def test_repeated_policy_modify(self):
""" Configure policies based on topology; Replace VN's existing policy [same policy name but with different rule set] multiple times and verify.
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, multiple policies with n
# rules
topology_class_name = sdn_single_vm_multiple_policy_topology.sdn_single_vm_multiple_policy_config
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo['policy'][policy_name],
topo, 'setup')
###
# Test procedure:
# Test repeated update of a policy attached to a VM
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
test_vn_fix = config_topo['vn'][test_vn]
test_vn_id = test_vn_fix.vn_id
for policy in topo.policy_list:
# set new policy for test_vn to policy
test_policy_fq_names = []
name = config_topo['policy'][policy].policy_fq_name
test_policy_fq_names.append(name)
state = "policy for %s updated to %s" % (test_vn, policy)
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to
# system
time.sleep(5)
self.logger.info("new policy list of vn %s is %s" %
(test_vn, policy))
# update expected topology with this new info for verification
updated_topo = policy_test_utils.update_topo(topo, test_vn, policy)
system_vna_verify_policy(self, config_topo['policy'][policy],
updated_topo, state)
return True
def test_flow_single_project(self):
"""Tests related to flow setup rate and flow table stability accross various triggers for verification
accross VN's within a single project"""
result = True
#self.agent_objs = {}
#self.set_flow_tear_time()
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
topology_class_name = flow_test_topo.systest_topo_single_project
# mini topo for testing script
# topology_class_name = mini_flow_test_topo.systest_topo_single_project
self.logger.info(
"Scenario for the test used is: %s" %
(topology_class_name))
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data'][0], out['data'][1]
proj = list(topo.keys())[0]
# Get the vrouter build version for logging purposes.
BuildTag = get_OS_Release_BuildVersion(self)
# Create traffic profile with all details like IP addresses, port
# numbers and no of flows, from the profile defined in the topology.
traffic_profiles = self.create_traffic_profiles(
topo[proj],
config_topo)
self.topo, self.config_topo = topo, config_topo
for each_profile in traffic_profiles:
result = self.generate_udp_flows_and_do_verification(
traffic_profiles[each_profile], str(BuildTag))
# verify_system_parameters(self, out)
self.delete_agent_flows()
if not result:
False
return True
def test_policy(self):
""" Configure policies based on topology and run policy related verifications.
"""
result = True
#
# Get config for test from topology
topology_class_name = sdn_basic_topology.sdn_basic_config
self.logger.info("Scenario for the test used is: %s" % (topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name,
username=self.project.project_username,
password=self.project.project_user_password,
)
except NameError:
topo = topology_class_name()
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out["result"], True, out["msg"])
if out["result"]:
topo, config_topo = out["data"]
#
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo["policy"][policy_name], topo, "setup")
return True
def all_policy_verify(
self,
config_topo,
topo,
state='unspecified',
fixture_only='no'):
'''Call all policy related verifications..
Useful to debug failures... call this on failure..
Verify & assert on fail'''
self.logger.debug("Starting Verifications after %s" % (state))
# calling policy fixture verifications
for policy_name, policy_fixt in config_topo['policy'].items():
ret = policy_fixt.verify_on_setup()
assertEqual(ret['result'], True, ret['msg'])
# calling vn-policy verification
for vn_name, vn_fixt in config_topo['vn'].items():
ret = vn_fixt.verify_vn_policy_in_api_server()
assertEqual(ret['result'], True, ret['msg'])
if fixture_only == 'no':
# This is not a fixture verfication,
# requires runtime[config_topo] & user-def[topo] topology to be in sync to verify
# calling vna-acl verification
# pick any policy configured
policy_fixt = config_topo['policy'][str(topo.policy_list[0])]
system_vna_verify_policy(self, policy_fixt, topo, state)
def all_policy_verify(
self,
config_topo,
topo,
state='unspecified',
fixture_only='no'):
'''Call all policy related verifications..
Useful to debug failures... call this on failure..
Verify & assert on fail'''
self.logger.debug("Starting Verifications after %s" % (state))
# calling policy fixture verifications
for policy_name, policy_fixt in list(config_topo['policy'].items()):
ret = policy_fixt.verify_on_setup()
assertEqual(ret['result'], True, ret['msg'])
# calling vn-policy verification
for vn_name, vn_fixt in list(config_topo['vn'].items()):
ret = vn_fixt.verify_vn_policy_in_api_server()
assertEqual(ret['result'], True, ret['msg'])
if fixture_only == 'no':
# This is not a fixture verfication,
# requires runtime[config_topo] & user-def[topo] topology to be in sync to verify
# calling vna-acl verification
# pick any policy configured
policy_fixt = config_topo['policy'][str(topo.policy_list[0])]
system_vna_verify_policy(self, policy_fixt, topo, state)
def test_flow_scaling_interNode_interVN(self):
"""Basic systest with single project with many features & traffic..
"""
result = False
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
topology_class_name = flow_scale_topo.FlowScaleTopology
self.logger.info(
"Scenario for the test used is: %s" %
(topology_class_name))
try:
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips,
project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup(VmToNodeMapping=topo.vm_node_map)
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
self.traffic_scenarios = self.build_traffic_scenarios(
topo,
config_topo)
src_vm_obj=self.traffic_scenarios['1to2'][0]
vn_fq_name=config_topo['vn']['vnet1'].vn_fq_name
src_vm_intf_id=src_vm_obj.cs_vmi_obj[
vn_fq_name]['virtual-machine-interface']['uuid']
src_vm_obj.provision_static_route(
prefix='111.1.0.0/16',
virtual_machine_interface_id=src_vm_intf_id)
result = self.create_scaled_flows()
self.delete_agent_flows()
return True
def test_system_single_project(self):
"""Basic systest with single project with many features & traffic..
"""
result = True
#self.agent_objs = {}
#self.set_flow_tear_time()
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
topology_class_name = system_test_topo.systest_topo_single_project
# For testing script, use mini topology
# topology_class_name =
# mini_system_test_topo.systest_topo_single_project
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
topo = topology_class_name(compute_node_list=self.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data'][0], out['data'][1]
proj = list(topo.keys())[0]
# Get the vrouter build version for logging purposes.
BuildTag = get_OS_Release_BuildVersion(self)
# Create traffic profile with all details like IP addresses, port
# numbers and no of flows, from the profile defined in the topology.
traffic_profiles = self.create_traffic_profiles(
topo[proj], config_topo)
self.topo, self.config_topo = topo, config_topo
for each_profile in traffic_profiles:
result = self.generate_udp_flows(traffic_profiles[each_profile],
str(BuildTag))
#verify_system_parameters(self, out)
self.delete_agent_flows()
if not result:
return False
return True
def config_topo_single_proj(class_instance,
topology_class_name,
create_traffic_profile=True):
"""Initialize and Setup configurations for single project related flow
system tests.
"""
#self.agent_objs = {}
# self.set_flow_tear_time()
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this
# test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
# if len(self.inputs.compute_ips) < 2:
if len(class_instance.inputs.compute_ips) < 2:
class_instance.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
class_instance.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
#topology_class_name = system_test_topo.SystestTopoSingleProject
# For testing script, use mini topology
# topology_class_name =
# mini_system_test_topo.SystestTopoSingleProject
class_instance.logger.info("Scenario for the test used is: %s" %
(str(topology_class_name)))
topo = topology_class_name(
compute_node_list=class_instance.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = class_instance.useFixture(
class_instance(), sdnTopoSetupFixture(class_instance.connections,
topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data'][0], out['data'][1]
proj = list(topo.keys())[0]
# Get the vrouter build version for logging purposes.
class_instance.BuildTag = get_OS_Release_BuildVersion(class_instance)
# Create traffic profile with all details like IP addresses, port
# numbers and no of flows, from the profile defined in the topology.
if create_traffic_profile:
class_instance.traffic_profiles = create_traffic_profiles(
topo[proj], config_topo)
class_instance.topo, class_instance.config_topo = topo, config_topo
class_instance.config_setup_obj = setup_obj
def test_flow_scaling_interNode_interVN(self):
"""Basic systest with single project with many features & traffic..
"""
result = False
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
topology_class_name = flow_scale_topo.FlowScaleTopology
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
try:
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips,
project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.topo_setup(VmToNodeMapping=topo.vm_node_map)
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
self.traffic_scenarios = self.build_traffic_scenarios(
topo, config_topo)
src_vm_obj = self.traffic_scenarios['1to2'][0]
vn_fq_name = config_topo['vn']['vnet1'].vn_fq_name
src_vm_intf_id = src_vm_obj.cs_vmi_obj[vn_fq_name][
'virtual-machine-interface']['uuid']
src_vm_obj.provision_static_route(
prefix='111.1.0.0/16', virtual_machine_interface_id=src_vm_intf_id)
result = self.create_scaled_flows()
self.delete_agent_flows()
return True
def test_repeated_policy_modify(self):
""" Configure policies based on topology; Replace VN's existing policy [same policy name but with different rule set] multiple times and verify.
