def test_get_events(self):
utils.wait_until_true(lambda: self.monitor.has_updates)
devices = self.monitor.get_events()
self.assertTrue(devices.get('added'),
'Initial call should always be true')
br = self.useFixture(net_helpers.OVSBridgeFixture())
p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge))
p2 = self.useFixture(net_helpers.OVSPortFixture(br.bridge))
added_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(added_devices, 'added'))
br.bridge.delete_port(p1.port.name)
br.bridge.delete_port(p2.port.name)
removed_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(removed_devices, 'removed'))
# restart
self.monitor.stop(block=True)
# NOTE(slaweq): lets give async process few more seconds to receive
# "error" from the old ovsdb monitor process and then start new one
time.sleep(5)
self.monitor.start(block=True, timeout=60)
try:
utils.wait_until_true(
lambda: self.monitor.get_events().get('added'))
except utils.WaitTimeout:
raise AssertionError('Initial call should always be true')
def test_get_events(self):
utils.wait_until_true(lambda: self.monitor.data_received is True)
devices = self.monitor.get_events()
self.assertTrue(devices.get('added'),
'Initial call should always be true')
p_attrs = [('external_ids', {'iface-status': 'active'})]
br = self.useFixture(net_helpers.OVSBridgeFixture())
p1 = self.useFixture(
net_helpers.OVSPortFixture(br.bridge, None, p_attrs))
p2 = self.useFixture(
net_helpers.OVSPortFixture(br.bridge, None, p_attrs))
added_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(added_devices, 'added'))
br.bridge.delete_port(p1.port.name)
br.bridge.delete_port(p2.port.name)
removed_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(removed_devices, 'removed'))
# restart
self.monitor.stop(block=True)
self.monitor.start(block=True, timeout=60)
devices = self.monitor.get_events()
self.assertTrue(devices.get('added'),
'Initial call should always be true')
def setUp(self):
if not checks.arp_header_match_supported():
self.skipTest("ARP header matching not supported")
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(ARPSpoofTestCase, self).setUp()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_ns = self._create_namespace()
self.dst_ns = self._create_namespace()
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_ns.namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_ns.namespace)).port
def setUp(self):
cfg.CONF.set_override('enable_distributed_routing',
True,
group='AGENT')
super(OVSFlowTestCase, self).setUp()
self.phys_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.br_phys = self.br_phys_cls(self.phys_br.br_name)
self.br_phys.set_secure_mode()
self.br_phys.setup_controllers(cfg.CONF)
self.router_addr = '192.168.0.1/24'
self.namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.phys_p = self.useFixture(
net_helpers.OVSPortFixture(self.br_phys, self.namespace)).port
self.tun_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.br_tun = self.br_tun_cls(self.tun_br.br_name)
self.br_tun.set_secure_mode()
self.br_tun.setup_controllers(cfg.CONF)
self.tun_p = self.br_tun.add_patch_port(
common_utils.get_rand_device_name(
prefix=cfg.CONF.OVS.tun_peer_patch_port),
common_utils.get_rand_device_name(
prefix=cfg.CONF.OVS.int_peer_patch_port))
self.br_tun.setup_default_table(self.tun_p, True)
def test_do_main_default_options(self):
int_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.conf.set_override("integration_bridge", int_br.br_name, 'OVS')
self.conf.set_override("ovs_all_ports", False)
noskip = collections.defaultdict(list)
skip = collections.defaultdict(list)
# add two vifs, one skipped, and a non-vif port to int_br
for collection in (noskip, skip):
collection[int_br].append(
self.useFixture(net_helpers.OVSPortFixture(int_br)).port.name)
# set skippable vif to be skipped
int_br.ovsdb.db_set('Interface', skip[int_br][0],
('external_ids', {
constants.SKIP_CLEANUP: "True"
})).execute(check_error=True)
device_name = utils.get_rand_name()
skip[int_br].append(device_name)
int_br.add_port(device_name, ('type', 'internal'))
# sanity check
for collection in (noskip, skip):
for bridge, ports in collection.items():
port_list = bridge.get_port_name_list()
for port in ports:
self.assertIn(port, port_list)
ovs_cleanup.do_main(self.conf)
ports = int_br.get_port_name_list()
for vif in noskip[int_br]:
self.assertNotIn(vif, ports)
for port in skip[int_br]:
self.assertIn(port, ports)
def test_has_updates(self):
utils.wait_until_true(lambda: self.monitor.has_updates)
# clear the event list
self.monitor.get_events()
