def test_get_events(self): utils.wait_until_true(lambda: self.monitor.has_updates) devices = self.monitor.get_events() self.assertTrue(devices.get('added'), 'Initial call should always be true') br = self.useFixture(net_helpers.OVSBridgeFixture()) p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge)) p2 = self.useFixture(net_helpers.OVSPortFixture(br.bridge)) added_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(added_devices, 'added')) br.bridge.delete_port(p1.port.name) br.bridge.delete_port(p2.port.name) removed_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(removed_devices, 'removed')) # restart self.monitor.stop(block=True) # NOTE(slaweq): lets give async process few more seconds to receive # "error" from the old ovsdb monitor process and then start new one time.sleep(5) self.monitor.start(block=True, timeout=60) try: utils.wait_until_true( lambda: self.monitor.get_events().get('added')) except utils.WaitTimeout: raise AssertionError('Initial call should always be true')
def test_get_events(self): utils.wait_until_true(lambda: self.monitor.data_received is True) devices = self.monitor.get_events() self.assertTrue(devices.get('added'), 'Initial call should always be true') p_attrs = [('external_ids', {'iface-status': 'active'})] br = self.useFixture(net_helpers.OVSBridgeFixture()) p1 = self.useFixture( net_helpers.OVSPortFixture(br.bridge, None, p_attrs)) p2 = self.useFixture( net_helpers.OVSPortFixture(br.bridge, None, p_attrs)) added_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(added_devices, 'added')) br.bridge.delete_port(p1.port.name) br.bridge.delete_port(p2.port.name) removed_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(removed_devices, 'removed')) # restart self.monitor.stop(block=True) self.monitor.start(block=True, timeout=60) devices = self.monitor.get_events() self.assertTrue(devices.get('added'), 'Initial call should always be true')
def setUp(self): if not checks.arp_header_match_supported(): self.skipTest("ARP header matching not supported") # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(ARPSpoofTestCase, self).setUp() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_ns = self._create_namespace() self.dst_ns = self._create_namespace() self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_ns.namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_ns.namespace)).port
def setUp(self): cfg.CONF.set_override('enable_distributed_routing', True, group='AGENT') super(OVSFlowTestCase, self).setUp() self.phys_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.br_phys = self.br_phys_cls(self.phys_br.br_name) self.br_phys.set_secure_mode() self.br_phys.setup_controllers(cfg.CONF) self.router_addr = '192.168.0.1/24' self.namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.phys_p = self.useFixture( net_helpers.OVSPortFixture(self.br_phys, self.namespace)).port self.tun_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.br_tun = self.br_tun_cls(self.tun_br.br_name) self.br_tun.set_secure_mode() self.br_tun.setup_controllers(cfg.CONF) self.tun_p = self.br_tun.add_patch_port( common_utils.get_rand_device_name( prefix=cfg.CONF.OVS.tun_peer_patch_port), common_utils.get_rand_device_name( prefix=cfg.CONF.OVS.int_peer_patch_port)) self.br_tun.setup_default_table(self.tun_p, True)
def test_do_main_default_options(self): int_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.conf.set_override("integration_bridge", int_br.br_name, 'OVS') self.conf.set_override("ovs_all_ports", False) noskip = collections.defaultdict(list) skip = collections.defaultdict(list) # add two vifs, one skipped, and a non-vif port to int_br for collection in (noskip, skip): collection[int_br].append( self.useFixture(net_helpers.OVSPortFixture(int_br)).port.name) # set skippable vif to be skipped int_br.ovsdb.db_set('Interface', skip[int_br][0], ('external_ids', { constants.SKIP_CLEANUP: "True" })).execute(check_error=True) device_name = utils.get_rand_name() skip[int_br].append(device_name) int_br.add_port(device_name, ('type', 'internal')) # sanity check for collection in (noskip, skip): for bridge, ports in collection.items(): port_list = bridge.get_port_name_list() for port in ports: self.assertIn(port, port_list) ovs_cleanup.do_main(self.conf) ports = int_br.get_port_name_list() for vif in noskip[int_br]: self.assertNotIn(vif, ports) for port in skip[int_br]: self.assertIn(port, ports)
