interface=server3_tap,)
):
cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format(
server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip,
log_file=broadcast_log_file.name)
def test_broadcast_traffic_propagation(self, router, tcpdump_args):
"""Check broadcast traffic propagation for network segments
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 in net01 and vm2 in net02
on different computes
5. Check that net02 got a new segmentation_id, different from net1
6. Go to the vm1's console and initiate broadcast traffic to vm2
7. On the compute where vm2 is hosted start listen vxlan port 4789
8. Check that no ARP traffic associated with vm1-vm2 pair
appears on compute node's console
9. Go to the vm1's console, stop arping and initiate
unicast traffic to vm2
10. Check that ICMP unicast traffic associated with vm1-vm2 pair
was captured on compute node's console
"""
# Create network and instance
compute_nodes = self.zone.hosts.keys()[:2]
for i, compute_node in enumerate(compute_nodes, 1):
network = self.os_conn.create_network(name='net%02d' % i)
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'],
name='net%02d__subnet' % i,
cidr="10.1.%d.0/24" % i)
self.os_conn.router_interface_add(
router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName,
compute_node),
key_name=self.instance_keypair.name,
nics=[{'net-id': network['network']['id']}],
security_groups=[self.security_group.id])
net1, net2 = [x for x in self.os_conn.list_networks()['networks']
if x['name'] in ("net01", "net02")]
# Check that networks has different segmentation_id
assert (net1['provider:segmentation_id'] !=
net2['provider:segmentation_id'])
server1 = self.os_conn.nova.servers.find(name="server01")
server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed']
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed']
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
# Initiate broadcast traffic from server1 to server2
broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log')
with tcpdump(
ip=compute2.data['ip'], env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=tcpdump_args.format(source_ip=server1_ip)
):
cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format(
server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip,
log_file=broadcast_log_file.name)
# Initiate unicast traffic from server1 to server2
unicast_log_file = gen_temp_file(prefix='unicast', suffix='.log')
with tcpdump(
ip=compute2.data['ip'], env=self.env,
log_path=unicast_log_file.name,
tcpdump_args=tcpdump_args.format(source_ip=server1_ip)
):
cmd = 'ping -c 4 {0}; true'.format(server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_icmp_traffic(src_ip=server1_ip, dst_ip=server2_ip,
log_file=unicast_log_file.name)
def test_vni_for_icmp_between_instances(self, router):
"""Check VNI and segmentation_id for icmp traffic between instances
on different computers
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 and vm2 on different computers
5. Check that net02 got a new segmentation_id, different from net1
6. Ping vm1 from vm2
7. On compute with vm_1 start listen vxlan port 4789
8. On compute with vm_2 start listen vxlan port 4789
9. Ping vm2 from vm1
10. Check that when traffic goes through net02 tunnel
(from vm2 to router01_02) all packets have VNI of net02
and when they travel through net01 tunnel
(from router to vm1) they have VNI of net01
"""
# Create network and instance
compute_nodes = self.zone.hosts.keys()[:2]
for i, compute_node in enumerate(compute_nodes, 1):
network = self.os_conn.create_network(name='net%02d' % i)
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'],
name='net%02d__subnet' % i,
cidr="10.1.%d.0/24" % i)
self.os_conn.router_interface_add(
router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName,
compute_node),
key_name=self.instance_keypair.name,
nics=[{'net-id': network['network']['id']}],
security_groups=[self.security_group.id])
net1, net2 = [x for x in self.os_conn.list_networks()['networks']
if x['name'] in ("net01", "net02")]
# Check that networks has different segmentation_id
assert (net1['provider:segmentation_id'] !=
net2['provider:segmentation_id'])
# Check ping from server1 to server2
server1 = self.os_conn.nova.servers.find(name="server01")
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2).values()[0]
network_checks.check_ping_from_vm(self.env, self.os_conn, server1,
self.instance_keypair, server2_ip)
# Start tcpdump
compute1 = self.env.find_node_by_fqdn(compute_nodes[0])
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
log_file1 = gen_temp_file(prefix='vxlan', suffix='.log')
log_file2 = gen_temp_file(prefix='vxlan', suffix='.log')
with tcpdump_vxlan(
ip=compute1.data['ip'], env=self.env,
log_path=log_file1.name), tcpdump_vxlan(
ip=compute2.data['ip'], env=self.env, log_path=log_file2.name):
# Ping server1 from server2
server1_ip = self.os_conn.get_nova_instance_ips(
server1).values()[0]
network_checks.check_ping_from_vm(
self.env, self.os_conn, server2, self.instance_keypair,
server1_ip)
# Check traffic
check_all_traffic_has_vni(net1['provider:segmentation_id'],
log_file1.name)
check_all_traffic_has_vni(net2['provider:segmentation_id'],
log_file2.name)
def test_broadcast_traffic_propagation_single_net(self, router):
