def _create_nc_tester(self, direction, protocol, src_port, dst_port):
"""Create netcat tester
If there already exists a netcat tester that has established
connection, exception is raised.
"""
nc_key = (direction, protocol, src_port, dst_port)
nc_tester = self._nc_testers.get(nc_key)
if nc_tester and nc_tester.is_established:
raise ConnectionTesterException(
'%s connection using %s protocol, source port %s and '
'destination port %s is already established' % (
direction, protocol, src_port, dst_port))
if direction == self.INGRESS:
client_ns = self.peer_namespace
server_ns = self.vm_namespace
server_addr = self.vm_ip_address
else:
client_ns = self.vm_namespace
server_ns = self.peer_namespace
server_addr = self.peer_ip_address
server_port = dst_port or net_helpers.get_free_namespace_port(
protocol, server_ns)
nc_tester = net_helpers.NetcatTester(client_namespace=client_ns,
server_namespace=server_ns,
address=server_addr,
protocol=protocol,
src_port=src_port,
dst_port=server_port)
self._nc_testers[nc_key] = nc_tester
return nc_tester
def _create_nc_tester(self, direction, protocol, src_port, dst_port):
"""Create netcat tester
If there already exists a netcat tester that has established
connection, exception is raised.
"""
nc_key = (direction, protocol, src_port, dst_port)
nc_tester = self._nc_testers.get(nc_key)
if nc_tester and nc_tester.is_established:
raise ConnectionTesterException(
'%s connection using %s protocol, source port %s and '
'destination port %s is already established' %
(direction, protocol, src_port, dst_port))
if direction == self.INGRESS:
client_ns = self.peer_namespace
server_ns = self.vm_namespace
server_addr = self.vm_ip_address
else:
client_ns = self.vm_namespace
server_ns = self.peer_namespace
server_addr = self.peer_ip_address
server_port = dst_port or net_helpers.get_free_namespace_port(
protocol, server_ns)
nc_tester = net_helpers.NetcatTester(client_namespace=client_ns,
server_namespace=server_ns,
address=server_addr,
protocol=protocol,
src_port=src_port,
dst_port=server_port)
self._nc_testers[nc_key] = nc_tester
return nc_tester
def test_fip_connection_from_same_subnet(self):
'''Test connection to floatingip which is associated with
fixed_ip on the same subnet of the source fixed_ip.
In other words it confirms that return packets surely
go through the router.
'''
router_info = self.generate_router_info(enable_ha=False)
router = self.manage_router(self.agent, router_info)
router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0])
router_ip = router_ip_cidr.partition('/')[0]
br_int = framework.get_ovs_bridge(
self.agent.conf.ovs_integration_bridge)
src_machine, dst_machine = self.useFixture(
machine_fixtures.PeerMachines(
br_int,
net_helpers.increment_ip_cidr(router_ip_cidr),
router_ip)).machines
dst_fip = '19.4.4.10'
router.router[l3_constants.FLOATINGIP_KEY] = []
self._add_fip(router, dst_fip, fixed_address=dst_machine.ip)
router.process(self.agent)
protocol_port = net_helpers.get_free_namespace_port(
l3_constants.PROTO_NAME_TCP, dst_machine.namespace)
# client sends to fip
netcat = net_helpers.NetcatTester(
src_machine.namespace, dst_machine.namespace,
dst_fip, protocol_port,
protocol=net_helpers.NetcatTester.TCP)
self.addCleanup(netcat.stop_processes)
self.assertTrue(netcat.test_connectivity())
def test_fip_connection_from_same_subnet(self):
'''Test connection to floatingip which is associated with
fixed_ip on the same subnet of the source fixed_ip.
In other words it confirms that return packets surely
go through the router.