def test_has_updates(self): utils.wait_until_true(lambda: self.monitor.has_updates) # clear the event list self.monitor.get_events() self.useFixture(net_helpers.OVSPortFixture()) # has_updates after port addition should become True utils.wait_until_true(lambda: self.monitor.has_updates is True)
def test_do_main_default_options(self): int_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge ext_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.conf.set_override("ovs_integration_bridge", int_br.br_name) self.conf.set_override("external_network_bridge", ext_br.br_name) self.conf.set_override("ovs_all_ports", False) noskip = collections.defaultdict(list) skip = collections.defaultdict(list) # add two vifs and a non-vif port to int_br and ext_br for br in (int_br, ext_br): for i in range(2): noskip[br].append( self.useFixture(net_helpers.OVSPortFixture(br)).port.name) device_name = utils.get_rand_name() skip[br].append(device_name) br.add_port(device_name, ('type', 'internal')) # sanity check for collection in (noskip, skip): for bridge, ports in collection.items(): port_list = bridge.get_port_name_list() for port in ports: self.assertIn(port, port_list) ovs_cleanup.do_main(self.conf) for br in (int_br, ext_br): ports = br.get_port_name_list() for vif in noskip[br]: self.assertNotIn(vif, ports) for port in skip[br]: self.assertIn(port, ports)
def setUp(self): # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(_ARPSpoofTestCase, self).setUp() self.skip_without_arp_support() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.dst_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def test_interface_monitor_filtering(self): br_1 = self.useFixture(net_helpers.OVSBridgeFixture()).bridge br_2 = self.useFixture(net_helpers.OVSBridgeFixture()).bridge mon_no_filter = ovsdb_monitor.SimpleInterfaceMonitor( respawn_interval=30, ovsdb_connection=cfg.CONF.OVS.ovsdb_connection) mon_no_filter.start(block=True) mon_br_1 = ovsdb_monitor.SimpleInterfaceMonitor( respawn_interval=30, ovsdb_connection=cfg.CONF.OVS.ovsdb_connection, bridge_names=[br_1.br_name], ovs=br_1) mon_br_1.start(block=True) mon_br_2 = ovsdb_monitor.SimpleInterfaceMonitor( respawn_interval=30, ovsdb_connection=cfg.CONF.OVS.ovsdb_connection, bridge_names=[br_2.br_name], ovs=br_1) mon_br_2.start(block=True) self.addCleanup(self._stop_monitors, [mon_no_filter, mon_br_1, mon_br_2]) p1 = self.useFixture(net_helpers.OVSPortFixture(br_1)) p2 = self.useFixture(net_helpers.OVSPortFixture(br_2)) ports_expected = {p1.port.name, p2.port.name} try: common_utils.wait_until_true(lambda: not self._check_port_events( mon_no_filter, ports_expected=ports_expected), timeout=5) except common_utils.WaitTimeout: self.fail('Interface monitor not filtered did not received an ' 'event for ports %s' % ports_expected) self.assertIs( 0, len( self._check_port_events(mon_br_1, ports_expected={p1.port.name}, ports_not_expected={p2.port.name}))) self.assertIs( 0, len( self._check_port_events(mon_br_2, ports_expected={p2.port.name}, ports_not_expected={p1.port.name})))
def _prepare_port_and_description(self, security_group_rules): hybrid_port = self.useFixture( net_helpers.OVSPortFixture( self.bridge, self.namespace, hybrid_plug=True)) self._set_vlan_tag_on_port(hybrid_port, 1) description = self.add_sg_rules(hybrid_port, security_group_rules) return hybrid_port, description
def _connect_ovs_port(self, cidr_address): ovs_device = self.useFixture( net_helpers.OVSPortFixture(bridge=self.central_data_bridge, namespace=self.host_namespace)).port # NOTE: This sets an IP address on the host's root namespace # which is cleaned up when the device is deleted. ovs_device.addr.add(cidr_address) return ovs_device
def test_has_updates(self): utils.wait_until_true(lambda: self.monitor.data_received is True) self.assertTrue(self.monitor.has_updates, 'Initial call should always be true') # clear the event list self.monitor.get_events() self.useFixture(net_helpers.OVSPortFixture()) # has_updates after port addition should become True utils.wait_until_true(lambda: self.monitor.has_updates is True)
def test_has_updates(self): self.assertTrue(self.monitor.has_updates, 'Initial call should always be true') self.assertFalse(self.monitor.has_updates, 'has_updates without port addition should be False') self.useFixture(net_helpers.OVSPortFixture()) # has_updates after port addition should become True while not self.monitor.has_updates: eventlet.sleep(0.01)