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, multiple policies with n
# rules
topology_class_name = sdn_single_vm_multiple_policy_topology.sdn_single_vm_multiple_policy_config
self.logger.info("Scenario for the test used is: %s" % (topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name, username=self.project.username, password=self.project.password
)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out["result"], True, out["msg"])
if out["result"]:
topo, config_topo = out["data"]
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo["policy"][policy_name], topo, "setup")
###
# Test procedure:
# Test repeated update of a policy attached to a VM
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
test_vn_fix = config_topo["vn"][test_vn]
test_vn_id = test_vn_fix.vn_id
for policy in topo.policy_list:
# set new policy for test_vn to policy
test_policy_fq_names = []
name = config_topo["policy"][policy].policy_fq_name
test_policy_fq_names.append(name)
state = "policy for %s updated to %s" % (test_vn, policy)
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to
# system
time.sleep(5)
self.logger.info("new policy list of vn %s is %s" % (test_vn, policy))
# update expected topology with this new info for verification
updated_topo = policy_test_utils.update_topo(topo, test_vn, policy)
system_vna_verify_policy(self, config_topo["policy"][policy], updated_topo, state)
return True
def config_topo_single_proj(class_instance, topology_class_name):
"""Initialize and Setup configurations for single project related flow
system tests.
"""
#self.agent_objs = {}
#self.set_flow_tear_time()
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
#if len(self.inputs.compute_ips) < 2:
if len(class_instance.inputs.compute_ips) < 2:
class_instance.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
class_instance.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
#topology_class_name = system_test_topo.systest_topo_single_project
# For testing script, use mini topology
# topology_class_name =
# mini_system_test_topo.systest_topo_single_project
class_instance.logger.info(
"Scenario for the test used is: %s" %
(str(topology_class_name)))
topo = topology_class_name(
compute_node_list=class_instance.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = class_instance.useFixture(class_instance(),
sdnTopoSetupFixture(class_instance.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data'][0], out['data'][1]
proj = list(topo.keys())[0]
# Get the vrouter build version for logging purposes.
class_instance.BuildTag = get_OS_Release_BuildVersion(class_instance)
# Create traffic profile with all details like IP addresses, port
# numbers and no of flows, from the profile defined in the topology.
class_instance.traffic_profiles = create_traffic_profiles(
topo[proj],
config_topo)
class_instance.topo, class_instance.config_topo = topo, config_topo
def test_policy(self):
""" Configure policies based on topology and run policy related verifications.
"""
result = True
#
# Get config for test from topology
topology_class_name = sdn_basic_topology.sdn_basic_config
self.logger.info(
"Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name,
username=self.project.project_username,
password=self.project.project_user_password)
except NameError:
topo = topology_class_name()
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
#
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(
self,
config_topo['policy'][policy_name],
topo,
'setup')
# Verify ICMP traffic between the two VM's.
if not config_topo['vm'][topo.vmc_list[0]].ping_with_certainty(
expectation=True,
dst_vm_fixture=config_topo['vm'][topo.vmc_list[1]]):
self.logger.error(
'Ping from %s to %s failed,expected it to pass' %
(config_topo['vm'][topo.vmc_list[0]].vm_name,
config_topo['vm'][topo.vmc_list[1]].vm_name))
return False
return True
def test_policy(self):
""" Configure policies based on topology and run policy related verifications.
"""
result = True
#
# Get config for test from topology
topology_class_name = sdn_basic_topology.sdn_basic_config
self.logger.info(
"Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name,
username=self.project.project_username,
password=self.project.project_user_password)
except NameError:
topo = topology_class_name()
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
#
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(
self,
config_topo['policy'][policy_name],
topo,
'setup')
# Verify ICMP traffic between the two VM's.
if not config_topo['vm'][topo.vmc_list[0]].ping_with_certainty(
expectation=True,
dst_vm_fixture=config_topo['vm'][topo.vmc_list[1]]):
self.logger.error(
'Ping from %s to %s failed,expected it to pass' %
(config_topo['vm'][topo.vmc_list[0]].vm_name,
config_topo['vm'][topo.vmc_list[1]].vm_name))
return False
return True
def inventory_tests(self, node_name=None):
if node_name is None:
self.logger.error("ERROR :: Target node name has to be specified to test inventory information.")
return False
self.logger.info("------------INVENTORY TEST FOR NODE %s------------" % node_name)
local("server-manager-client display inventory --server_id %s > working_db.txt" % node_name)
fd=open('working_db.txt','r')
lines=fd.readlines()
fd.close()
fd=open('working_db.json','w')
for i in range(1,len(lines)-1):
fd.write(lines[i])
fd.close()
fd=open('working_db.json','r')
inventory_data=json.load(fd)
fd.close()
node_ip=self.smgr_fixture.get_ip_using_server_id(node_name)
node_pswd=self.smgr_fixture.get_pswd_using_server_id(node_name)
#Check for cpu details in inventory.
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
cpu_cores=run('cat /proc/cpuinfo | grep "cpu cores" | head -n 1 |cut -d ":" -f2')
clock_speed=run('cat /proc/cpuinfo | grep "cpu MHz" | head -n 1 |cut -d ":" -f2')
model=run('cat /proc/cpuinfo | grep "model name" | head -n 1 |cut -d ":" -f2')
assertEqual(int(cpu_cores), inventory_data['ServerInventoryInfo']['cpu_cores_count'],
"cpu_cores_count mismatch for node %s = inventory_data - %s, proc-cpuinfo data - %s" % (node_name,inventory_data['ServerInventoryInfo']['cpu_cores_count'],cpu_cores))
assertEqual(float(clock_speed), float(inventory_data['ServerInventoryInfo']['cpu_info_state']['clock_speed_MHz']),
"clock_speed mismatch for node %s = inventory_data - %s, proc-cpuinfo data - %s"
% (node_name,float(inventory_data['ServerInventoryInfo']['cpu_info_state']['clock_speed_MHz']),float(clock_speed)))
assertEqual(model, inventory_data['ServerInventoryInfo']['cpu_info_state']['model'],
"model mismatch for node %s = inventory_data - %s, proc-cpuinfo data - %s"
% (node_name,inventory_data['ServerInventoryInfo']['cpu_info_state']['model'],model))
#Check for interface details in inventory both physical and virtual intrerfaces should be listed.
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
intf_names=run("ifconfig -a | grep 'Link encap' | awk '{print $1}'")
intf_list=intf_names.split('\r\n')
track_intf=list(intf_list)
for i in range(0,len(track_intf)):
if '-' in track_intf[i]:
del track_intf[i]
for intf_data in inventory_data['ServerInventoryInfo']['interface_infos']:
if '_' in intf_data['interface_name']:
continue
if intf_data['interface_name'] in track_intf:
if (intf_data['ip_addr'] and intf_data['ip_addr'] != 'N/A'):
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
ip_addr=run("ifconfig " + intf_data['interface_name'] + " | grep inet | awk '{print $2}' | cut -d ':' -f 2")
assertEqual(ip_addr, intf_data['ip_addr'], "ip address mis-match for interface %s on node %s. inventory data - %s, ifconfig data %s"
% (intf_data['interface_name'],node_name,intf_data['ip_addr'],ip_addr))
if (intf_data['macaddress'] and intf_data['macaddress'] != 'N/A'):
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
mac_addr=run("cat /sys/class/net/" + intf_data['interface_name'] + "/address")
assertEqual(mac_addr.lower(), intf_data['macaddress'].lower(), "mac address mis-match for interface %s on node %s. inventory data - %s, ifconfig data %s"
% (intf_data['interface_name'],node_name,intf_data['macaddress'].lower(),mac_addr.lower()))
if (intf_data['netmask'] and intf_data['netmask'] != 'N/A'):
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
mask=run("ifconfig " + intf_data['interface_name'] + " | grep Mask | awk '{print $4}' | cut -d ':' -f 2")
assertEqual(mask, intf_data['netmask'], "netmask mis-match for interface %s on node %s. inventory data - %s, ifconfig data %s"
% (intf_data['interface_name'],node_name,intf_data['netmask'],mask))
else:
self.logger.error("ERROR :: Interface not found in inventory but there as part of the system info")
self.logger.error("ERROR :: Inventory interface information %s" % intf_data)
self.logger.error("ERROR :: System interface information %s" % track_intf)
return False
#Check for memory state and number of disks.