'''
router_info = self.generate_router_info(enable_ha=False)
router = self.manage_router(self.agent, router_info)
router_ip_cidr = self._port_first_ip_cidr(router.internal_ports[0])
router_ip = router_ip_cidr.partition('/')[0]
br_int = framework.get_ovs_bridge(
self.agent.conf.ovs_integration_bridge)
src_machine, dst_machine = self.useFixture(
machine_fixtures.PeerMachines(
br_int, net_helpers.increment_ip_cidr(router_ip_cidr),
router_ip)).machines
dst_fip = '19.4.4.10'
router.router[l3_constants.FLOATINGIP_KEY] = []
self._add_fip(router, dst_fip, fixed_address=dst_machine.ip)
router.process(self.agent)
protocol_port = net_helpers.get_free_namespace_port(
l3_constants.PROTO_NAME_TCP, dst_machine.namespace)
# client sends to fip
netcat = net_helpers.NetcatTester(
src_machine.namespace,
dst_machine.namespace,
dst_fip,
protocol_port,
protocol=net_helpers.NetcatTester.TCP)
self.addCleanup(netcat.stop_processes)
self.assertTrue(netcat.test_connectivity())
def _generate_port():
"""Get a free TCP port from the Operating System and return it.
This might fail if some other process occupies this port after this
function finished but before the neutron-server process started.
"""
return str(net_helpers.get_free_namespace_port(constants.PROTO_NAME_TCP))
def _generate_port():
"""Get a free TCP port from the Operating System and return it.
This might fail if some other process occupies this port after this
function finished but before the neutron-server process started.
"""
return str(net_helpers.get_free_namespace_port(
constants.PROTO_NAME_TCP))
def setUp(self):
super(IptablesManagerTestCase, self).setUp()
bridge = self.useFixture(net_helpers.VethBridgeFixture()).bridge
self.client, self.server = self.useFixture(machine_fixtures.PeerMachines(bridge)).machines
self.client_fw, self.server_fw = self.create_firewalls()
# The port is used in isolated namespace that precludes possibility of
# port conflicts
self.port = net_helpers.get_free_namespace_port(constants.PROTO_NAME_TCP, self.server.namespace)
def setUp(self):
super(IptablesManagerTestCase, self).setUp()
bridge = self.useFixture(net_helpers.VethBridgeFixture()).bridge
self.client, self.server = self.useFixture(
machine_fixtures.PeerMachines(bridge)).machines
self.client_fw, self.server_fw = self.create_firewalls()
# The port is used in isolated namespace that precludes possibility of
# port conflicts
self.port = net_helpers.get_free_namespace_port(
constants.PROTO_NAME_TCP, self.server.namespace)
def test_get_free_namespace_port(self):
ss_output2 = ss_output
for p in range(1024, 32767):
ss_output2 += ss_output_template % p
with mock.patch('neutron.agent.linux.ip_lib.IPWrapper') \
as ipwrapper:
m = mock.MagicMock()
m.netns.execute.return_value = ss_output2
ipwrapper.return_value = m
result = net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP)
self.assertEqual(32767, result)
def test_fip_connection_from_same_subnet(self):
"""Test connection to floatingip which is associated with
fixed_ip on the same subnet of the source fixed_ip.
In other words it confirms that return packets surely
go through the router.
"""
src_machine, dst_machine, dst_fip = self._setup_fip_with_fixed_ip_from_same_subnet(enable_snat=True)
protocol_port = net_helpers.get_free_namespace_port(l3_constants.PROTO_NAME_TCP, dst_machine.namespace)
# client sends to fip
netcat = net_helpers.NetcatTester(
src_machine.namespace, dst_machine.namespace, dst_fip, protocol_port, protocol=net_helpers.NetcatTester.TCP
)
self.addCleanup(netcat.stop_processes)
self.assertTrue(netcat.test_connectivity())
def _test_conntrack_disassociate_fip(self, ha):
'''Test that conntrack immediately drops stateful connection
that uses floating IP once it's disassociated.