def test_fip_connection_from_same_subnet(self): '''Test connection to floatingip which is associated with fixed_ip on the same subnet of the source fixed_ip. In other words it confirms that return packets surely go through the router. ''' router_info = self.generate_router_info(enable_ha=False) router = self.manage_router(self.agent, router_info) router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0]) router_ip = router_ip_cidr.partition('/')[0] src_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr) dst_ip_cidr = net_helpers.increment_ip_cidr(src_ip_cidr) dst_ip = dst_ip_cidr.partition('/')[0] dst_fip = '19.4.4.10' router.router[l3_constants.FLOATINGIP_KEY] = [] self._add_fip(router, dst_fip, fixed_address=dst_ip) router.process(self.agent) br_int = get_ovs_bridge(self.agent.conf.ovs_integration_bridge) # FIXME(cbrandily): temporary, will be replaced by fake machines src_ns = self._create_namespace(prefix='test-src-') src_port = self.useFixture( net_helpers.OVSPortFixture(br_int, src_ns.namespace)).port src_port.addr.add(src_ip_cidr) net_helpers.set_namespace_gateway(src_port, router_ip) dst_ns = self._create_namespace(prefix='test-dst-') dst_port = self.useFixture( net_helpers.OVSPortFixture(br_int, dst_ns.namespace)).port dst_port.addr.add(dst_ip_cidr) net_helpers.set_namespace_gateway(dst_port, router_ip) protocol_port = helpers.get_free_namespace_port(dst_ns) # client sends to fip netcat = helpers.NetcatTester(src_ns, dst_ns, dst_ip, protocol_port, client_address=dst_fip, run_as_root=True, udp=False) self.addCleanup(netcat.stop_processes) self.assertTrue(netcat.test_connectivity())
def setUp(self): # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(ARPSpoofTestCase, self).setUp() self.skip_without_arp_support() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.dst_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port # wait to add IPs until after anti-spoof rules to ensure ARP doesn't # happen before self.addOnException(self.collect_flows_and_ports)
def _connect_ovs_port(self, cidr_address): LOG.info('%s(): caller(): %s', log_utils.get_fname(1), log_utils.get_fname(2)) ovs_device = self.useFixture( net_helpers.OVSPortFixture( bridge=self.central_bridge, namespace=self.host_namespace)).port # NOTE: This sets an IP address on the host's root namespace # which is cleaned up when the device is deleted. ovs_device.addr.add(cidr_address) return ovs_device
def test_get_events(self): utils.wait_until_true(lambda: self.monitor.has_updates) devices = self.monitor.get_events() self.assertTrue(devices.get('added'), 'Initial call should always be true') br = self.useFixture(net_helpers.OVSBridgeFixture()) p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge)) p2 = self.useFixture(net_helpers.OVSPortFixture(br.bridge)) added_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(added_devices, 'added')) br.bridge.delete_port(p1.port.name) br.bridge.delete_port(p2.port.name) removed_devices = [p1.port.name, p2.port.name] utils.wait_until_true( lambda: self._expected_devices_events(removed_devices, 'removed')) # restart self.monitor.stop(block=True) self.monitor.start(block=True, timeout=60) devices = self.monitor.get_events() self.assertTrue(devices.get('added'), 'Initial call should always be true')
def test_get_events_includes_ofport(self): utils.wait_until_true(lambda: self.monitor.has_updates) self.monitor.get_events() # clear initial events br = self.useFixture(net_helpers.OVSBridgeFixture()) p1 = self.useFixture(net_helpers.OVSPortFixture(br.bridge)) def p1_event_has_ofport(): if not self.monitor.has_updates: return for e in self.monitor.new_events['added']: if (e['name'] == p1.port.name and e['ofport'] != ovs_lib.UNASSIGNED_OFPORT): return True utils.wait_until_true(p1_event_has_ofport)
def test_install_instructions_str(self): kwargs = {'in_port': 345, 'vlan_tci': 0x1123} dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br_tun, self.namespace)).port dst_ofp = self.br_tun.get_port_ofport(dst_p.name) self.br_tun.install_instructions("pop_vlan,output:%d" % dst_ofp, priority=10, **kwargs) trace = self._run_trace(self.br_tun.br_name, "in_port=%(in_port)d,dl_src=12:34:56:78:aa:bb," "dl_dst=24:12:56:78:aa:bb,dl_type=0x0800," "nw_src=192.168.0.1,nw_dst=192.168.0.2," "nw_proto=1,nw_tos=0,nw_ttl=128," "icmp_type=8,icmp_code=0,vlan_tci=%(vlan_tci)d" % kwargs) self.assertIn("pop_vlan,", trace["Datapath actions"])