self.useFixture(net_helpers.OVSPortFixture())
# has_updates after port addition should become True
utils.wait_until_true(lambda: self.monitor.has_updates is True)
def test_do_main_default_options(self):
int_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
ext_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.conf.set_override("ovs_integration_bridge", int_br.br_name)
self.conf.set_override("external_network_bridge", ext_br.br_name)
self.conf.set_override("ovs_all_ports", False)
noskip = collections.defaultdict(list)
skip = collections.defaultdict(list)
# add two vifs and a non-vif port to int_br and ext_br
for br in (int_br, ext_br):
for i in range(2):
noskip[br].append(
self.useFixture(net_helpers.OVSPortFixture(br)).port.name)
device_name = utils.get_rand_name()
skip[br].append(device_name)
br.add_port(device_name, ('type', 'internal'))
# sanity check
for collection in (noskip, skip):
for bridge, ports in collection.items():
port_list = bridge.get_port_name_list()
for port in ports:
self.assertIn(port, port_list)
ovs_cleanup.do_main(self.conf)
for br in (int_br, ext_br):
ports = br.get_port_name_list()
for vif in noskip[br]:
self.assertNotIn(vif, ports)
for port in skip[br]:
self.assertIn(port, ports)
def setUp(self):
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(_ARPSpoofTestCase, self).setUp()
self.skip_without_arp_support()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.dst_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def test_interface_monitor_filtering(self):
br_1 = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
br_2 = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
mon_no_filter = ovsdb_monitor.SimpleInterfaceMonitor(
respawn_interval=30,
ovsdb_connection=cfg.CONF.OVS.ovsdb_connection)
mon_no_filter.start(block=True)
mon_br_1 = ovsdb_monitor.SimpleInterfaceMonitor(
respawn_interval=30,
ovsdb_connection=cfg.CONF.OVS.ovsdb_connection,
bridge_names=[br_1.br_name],
ovs=br_1)
mon_br_1.start(block=True)
mon_br_2 = ovsdb_monitor.SimpleInterfaceMonitor(
respawn_interval=30,
ovsdb_connection=cfg.CONF.OVS.ovsdb_connection,
bridge_names=[br_2.br_name],
ovs=br_1)
mon_br_2.start(block=True)
self.addCleanup(self._stop_monitors,
[mon_no_filter, mon_br_1, mon_br_2])
p1 = self.useFixture(net_helpers.OVSPortFixture(br_1))
p2 = self.useFixture(net_helpers.OVSPortFixture(br_2))
ports_expected = {p1.port.name, p2.port.name}
try:
common_utils.wait_until_true(lambda: not self._check_port_events(
mon_no_filter, ports_expected=ports_expected),
timeout=5)
except common_utils.WaitTimeout:
self.fail('Interface monitor not filtered did not received an '
'event for ports %s' % ports_expected)
self.assertIs(
0,
len(
self._check_port_events(mon_br_1,
ports_expected={p1.port.name},
ports_not_expected={p2.port.name})))
self.assertIs(
0,
len(
self._check_port_events(mon_br_2,
ports_expected={p2.port.name},
ports_not_expected={p1.port.name})))
def _prepare_port_and_description(self, security_group_rules):
hybrid_port = self.useFixture(
net_helpers.OVSPortFixture(
self.bridge, self.namespace, hybrid_plug=True))
self._set_vlan_tag_on_port(hybrid_port, 1)
description = self.add_sg_rules(hybrid_port, security_group_rules)
return hybrid_port, description
def _connect_ovs_port(self, cidr_address):
ovs_device = self.useFixture(
net_helpers.OVSPortFixture(bridge=self.central_data_bridge,
namespace=self.host_namespace)).port
# NOTE: This sets an IP address on the host's root namespace
# which is cleaned up when the device is deleted.
ovs_device.addr.add(cidr_address)
return ovs_device
def test_has_updates(self):
utils.wait_until_true(lambda: self.monitor.data_received is True)
self.assertTrue(self.monitor.has_updates,
'Initial call should always be true')
# clear the event list
self.monitor.get_events()
self.useFixture(net_helpers.OVSPortFixture())
# has_updates after port addition should become True
utils.wait_until_true(lambda: self.monitor.has_updates is True)
def test_has_updates(self):
self.assertTrue(self.monitor.has_updates,
'Initial call should always be true')
self.assertFalse(self.monitor.has_updates,
'has_updates without port addition should be False')
self.useFixture(net_helpers.OVSPortFixture())
# has_updates after port addition should become True
while not self.monitor.has_updates:
eventlet.sleep(0.01)
def test_fip_connection_from_same_subnet(self):
'''Test connection to floatingip which is associated with
fixed_ip on the same subnet of the source fixed_ip.
In other words it confirms that return packets surely
go through the router.