'''
router_info = self.generate_router_info(enable_ha=ha)
router = self.manage_router(self.agent, router_info)
port = net_helpers.get_free_namespace_port(constants.PROTO_NAME_TCP,
router.ns_name)
client_address = '19.4.4.3'
server_address = '35.4.0.4'
def clean_fips(router):
router.router[constants.FLOATINGIP_KEY] = []
clean_fips(router)
self._add_fip(router, client_address, fixed_address=server_address)
router.process()
router_ns = ip_lib.IPWrapper(namespace=router.ns_name)
netcat = net_helpers.NetcatTester(
router.ns_name,
router.ns_name,
client_address,
port,
protocol=net_helpers.NetcatTester.TCP)
self.addCleanup(netcat.stop_processes)
def assert_num_of_conntrack_rules(n):
out = router_ns.netns.execute(
["conntrack", "-L", "--orig-src", client_address],
privsep_exec=True)
self.assertEqual(
n, len([line for line in out.strip().split('\n') if line]))
if ha:
common_utils.wait_until_true(lambda: router.ha_state == 'primary')
with self.assert_max_execution_time(100):
assert_num_of_conntrack_rules(0)
self.assertTrue(netcat.test_connectivity())
assert_num_of_conntrack_rules(1)
clean_fips(router)
router.process()
assert_num_of_conntrack_rules(0)
with testtools.ExpectedException(RuntimeError):
netcat.test_connectivity()
def test_get_free_namespace_port(self):
ss_output2 = ss_output
for p in range(1024, 32767):
ss_output2 += ss_output_template % p
with mock.patch('neutron.agent.linux.ip_lib.IPWrapper') as ipwrapper, \
mock.patch('neutron.agent.linux.utils.execute') as ex:
m = mock.MagicMock()
m.netns.execute.return_value = ss_output2
ipwrapper.return_value = m
local_port_range_start = 32768
ex.return_value = "%s\t61000" % local_port_range_start
result = net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP)
self.assertEqual((local_port_range_start - 1), result)
def test_get_free_namespace_port(self):
ss_output2 = ss_output
for p in range(1024, 32767):
ss_output2 += ss_output_template % p
with mock.patch('neutron.agent.linux.ip_lib.IPWrapper') \
as ipwrapper, \
mock.patch('neutron.agent.linux.utils.execute') as ex:
m = mock.MagicMock()
m.netns.execute.return_value = ss_output2
ipwrapper.return_value = m
local_port_range_start = 32768
ex.return_value = "%s\t61000" % local_port_range_start
result = net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP)
self.assertEqual((local_port_range_start - 1), result)
def test_fip_connection_from_same_subnet(self):
'''Test connection to floatingip which is associated with
fixed_ip on the same subnet of the source fixed_ip.
In other words it confirms that return packets surely
go through the router.
'''
src_machine, dst_machine, dst_fip = (
self._setup_fip_with_fixed_ip_from_same_subnet(enable_snat=True))
protocol_port = net_helpers.get_free_namespace_port(
lib_constants.PROTO_NAME_TCP, dst_machine.namespace)
# client sends to fip
netcat = net_helpers.NetcatTester(
src_machine.namespace, dst_machine.namespace,
dst_fip, protocol_port,
protocol=net_helpers.NetcatTester.TCP)
self.addCleanup(netcat.stop_processes)
self.assertTrue(netcat.test_connectivity())
def _test_conntrack_disassociate_fip(self, ha):
'''Test that conntrack immediately drops stateful connection
that uses floating IP once it's disassociated.
'''
router_info = self.generate_router_info(enable_ha=ha)
router = self.manage_router(self.agent, router_info)
port = net_helpers.get_free_namespace_port(
constants.PROTO_NAME_TCP, router.ns_name)
client_address = '19.4.4.3'
server_address = '35.4.0.4'
def clean_fips(router):
router.router[constants.FLOATINGIP_KEY] = []
clean_fips(router)
self._add_fip(router, client_address, fixed_address=server_address)
router.process()
router_ns = ip_lib.IPWrapper(namespace=router.ns_name)
netcat = net_helpers.NetcatTester(
router.ns_name, router.ns_name, client_address, port,
protocol=net_helpers.NetcatTester.TCP)
self.addCleanup(netcat.stop_processes)
def assert_num_of_conntrack_rules(n):
out = router_ns.netns.execute(["conntrack", "-L",
"--orig-src", client_address])
self.assertEqual(
n, len([line for line in out.strip().split('\n') if line]))
if ha:
common_utils.wait_until_true(lambda: router.ha_state == 'master')
with self.assert_max_execution_time(100):
assert_num_of_conntrack_rules(0)
self.assertTrue(netcat.test_connectivity())
assert_num_of_conntrack_rules(1)
clean_fips(router)
router.process()
assert_num_of_conntrack_rules(0)
with testtools.ExpectedException(RuntimeError):
netcat.test_connectivity()
def start_of_controller(self, conf):
LOG.info('%s(): caller(): %s', log_utils.get_fname(1), log_utils.get_fname(2))
self.br_int_cls = None
self.br_tun_cls = None
self.br_phys_cls = None
self.init_done = False
self.init_done_ev = eventlet.event.Event()
self.main_ev = eventlet.event.Event()
self.addCleanup(self._kill_main)
retry_count = 3
while True:
# Try a few different ports as a port conflict
# causes the test to fail.
conf.set_override('of_listen_port',
net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP),
group='OVS')
cfg.CONF.set_override('of_listen_port',
conf.OVS.of_listen_port,
group='OVS')
main_mod.init_config()
self._main_thread = eventlet.spawn(self._kick_main)
# Wait for _kick_main -> openflow main -> _agent_main
# NOTE(yamamoto): This complexity came from how we run openflow
# controller. Main routine blocks while running the embedded
# openflow controller. In that case, the agent rpc_loop runs in
# another thread. However, for FT we need to run setUp() and
# test_xxx() in the same thread. So I made this run openflow main
# in a separate thread instead.
try:
while not self.init_done:
self.init_done_ev.wait()
break
except fixtures.TimeoutException:
self._kill_main()
retry_count -= 1
if retry_count < 0:
raise Exception('port allocation failed')
def setUp(self):
super(OVSAgentTestBase, self).setUp()
self.br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.of_interface_mod = importutils.import_module(self.main_module)
self.br_int_cls = None
self.br_tun_cls = None
self.br_phys_cls = None
self.br_int = None
self.init_done = False
self.init_done_ev = eventlet.event.Event()
self.main_ev = eventlet.event.Event()
self.addCleanup(self._kill_main)
retry_count = 3
while True:
cfg.CONF.set_override('of_listen_port',
net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP),
group='OVS')
self.of_interface_mod.init_config()
self._main_thread = eventlet.spawn(self._kick_main)
# Wait for _kick_main -> of_interface main -> _agent_main
# NOTE(yamamoto): This complexity came from how "native"
# of_interface runs its openflow controller. "native"
# of_interface's main routine blocks while running the
# embedded openflow controller. In that case, the agent
# rpc_loop runs in another thread. However, for FT we
# need to run setUp() and test_xxx() in the same thread.
# So I made this run of_interface's main in a separate
# thread instead.
try:
while not self.init_done:
self.init_done_ev.wait()
break
except fixtures.TimeoutException:
self._kill_main()
retry_count -= 1
if retry_count < 0:
raise Exception('port allocation failed')
def setUp(self):
super(OVSAgentTestBase, self).setUp()
self.br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.of_interface_mod = importutils.import_module(self.main_module)
self.br_int_cls = None
self.br_tun_cls = None
self.br_phys_cls = None
self.br_int = None
self.init_done = False
self.init_done_ev = eventlet.event.Event()
self.main_ev = eventlet.event.Event()
self.addCleanup(self._kill_main)
retry_count = 3
while True:
cfg.CONF.set_override('of_listen_port',
net_helpers.get_free_namespace_port(
n_const.PROTO_NAME_TCP),
group='OVS')
self.of_interface_mod.init_config()
self._main_thread = eventlet.spawn(self._kick_main)
# Wait for _kick_main -> of_interface main -> _agent_main
# NOTE(yamamoto): This complexity came from how "native"
# of_interface runs its openflow controller. "native"
# of_interface's main routine blocks while running the
# embedded openflow controller. In that case, the agent
# rpc_loop runs in another thread. However, for FT we
# need to run setUp() and test_xxx() in the same thread.
# So I made this run of_interface's main in a separate
# thread instead.
try:
while not self.init_done:
self.init_done_ev.wait()
break
except fixtures.TimeoutException:
self._kill_main()
retry_count -= 1
if retry_count < 0:
raise Exception('port allocation failed')