def test_access_to_metadata_proxy(self): """Test access to the l3-agent metadata proxy. The test creates: * A l3-agent metadata service: * A router (which creates a metadata proxy in the router namespace), * A fake metadata server * A "client" namespace (simulating a vm) with a port on router internal subnet. The test queries from the "client" namespace the metadata proxy on http://169.254.169.254 and asserts that the metadata proxy added the X-Forwarded-For and X-Neutron-Router-Id headers to the request and forwarded the http request to the fake metadata server and the response to the "client" namespace. """ router_info = self.generate_router_info(enable_ha=False) router = self.manage_router(self.agent, router_info) self._create_metadata_fake_server(webob.exc.HTTPOk.code) # Create and configure client namespace client_ns = self._create_namespace() router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0]) ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr) br_int = get_ovs_bridge(self.agent.conf.ovs_integration_bridge) # FIXME(cbrandily): temporary, will be replaced by a fake machine port = self.useFixture( net_helpers.OVSPortFixture(br_int, client_ns.namespace)).port port.addr.add(ip_cidr) net_helpers.set_namespace_gateway(port, router_ip_cidr.partition('/')[0]) # Query metadata proxy url = 'http://%(host)s:%(port)s' % { 'host': dhcp.METADATA_DEFAULT_IP, 'port': dhcp.METADATA_PORT } cmd = 'curl', '--max-time', METADATA_REQUEST_TIMEOUT, '-D-', url try: raw_headers = client_ns.netns.execute(cmd) except RuntimeError: self.fail('metadata proxy unreachable on %s before timeout' % url) # Check status code firstline = raw_headers.splitlines()[0] self.assertIn(str(webob.exc.HTTPOk.code), firstline.split())
def port_setup(self, router, bridge=None, offset=1, namespace=None): """Creates namespace and a port inside it on a client site.""" if not namespace: client_ns = self.useFixture( net_helpers.NamespaceFixture()).ip_wrapper namespace = client_ns.namespace router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0]) port_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr, offset) if not bridge: bridge = get_ovs_bridge(self.vpn_agent.conf.ovs_integration_bridge) port = self.useFixture( net_helpers.OVSPortFixture(bridge, namespace)).port port.addr.add(port_ip_cidr) port.route.add_gateway(router_ip_cidr.partition('/')[0]) return namespace, port_ip_cidr.partition('/')[0]
def create_ports_for(self, site): """Creates namespaces and ports for simulated VM. There will be a unique namespace for each port, which is representing a VM for the test. """ bridge = get_ovs_bridge(self.vpn_agent.conf.ovs_integration_bridge) site.vm = [] for internal_port in site.router.internal_ports: router_ip_cidr = self._port_first_ip_cidr(internal_port) port_ip_cidr = net_helpers.increment_ip_cidr(router_ip_cidr, 1) client_ns = self.useFixture( net_helpers.NamespaceFixture()).ip_wrapper namespace = client_ns.namespace port = self.useFixture( net_helpers.OVSPortFixture(bridge, namespace)).port port.addr.add(port_ip_cidr) port.route.add_gateway(router_ip_cidr.partition('/')[0]) site.vm.append(Vm(namespace, port_ip_cidr.partition('/')[0]))
def test_bundled_install(self): if 'ovs_ofctl' in self.main_module: self.skip("ovs-ofctl of_interface doesn't have bundled()") kwargs = {'in_port': 345, 'vlan_tci': 0x1321} dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br_tun, self.namespace)).port dst_ofp = self.br_tun.get_port_ofport(dst_p.name) with self.br_tun.bundled() as br: br.install_instructions("pop_vlan,output:%d" % dst_ofp, priority=10, **kwargs) trace = self._run_trace( self.br_tun.br_name, "in_port=%(in_port)d,dl_src=12:34:56:78:aa:bb," "dl_dst=24:12:56:78:aa:bb,dl_type=0x0800," "nw_src=192.168.0.1,nw_dst=192.168.0.2," "nw_proto=1,nw_tos=0,nw_ttl=128," "icmp_type=8,icmp_code=0,vlan_tci=%(vlan_tci)d" % kwargs) self.assertIn("pop_vlan,", trace["Datapath actions"])
def test_no_value_set_for_other_config_raises_exception(self): port = self.useFixture(net_helpers.OVSPortFixture(self.bridge)).port with testtools.ExpectedException(exceptions.OVSFWTagNotFound): firewall.get_tag_from_other_config(self.bridge, port.name)
def test_correct_tag_is_returned(self): port_number = 42 port = self.useFixture(net_helpers.OVSPortFixture(self.bridge)).port self.set_port_tag(port.name, port_number) observed = firewall.get_tag_from_other_config(self.bridge, port.name) self.assertEqual(port_number, observed)