'''
router_info = self.generate_router_info(enable_ha=False)
router = self.manage_router(self.agent, router_info)
router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0])
router_ip = router_ip_cidr.partition('/')[0]
src_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr)
dst_ip_cidr = net_helpers.increment_ip_cidr(src_ip_cidr)
dst_ip = dst_ip_cidr.partition('/')[0]
dst_fip = '19.4.4.10'
router.router[l3_constants.FLOATINGIP_KEY] = []
self._add_fip(router, dst_fip, fixed_address=dst_ip)
router.process(self.agent)
br_int = get_ovs_bridge(self.agent.conf.ovs_integration_bridge)
# FIXME(cbrandily): temporary, will be replaced by fake machines
src_ns = self._create_namespace(prefix='test-src-')
src_port = self.useFixture(
net_helpers.OVSPortFixture(br_int, src_ns.namespace)).port
src_port.addr.add(src_ip_cidr)
net_helpers.set_namespace_gateway(src_port, router_ip)
dst_ns = self._create_namespace(prefix='test-dst-')
dst_port = self.useFixture(
net_helpers.OVSPortFixture(br_int, dst_ns.namespace)).port
dst_port.addr.add(dst_ip_cidr)
net_helpers.set_namespace_gateway(dst_port, router_ip)
protocol_port = helpers.get_free_namespace_port(dst_ns)
# client sends to fip
netcat = helpers.NetcatTester(src_ns,
dst_ns,
dst_ip,
protocol_port,
client_address=dst_fip,
run_as_root=True,
udp=False)
self.addCleanup(netcat.stop_processes)
self.assertTrue(netcat.test_connectivity())
def setUp(self):
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(ARPSpoofTestCase, self).setUp()
self.skip_without_arp_support()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.dst_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
# wait to add IPs until after anti-spoof rules to ensure ARP doesn't
# happen before
self.addOnException(self.collect_flows_and_ports)
def _connect_ovs_port(self, cidr_address):
LOG.info('%s(): caller(): %s', log_utils.get_fname(1), log_utils.get_fname(2))
ovs_device = self.useFixture(
net_helpers.OVSPortFixture(
bridge=self.central_bridge,
namespace=self.host_namespace)).port
# NOTE: This sets an IP address on the host's root namespace
# which is cleaned up when the device is deleted.
ovs_device.addr.add(cidr_address)
return ovs_device
def test_get_events(self):
utils.wait_until_true(lambda: self.monitor.has_updates)
devices = self.monitor.get_events()
self.assertTrue(devices.get('added'),
'Initial call should always be true')
br = self.useFixture(net_helpers.OVSBridgeFixture())
p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge))
p2 = self.useFixture(net_helpers.OVSPortFixture(br.bridge))
added_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(added_devices, 'added'))
br.bridge.delete_port(p1.port.name)
br.bridge.delete_port(p2.port.name)
removed_devices = [p1.port.name, p2.port.name]
utils.wait_until_true(
lambda: self._expected_devices_events(removed_devices, 'removed'))
# restart
self.monitor.stop(block=True)
self.monitor.start(block=True, timeout=60)
devices = self.monitor.get_events()
self.assertTrue(devices.get('added'),
'Initial call should always be true')
def test_get_events_includes_ofport(self):
utils.wait_until_true(lambda: self.monitor.has_updates)
self.monitor.get_events() # clear initial events
br = self.useFixture(net_helpers.OVSBridgeFixture())
p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge))
def p1_event_has_ofport():
if not self.monitor.has_updates:
return
for e in self.monitor.new_events['added']:
if (e['name'] == p1.port.name and
e['ofport'] != ovs_lib.UNASSIGNED_OFPORT):
return True
utils.wait_until_true(p1_event_has_ofport)
def test_install_instructions_str(self):
kwargs = {'in_port': 345, 'vlan_tci': 0x1123}
dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br_tun, self.namespace)).port
dst_ofp = self.br_tun.get_port_ofport(dst_p.name)
self.br_tun.install_instructions("pop_vlan,output:%d" % dst_ofp,
priority=10, **kwargs)
trace = self._run_trace(self.br_tun.br_name,
"in_port=%(in_port)d,dl_src=12:34:56:78:aa:bb,"
"dl_dst=24:12:56:78:aa:bb,dl_type=0x0800,"
"nw_src=192.168.0.1,nw_dst=192.168.0.2,"
"nw_proto=1,nw_tos=0,nw_ttl=128,"
"icmp_type=8,icmp_code=0,vlan_tci=%(vlan_tci)d"
% kwargs)
self.assertIn("pop_vlan,", trace["Datapath actions"])
def test_access_to_metadata_proxy(self):
"""Test access to the l3-agent metadata proxy.
