def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self):
dhcp_namespace = self.useFixture(
net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name
l3_namespace = self.useFixture(
net_helpers.NamespaceFixture(l3_agent.NS_PREFIX)).name
bridge = self.useFixture(
net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge
self.useFixture(net_helpers.VethPortFixture(bridge, l3_namespace))
# we scope the get_namespaces to our own ones not to affect other
# tests, as otherwise cleanup will kill them all
self.get_namespaces.return_value = [l3_namespace, dhcp_namespace]
# launch processes in each namespace to make sure they're
# killed during cleanup
procs_launched = self._launch_processes([l3_namespace, dhcp_namespace])
self.assertIsNot(procs_launched, 0)
common_utils.wait_until_true(
lambda: self._get_num_spawned_procs() == procs_launched,
timeout=15,
exception=Exception("Didn't spawn expected number of processes"))
netns_cleanup.cleanup_network_namespaces(self.conf)
self.get_namespaces_p.stop()
namespaces_now = ip_lib.IPWrapper.get_namespaces()
procs_after = self._get_num_spawned_procs()
self.assertEqual(procs_after, 0)
self.assertNotIn(l3_namespace, namespaces_now)
self.assertNotIn(dhcp_namespace, namespaces_now)
def setUp(self):
super(NetcatTesterTestCase, self).setUp()
self.ns1 = self.useFixture(net_helpers.NamespaceFixture('nc-')).name
self.ns2 = self.useFixture(net_helpers.NamespaceFixture('nc-')).name
self.nc = net_helpers.NetcatTester(self.ns1, self.ns2, '10.30.0.2',
'1234', 'tcp')
ip_wrapper = ip_lib.IPWrapper(namespace=self.ns1)
veth1, veth2 = ip_wrapper.add_veth('veth1', 'veth2', self.ns2)
veth1.link.set_up()
veth1.addr.add('10.30.0.1/24')
veth2.link.set_up()
veth2.addr.add('10.30.0.2/24')
def test_plug_with_namespace_sets_mtu_higher_than_bridge(self):
device_mtu = 1450
# Create a new OVS bridge
ovs_bridge = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.assertFalse(ovs_bridge.get_port_name_list())
# Add a new linuxbridge port with reduced MTU to OVS bridge
lb_bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
lb_bridge_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(lb_bridge))
lb_bridge_port.port.link.set_mtu(device_mtu - 1)
ovs_bridge.add_port(lb_bridge_port.port.name)
# Now plug a device with intended MTU that is higher than for the port
# above and validate that its MTU is not reduced to the least MTU on
# the bridge
device_name = utils.get_rand_name()
mac_address = utils.get_random_mac('fa:16:3e:00:00:00'.split(':'))
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.interface.plug(network_id=uuidutils.generate_uuid(),
port_id=uuidutils.generate_uuid(),
device_name=device_name,
mac_address=mac_address,
bridge=ovs_bridge.br_name,
namespace=namespace,
mtu=device_mtu)
self.assertIn(device_name, ovs_bridge.get_port_name_list())
self.assertTrue(ip_lib.device_exists(device_name, namespace))
self.assertEqual(
device_mtu,
ip_lib.IPDevice(device_name, namespace=namespace).link.mtu)
def setUp(self):
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(_ARPSpoofTestCase, self).setUp()
self.skip_without_arp_support()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.dst_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def setUp(self):
cfg.CONF.set_override('enable_distributed_routing',
True,
group='AGENT')
super(OVSFlowTestCase, self).setUp()
self.phys_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.br_phys = self.br_phys_cls(self.phys_br.br_name)
self.br_phys.set_secure_mode()
self.br_phys.setup_controllers(cfg.CONF)
self.router_addr = '192.168.0.1/24'
self.namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.phys_p = self.useFixture(
net_helpers.OVSPortFixture(self.br_phys, self.namespace)).port
self.tun_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.br_tun = self.br_tun_cls(self.tun_br.br_name)
self.br_tun.set_secure_mode()
self.br_tun.setup_controllers(cfg.CONF)
self.tun_p = self.br_tun.add_patch_port(
common_utils.get_rand_device_name(
prefix=cfg.CONF.OVS.tun_peer_patch_port),
common_utils.get_rand_device_name(
prefix=cfg.CONF.OVS.int_peer_patch_port))
self.br_tun.setup_default_table(self.tun_p, True)
def _test_assert_pings_during_br_phys_setup_not_lost(self, provider_net):
