def test_addr_assignment(self):
"""Test correct assignment of Docker host addresses to border router interfaces."""
net = HostNetwork("host_network", ipaddress.ip_network("10.0.0.0/24"))
hosts = [LocalHost(), LocalHost()]
asys = [AS(host, False) for host in hosts]
net.set_host_ip(hosts[0], ipaddress.ip_address("10.0.0.10"))
net.set_host_ip(hosts[1], ipaddress.ip_address("10.0.0.11"))
with self.assertRaises(errors.NotAvailable):
net.assign_br_address(ISD_AS("1-ff00:0:000"),
asys[0],
IfId(1),
pref_ip=ipaddress.ip_address("10.0.0.2"))
ip, port = net.assign_br_address(ISD_AS("1-ff00:0:000"), asys[0],
IfId(1))
self.assertEqual(ip, ipaddress.ip_address("10.0.0.10"))
self.assertEqual(port, L4Port(50000))
ip, port = net.assign_br_address(ISD_AS("1-ff00:0:001"), asys[1],
IfId(1))
self.assertEqual(ip, ipaddress.ip_address("10.0.0.11"))
self.assertEqual(port, L4Port(50000))
ip, port = net.assign_br_address(ISD_AS("1-ff00:0:001"), asys[1],
IfId(2))
self.assertEqual(ip, ipaddress.ip_address("10.0.0.11"))
self.assertEqual(port, L4Port(50001))
def get_br_prom_ports(self, isd_as: ISD_AS) -> List[L4Port]:
"""Get the Prometheus endpoint ports of all border routers in the given AS."""
ports = io.StringIO()
cntr = self.get_django_container()
user = const.SCIONLAB_USER_DEBUG if self.debug else const.SCIONLAB_USER_PRODUCTION
cmd = "./manage.py runscript print_prom_ports --script-args %s" % isd_as.as_str(
)
run_cmd_in_cntr(cntr, user, cmd, output=ports, check=True)
return [L4Port(int(port)) for port in ports.getvalue().split()]
def _get_external_address(dict) -> Optional[UnderlayAddress]:
"""Parse the address a service is supposed to be exposed on.
:param dict: Mapping to retrieve the address from.
:returns: None, if no address is given in `dict`.
"""
if 'expose' in dict:
ip = ipaddress.ip_address(dict.get('expose_on', '0.0.0.0'))
port = L4Port(int(dict['expose']))
return UnderlayAddress(ip, port)
return None
def __init__(self,
name: str,
ssh_host: IpAddress,
username: str,
*,
identity_file: Optional[Path] = None,
ssh_port: L4Port = L4Port(22)):
self._name = name
self._ssh_host = ssh_host
self._ssh_port = ssh_port
self._username = username
self._identity_file = identity_file
self._ssh_session: Optional[Session] = None
self._sftp_session: Optional[ssh2.sftp.SFTP] = None
self._dc: docker.DockerClient = None
def test(self):
"""Test successful address assignment."""