"""Check broadcast traffic between instances placed in a single
private network and hosted on different nodes
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 in net01 and compute1
5. Boot instances vm2 in net01 and compute2
6. Boot instances vm3 in net02 and compute2
7. On the compute2 start listen traffic from vm1 fixed ip on
tap interface of vm3
8. Go to the vm1's console and initiate broadcast traffic to vm3
9. Check that ARP traffic appears on listened interface
10. On the compute2 start listen traffic from vm1 fixed ip om
tap interface of vm2
11. Go to the vm1's console and initiate broadcast traffic to vm3
12. Check that ARP traffic is absent on listened interface
"""
# Create networks
compute_nodes = self.zone.hosts.keys()[:2]
net1, subnet1 = self.create_internal_network_with_subnet(suffix=1)
net2, subnet2 = self.create_internal_network_with_subnet(suffix=2)
for subnet in (subnet1, subnet2):
self.os_conn.router_interface_add(router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
# Create instances:
for i, (node, net) in enumerate(
((compute_nodes[0], net1), (compute_nodes[1], net1),
(compute_nodes[1], net2)), 1):
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName, node),
key_name=self.instance_keypair.name,
nics=[{
'net-id': net['network']['id']
}],
security_groups=[self.security_group.id])
server1 = self.os_conn.nova.servers.find(name="server01")
server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed']
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed']
server3 = self.os_conn.nova.servers.find(name="server03")
server3_ip = self.os_conn.get_nova_instance_ips(server3)['fixed']
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
server2_port = self.os_conn.get_port_by_fixed_ip(server2_ip)
server2_tap = 'tap{}'.format(server2_port['id'][:11])
# Initiate broadcast traffic from server1 to server2
broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log')
with tcpdump(ip=compute2.data['ip'],
env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=' -n src host {ip} -i {interface}'.format(
ip=server1_ip,
interface=server2_tap,
)):
cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_arp_traffic(src_ip=server1_ip,
dst_ip=server2_ip,
log_file=broadcast_log_file.name)
server3_port = self.os_conn.get_port_by_fixed_ip(server3_ip)
server3_tap = 'tap{}'.format(server3_port['id'][:11])
# Initiate broadcast traffic from server1 to server3
with tcpdump(ip=compute2.data['ip'],
env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=' -n src host {ip} -i {interface}'.format(
ip=server1_ip,
interface=server3_tap,
)):
cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_no_arp_traffic(src_ip=server1_ip,
dst_ip=server2_ip,
log_file=broadcast_log_file.name)
def test_broadcast_traffic_propagation(self, router, tcpdump_args):
"""Check broadcast traffic propagation for network segments
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 in net01 and vm2 in net02
on different computes
5. Check that net02 got a new segmentation_id, different from net1
6. Go to the vm1's console and initiate broadcast traffic to vm2
7. On the compute where vm2 is hosted start listen vxlan port 4789
8. Check that no ARP traffic associated with vm1-vm2 pair
appears on compute node's console
9. Go to the vm1's console, stop arping and initiate
unicast traffic to vm2
10. Check that ICMP unicast traffic associated with vm1-vm2 pair
was captured on compute node's console
"""
# Create network and instance
compute_nodes = self.zone.hosts.keys()[:2]
for i, compute_node in enumerate(compute_nodes, 1):
network = self.os_conn.create_network(name='net%02d' % i)
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'],
name='net%02d__subnet' % i,
cidr="10.1.%d.0/24" % i)
self.os_conn.router_interface_add(router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName,
compute_node),
key_name=self.instance_keypair.name,
nics=[{
'net-id': network['network']['id']
}],
security_groups=[self.security_group.id])
net1, net2 = [
x for x in self.os_conn.list_networks()['networks']
if x['name'] in ("net01", "net02")
]
# Check that networks has different segmentation_id
assert (net1['provider:segmentation_id'] !=
net2['provider:segmentation_id'])
server1 = self.os_conn.nova.servers.find(name="server01")
server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed']
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed']
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
# Initiate broadcast traffic from server1 to server2
broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log')
with tcpdump(ip=compute2.data['ip'],
env=self.env,
log_path=broadcast_log_file.name,
tcpdump_args=tcpdump_args.format(source_ip=server1_ip)):
cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_no_arp_traffic(src_ip=server1_ip,
dst_ip=server2_ip,
log_file=broadcast_log_file.name)
# Initiate unicast traffic from server1 to server2
unicast_log_file = gen_temp_file(prefix='unicast', suffix='.log')
with tcpdump(ip=compute2.data['ip'],
env=self.env,
log_path=unicast_log_file.name,
tcpdump_args=tcpdump_args.format(source_ip=server1_ip)):
cmd = 'ping -c 4 {0}; true'.format(server2_ip)
network_checks.run_on_vm(self.env, self.os_conn, server1,
self.instance_keypair, cmd)