# Separate namespace is needed when pinging from one port to another,
# otherwise Linux ping uses loopback instead for sending and receiving
# ping, hence ignoring flow setup.
ns_phys = self.useFixture(net_helpers.NamespaceFixture()).name
ports = self.create_test_ports(amount=2)
port_int = ports[0]
port_phys = ports[1]
ip_int = port_int['fixed_ips'][0]['ip_address']
ip_phys = port_phys['fixed_ips'][0]['ip_address']
self.setup_agent_and_ports(port_dicts=[port_int], create_tunnels=False,
network=provider_net)
self.plug_ports_to_phys_br(provider_net, [port_phys],
namespace=ns_phys)
# The OVS agent doesn't monitor the physical bridges, no notification
# is sent when a port is up on a physical bridge, hence waiting only
# for the ports connected to br-int
self.wait_until_ports_state([port_int], up=True)
with net_helpers.async_ping(ns_phys, [ip_int]) as done:
while not done():
self.agent.setup_physical_bridges(self.agent.bridge_mappings)
time.sleep(0.25)
with net_helpers.async_ping(self.namespace, [ip_phys]) as done:
while not done():
self.agent.setup_physical_bridges(self.agent.bridge_mappings)
time.sleep(0.25)
def setup_host_with_linuxbridge_agent(self):
#First we need to provide connectivity for agent to prepare proper
#bridge mappings in agent's config:
self.host_namespace = self.useFixture(
net_helpers.NamespaceFixture(prefix="host-")).name
self.connect_namespace_to_control_network()
agent_cfg_fixture = config.LinuxBridgeConfigFixture(
self.env_desc,
self.host_desc,
self.neutron_config.temp_dir,
self.local_ip,
physical_device_name=self.host_port.name)
self.useFixture(agent_cfg_fixture)
self.linuxbridge_agent = self.useFixture(
process.LinuxBridgeAgentFixture(self.env_desc,
self.host_desc,
self.test_name,
self.neutron_config,
agent_cfg_fixture,
namespace=self.host_namespace))
if self.host_desc.l3_agent:
self.l3_agent_cfg_fixture = self.useFixture(
config.L3ConfigFixture(self.env_desc, self.host_desc,
self.neutron_config.temp_dir))
if self.host_desc.dhcp_agent:
self.dhcp_agent_cfg_fixture = self.useFixture(
config.DhcpConfigFixture(self.env_desc, self.host_desc,
self.neutron_config.temp_dir))
def test_set_netns(self):
device_name = (
'int_' + uuidutils.generate_uuid())[:constants.DEVICE_NAME_MAX_LEN]
device = ip_lib.IPDevice(device_name, kind='dummy')
device.link.create()
namespace = self.useFixture(net_helpers.NamespaceFixture())
device.link.set_netns(namespace.name)
def test_in_namespace(self):
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
expected = get_netns_inode(namespace)
before, observed, after = utils.get_in_namespace_netns_inodes(
namespace)
self.assertEqual(expected, observed)
self.assertEqual(before, after)
def test_netns_wrap_success(self):
client_ns = self.useFixture(net_helpers.NamespaceFixture()).ip_wrapper
ns = client_ns.namespace
pth = self.mount_paths % {'ns': ns}
cmd = WRAPPER_SCRIPT, pth, '--cmd=ip,addr,show'
output = client_ns.netns.execute(cmd)
self.assertTrue(STATUS_PATTERN.search(output))
def setUp(self):
super(RouteTestCase, self).setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.device_name = 'test_device'