topo = self.topo
assign_underlay_addresses(topo)
self.assertEqual(len(topo.bridges), 4)
# link 1
net = topo.get_bridge_subnet(ipaddress.ip_network("10.0.10.0/29"))
self.assertIsInstance(net, DockerBridge)
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:110"), IfId(1)),
UnderlayAddress(ipaddress.ip_address("10.0.10.2"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:111"), IfId(1)),
UnderlayAddress(ipaddress.ip_address("10.0.10.3"), L4Port(50000)))
# link 2
net = topo.get_bridge_subnet(ipaddress.ip_network("10.0.11.0/29"))
self.assertIsInstance(net, DockerBridge)
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:110"), IfId(2)),
UnderlayAddress(ipaddress.ip_address("10.0.11.2"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:112"), IfId(1)),
UnderlayAddress(ipaddress.ip_address("10.0.11.3"), L4Port(50000)))
# links 3 to 5
net = topo.get_bridge_subnet(ipaddress.ip_network("10.0.20.0/24"))
self.assertIsInstance(net, OvsBridge)
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:111"), IfId(2)),
UnderlayAddress(ipaddress.ip_address("10.0.20.2"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:111"), IfId(3)),
UnderlayAddress(ipaddress.ip_address("10.0.20.2"), L4Port(50001)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:112"), IfId(2)),
UnderlayAddress(ipaddress.ip_address("10.0.20.3"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:112"), IfId(3)),
UnderlayAddress(ipaddress.ip_address("10.0.20.3"), L4Port(50001)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:113"), IfId(1)),
UnderlayAddress(ipaddress.ip_address("10.0.20.4"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:113"), IfId(2)),
UnderlayAddress(ipaddress.ip_address("10.0.20.4"), L4Port(50001)))
# link 6
net = topo.get_bridge_subnet(ipaddress.ip_network("10.0.21.0/24"))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:112"), IfId(4)),
UnderlayAddress(ipaddress.ip_address("10.0.21.9"), L4Port(50000)))
self.assertEqual(
net.get_br_address(ISD_AS("1-ff00:0:113"), IfId(3)),
UnderlayAddress(ipaddress.ip_address("10.0.21.10"), L4Port(50000)))
def extract_topo_info(topo_file: MutableMapping[str, Any],
name: Optional[str] = None) -> Topology:
"""Initialize a Topology object with information read from a topology definition.
Interface identifiers not specified in the input file are automatically assigned and added to
the returned Topology object and to `topo_file`.
:param topo_file: The input topology file parsed into a dictionary. When the function returns,
the IXP testbed specific entries have been removed.
:param name: An optional name for the topology. This name is added to all containers, network
bridges, etc. to distinguish them from other testbed instances.
:returns: Extracted topology information.
:raises InvalidTopo: The topology file is invalid.
"""
topo = Topology(name)
networks = NetworkFactory()
brs = BrFactory()
ifids = IfIdMapping(topo_file)
# Subnet for automatically generated local docker bridges
if 'link_subnet' in topo_file.get('defaults', {}):
topo.default_link_subnet = ipaddress.ip_network(
topo_file['defaults'].pop("link_subnet"))
topo.ipv6_enabled |= (topo.default_link_subnet.version == 6)
else:
topo.default_link_subnet = None
# Hosts (first pass: create host objects)
localhost = topo.hosts['localhost'] = LocalHost() # always exists
for host_name, host_def in topo_file.get('hosts', {}).items():
if host_name != 'localhost':
if host_name in topo.hosts:
log.error("Multiple hosts with name '%s'.", host_name)
raise errors.InvalidTopo()
if not 'coordinator' in topo_file:
log.error(
"Running a topology spanning multiple hosts requires a coordinator."
)
raise errors.InvalidTopo()
topo.hosts[host_name] = RemoteHost(
host_name,
_get_ip(host_def, 'ssh_host', host_name),
_get_value(host_def, 'username', host_name),
identity_file=host_def.get("identity_file"),
ssh_port=L4Port(int(host_def.get('ssh_port', 22))))
# Networks
if 'networks' in topo_file:
net_defs = topo_file.pop('networks') # remove networks section
for net_name, net_def in net_defs.items():
type = _get_value(net_def, 'type', net_name)
subnet = _get_value(net_def, 'subnet', net_name)
host = topo.hosts[net_def.get('host', 'localhost')]
networks.create(net_name, topo.get_name_prefix(), type, host,
subnet, net_def)
# Hosts (second pass: parse network addresses for host networks)
for host_name, host_def in topo_file.get('hosts', {}).items():
for net, addr in host_def.get('addresses', {}).items():
networks.set_host_ip(net, topo.hosts[host_name], addr)
topo_file.pop('hosts', None) # remove host section
# Coordinator
if 'coordinator' in topo_file:
coord_def = topo_file.pop('coordinator') # remove coordinator section
host = topo.hosts[coord_def.get('host', 'localhost')]
def_name = lambda: topo.get_name_prefix() + const.COORD_NET_NAME
bridge = networks.get(_get_value(coord_def, 'network', 'coordinator'),
def_name, localhost)
cpu_affinity = CpuSet(coord_def.get('cpu_affinity'))
ssh_management = coord_def.get('ssh_management', False)
debug = coord_def.get('debug', True)
compose_path = None
if debug:
if ssh_management:
log.warning(
"Coordinator in debug mode, 'ssh_management' has no effect."