check_icmp_traffic(src_ip=server1_ip,
dst_ip=server2_ip,
log_file=unicast_log_file.name)
def test_vni_for_icmp_between_instances(self, router):
"""Check VNI and segmentation_id for icmp traffic between instances
on different computers
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create private network net02, subnet 10.1.2.0/24
3. Create router01_02 and connect net01 and net02 with it
4. Boot instances vm1 and vm2 on different computers
5. Check that net02 got a new segmentation_id, different from net1
6. Ping vm1 from vm2
7. On compute with vm_1 start listen vxlan port 4789
8. On compute with vm_2 start listen vxlan port 4789
9. Ping vm2 from vm1
10. Check that when traffic goes through net02 tunnel
(from vm2 to router01_02) all packets have VNI of net02
and when they travel through net01 tunnel
(from router to vm1) they have VNI of net01
"""
# Create network and instance
compute_nodes = self.zone.hosts.keys()[:2]
for i, compute_node in enumerate(compute_nodes, 1):
network = self.os_conn.create_network(name='net%02d' % i)
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'],
name='net%02d__subnet' % i,
cidr="10.1.%d.0/24" % i)
self.os_conn.router_interface_add(router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
self.os_conn.create_server(
name='server%02d' % i,
availability_zone='{}:{}'.format(self.zone.zoneName,
compute_node),
key_name=self.instance_keypair.name,
nics=[{
'net-id': network['network']['id']
}],
security_groups=[self.security_group.id])
net1, net2 = [
x for x in self.os_conn.list_networks()['networks']
if x['name'] in ("net01", "net02")
]
# Check that networks has different segmentation_id
assert (net1['provider:segmentation_id'] !=
net2['provider:segmentation_id'])
# Check ping from server1 to server2
server1 = self.os_conn.nova.servers.find(name="server01")
server2 = self.os_conn.nova.servers.find(name="server02")
server2_ip = self.os_conn.get_nova_instance_ips(server2).values()[0]
network_checks.check_ping_from_vm(self.env, self.os_conn, server1,
self.instance_keypair, server2_ip)
# Start tcpdump
compute1 = self.env.find_node_by_fqdn(compute_nodes[0])
compute2 = self.env.find_node_by_fqdn(compute_nodes[1])
log_file1 = gen_temp_file(prefix='vxlan', suffix='.log')
log_file2 = gen_temp_file(prefix='vxlan', suffix='.log')
with tcpdump_vxlan(ip=compute1.data['ip'],
env=self.env,
log_path=log_file1.name), tcpdump_vxlan(
ip=compute2.data['ip'],
env=self.env,
log_path=log_file2.name):
# Ping server1 from server2
server1_ip = self.os_conn.get_nova_instance_ips(
server1).values()[0]
network_checks.check_ping_from_vm(self.env, self.os_conn, server2,
self.instance_keypair,
server1_ip)
# Check traffic
check_all_traffic_has_vni(net1['provider:segmentation_id'],
log_file1.name)
check_all_traffic_has_vni(net2['provider:segmentation_id'],
log_file2.name)
def test_tunnel_established(self, router):
"""Check that VxLAN is established on nodes and VNI matching
the segmentation_id of a network
Scenario:
1. Create private network net01, subnet 10.1.1.0/24
2. Create router01, add interface for net01 and set gateway to
external network
3. Boot instance vm1_1 in net01
4. Look on what node l3 agent for this router01 is
5. Check that tunnel is established on controller
6. Check that tunnel is established on compute
7. On node with l3 agent find namespace qrouter
8. Add rules for ping and ssh connection
9. Go to the compute with vm_1 and run
tcpdump -vvni any port 4789 -w vxlan.log
10. Ping from qrouter namespace vm1
11. Copy vxlan.log for your computer and open it with Wireshark.
Press right button, choose Decode as, Transport
and choose VXLAN
"""
# Create network and instance
compute_node = self.zone.hosts.keys()[0]
network = self.os_conn.create_network(name='net01')
subnet = self.os_conn.create_subnet(
network_id=network['network']['id'],
name='net01__subnet',
cidr="10.1.1.0/24")
self.os_conn.router_interface_add(router_id=router['router']['id'],
subnet_id=subnet['subnet']['id'])
server = self.os_conn.create_server(
name='server01',
availability_zone='{}:{}'.format(self.zone.zoneName, compute_node),
key_name=self.instance_keypair.name,
nics=[{
'net-id': network['network']['id']
}],
security_groups=[self.security_group.id])
router_node = self.os_conn.get_l3_agent_hosts(
router['router']['id'])[0]
controller = self.env.find_node_by_fqdn(router_node)
compute = self.env.find_node_by_fqdn(compute_node)
# Check controller and compute
for node in (controller, compute):
with self.env.get_ssh_to_node(node.data['ip']) as remote:
result = remote.execute('ovs-vsctl show | grep -q br-tun')
assert result['exit_code'] == 0
log_file = gen_temp_file(prefix='vxlan', suffix='.log')
with tcpdump_vxlan(ip=compute.data['ip'],
env=self.env,
log_path=log_file.name):
with self.env.get_ssh_to_node(controller.data['ip']) as remote:
vm_ip = self.os_conn.get_nova_instance_ips(server)['fixed']
result = remote.execute(
'ip netns exec qrouter-{router_id} ping -c1 {ip}'.format(
router_id=router['router']['id'], ip=vm_ip))
# Check log
vni = network['network']['provider:segmentation_id']
check_all_traffic_has_vni(vni, log_file.name)
def image_file():
image_file = common.gen_temp_file(prefix='image', suffix='.img')
yield image_file
image_file.unlink(image_file.name)