ip_lib.IPWrapper(self.namespace).add_dummy(self.device_name)
self.device = ip_lib.IPDevice(self.device_name, self.namespace)
self.device.link.set_up()
def test_dummy_exists(self):
namespace = self.useFixture(net_helpers.NamespaceFixture())
dev_name = utils.get_rand_name()
device = namespace.ip_wrapper.add_dummy(dev_name)
self.addCleanup(self._safe_delete_device, device)
self._check_for_device_name(namespace.ip_wrapper, dev_name, True)
device.link.delete()
self._check_for_device_name(namespace.ip_wrapper, dev_name, False)
def test_list_entries(self):
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self._create_entries(namespace, CONNTRACK_CMDS)
expected = ((4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2',
3333), (4, 'tcp', 1, 2, '1.1.1.1', '2.2.2.2'),
(4, 'udp', 1, 2, '1.1.1.1', '2.2.2.2'))
entries_list = nl_lib.list_entries(namespace=namespace)
self.assertEqual(expected, entries_list)
def test_set_mtu(self):
device_name = utils.get_rand_name()
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self._test_mtu_set_after_action(
device_name, self.bridge_name, namespace,
functools.partial(self.interface.set_mtu,
device_name=device_name,
namespace=namespace))
def test_list_entries(self):
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
_create_entries(namespace, self.CONNTRACK_CMDS)
expected = (
(4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2', 3333),
(6, 'icmpv6', 128, 0, '10::10', '20::20', 3456),
)
entries_list = nl_lib.list_entries(namespace=namespace)
self.assertEqual(expected, entries_list)
def setUp(self):
if not checks.arp_header_match_supported():
self.skipTest("ARP header matching not supported")
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(ARPSpoofTestCase, self).setUp()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.dst_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.pinger = machine_fixtures.Pinger(self.src_namespace,
max_attempts=2)
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self):
dhcp_namespace = self.useFixture(
net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name
l3_namespace = self.useFixture(
net_helpers.NamespaceFixture(namespaces.NS_PREFIX)).name
bridge = self.useFixture(
net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge
self.useFixture(net_helpers.VethPortFixture(bridge, l3_namespace))
# we scope the get_namespaces to our own ones not to affect other
# tests, as otherwise cleanup will kill them all
self.get_namespaces.return_value = [l3_namespace, dhcp_namespace]
netns_cleanup.cleanup_network_namespaces(self.conf)
self.get_namespaces_p.stop()
namespaces_now = ip_lib.IPWrapper.get_namespaces()
self.assertNotIn(l3_namespace, namespaces_now)
self.assertNotIn(dhcp_namespace, namespaces_now)
def _setUp(self):
ns_fixture = self.useFixture(net_helpers.NamespaceFixture())
self.namespace = ns_fixture.name
self.port = self.useFixture(
net_helpers.PortFixture.get(self.bridge, self.namespace)).port
self.port.addr.add(self._ip_cidr)
if self.gateway_ip:
net_helpers.set_namespace_gateway(self.port, self.gateway_ip)
def setUp(self):