)
else:
compose_path = Path(
_get_value(coord_def, 'compose_path', 'coordinator'))
if 'expose' not in coord_def:
log.warning(
"No interface to publish the coordinator on given. The coordinator will"
" be exposed at http://127.0.0.1:8000.")
coord = Coordinator(topo.get_coord_name(), host, bridge, cpu_affinity,
ssh_management, debug, compose_path)
coord.exposed_at = _get_external_address(coord_def)
for name, data in coord_def['users'].items():
if name is None:
log.error("User name missing.")
raise errors.InvalidTopo()
coord.users[name] = User(data['email'], data['password'],
data.get('superuser', False))
topo.coordinator = coord
# Prometheus
if 'prometheus' in topo_file:
prom_def = topo_file.pop('prometheus') # remove prometheus section
host = topo.hosts[prom_def.get('host', 'localhost')]
def_name = lambda: topo.gen_bridge_name()
bridge = networks.get(_get_value(prom_def, 'network', 'coordinator'),
def_name, localhost)
if not bridge.is_docker_managed:
log.error("Invalid network type for Prometheus.")
raise InvalidTopo()
prom = Prometheus(
host,
cast(DockerNetwork, bridge),
cpu_affinity=CpuSet(prom_def.get('cpu_affinity')),
scrape_interval=prom_def.get('scrape_interval', "30s"),
storage_dir=_get_optional_path(prom_def, 'storage_dir'),
targets=[ISD_AS(target) for target in prom_def['targets']])
prom.exposed_at = _get_external_address(prom_def)
topo.additional_services.append(prom)
# IXP definitions
for ixp_name, ixp_def in topo_file.pop('IXPs',
{}).items(): # remove IXP section
if ixp_name in topo.ixps:
log.error("IXP %s is defined multiple times.", name)
raise errors.InvalidTopo()
net_name = _get_value(ixp_def, 'network', ixp_name)
def_name = lambda: topo.get_name_prefix() + ixp_name
bridge = networks.get(net_name, def_name, localhost)
topo.ixps[ixp_name] = Ixp(bridge)
# ASes
for as_name, as_def in topo_file['ASes'].items():
isd_as = ISD_AS(as_name)
host_name = as_def.get('host', 'localhost')
host = None
try:
host = topo.hosts[host_name]
except KeyError:
log.error("Invalid host: '%s'.", as_def[host_name])
raise
cpu_affinity = CpuSet(as_def.get('cpu_affinity'))
asys = AS(host, as_def.get('core', False), cpu_affinity)
asys.is_attachment_point = as_def.pop('attachment_point', False)
asys.owner = as_def.pop('owner', None)
topo.ases[isd_as] = asys
if topo.coordinator:
for ixp_name in as_def.pop('ixps', []):
if asys.owner is None:
log.error("Infrastructure AS %s has an IXP list.", isd_as)
raise errors.InvalidTopo()
ixp = topo.ixps[ixp_name]
ixp.ases[isd_as] = asys
# Add dummy link to IXP to make sure there is a network connection.
# Actual links will be configured by the coordinator.
# The border router of the link endpoint is labeled here to avoid creating a new
# border router for every IXP link.
end_point = LinkEp(isd_as,
ifid=ifids.assign_ifid(isd_as),
br_label='peer')
link = Link(end_point, LinkEp(), LinkType.UNSET)
link.bridge = ixp.bridge
topo.links.append(link)
brs.add_link_ep(end_point, link)
# Link definitions
for link in topo_file['links']:
a, b = LinkEp(link['a']), LinkEp(link['b'])
