def test_dvr_router_gateway_redirect_cleanup_on_agent_restart(self): """Test to validate the router namespace gateway redirect rule cleanup. This test checks for the non existence of the gateway redirect rules in the router namespace after the agent restarts while the gateway is removed for the router. """ self.agent.conf.agent_mode = 'dvr_snat' router_info = self.generate_dvr_router_info() router1 = self.manage_router(self.agent, router_info) self._assert_snat_namespace_exists(router1) self.assertTrue(self._namespace_exists(router1.ns_name)) restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) router1.router['gw_port'] = "" router1.router['gw_port_host'] = "" router1.router['external_gateway_info'] = "" restarted_router = self.manage_router(restarted_agent, router1.router) self.assertTrue(self._namespace_exists(restarted_router.ns_name)) ns_ipr = ip_lib.IPRule(namespace=router1.ns_name) ip4_rules_list = ns_ipr.rule.list_rules(lib_constants.IP_VERSION_4) ip6_rules_list = ns_ipr.rule.list_rules(lib_constants.IP_VERSION_6) # Just make sure the basic set of rules are there in the router # namespace self.assertEqual(3, len(ip4_rules_list)) self.assertEqual(2, len(ip6_rules_list))
def setUp(self): super(TestIPSecBase, self).setUp() mock.patch('neutron.agent.l3.agent.L3PluginApi').start() mock.patch('neutron_vpnaas.services.vpn.device_drivers.ipsec.' 'IPsecVpnDriverApi').start() # avoid report_status running periodically mock.patch('oslo_service.loopingcall.FixedIntervalLoopingCall').start() # Both the vpn agents try to use execute_rootwrap_daemon's socket # simultaneously during test cleanup, but execute_rootwrap_daemon has # limitations with simultaneous reads. So avoid using # root_helper_daemon and instead use root_helper # https://bugs.launchpad.net/neutron/+bug/1482622 cfg.CONF.set_override('root_helper_daemon', None, group='AGENT') # Mock the method below because it causes Exception: # RuntimeError: Second simultaneous read on fileno 5 detected. # Unless you really know what you're doing, make sure that only # one greenthread can read any particular socket. Consider using # a pools.Pool. If you do know what you're doing and want to disable # this error, call eventlet.debug.hub_prevent_multiple_readers(False) # Can reproduce the exception in the test only ip_lib.send_ip_addr_adv_notif = mock.Mock() self.conf = self._configure_agent('agent1') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf) self.vpn_agent = vpn_agent.L3WithVPNaaS(self.conf) self.driver = self.vpn_agent.device_drivers[0] self.driver.agent_rpc.get_vpn_services_on_host = mock.Mock( return_value=[]) self.driver.report_status = mock.Mock() self.private_nets = list(PRIVATE_NET.subnet(24))
def setUp(self): super(L3AgentNDPProxyTestFramework, self).setUp() self.conf.set_override('extensions', ['ndp_proxy'], 'agent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport(HOSTNAME, self.conf) self.np_ext = np.NDPProxyAgentExtension() port_id1 = uuidutils.generate_uuid() port1_binding = ports_obj.PortBinding(port_id=port_id1, host=self.agent.host) port1_obj = ports_obj.Port(id=port_id1, bindings=[port1_binding]) port_id2 = uuidutils.generate_uuid() port2_binding = ports_obj.PortBinding(port_id=port_id1, host='fake_host') port2_obj = ports_obj.Port(id=port_id2, bindings=[port2_binding]) self.ports = [port1_obj, port2_obj] self.port_binding_map = {port_id1: port1_binding, port_id2: port2_binding} self.ndpproxy1 = np_obj.NDPProxy( context=None, id=uuidutils.generate_uuid(), router_id=uuidutils.generate_uuid(), port_id=port_id1, ip_address='2002::1:3') self.ndpproxy2 = np_obj.NDPProxy( context=None, id=uuidutils.generate_uuid(), router_id=uuidutils.generate_uuid(), port_id=port_id2, ip_address='2002::1:4') self.ndp_proxies = [self.ndpproxy1, self.ndpproxy2] agent_configurations = { 'agent_mode': constants.L3_AGENT_MODE_DVR_NO_EXTERNAL} self.agent_obj = agent_obj.Agent( id=uuidutils.generate_uuid(), host=self.agent.host, agent_type=constants.AGENT_TYPE_L3, configurations=agent_configurations) self._set_pull_mock()