# NOTE(kevinbenton): it would be way cooler to use scapy for
# these but scapy requires the python process to be running as
# root to bind to the ports.
super(ARPSpoofTestCase, self).setUp()
self.skip_without_arp_support()
self.src_addr = '192.168.0.1'
self.dst_addr = '192.168.0.2'
self.src_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.dst_namespace = self.useFixture(
net_helpers.NamespaceFixture()).name
self.src_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.src_namespace)).port
self.dst_p = self.useFixture(
net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
# wait to add IPs until after anti-spoof rules to ensure ARP doesn't
# happen before
self.addOnException(self.collect_flows_and_ports)
def setUp(self):
super(GetLinkAttributesTestCase, self).setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.device_name = 'test_device'
ip_lib.IPWrapper(self.namespace).add_dummy(self.device_name)
self.device = ip_lib.IPDevice(self.device_name, self.namespace)
self.pyroute_dev = priv_ip_lib.get_link_devices(
self.namespace, ifname=self.device_name)
self.assertEqual(1, len(self.pyroute_dev))
self.pyroute_dev = self.pyroute_dev[0]
def setUp(self):
super(IpRouteCommandTestCase, self).setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
ip_lib.IPWrapper(self.namespace).add_dummy('test_device')
self.device = ip_lib.IPDevice('test_device', namespace=self.namespace)
self.device.link.set_up()
self.device_cidr_ipv4 = '192.168.100.1/24'
self.device_cidr_ipv6 = '2020::1/64'
self.device.addr.add(self.device_cidr_ipv4)
self.device.addr.add(self.device_cidr_ipv6)
self.cidrs = ['192.168.0.0/24', '10.0.0.0/8', '2001::/64', 'faaa::/96']
def setUp(self):
super(InNamespaceTest, self).setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
ip = ip_lib.IPWrapper()
root_dev_name = neutron_utils.get_rand_device_name()
netns_dev_name = neutron_utils.get_rand_device_name()
self.root_dev, self.netns_dev = ip.add_veth(root_dev_name,
netns_dev_name,
namespace2=self.namespace)
self.addCleanup(self.root_dev.link.delete)
def test_veth_exists(self):
namespace1 = self.useFixture(net_helpers.NamespaceFixture())
namespace2 = self.useFixture(net_helpers.NamespaceFixture())
dev_name1 = utils.get_rand_name()
dev_name2 = utils.get_rand_name()
device1, device2 = namespace1.ip_wrapper.add_veth(
dev_name1, dev_name2, namespace2.name)
self.addCleanup(self._safe_delete_device, device1)
self.addCleanup(self._safe_delete_device, device2)
self._check_for_device_name(namespace1.ip_wrapper, dev_name1, True)
self._check_for_device_name(namespace2.ip_wrapper, dev_name2, True)
self._check_for_device_name(namespace1.ip_wrapper, dev_name2, False)
self._check_for_device_name(namespace2.ip_wrapper, dev_name1, False)
# As it is veth pair, remove of device1 should be enough to remove
# both devices
device1.link.delete()
self._check_for_device_name(namespace1.ip_wrapper, dev_name1, False)
self._check_for_device_name(namespace2.ip_wrapper, dev_name2, False)
def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self):
dhcp_namespace = self.useFixture(
net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name
l3_namespace = self.useFixture(
net_helpers.NamespaceFixture(namespaces.NS_PREFIX)).name
bridge = self.useFixture(
net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge
self.useFixture(
net_helpers.VethPortFixture(bridge, l3_namespace))
# we scope the get_namespaces to our own ones not to affect other
# tests, as otherwise cleanup will kill them all
self.get_namespaces.return_value = [l3_namespace, dhcp_namespace]
# launch processes in each namespace to make sure they're
# killed during cleanup
procs_launched = self._launch_processes([l3_namespace, dhcp_namespace])
self.assertIsNot(procs_launched, 0)
try:
common_utils.wait_until_true(
lambda: self._get_num_spawned_procs() == procs_launched,
timeout=15)
except eventlet.Timeout:
num_spawned_procs = self._get_num_spawned_procs()
err_str = ("Expected number/spawned number: {0}/{1}\nProcess "
"information:\n".format(num_spawned_procs,