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
dimm_size_mb=run("dmidecode -t 17 | grep Size | head -n 1 | awk '{print $2}'")
mem_speed_MHz=run("dmidecode -t 17 | grep Speed | head -n 1 | awk '{print $2}'")
mem_type=run("dmidecode -t 17 | grep Type | head -n 1 | awk '{print $2}'")
num_of_dimms=run("dmidecode -t 17 | grep 'Memory Device' | wc -l")
swap_size_mb=run("vmstat -s -S M | grep 'total swap' | awk '{print $1}'")
total_mem_mb=run("vmstat -s -S M | grep 'total memory' | awk '{print $1}'")
assertEqual(int(dimm_size_mb), inventory_data['ServerInventoryInfo']['mem_state']['dimm_size_mb'],
"dimm_size_mb mismatch for node %s = inventory_data - %s, dmidecode data - %s" % (node_name,inventory_data['ServerInventoryInfo']['mem_state']['dimm_size_mb'],int(dimm_size_mb)))
assertEqual(int(mem_speed_MHz), inventory_data['ServerInventoryInfo']['mem_state']['mem_speed_MHz'],
"mem_speed_MHz mismatch for node %s = inventory_data - %s, dmidecode data - %s" % (node_name,inventory_data['ServerInventoryInfo']['mem_state']['mem_speed_MHz'],int(mem_speed_MHz)))
assertEqual(mem_type, inventory_data['ServerInventoryInfo']['mem_state']['mem_type'],
"mem_type mismatch for node %s = inventory_data - %s, dmidecode data - %s" % (node_name,inventory_data['ServerInventoryInfo']['mem_state']['mem_type'],mem_type))
assertEqual(int(num_of_dimms), inventory_data['ServerInventoryInfo']['mem_state']['num_of_dimms'],
"num_of_dimms mismatch for node %s = inventory_data - %s, dmidecode data - %s" % (node_name,inventory_data['ServerInventoryInfo']['mem_state']['num_of_dimms'],int(num_of_dimms)))
if (float(swap_size_mb)*0.98 <= float(inventory_data['ServerInventoryInfo']['mem_state']['swap_size_mb']) <= float(swap_size_mb)*1.02):
self.logger.info("swap_size_mb matched inventory data.")
else:
self.logger.error("swap_size_mb for node %s = inventory_data - %s, vmstat data - %s --- Not in range 98% to 102%"
% (node_name,float(inventory_data['ServerInventoryInfo']['mem_state']['swap_size_mb']),float(swap_size_mb)))
return False
if (float(total_mem_mb)*0.98 <= float(inventory_data['ServerInventoryInfo']['mem_state']['total_mem_mb']) <= float(total_mem_mb)*1.02):
self.logger.info("total_mem_mb matched inventory data.")
else:
self.logger.error("total_mem_mb for node %s = inventory_data - %s, vmstat data - %s --- Not in range 98% to 102%"
% (node_name,float(inventory_data['ServerInventoryInfo']['mem_state']['total_mem_mb']),float(total_mem_mb)))
return False
#Check for system related inventory information.
with settings(host_string='root@'+node_ip, password=node_pswd, warn_only=True):
board_manufacturer=run("dmidecode -t 3 | grep 'Manufacturer' | awk '{print $2}'")
kernel_version=run("uname -r | cut -d '-' -f 1")
name=run("uname -n")
hardware_model=run("uname -i")
node_os=run("uname -v | cut -d '-' -f 2 | awk '{print $1}'")
assertEqual(board_manufacturer, inventory_data['ServerInventoryInfo']['fru_infos'][0]['board_manufacturer'],
"board_manufacturer mismatch for node %s = inventory_data - %s, dmidecode data - %s"
% (node_name,inventory_data['ServerInventoryInfo']['fru_infos'][0]['board_manufacturer'],board_manufacturer))
assertEqual(kernel_version, inventory_data['ServerInventoryInfo']['kernel_version'],
"kernel_version mismatch for node %s = inventory_data - %s, uname data - %s" % (node_name,inventory_data['ServerInventoryInfo']['kernel_version'],kernel_version))
assertEqual(name, inventory_data['ServerInventoryInfo']['name'],
"name mismatch for node %s = inventory_data - %s, uname data - %s" % (node_name,inventory_data['ServerInventoryInfo']['name'],name))
assertEqual(hardware_model, inventory_data['ServerInventoryInfo']['hardware_model'],
"hardware_model mismatch for node %s = inventory_data - %s, uname data - %s" % (node_name,inventory_data['ServerInventoryInfo']['hardware_model'],hardware_model))
assertEqual(node_os, inventory_data['ServerInventoryInfo']['os'],
"os mismatch for node %s = inventory_data - %s, uname data - %s" % (node_name,inventory_data['ServerInventoryInfo']['os'],node_os))
os.remove('working_db.txt')
self.logger.info("------------END OF INVENTORY TEST FOR NODE %s------------" % node_name)
return True
def test_policy_modify_vn_policy(self):
""" Configure policies based on topology;
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, one policy, 3 rules
topology_class_name = sdn_single_vm_policy_topology.sdn_single_vm_policy_config
self.logger.info("Scenario for the test used is: %s" % (topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name, username=self.project.username, password=self.project.password
)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out["result"], True, out["msg"])
if out["result"]:
topo, config_topo = out["data"]
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo["policy"][policy_name], topo, "setup")
###
# Test procedure:
# Test adding new policy to VN's exiting policy list
state = "add policy: "
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
# Init test data, take backup of current topology
initial_vn_policy_list = copy.copy(topo.vn_policy[test_vn])
new_policy_to_add = policy_test_utils.get_policy_not_in_vn(initial_vn_policy_list, topo.policy_list)
if not new_policy_to_add:
result = "False"
msg = "test %s cannot be run as required config not available in topology; aborting test"
self.logger.info(msg)
assertEqual(result, True, msg)
initial_policy_vn_list = copy.copy(topo.policy_vn[new_policy_to_add])
new_vn_policy_list = copy.copy(initial_vn_policy_list)
new_policy_vn_list = copy.copy(initial_policy_vn_list)
new_vn_policy_list.append(new_policy_to_add)
new_policy_vn_list.append(test_vn)
test_vn_fix = config_topo["vn"][test_vn]
test_vn_id = test_vn_fix.vn_id
# configure new policy
config_topo["policy"][new_policy_to_add] = self.useFixture(
PolicyFixture(
policy_name=new_policy_to_add,
rules_list=topo.rules[new_policy_to_add],
inputs=self.inputs,
connections=self.connections,
)
)
# get new policy_set to be pushed for the vn
test_policy_fq_names = []
for policy in new_vn_policy_list:
name = config_topo["policy"][policy].policy_fq_name
test_policy_fq_names.append(name)
self.logger.info("adding policy %s to vn %s" % (new_policy_to_add, test_vn))
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
topo.policy_vn[new_policy_to_add] = new_policy_vn_list
system_vna_verify_policy(self, config_topo["policy"][new_policy_to_add], topo, state)
# Test unbinding all policies from VN
state = "unbinding all policies"
test_vn_fix.unbind_policies(test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
current_vn_policy_list = new_vn_policy_list
new_vn_policy_list = []
self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
for policy in current_vn_policy_list:
topo.policy_vn[policy].remove(test_vn)
system_vna_verify_policy(self, config_topo["policy"][new_policy_to_add], topo, state)
return True
def test_policy_with_multi_vn_in_vm(self):
''' Test to validate policy action in VM with vnic's in multiple VN's with different policies.
Test flow: vm1 in vn1 and vn2; vm3 in vn3. policy to allow traffic from vn2 to vn3 and deny from vn1 to vn3.
Default route for vm1 in vn1, which has no reachability to vn3 - verify traffic - should fail.
Add specific route to direct vn3 traffic through vn2 - verify traffic - should pass.