def _setup_dvr_ha_agents(self): self.agent.conf.agent_mode = 'dvr_snat' conf = self._configure_agent('agent2') self.failover_agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent2', conf) self.failover_agent.conf.agent_mode = 'dvr_snat'
def _configure_agent(self, host): conf = self._get_config_opts() l3_agent_main.register_opts(conf) cfg.CONF.set_override('debug', False) agent_config.setup_logging() conf.set_override('interface_driver', 'neutron.agent.linux.interface.OVSInterfaceDriver') conf.set_override('router_delete_namespaces', True) br_int = self.useFixture(net_helpers.OVSBridgeFixture()).bridge br_ex = self.useFixture(net_helpers.OVSBridgeFixture()).bridge conf.set_override('ovs_integration_bridge', br_int.br_name) conf.set_override('external_network_bridge', br_ex.br_name) temp_dir = self.get_new_temp_dir() get_temp_file_path = functools.partial(self.get_temp_file_path, root=temp_dir) conf.set_override('state_path', temp_dir.path) conf.set_override('metadata_proxy_socket', get_temp_file_path('metadata_proxy')) conf.set_override('ha_confs_path', get_temp_file_path('ha_confs')) conf.set_override('external_pids', get_temp_file_path('external/pids')) conf.set_override('host', host) agent = neutron_l3_agent.L3NATAgentWithStateReport(host, conf) mock.patch.object(ip_lib, '_arping').start() return agent
def test_ha_router_conf_on_restarted_agent(self): router_info = self.generate_router_info(enable_ha=True) router1 = self._create_router(self.agent, router_info) self._add_fip(router1, '192.168.111.12') restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) self._create_router(restarted_agent, router1.router) utils.wait_until_true(lambda: self._floating_ips_configured(router1))
def setUp(self): super(L3AgentTestFramework, self).setUp() self.mock_plugin_api = mock.patch( 'neutron.agent.l3.agent.L3PluginApi').start().return_value mock.patch('neutron.agent.rpc.PluginReportStateAPI').start() self.conf = self._configure_agent('agent1') self.agent = neutron_l3_agent.L3NATAgentWithStateReport('agent1', self.conf)
def setUp(self): super(L3AgentTestFramework, self).setUp() self.mock_plugin_api = mock.patch( 'neutron.agent.l3.agent.L3PluginApi').start().return_value mock.patch('neutron.agent.rpc.PluginReportStateAPI').start() mock.patch('neutron.agent.common.ovs_lib.' 'OVSBridge._set_port_dead').start() l3_config.register_l3_agent_config_opts(l3_config.OPTS, cfg.CONF) self.conf = self._configure_agent('agent1') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf)
def setUp(self): super(L3AgentFipQoSExtensionTestFramework, self).setUp() self.conf.set_override('extensions', ['fip_qos'], 'agent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf) self._set_pull_mock() self.set_test_qos_rules( TEST_POLICY_ID1, [self.test_bw_limit_rule_1, self.test_bw_limit_rule_2]) self.set_test_qos_rules(TEST_POLICY_ID2, [self.test_bw_limit_rule_3]) self.set_test_qos_rules(TEST_POLICY_ID3, [self.test_bw_limit_rule_4]) self.fip_qos_ext = fip_qos.FipQosAgentExtension()
def test_dvr_router_rem_fips_on_restarted_agent(self): self.agent.conf.agent_mode = 'dvr_snat' router_info = self.generate_dvr_router_info() router1 = self.manage_router(self.agent, router_info) fip_ns = router1.fip_ns.get_name() self.assertTrue(self._namespace_exists(fip_ns)) restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) router1.router[l3_constants.FLOATINGIP_KEY] = [] self.manage_router(restarted_agent, router1.router) self._assert_dvr_snat_gateway(router1) self.assertTrue(self._namespace_exists(fip_ns))