procs_launched))
cmd = ['ps', '-f', '-u', 'root']
err_str += utils.execute(cmd, run_as_root=True)
raise Exception(err_str)
netns_cleanup.cleanup_network_namespaces(self.conf)
self.get_namespaces_p.stop()
namespaces_now = ip_lib.list_network_namespaces()
procs_after = self._get_num_spawned_procs()
self.assertEqual(procs_after, 0)
self.assertNotIn(l3_namespace, namespaces_now)
self.assertNotIn(dhcp_namespace, namespaces_now)
def test_set_link_netns(self):
attr = self.generate_device_details()
device = self.manage_device(attr)
original_namespace = device.namespace
original_ip_wrapper = ip_lib.IPWrapper(namespace=original_namespace)
new_namespace = self.useFixture(net_helpers.NamespaceFixture())
device.link.set_netns(new_namespace.name)
self.assertEqual(new_namespace.name, device.namespace)
self._check_for_device_name(new_namespace.ip_wrapper, device.name,
True)
self._check_for_device_name(original_ip_wrapper, device.name, False)
def setUp(self):
super().setUp()
self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.device_names = ['test_device1', 'test_device2']
self.device_ips = ['10.0.0.1/24', '10.0.1.1/24']
self.device_cidrs = [
netaddr.IPNetwork(ip_address).cidr
for ip_address in self.device_ips
]
for idx, dev in enumerate(self.device_names):
ip_lib.IPWrapper(self.namespace).add_dummy(dev)
device = ip_lib.IPDevice(dev, namespace=self.namespace)
device.link.set_up()
device.addr.add(self.device_ips[idx])
def test_plug_succeeds(self):
device_name = utils.get_rand_name()
mac_address = net.get_random_mac('fa:16:3e:00:00:00'.split(':'))
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.assertFalse(self.bridge.get_port_name_list())
self.interface.plug(network_id=uuidutils.generate_uuid(),
port_id=uuidutils.generate_uuid(),
device_name=device_name,
mac_address=mac_address,
bridge=self.bridge.br_name,
namespace=namespace)
self.assertIn(device_name, self.bridge.get_port_name_list())
self.assertTrue(ip_lib.device_exists(device_name, namespace))
def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
# FIXME(cbrandily): temporary, will be replaced by fake machines
self.src_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
src_port_fixture = self.useFixture(
net_helpers.LinuxBridgePortFixture(bridge,
self.src_ip_wrapper.namespace))
self.src_port = src_port_fixture.port
self._set_ip_up(self.src_port, '%s/24' % self.SRC_ADDRESS)
self.dst_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
self.dst_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(
bridge, self.dst_ip_wrapper.namespace)).port
self._set_ip_up(self.dst_port, '%s/24' % self.DST_ADDRESS)
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=bridge.namespace)
self._set_src_mac(self.MAC_REAL)
self.src_port_desc = {
'admin_state_up': True,
'device': src_port_fixture.br_port.name,
'device_owner': 'compute:None',
'fixed_ips': [self.SRC_ADDRESS],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def test_assigned_value(self):
namespace = self.useFixture(net_helpers.NamespaceFixture())
for expected in (0, 1):
try:
ip_lib.set_ip_nonlocal_bind(expected, namespace.name)
except RuntimeError as rte:
stat_message = (
'cannot stat /proc/sys/net/ipv4/ip_nonlocal_bind')
if stat_message in str(rte):
raise self.skipException(
"This kernel doesn't support %s in network "
"namespaces." % ip_lib.IP_NONLOCAL_BIND)
raise
observed = ip_lib.get_ip_nonlocal_bind(namespace.name)
self.assertEqual(expected, observed)
def test_ipv6_lla_create_and_get(self):
lla_address = "fe80::f816:3eff:fe66:73bf/64"
global_address = "2001::1/64"
device_name = utils.get_rand_name()
namespace = self.useFixture(net_helpers.NamespaceFixture())
namespace.ip_wrapper.add_dummy(device_name)
self.interface.add_ipv6_addr(
device_name, lla_address, namespace.name, 'link')
self.interface.add_ipv6_addr(
device_name, global_address, namespace.name, 'global')
existing_addresses = [
a['cidr'] for a in self.interface.get_ipv6_llas(
device_name, namespace.name)]
self.assertIn(lla_address, existing_addresses)
self.assertNotIn(global_address, existing_addresses)