'''
vm1_name = 'vm_mine1'
vm2_name = 'vm_mine2'
vn1_name = 'vn221'
vn1_subnets = ['11.1.1.0/24']
vn2_name = 'vn222'
vn2_subnets = ['22.1.1.0/24']
vn3_gateway = '22.1.1.254'
vn3_name = 'vn223'
vn3_subnets = ['33.1.1.0/24']
rules1 = [
{
'direction': '>', 'simple_action': 'deny',
'protocol': 'icmp', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
rules2 = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'any', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy1_name = 'p1'
policy2_name = 'p2'
policy1_fixture = self.useFixture(
PolicyFixture(
policy_name=policy1_name,
rules_list=rules1,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(
policy_name=policy2_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=[
policy1_fixture.policy_obj]))
vn2_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
disable_gateway=True,
policy_objs=[
policy2_fixture.policy_obj]))
vn3_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn3_name,
inputs=self.inputs,
subnets=vn3_subnets,
policy_objs=[
policy2_fixture.policy_obj]))
assert vn1_fixture.verify_on_setup()
assert vn2_fixture.verify_on_setup()
assert vn3_fixture.verify_on_setup()
assert vn1_fixture.verify_vn_policy_in_api_server()
assert vn2_fixture.verify_vn_policy_in_api_server()
assert vn3_fixture.verify_vn_policy_in_api_server()
vm1_fixture = self.useFixture(
VMFixture(
connections=self.connections,
vn_objs=[
vn1_fixture.obj,
vn2_fixture.obj],
vm_name=vm1_name,
project_name=self.inputs.project_name))
vm2_fixture = self.useFixture(
VMFixture(
connections=self.connections,
vn_objs=[
vn3_fixture.obj],
vm_name=vm2_name,
project_name=self.inputs.project_name))
assert vm1_fixture.verify_on_setup()
assert vm2_fixture.verify_on_setup()
self.nova_h.wait_till_vm_is_up(vm1_fixture.vm_obj)
self.nova_h.wait_till_vm_is_up(vm2_fixture.vm_obj)
# For multi-vn vm, configure ip address for 2nd interface
multivn_vm_ip_list = vm1_fixture.vm_ips
intf_conf_cmd = "ifconfig eth1 %s netmask 255.255.255.0" % multivn_vm_ip_list[
1]
vm_cmds = (intf_conf_cmd, 'ifconfig -a')
for cmd in vm_cmds:
cmd_to_output = [cmd]
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[cmd]
for ip in multivn_vm_ip_list:
if ip not in output:
self.logger.error(
"IP %s not assigned to any eth intf of %s" %
(ip, vm1_fixture.vm_name))
assert False
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw of VM
self.logger.info(
"Ping from multi-vn vm to vm2, with no allow rule in the VN where default gw is part of, traffic should fail")
result = vm1_fixture.ping_with_certainty(
vm2_fixture.vm_ip,
expectation=False)
assertEqual(result, True, "ping passed which is not expected")
# Configure VM to reroute traffic to interface belonging to different
# VN
self.logger.info(
"Direct traffic to gw which is part of VN with allow policy to destination VN, traffic should pass now")
i = ' route add -net %s netmask 255.255.255.0 gw %s dev eth1' % (
vn3_subnets[0].split('/')[0], multivn_vm_ip_list[1])
cmd_to_output = [i]
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[i]
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw for VM
self.logger.info(
"Ping from multi-vn vm to vm2, with allow rule in the VN where network gw is part of, traffic should pass")
result = vm1_fixture.ping_with_certainty(
vm2_fixture.vm_ip,
expectation=True)
assertEqual(result, True, "ping failed which is not expected")
return True
def repeated_policy_update_test_with_ping(self, topo):
""" Pick 2 VM's for testing, test with ping; modify policy of one VN [in which VM is
present] and verify the rule functionality with ping.
"""
result = True
msg = []
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
#out= setup_obj.topo_setup(vm_verify='yes', skip_cleanup='yes')
self.logger.info("Setup completed with result %s" % (out['result']))
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
# 1. Define Traffic Params
test_vm1 = topo.vmc_list[0] # 'vmc0'
test_vm2 = topo.vmc_list[1] # 'vmc1'
test_vm1_fixture = config_topo['vm'][test_vm1]
test_vm2_fixture = config_topo['vm'][test_vm2]
test_vn = topo.vn_of_vm[test_vm1] # 'vnet0'
test_vn_fix = config_topo['vn'][test_vn]
test_vn_id = test_vn_fix.vn_id
test_proto = 'icmp'
for policy in topo.policy_test_order:
# 2. set new policy for test_vn to policy
test_policy_fq_names = []
name = config_topo['policy'][policy].policy_fq_name
test_policy_fq_names.append(name)
state = "policy for " + test_vn + " updated to " + policy
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to
# system
time.sleep(5)
self.logger.info("new policy list of vn %s is %s" %
(test_vn, policy))
# update expected topology with this new info for verification
updated_topo = policy_test_utils.update_topo(topo, test_vn, policy)
self.logger.info("Starting Verifications after %s" % (state))
policy_info = "policy in effect is : %s" % (topo.rules[policy])
self.logger.info(policy_info)
# 3. set expectation to verify..
matching_rule_action = {}
# Topology guide: There is only one policy assigned to test_vn and there is one rule affecting traffic proto.
# For ping test, set expected result based on action - pass or deny
# if action = 'pass', expectedResult= True, else Fail;
num_rules = len(topo.rules[policy])
for i in range(num_rules):
proto = topo.rules[policy][i]['protocol']
matching_rule_action[proto] = topo.rules[
policy][i]['simple_action']
if num_rules == 0:
matching_rule_action[test_proto] = 'deny'
self.logger.info("matching_rule_action: %s" %
matching_rule_action)
# 4. Test with ping
expectedResult = True if matching_rule_action[
test_proto] == 'pass' else False
ret = test_vm1_fixture.ping_with_certainty(
test_vm2_fixture.vm_ip, expectation=expectedResult,
dst_vm_fixture=test_vm2_fixture)
result_msg = "vm ping test result after %s is: %s" % (state, ret)
self.logger.info(result_msg)
if not ret:
result = False
msg.extend([result_msg, policy_info])
all_policy_verify(
self, config_topo, updated_topo, state, fixture_only='yes')
assertEqual(result, True, msg)
test_vn_fix.unbind_policies(test_vn_id)
return result
def test_policy_rules_scaling_with_ping(self):
''' Test to validate scaling of policy and rules.
Test to validate multiple policy scaling with
10 rules each. These policies will be attached
to two VN's and 2 VM's will be spawned in each
of the VN's to verify exact number of acls are
created in the agent introspect.
Expected ace id's = 150 policy * 10 distinct rules
+ 1 valid rule + 2 default rules = 1503 ace id's.
'''
result = True
msg = []
vn1_name = 'vn1'
vn2_name = 'vn2'
vn1_subnets = [get_random_cidr(af='v4')]
vn2_subnets = ['20.1.1.0/24']
number_of_policy = 150
number_of_dummy_rules = 10
number_of_valid_rules = 1
number_of_default_rules = 2
total_number_of_rules = (
number_of_dummy_rules *
number_of_policy) + number_of_valid_rules + number_of_default_rules
no_of_rules_exp = total_number_of_rules
valid_rules = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
self.logger.info(
'Creating %d policy and %d rules to test policy scalability' %
(number_of_policy, number_of_dummy_rules + len(valid_rules)))
policy_objs_list = policy_test_helper._create_n_policy_n_rules(
self,
number_of_policy,
valid_rules,
number_of_dummy_rules,
verify=False)
time.sleep(5)
self.logger.info('Create VN and associate %d policy' %
(number_of_policy))
vn1_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=policy_objs_list))
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
policy_objs=policy_objs_list))
assert vn2_fixture.verify_on_setup()
vn1_vm1_name = 'vm1'
vn1_vm2_name = 'vm2'
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn1_fixture.obj,
vm_name=vn1_vm1_name))
assert vm1_fixture.verify_on_setup()
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn2_fixture.obj,
vm_name=vn1_vm2_name))
assert vm2_fixture.verify_on_setup()
vm1_fixture.wait_till_vm_is_up()
vm2_fixture.wait_till_vm_is_up()
self.logger.info("Verify ping to vm %s" % (vn1_vm2_name))
ret = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip,
expectation=True,
dst_vm_fixture=vm2_fixture)
result_msg = "vm ping test result to vm %s is: %s" % (vn1_vm2_name,
ret)
self.logger.info(result_msg)
if not ret:
result = False
msg.extend(
["ping failure with scaled policy and rules:", result_msg])
assertEqual(result, True, msg)
if self.inputs.get_af() == af_test:
#In v6 test, new rule is added for proto 58 corresponding to v4 icmp rule,
#so expected no. of rules should be increamented by 1
no_of_rules_exp = total_number_of_rules + 1
vn1_acl_count = len(
self.agent_inspect[vm1_fixture._vm_node_ip].get_vna_acl_by_vn(
vn1_fixture.vn_fq_name)['entries'])
vn2_acl_count = len(
self.agent_inspect[vm2_fixture._vm_node_ip].get_vna_acl_by_vn(
vn2_fixture.vn_fq_name)['entries'])
self.assertEqual(
vn1_acl_count, no_of_rules_exp,
"Mismatch in number of ace ID's and total number of rules in agent introspect \
for vn %s" % vn1_fixture.vn_fq_name)
self.assertEqual(
vn2_acl_count, no_of_rules_exp,
"Mismatch in number of ace ID's and total number of rules in agent introspect \
for vn %s" % vn2_fixture.vn_fq_name)
self.logger.info(
'Verified ace Id\'s were created for %d rules, to test policy scalability'
% no_of_rules_exp)
return True
def system_vna_verify_policy(self, policy_fixt, topo, state):