The test creates:
* A l3-agent metadata service:
* A router (which creates a metadata proxy in the router namespace),
* A fake metadata server
* A "client" namespace (simulating a vm) with a port on router
internal subnet.
The test queries from the "client" namespace the metadata proxy on
http://169.254.169.254 and asserts that the metadata proxy added
the X-Forwarded-For and X-Neutron-Router-Id headers to the request
and forwarded the http request to the fake metadata server and the
response to the "client" namespace.
"""
router_info = self.generate_router_info(enable_ha=False)
router = self.manage_router(self.agent, router_info)
self._create_metadata_fake_server(webob.exc.HTTPOk.code)
# Create and configure client namespace
client_ns = self._create_namespace()
router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0])
ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr)
br_int = get_ovs_bridge(self.agent.conf.ovs_integration_bridge)
# FIXME(cbrandily): temporary, will be replaced by a fake machine
port = self.useFixture(
net_helpers.OVSPortFixture(br_int, client_ns.namespace)).port
port.addr.add(ip_cidr)
net_helpers.set_namespace_gateway(port,
router_ip_cidr.partition('/')[0])
# Query metadata proxy
url = 'http://%(host)s:%(port)s' % {
'host': dhcp.METADATA_DEFAULT_IP,
'port': dhcp.METADATA_PORT
}
cmd = 'curl', '--max-time', METADATA_REQUEST_TIMEOUT, '-D-', url
try:
raw_headers = client_ns.netns.execute(cmd)
except RuntimeError:
self.fail('metadata proxy unreachable on %s before timeout' % url)
# Check status code
firstline = raw_headers.splitlines()[0]
self.assertIn(str(webob.exc.HTTPOk.code), firstline.split())
def port_setup(self, router, bridge=None, offset=1, namespace=None):
"""Creates namespace and a port inside it on a client site."""
if not namespace:
client_ns = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
namespace = client_ns.namespace
router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0])
port_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr, offset)
if not bridge:
bridge = get_ovs_bridge(self.vpn_agent.conf.ovs_integration_bridge)
port = self.useFixture(
net_helpers.OVSPortFixture(bridge, namespace)).port
port.addr.add(port_ip_cidr)
port.route.add_gateway(router_ip_cidr.partition('/')[0])
return namespace, port_ip_cidr.partition('/')[0]
def create_ports_for(self, site):
"""Creates namespaces and ports for simulated VM.
There will be a unique namespace for each port, which is representing
a VM for the test.
"""
bridge = get_ovs_bridge(self.vpn_agent.conf.ovs_integration_bridge)
site.vm = []
for internal_port in site.router.internal_ports:
router_ip_cidr = self._port_first_ip_cidr(internal_port)
port_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr, 1)
client_ns = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
namespace = client_ns.namespace
port = self.useFixture(
net_helpers.OVSPortFixture(bridge, namespace)).port
port.addr.add(port_ip_cidr)
port.route.add_gateway(router_ip_cidr.partition('/')[0])
site.vm.append(Vm(namespace, port_ip_cidr.partition('/')[0]))
def test_bundled_install(self):
if 'ovs_ofctl' in self.main_module:
self.skip("ovs-ofctl of_interface doesn't have bundled()")
kwargs = {'in_port': 345, 'vlan_tci': 0x1321}
dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br_tun, self.namespace)).port
dst_ofp = self.br_tun.get_port_ofport(dst_p.name)
with self.br_tun.bundled() as br:
br.install_instructions("pop_vlan,output:%d" % dst_ofp,
priority=10,
**kwargs)
trace = self._run_trace(
self.br_tun.br_name,
"in_port=%(in_port)d,dl_src=12:34:56:78:aa:bb,"
"dl_dst=24:12:56:78:aa:bb,dl_type=0x0800,"
"nw_src=192.168.0.1,nw_dst=192.168.0.2,"
"nw_proto=1,nw_tos=0,nw_ttl=128,"
"icmp_type=8,icmp_code=0,vlan_tci=%(vlan_tci)d" % kwargs)
self.assertIn("pop_vlan,", trace["Datapath actions"])
def test_no_value_set_for_other_config_raises_exception(self):
port = self.useFixture(net_helpers.OVSPortFixture(self.bridge)).port
with testtools.ExpectedException(exceptions.OVSFWTagNotFound):
firewall.get_tag_from_other_config(self.bridge, port.name)
def test_correct_tag_is_returned(self):
port_number = 42
port = self.useFixture(net_helpers.OVSPortFixture(self.bridge)).port
self.set_port_tag(port.name, port_number)
observed = firewall.get_tag_from_other_config(self.bridge, port.name)
self.assertEqual(port_number, observed)