def test_ha_router_conf_on_restarted_agent(self): router_info = self.generate_router_info(enable_ha=True) router1 = self.manage_router(self.agent, router_info) self._add_fip(router1, '192.168.111.12') restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) self._create_router(restarted_agent, router1.router) utils.wait_until_true(lambda: self.floating_ips_configured(router1)) self.assertIn( router1._get_primary_vip(), self._get_addresses_on_device(router1.ns_name, router1.get_ha_device_name()))
def setUp(self): super(L3HATestFailover, self).setUp() conf = self._configure_agent('agent2') self.failover_agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent2', conf) br_int_1 = self._get_agent_ovs_integration_bridge(self.agent) br_int_2 = self._get_agent_ovs_integration_bridge(self.failover_agent) veth1, veth2 = self.useFixture(net_helpers.VethFixture()).ports br_int_1.add_port(veth1.name) br_int_2.add_port(veth2.name)
def setUp(self): super(RouterGatewayIPQosAgentExtensionTestFramework, self).setUp() self.conf.set_override('extensions', ['gateway_ip_qos'], 'agent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf) self._set_pull_mock() self.set_test_qos_rules( INGRESS_EGRESS_POLICY_ID, [self.test_bw_limit_rule_1, self.test_bw_limit_rule_2]) self.set_test_qos_rules(INGRESS_POLICY_ID, [self.test_bw_limit_rule_3]) self.set_test_qos_rules(EGRESS_POLICY_ID, [self.test_bw_limit_rule_4]) self.gateway_ip_qos_ext = ( gateway_ip_qos.RouterGatewayIPQosAgentExtension())
def setUp(self): super(TestStrongSwanScenario, self).setUp() self.conf.register_opts(strongswan_ipsec.strongswan_opts, 'strongswan') VPNAAS_STRONGSWAN_DEVICE = ('neutron_vpnaas.services.vpn.' 'device_drivers.strongswan_ipsec.' 'StrongSwanDriver') cfg.CONF.set_override('vpn_device_driver', [VPNAAS_STRONGSWAN_DEVICE], 'vpnagent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf) self.vpn_agent = vpn_agent.L3WithVPNaaS(self.conf) vpn_service = mock.Mock() vpn_service.conf = self.conf self.driver = strongswan_ipsec.StrongSwanDriver( vpn_service, host=mock.sentinel.host)
def test_dvr_unused_snat_ns_deleted_when_agent_restarts_after_move(self): """Test to validate the stale snat namespace delete with snat move. This test validates the stale snat namespace cleanup when the agent restarts after the gateway port has been moved from the agent. """ self.agent.conf.agent_mode = 'dvr_snat' router_info = self.generate_dvr_router_info() router1 = self.manage_router(self.agent, router_info) self._assert_snat_namespace_exists(router1) restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) router1.router['gw_port_host'] = "my-new-host" restarted_router = self.manage_router(restarted_agent, router1.router) self._assert_snat_namespace_does_not_exist(restarted_router)
def test_prevent_snat_rule_exist_on_restarted_agent(self): self.agent.conf.agent_mode = 'dvr_snat' router_info = self.generate_dvr_router_info() router = self.manage_router(self.agent, router_info) ext_port = router.get_ex_gw_port() rfp_devicename = router.get_external_device_interface_name(ext_port) prevent_snat_rule = router._prevent_snat_for_internal_traffic_rule( rfp_devicename) self._assert_iptables_rules_exist(router.iptables_manager, 'nat', [prevent_snat_rule]) restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) restarted_router = self.manage_router(restarted_agent, router_info) self._assert_iptables_rules_exist(restarted_router.iptables_manager, 'nat', [prevent_snat_rule])