# Verify all policies in all compute nodes..
self.logger.info("Starting Verifications after %s" % (state))
ret = policy_fixt.verify_policy_in_vna(topo)
assertEqual(ret['result'], True, ret['msg'])
def test_policy_rules_scaling_with_ping(self):
''' Test to validate scaling of policy and rules
'''
result = True
msg = []
vn1_name = 'vn1'
vn2_name = 'vn2'
vn1_subnets = ['10.1.1.0/24']
vn2_subnets = ['20.1.1.0/24']
number_of_policy = 10
# adding workaround to pass the test with less number of rules till
# 1006, 1184 fixed
number_of_dummy_rules = 148
valid_rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'icmp', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'udp', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
self.logger.info(
'Creating %d policy and %d rules to test policy scalability' %
(number_of_policy, number_of_dummy_rules + len(valid_rules)))
# for now we are creating limited number of policy and rules
policy_objs_list = policy_test_helper._create_n_policy_n_rules(
self, number_of_policy, valid_rules, number_of_dummy_rules)
time.sleep(5)
self.logger.info('Create VN and associate %d policy' %
(number_of_policy))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=policy_objs_list))
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
policy_objs=policy_objs_list))
assert vn2_fixture.verify_on_setup()
vn1_vm1_name = 'vm1'
vn1_vm2_name = 'vm2'
vm1_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn1_fixture.obj,
vm_name=vn1_vm1_name))
assert vm1_fixture.verify_on_setup()
vm2_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn2_fixture.obj,
vm_name=vn1_vm2_name))
assert vm2_fixture.verify_on_setup()
vm1_fixture.wait_till_vm_is_up()
vm2_fixture.wait_till_vm_is_up()
self.logger.info("Verify ping to vm %s" % (vn1_vm2_name))
ret = vm1_fixture.ping_with_certainty(
vm2_fixture.vm_ip, expectation=True,
dst_vm_fixture=vm2_fixture)
result_msg = "vm ping test result to vm %s is: %s" % (
vn1_vm2_name, ret)
self.logger.info(result_msg)
if not ret:
result = False
msg.extend(
["ping failure with scaled policy and rules:", result_msg])
assertEqual(result, True, msg)
return True
def test_policy_rules_scaling_with_ping(self):
""" Test to validate scaling of policy and rules
"""
result = True
msg = []
vn1_name = "vn1"
vn2_name = "vn2"
vn1_subnets = ["10.1.1.0/24"]
vn2_subnets = ["20.1.1.0/24"]
number_of_policy = 10
# adding workaround to pass the test with less number of rules till
# 1006, 1184 fixed
number_of_dummy_rules = 148
valid_rules = [
{
"direction": "<>",
"simple_action": "pass",
"protocol": "icmp",
"src_ports": "any",
"dst_ports": "any",
"source_network": "any",
"dest_network": "any",
},
{
"direction": "<>",
"simple_action": "pass",
"protocol": "udp",
"src_ports": "any",
"dst_ports": "any",
"source_network": "any",
"dest_network": "any",
},
]
self.logger.info(
"Creating %d policy and %d rules to test policy scalability"
% (number_of_policy, number_of_dummy_rules + len(valid_rules))
)
# for now we are creating limited number of policy and rules
policy_objs_list = policy_test_helper._create_n_policy_n_rules(
self, number_of_policy, valid_rules, number_of_dummy_rules
)
time.sleep(5)
self.logger.info("Create VN and associate %d policy" % (number_of_policy))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=policy_objs_list,
)
)
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
policy_objs=policy_objs_list,
)
)
assert vn2_fixture.verify_on_setup()
vn1_vm1_name = "vm1"
vn1_vm2_name = "vm2"
vm1_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn1_fixture.obj,
vm_name=vn1_vm1_name,
)
)
assert vm1_fixture.verify_on_setup()
vm2_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn2_fixture.obj,
vm_name=vn1_vm2_name,
)
)
assert vm2_fixture.verify_on_setup()
vm1_fixture.wait_till_vm_is_up()
vm2_fixture.wait_till_vm_is_up()
self.logger.info("Verify ping to vm %s" % (vn1_vm2_name))
ret = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip, expectation=True)
result_msg = "vm ping test result to vm %s is: %s" % (vn1_vm2_name, ret)
self.logger.info(result_msg)
if not ret:
result = False
msg.extend(["ping failure with scaled policy and rules:", result_msg])
assertEqual(result, True, msg)
return True
def test_flow_multi_projects(self):
"""Tests related to flow setup rate and flow table stability accross various triggers for verification
accross VN's and accross multiple projects"""
result = True
self.comp_node_fixt = {}
for cmp_node in self.inputs.compute_ips:
self.comp_node_fixt[cmp_node] = self.useFixture(
ComputeNodeFixture(self.connections, cmp_node))
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
msg = []
topology_class_name = sdn_flow_test_topo_multiple_projects.multi_project_topo
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
#
# Create a list of compute node IP's and pass it to topo if you want to pin
# a vm to a particular node
topo = topology_class_name(compute_node_list=self.inputs.compute_ips)
#
# 1. Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
self.topo, self.config_topo = out['data'][0], out['data'][1]
self.proj = list(self.topo.keys())[0]
# 2. Start Traffic
for profile, details in self.topo[self.proj].traffic_profile.items():
self.logger.info("Profile under test: %s, details: %s" %
(profile, details))
self.src_vm = details['src_vm']
self.dst_vm = details['dst_vm']
self.src_proj = details['src_proj']
self.dst_proj = details['dst_proj']
# Not flow scaling test, limit num_flows to low number..
num_flows = 15000
self.generated_flows = 2 * num_flows
self.flow_gen_rate = 1000
src_vm_fixture = self.config_topo[self.src_proj]['vm'][self.src_vm]
src_vm_vn = src_vm_fixture.vn_names[0]
src_vm_vn_fix = self.config_topo[self.src_proj]['vn'][src_vm_vn]
dst_vm_fixture = self.config_topo[self.dst_proj]['vm'][self.dst_vm]
self.proto = 'udp'
self.cmp_node = src_vm_fixture.vm_node_ip
self.comp_node_fixt[self.cmp_node].get_config_per_vm_flow_limit()
self.comp_node_fixt[self.cmp_node].get_config_flow_aging_time()
self.max_vm_flows = self.comp_node_fixt[self.cmp_node].max_vm_flows
self.flow_cache_timeout = self.comp_node_fixt[
self.cmp_node].flow_cache_timeout
self.traffic_obj = self.useFixture(
traffic_tests.trafficTestFixture(self.connections))
# def startTraffic (tx_vm_fixture= None, rx_vm_fixture= None,
# stream_proto= 'udp', start_sport= 8000,
# total_single_instance_streams= 20):
startStatus = self.traffic_obj.startTraffic(
total_single_instance_streams=num_flows,
pps=self.flow_gen_rate,
start_sport=1000,
cfg_profile='ContinuousSportRange',
tx_vm_fixture=src_vm_fixture,
rx_vm_fixture=dst_vm_fixture,
stream_proto=self.proto)
msg1 = "Status of start traffic : %s, %s, %s" % (
self.proto, src_vm_fixture.vm_ip, startStatus['status'])
self.logger.info(msg1)
assert startStatus['status'], msg1
# 3. Poll live traffic & verify VM flow count
self.verify_node_flow_setup()
# 4. Stop Traffic
self.logger.info("Proceed to stop traffic..")
self.traffic_obj.stopTraffic(wait_for_stop=False)
start_time = time.time()
# 5. Verify flow ageing
self.logger.info(
"With traffic stopped, wait for flow_cache_timeout to trigger flow ageing"
)
sleep(self.flow_cache_timeout)
while True:
begin_flow_count = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
self.logger.debug('begin_flow_count: %s' % (begin_flow_count))
if begin_flow_count['all'] == 0:
break
flow_teardown_time = math.ceil(
flow_test_utils.get_max_flow_removal_time(
begin_flow_count['all'], self.flow_cache_timeout))
# flow_teardown_time is not the actual time to remove flows
# Based on flow_count at this time, teardown_time is calculated to the value
# which will vary with agent's poll, which is done at regular intervals..
self.logger.info('Sleeping for %s secs' % (flow_teardown_time))
sleep(flow_teardown_time)
# at the end of wait, actual_flows should be atleast < 50% of total flows before start of teardown
current_flow_count = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
self.logger.debug('current_flow_count: %s' %
(current_flow_count))
if current_flow_count['all'] > (0.5 * begin_flow_count['all']):
msg = [
'Flow removal not happening as expected in node %s' %
self.cmp_node
]
msg.append(
'Flow count before wait: %s, after wait of %s secs, its: %s'
% (begin_flow_count['all'], flow_teardown_time,
current_flow_count['all']))
assert False, msg
if current_flow_count['all'] < (0.1 * begin_flow_count['all']):
break
# end of while loop
elapsed_time = time.time() - start_time
self.logger.info(
"Flows aged out as expected in configured flow_cache_timeout")
# end of profile for loop
return True
def test_policy_modify_vn_policy(self):
""" Configure policies based on topology;
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, one policy, 3 rules
topology_class_name = sdn_single_vm_policy_topology.sdn_single_vm_policy_config
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo['policy'][policy_name],
topo, 'setup')
###
# Test procedure:
# Test adding new policy to VN's exiting policy list
state = "add policy: "
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
# Init test data, take backup of current topology
initial_vn_policy_list = copy.copy(topo.vn_policy[test_vn])
new_policy_to_add = policy_test_utils.get_policy_not_in_vn(
initial_vn_policy_list, topo.policy_list)
if not new_policy_to_add:
result = 'False'
msg = "test %s cannot be run as required config not available in topology; aborting test"
self.logger.info(msg)
assertEqual(result, True, msg)
initial_policy_vn_list = copy.copy(topo.policy_vn[new_policy_to_add])
new_vn_policy_list = copy.copy(initial_vn_policy_list)
new_policy_vn_list = copy.copy(initial_policy_vn_list)
new_vn_policy_list.append(new_policy_to_add)
new_policy_vn_list.append(test_vn)
test_vn_fix = config_topo['vn'][test_vn]
test_vn_id = test_vn_fix.vn_id
# configure new policy
config_topo['policy'][new_policy_to_add] = self.useFixture(
PolicyFixture(policy_name=new_policy_to_add,
rules_list=topo.rules[new_policy_to_add],
inputs=self.inputs,
connections=self.connections))
# get new policy_set to be pushed for the vn
test_policy_fq_names = []
for policy in new_vn_policy_list:
name = config_topo['policy'][policy].policy_fq_name
test_policy_fq_names.append(name)
self.logger.info("adding policy %s to vn %s" %
(new_policy_to_add, test_vn))
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
self.logger.info("New policy list of VN %s is %s" %
(test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
topo.policy_vn[new_policy_to_add] = new_policy_vn_list
system_vna_verify_policy(self,
config_topo['policy'][new_policy_to_add],
topo, state)
# Test unbinding all policies from VN
state = "unbinding all policies"
test_vn_fix.unbind_policies(test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
current_vn_policy_list = new_vn_policy_list
new_vn_policy_list = []
self.logger.info("New policy list of VN %s is %s" %
(test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
for policy in current_vn_policy_list:
topo.policy_vn[policy].remove(test_vn)
system_vna_verify_policy(self,
config_topo['policy'][new_policy_to_add],
topo, state)
return True
def test_agent_flow_settings(self):
"""Basic systest with single project with many features & traffic..
"""
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
# import mini_flow_test_topo
# topology_class_name = mini_flow_test_topo.systest_topo_single_project
topology_class_name = flow_test_topo.systest_topo_single_project
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
topo = topology_class_name(compute_node_list=self.inputs.compute_ips)
#
# 1. Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
config_topo = out['data'][1]
self.proj = list(config_topo.keys())[0]
self.topo, self.config_topo = topo, config_topo
# 2. set agent flow_cache_timeout to 60s
# set max_vm_flows to 1% of 500k, comes to 5000
self.comp_node_fixt = {}
self.flow_cache_timeout = 60
for cmp_node in self.inputs.compute_ips:
self.comp_node_fixt[cmp_node] = self.useFixture(
ComputeNodeFixture(self.connections, cmp_node))
self.comp_node_fixt[cmp_node].set_flow_aging_time(
self.flow_cache_timeout)
self.comp_node_fixt[cmp_node].sup_vrouter_process_restart()
# 3. Start Traffic
for profile, details in self.topo.traffic_profile.items():
self.logger.info("Profile under test: %s, details: %s" %
(profile, details))
self.src_vm = details['src_vm']
self.dst_vm = details['dst_vm']
self.src_proj = self.proj
self.dst_proj = self.proj
# Set num_flows to fixed, smaller value but > 1% of
# system max flows
num_flows = 5555
self.generated_flows = 2 * num_flows
self.flow_gen_rate = 1000
src_vm_fixture = self.config_topo[self.proj]['vm'][self.src_vm]
src_vm_vn = src_vm_fixture.vn_names[0]
src_vm_vn_fix = self.config_topo[self.proj]['vn'][src_vm_vn]
dst_vm_fixture = self.config_topo[self.proj]['vm'][self.dst_vm]
self.proto = 'udp'
self.cmp_node = src_vm_fixture.vm_node_ip
# 3a. Set max_vm_flows to 1% in TX VM node
self.max_vm_flows = 1
self.comp_node_fixt[self.cmp_node].set_per_vm_flow_limit(
self.max_vm_flows)
self.comp_node_fixt[self.cmp_node].sup_vrouter_process_restart()
self.logger.info(
"Wait for 2s for flow setup to start after service restart")
sleep(2)
flow_test_utils.update_vm_mdata_ip(self.cmp_node, self)
self.traffic_obj = self.useFixture(
traffic_tests.trafficTestFixture(self.connections))
# def startTraffic (tx_vm_fixture= None, rx_vm_fixture= None,
# stream_proto= 'udp', start_sport= 8000,
# total_single_instance_streams= 20):
startStatus = self.traffic_obj.startTraffic(
total_single_instance_streams=num_flows,
pps=self.flow_gen_rate,
start_sport=1000,
cfg_profile='ContinuousSportRange',
tx_vm_fixture=src_vm_fixture,
rx_vm_fixture=dst_vm_fixture,
stream_proto=self.proto)
msg1 = "Status of start traffic : %s, %s, %s" % (
self.proto, src_vm_fixture.vm_ip, startStatus['status'])
self.logger.info(msg1)
assert startStatus['status'], msg1
# 4. Poll live traffic & verify VM flow count
self.verify_node_flow_setup()
# 5. Increase max_vm_flows to 50% in TX VM node
self.max_vm_flows = 50
self.comp_node_fixt[self.cmp_node].set_per_vm_flow_limit(
self.max_vm_flows)
self.comp_node_fixt[self.cmp_node].sup_vrouter_process_restart()
self.logger.info(
"Wait for 2s for flow setup to start after service restart")
sleep(2)
# 6. Poll live traffic
self.verify_node_flow_setup()
# 7. Stop Traffic
self.logger.info("Proceed to stop traffic..")
self.traffic_obj.stopTraffic(wait_for_stop=False)
start_time = time.time()
# 8. Verify flow ageing
self.logger.info(
"With traffic stopped, wait for flow_cache_timeout to trigger flow ageing"
)
sleep(self.flow_cache_timeout)
retries = 0
retry_wait_time = 10
flow_teardown_time = math.ceil(
flow_test_utils.get_max_flow_removal_time(
self.generated_flows, self.flow_cache_timeout))
self.logger.debug("flow tear down time based on calcualtion: %s" %
flow_teardown_time)
max_retries = math.ceil(self.flow_cache_timeout / retry_wait_time)
while retries < max_retries:
actual_flows = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
actual_flows = int(actual_flows['all'])
if actual_flows > 10:
self.logger.info("Waiting for flows to age out")
sleep(retry_wait_time)
retries += 1
else:
break
elapsed_time = time.time() - start_time
if actual_flows > 50:
msg = "Expected flows to age-out as configured, Seeing flows still active after elapsed time %s in node: %s, actual_flows: %s" % (
elapsed_time, self.cmp_node, actual_flows)
assert False, msg
else:
self.logger.info(
"Flows aged out as expected in configured flow_cache_timeout"
)
self.logger.info(
"elapsed_time after stopping traffic is %s, flow_count is %s"
% (elapsed_time, actual_flows))
def system_vna_verify_policy(self, policy_fixt, topo, state):
# Verify all policies in all compute nodes..
self.logger.debug("Starting Verifications after %s" % (state))
ret = policy_fixt.verify_policy_in_vna(topo)
assertEqual(ret['result'], True, ret['msg'])
def test_policy_with_multi_vn_in_vm(self):
''' Test to validate policy action in VM with vnic's in multiple VN's with different policies.