def setUp(self): super(L3AgentFipPortForwardingExtensionTestFramework, self).setUp() self.conf.set_override('extensions', ['port_forwarding'], 'agent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport('agent1', self.conf) self.fip_pf_ext = pf.PortForwardingAgentExtension() self.fip_id1 = _uuid() self.fip_id2 = _uuid() self.fip_id3 = _uuid() self.portforwarding1 = pf_obj.PortForwarding( context=None, id=_uuid(), floatingip_id=self.fip_id1, external_port=1111, protocol='tcp', internal_port_id=_uuid(), external_port_range='1111:1111', internal_port_range='11111:11111', internal_ip_address='1.1.1.1', internal_port=11111, floating_ip_address='111.111.111.111', router_id=_uuid()) self.portforwarding2 = pf_obj.PortForwarding( context=None, id=_uuid(), floatingip_id=self.fip_id1, external_port=1112, protocol='tcp', internal_port_id=_uuid(), external_port_range='1112:1112', internal_port_range='11112:11112', internal_ip_address='1.1.1.2', internal_port=11112, floating_ip_address='111.111.111.111', router_id=_uuid()) self.portforwarding3 = pf_obj.PortForwarding( context=None, id=_uuid(), floatingip_id=self.fip_id2, external_port=1113, protocol='tcp', internal_port_id=_uuid(), internal_ip_address='1.1.1.3', internal_port=11113, external_port_range='1113:1113', internal_port_range='11113:11113', floating_ip_address='111.222.111.222', router_id=_uuid()) self.portforwarding4 = pf_obj.PortForwarding( context=None, id=_uuid(), floatingip_id=self.fip_id3, external_port=2222, protocol='tcp', internal_port_id=_uuid(), external_port_range='2222:2222', internal_port_range='22222:22222', internal_ip_address='2.2.2.2', internal_port=22222, floating_ip_address='222.222.222.222', router_id=_uuid()) self.port_forwardings = [self.portforwarding1, self.portforwarding2, self.portforwarding3, self.portforwarding4] self._set_bulk_pull_mock() self.managed_fips = [self.fip_id1, self.fip_id2, self.fip_id3] self.fip_list_for_pf = ['111.111.111.111/32', '111.222.111.222/32', '222.222.222.222/32']
def setUp(self): super(L3AgentConntrackHelperExtensionTestFramework, self).setUp() self.conf.set_override('extensions', ['conntrack_helper'], 'agent') self.agent = neutron_l3_agent.L3NATAgentWithStateReport( 'agent1', self.conf) self.cth_ext = conntrack_helper.ConntrackHelperAgentExtension() self.router_id1 = uuidutils.generate_uuid() self.router_id2 = uuidutils.generate_uuid() self.conntrackhelper1 = cth_obj.ConntrackHelper( context=None, id=uuidutils.generate_uuid(), protocol='udp', port=69, helper='tftp', router_id=self.router_id1) self.conntrackhelper2 = cth_obj.ConntrackHelper( context=None, id=uuidutils.generate_uuid(), protocol='tcp', port=21, helper='ftp', router_id=self.router_id2) self.conntrack_helpers = [self.conntrackhelper1, self.conntrackhelper2] self.managed_cths = {} self.managed_cths[self.conntrackhelper1.id] = self.conntrackhelper1 self.managed_cths[self.conntrackhelper2.id] = self.conntrackhelper2 self.router_cth_map = collections.defaultdict(set) self.router_cth_map[self.router_id1].add(self.conntrackhelper1.id) self.router_cth_map[self.router_id2].add(self.conntrackhelper2.id) self._set_bulk_poll_mock()
def test_prevent_snat_rule_exist_on_restarted_agent(self): self.agent.conf.agent_mode = 'dvr_snat' router_info = self.generate_dvr_router_info() router = self.manage_router(self.agent, router_info) ext_port = router.get_ex_gw_port() gw_ip = self._port_first_ip_cidr(ext_port).partition('/')[0] rfp_devicename = router.get_external_device_interface_name(ext_port) prevent_snat_rule = router.external_gateway_nat_fip_rules( gw_ip, rfp_devicename) def is_prevent_snat_rule_exist(router_iptables_manager): rules = router_iptables_manager.get_rules_for_table('nat') return all( str(iptables_manager.IptablesRule(nat_rule[0], nat_rule[1])) in rules for nat_rule in prevent_snat_rule) self.assertTrue(is_prevent_snat_rule_exist(router.iptables_manager)) restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport( self.agent.host, self.agent.conf) restarted_router = self.manage_router(restarted_agent, router_info) self.assertTrue( is_prevent_snat_rule_exist(restarted_router.iptables_manager))