Test flow: vm1 in vn1 and vn2; vm3 in vn3. policy to allow traffic from vn2 to vn3 and deny from vn1 to vn3.
Default route for vm1 in vn1, which has no reachability to vn3 - verify traffic - should fail.
Add specific route to direct vn3 traffic through vn2 - verify traffic - should pass.
'''
vm1_name = 'vm_mine1'
vm2_name = 'vm_mine2'
vn1_name = 'vn221'
vn1_subnets = ['11.1.1.0/24']
vn2_name = 'vn222'
vn2_subnets = ['22.1.1.0/24']
vn3_gateway = '22.1.1.254'
vn3_name = 'vn223'
vn3_subnets = ['33.1.1.0/24']
rules1 = [
{
'direction': '>',
'simple_action': 'deny',
'protocol': 'icmp',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
rules2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy1_name = 'p1'
policy2_name = 'p2'
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=rules1,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(policy_name=policy2_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=[policy1_fixture.policy_obj]))
vn2_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
disable_gateway=True,
policy_objs=[policy2_fixture.policy_obj]))
vn3_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn3_name,
inputs=self.inputs,
subnets=vn3_subnets,
policy_objs=[policy2_fixture.policy_obj]))
assert vn1_fixture.verify_on_setup()
assert vn2_fixture.verify_on_setup()
assert vn3_fixture.verify_on_setup()
assert vn1_fixture.verify_vn_policy_in_api_server()
assert vn2_fixture.verify_vn_policy_in_api_server()
assert vn3_fixture.verify_vn_policy_in_api_server()
vm1_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_objs=[vn1_fixture.obj, vn2_fixture.obj],
vm_name=vm1_name,
project_name=self.inputs.project_name))
vm2_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_objs=[vn3_fixture.obj],
vm_name=vm2_name,
project_name=self.inputs.project_name))
assert vm1_fixture.verify_on_setup()
assert vm2_fixture.verify_on_setup()
self.nova_h.wait_till_vm_is_up(vm1_fixture.vm_obj)
self.nova_h.wait_till_vm_is_up(vm2_fixture.vm_obj)
# For multi-vn vm, configure ip address for 2nd interface
multivn_vm_ip_list = vm1_fixture.vm_ips
intf_conf_cmd = "ifconfig eth1 %s netmask 255.255.255.0" % multivn_vm_ip_list[
1]
vm_cmds = (intf_conf_cmd, 'ifconfig -a')
for cmd in vm_cmds:
cmd_to_output = [cmd]
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[cmd]
for ip in multivn_vm_ip_list:
if ip not in output:
self.logger.error("IP %s not assigned to any eth intf of %s" %
(ip, vm1_fixture.vm_name))
assert False
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw of VM
self.logger.info(
"Ping from multi-vn vm to vm2, with no allow rule in the VN where default gw is part of, traffic should fail"
)
result = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip,
expectation=False)
assertEqual(result, True, "ping passed which is not expected")
# Configure VM to reroute traffic to interface belonging to different
# VN
self.logger.info(
"Direct traffic to gw which is part of VN with allow policy to destination VN, traffic should pass now"
)
i = ' route add -net %s netmask 255.255.255.0 gw %s dev eth1' % (
vn3_subnets[0].split('/')[0], multivn_vm_ip_list[1])
cmd_to_output = [i]
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[i]
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw for VM
self.logger.info(
"Ping from multi-vn vm to vm2, with allow rule in the VN where network gw is part of, traffic should pass"
)
result = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip,
expectation=True)
assertEqual(result, True, "ping failed which is not expected")
return True
def test_flow_multi_projects(self):
"""Tests related to flow setup rate and flow table stability accross various triggers for verification
accross VN's and accross multiple projects"""
result = True
self.comp_node_fixt = {}
for cmp_node in self.inputs.compute_ips:
self.comp_node_fixt[cmp_node] = self.useFixture(ComputeNodeFixture(
self.connections, cmp_node))
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
msg = []
topology_class_name = sdn_flow_test_topo_multiple_projects.multi_project_topo
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
#
# Create a list of compute node IP's and pass it to topo if you want to pin
# a vm to a particular node
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# 1. Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
self.topo, self.config_topo = out['data'][0], out['data'][1]
self.proj = list(self.topo.keys())[0]
# 2. Start Traffic
for profile, details in self.topo[self.proj].traffic_profile.items():
self.logger.info("Profile under test: %s, details: %s" %(profile, details))
self.src_vm = details['src_vm']
self.dst_vm = details['dst_vm']
self.src_proj = details['src_proj']
self.dst_proj = details['dst_proj']
# Not flow scaling test, limit num_flows to low number..
num_flows = 15000
self.generated_flows = 2*num_flows
self.flow_gen_rate = 1000
src_vm_fixture = self.config_topo[self.src_proj]['vm'][self.src_vm]
src_vm_vn = src_vm_fixture.vn_names[0]
src_vm_vn_fix = self.config_topo[self.src_proj]['vn'][src_vm_vn]
dst_vm_fixture = self.config_topo[self.dst_proj]['vm'][self.dst_vm]
self.proto = 'udp'
self.cmp_node = src_vm_fixture.vm_node_ip
self.comp_node_fixt[self.cmp_node].get_config_per_vm_flow_limit()
self.comp_node_fixt[self.cmp_node].get_config_flow_aging_time()
self.max_vm_flows = self.comp_node_fixt[self.cmp_node].max_vm_flows
self.flow_cache_timeout = self.comp_node_fixt[self.cmp_node].flow_cache_timeout
self.traffic_obj = self.useFixture(
traffic_tests.trafficTestFixture(self.connections))
# def startTraffic (tx_vm_fixture= None, rx_vm_fixture= None,
# stream_proto= 'udp', start_sport= 8000,
# total_single_instance_streams= 20):
startStatus = self.traffic_obj.startTraffic(
total_single_instance_streams=num_flows,
pps=self.flow_gen_rate,
start_sport=1000,
cfg_profile='ContinuousSportRange',
tx_vm_fixture=src_vm_fixture,
rx_vm_fixture=dst_vm_fixture,
stream_proto=self.proto)
msg1 = "Status of start traffic : %s, %s, %s" % (
self.proto, src_vm_fixture.vm_ip, startStatus['status'])
self.logger.info(msg1)
assert startStatus['status'], msg1
# 3. Poll live traffic & verify VM flow count
self.verify_node_flow_setup()
# 4. Stop Traffic
self.logger.info("Proceed to stop traffic..")
self.traffic_obj.stopTraffic(wait_for_stop=False)
start_time = time.time()
# 5. Verify flow ageing
self.logger.info(
"With traffic stopped, wait for flow_cache_timeout to trigger flow ageing")
sleep(self.flow_cache_timeout)
while True:
begin_flow_count = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
self.logger.debug('begin_flow_count: %s' %(begin_flow_count))
if begin_flow_count['all'] == 0:
break
flow_teardown_time = math.ceil(flow_test_utils.get_max_flow_removal_time(begin_flow_count['all'], self.flow_cache_timeout))
# flow_teardown_time is not the actual time to remove flows
# Based on flow_count at this time, teardown_time is calculated to the value
# which will vary with agent's poll, which is done at regular intervals..
self.logger.info('Sleeping for %s secs' %(flow_teardown_time))
sleep(flow_teardown_time)
# at the end of wait, actual_flows should be atleast < 50% of total flows before start of teardown
current_flow_count = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
self.logger.debug('current_flow_count: %s' %(current_flow_count))
if current_flow_count['all'] > (0.5*begin_flow_count['all']):
msg = ['Flow removal not happening as expected in node %s' %self.cmp_node]
msg.append('Flow count before wait: %s, after wait of %s secs, its: %s' %
(begin_flow_count['all'], flow_teardown_time, current_flow_count['all']))
assert False, msg
if current_flow_count['all'] < (0.1*begin_flow_count['all']):
break
# end of while loop
elapsed_time = time.time() - start_time
self.logger.info(
"Flows aged out as expected in configured flow_cache_timeout")
# end of profile for loop
return True
def test_one_policy_rules_scaling_with_ping(self):
''' Test to validate scaling of policy and rules.
Test to validate rules scaling on a single
policy. The policy will be attached to two
VN's and 2 VM's will be spawned in each of
the VN's to verify exact number of acls are
created in the agent introspect.
Expected ace id's = 1 policy * 1498 distinct rules
+ 2 valid rule + 2 default rules = 1504 ace id's.
'''
result = True
msg = []
vn1_name = 'vn1'
vn2_name = 'vn2'
vn1_subnets = ['10.1.1.0/24']
vn2_subnets = ['20.1.1.0/24']
number_of_policy = 1
number_of_dummy_rules = 1498
number_of_valid_rules = 2
number_of_default_rules = 2
total_number_of_rules=number_of_dummy_rules + number_of_valid_rules + number_of_default_rules
no_of_rules_exp = total_number_of_rules
valid_rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'icmp', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'udp', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
self.logger.info(
'Creating %d policy and %d rules to test policy scalability' %
(number_of_policy, number_of_dummy_rules + len(valid_rules)))
policy_objs_list = policy_test_helper._create_n_policy_n_rules(
self, number_of_policy, valid_rules, number_of_dummy_rules)
time.sleep(5)
self.logger.info('Create VN and associate %d policy' %
(number_of_policy))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=policy_objs_list))
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
policy_objs=policy_objs_list))
assert vn2_fixture.verify_on_setup()
vn1_vm1_name = 'vm1'
vn1_vm2_name = 'vm2'
vm1_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn1_fixture.obj,
vm_name=vn1_vm1_name))
assert vm1_fixture.verify_on_setup()
vm2_fixture = self.useFixture(
VMFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn2_fixture.obj,
vm_name=vn1_vm2_name))
assert vm2_fixture.verify_on_setup()
vm1_fixture.wait_till_vm_is_up()
vm2_fixture.wait_till_vm_is_up()
self.logger.info("Verify ping to vm %s" % (vn1_vm2_name))
ret = vm1_fixture.ping_with_certainty(
vm2_fixture.vm_ip, expectation=True,
dst_vm_fixture=vm2_fixture)
result_msg = "vm ping test result to vm %s is: %s" % (
vn1_vm2_name, ret)
self.logger.info(result_msg)
if not ret:
result = False
msg.extend(
["ping failure with scaled policy and rules:", result_msg])
assertEqual(result, True, msg)
if self.inputs.get_af() == af_test:
#In v6 test, new rule is added for proto 58 corresponding to v4 icmp rule,
#so expected no. of rules should be increamented by 1
no_of_rules_exp = total_number_of_rules + 1
vn1_acl_count=len(self.agent_inspect[
vm1_fixture._vm_node_ip].get_vna_acl_by_vn(vn1_fixture.vn_fq_name)['entries'])
vn2_acl_count=len(self.agent_inspect[
vm2_fixture._vm_node_ip].get_vna_acl_by_vn(vn2_fixture.vn_fq_name)['entries'])
self.assertEqual(vn1_acl_count, no_of_rules_exp,
"Mismatch in number of ace ID's and total number of rules in agent introspect \
for vn %s" %vn1_fixture.vn_fq_name)
self.assertEqual(vn2_acl_count, no_of_rules_exp,
"Mismatch in number of ace ID's and total number of rules in agent introspect \
for vn %s" %vn2_fixture.vn_fq_name)
self.logger.info(
'Verified ace Id\'s were created for %d rules, to test policy scalability' %
no_of_rules_exp)
return True
def test_agent_flow_settings(self):
"""Basic systest with single project with many features & traffic..
"""
#
# Check if there are enough nodes i.e. atleast 2 compute nodes to run this test.
# else report that minimum 2 compute nodes are needed for this test and
# exit.
if len(self.inputs.compute_ips) < 2:
self.logger.warn(
"Minimum 2 compute nodes are needed for this test to run")
self.logger.warn(
"Exiting since this test can't be run on single compute node")
return True
#
# Get config for test from topology
# import mini_flow_test_topo
# topology_class_name = mini_flow_test_topo.systest_topo_single_project
topology_class_name = flow_test_topo.systest_topo_single_project
self.logger.info(
"Scenario for the test used is: %s" %
(topology_class_name))
topo = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# 1. Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm':
# vm_fixture}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.sdn_topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
config_topo = out['data'][1]
self.proj = list(config_topo.keys())[0]
self.topo, self.config_topo = topo, config_topo
# 2. set agent flow_cache_timeout to 60s
# set max_vm_flows to 1% of 500k, comes to 5000
self.comp_node_fixt = {}
self.flow_cache_timeout = 60
for cmp_node in self.inputs.compute_ips:
self.comp_node_fixt[cmp_node] = self.useFixture(ComputeNodeFixture(
self.connections, cmp_node))
self.comp_node_fixt[cmp_node].set_flow_aging_time(
self.flow_cache_timeout)
self.comp_node_fixt[cmp_node].sup_vrouter_process_restart()
# 3. Start Traffic
for profile, details in self.topo.traffic_profile.items():
self.logger.info("Profile under test: %s, details: %s" %(profile, details))
self.src_vm = details['src_vm']
self.dst_vm = details['dst_vm']
self.src_proj = self.proj
self.dst_proj = self.proj
# Set num_flows to fixed, smaller value but > 1% of
# system max flows
num_flows = 5555
self.generated_flows = 2*num_flows
self.flow_gen_rate = 1000
src_vm_fixture = self.config_topo[self.proj]['vm'][self.src_vm]
src_vm_vn = src_vm_fixture.vn_names[0]
src_vm_vn_fix = self.config_topo[self.proj]['vn'][src_vm_vn]
dst_vm_fixture = self.config_topo[self.proj]['vm'][self.dst_vm]
self.proto = 'udp'
self.cmp_node = src_vm_fixture.vm_node_ip
# 3a. Set max_vm_flows to 1% in TX VM node
self.max_vm_flows = 1
self.comp_node_fixt[
self.cmp_node].set_per_vm_flow_limit(
self.max_vm_flows)
self.comp_node_fixt[self.cmp_node].sup_vrouter_process_restart()
self.logger.info(
"Wait for 2s for flow setup to start after service restart")
sleep(2)
flow_test_utils.update_vm_mdata_ip(self.cmp_node, self)
self.traffic_obj = self.useFixture(
traffic_tests.trafficTestFixture(self.connections))
# def startTraffic (tx_vm_fixture= None, rx_vm_fixture= None,
# stream_proto= 'udp', start_sport= 8000,
# total_single_instance_streams= 20):
startStatus = self.traffic_obj.startTraffic(
total_single_instance_streams=num_flows,
pps=self.flow_gen_rate,
start_sport=1000,
cfg_profile='ContinuousSportRange',
tx_vm_fixture=src_vm_fixture,
rx_vm_fixture=dst_vm_fixture,
stream_proto=self.proto)
msg1 = "Status of start traffic : %s, %s, %s" % (
self.proto, src_vm_fixture.vm_ip, startStatus['status'])
self.logger.info(msg1)
assert startStatus['status'], msg1
# 4. Poll live traffic & verify VM flow count
self.verify_node_flow_setup()
# 5. Increase max_vm_flows to 50% in TX VM node
self.max_vm_flows = 50
self.comp_node_fixt[
self.cmp_node].set_per_vm_flow_limit(
self.max_vm_flows)
self.comp_node_fixt[self.cmp_node].sup_vrouter_process_restart()
self.logger.info(
"Wait for 2s for flow setup to start after service restart")
sleep(2)
# 6. Poll live traffic
self.verify_node_flow_setup()
# 7. Stop Traffic
self.logger.info("Proceed to stop traffic..")
self.traffic_obj.stopTraffic(wait_for_stop=False)
start_time = time.time()
# 8. Verify flow ageing
self.logger.info(
"With traffic stopped, wait for flow_cache_timeout to trigger flow ageing")
sleep(self.flow_cache_timeout)
retries = 0
retry_wait_time = 10
flow_teardown_time = math.ceil(flow_test_utils.get_max_flow_removal_time(self.generated_flows, self.flow_cache_timeout))
self.logger.debug("flow tear down time based on calcualtion: %s" %flow_teardown_time)
max_retries = math.ceil(self.flow_cache_timeout / retry_wait_time)
while retries < max_retries:
actual_flows = self.comp_node_fixt[
self.cmp_node].get_vrouter_matching_flow_count(
self.flow_data)
actual_flows = int(actual_flows['all'])
if actual_flows > 10:
self.logger.info("Waiting for flows to age out")
sleep(retry_wait_time)
retries += 1
else:
break
elapsed_time = time.time() - start_time
if actual_flows > 50:
msg = "Expected flows to age-out as configured, Seeing flows still active after elapsed time %s in node: %s, actual_flows: %s" % (
elapsed_time, self.cmp_node, actual_flows)
assert False, msg
else:
self.logger.info(
"Flows aged out as expected in configured flow_cache_timeout")
self.logger.info(
"elapsed_time after stopping traffic is %s, flow_count is %s" %
(elapsed_time, actual_flows))