# Assing IfIds if not given in the original topo file.
# Setting the IDs of all interfaces in the processed topology file ensures we can identify
# the interfaces in the configuration files generated by scion.sh.
for ep, name in [(a, 'a'), (b, 'b')]:
if ep.ifid is None:
ep.ifid = ifids.assign_ifid(ep)
link[name] = "{}#{}".format(link[name], ep.ifid)
topo.links.append(Link(a, b, link['linkAtoB']))
# Keep track of border routers that will be created for the links.
brs.add_link_ep(a, topo.links[-1])
brs.add_link_ep(b, topo.links[-1])
# Assign to a network if an IXP name or an explicit IP network is given.
if "network" in link:
net = link.pop('network')
if net in topo.ixps: # use the IXPs network
ixp = topo.ixps[net]
topo.links[-1].bridge = ixp.bridge
ixp.ases[a] = topo.ases[a]
ixp.ases[b] = topo.ases[b]
else:
def_name = lambda: topo.gen_bridge_name()
topo.links[-1].bridge = networks.get(net, def_name, localhost)
else:
if topo.ases[a].host != topo.ases[b].host:
log.error(
"Links between ASes on different hosts must specify the network to use."
)
raise errors.InvalidTopo()
# Enable IPv6 support if needed.
topo.ipv6_enabled = networks.is_ipv6_required()
# Store bridges in topology.
topo.bridges = networks.get_bridges()
# Store border router info in corresponsing AS.
for isd_as, asys in topo.ases.items():
asys.border_routers = brs.get_brs(isd_as)
return topo
def test(self):
"""Test successful parse of a topology with multiple hosts and a coordinator."""
topo_file = yaml.safe_load(TEST_TOPO)
topo = extract_topo_info(topo_file)
assign_underlay_addresses(topo)
# IPv6
self.assertFalse(topo.ipv6_enabled)
# Default link subnet
self.assertEqual(topo.default_link_subnet,
ipaddress.ip_network("10.0.10.0/24"))
# Hosts
self.assertEqual(len(topo.hosts), 2)
self.assertIsInstance(topo.hosts['localhost'], LocalHost)
self.assertIsInstance(topo.hosts['host1'], RemoteHost)
host = cast(RemoteHost, topo.hosts['host1'])
self.assertEqual(host.name, 'host1')
self.assertEqual(host.ssh_host, ipaddress.ip_address("192.168.244.3"))
self.assertEqual(host._ssh_port, 22)
self.assertEqual(host._username, "scion")
self.assertEqual(host._identity_file, ".ssh/id_rsa")
# Networks
self.assertEqual(len(topo.bridges), 8)
bridge = topo.get_bridge_subnet(ipaddress.ip_network("10.0.20.0/24"))
self.assertIsInstance(bridge, DockerBridge)
self.assertEqual(bridge.name, "bridge1")
self.assertEqual(
cast(DockerBridge, bridge)._host, topo.hosts['localhost'])
bridge = topo.get_bridge_subnet(ipaddress.ip_network("10.0.21.0/24"))
self.assertIsInstance(bridge, OvsBridge)
self.assertEqual(bridge.name, "ovs_bridge1")
self.assertEqual(
cast(OvsBridge, bridge)._host, topo.hosts['localhost'])
bridge = topo.get_bridge_subnet(ipaddress.ip_network("10.0.22.0/24"))
self.assertIsInstance(bridge, OverlayNetwork)
self.assertEqual(bridge.name, "overlay_bridge1")
self.assertEqual(
cast(OverlayNetwork, bridge)._host, topo.hosts['host1'])
self.assertEqual(cast(OverlayNetwork, bridge).encrypted, True)
bridge = topo.get_bridge_subnet(ipaddress.ip_network("10.0.23.0/24"))
self.assertIsInstance(bridge, HostNetwork)
self.assertEqual(bridge.name, "physical_network1")
# Coordinator
self.assertIs(topo.coordinator.bridge,
topo.get_bridge_name("overlay_bridge1"))
self.assertIs(topo.coordinator.host, topo.hosts['localhost'])
self.assertFalse(topo.coordinator.cpu_affinity.is_unrestricted())
self.assertEqual(str(topo.coordinator.cpu_affinity), "0")
expected = UnderlayAddress(ipaddress.ip_address("192.168.244.2"),
L4Port(8000))
self.assertEqual(topo.coordinator.exposed_at, expected)
self.assertEqual(len(topo.coordinator.users), 3)
user = topo.coordinator.users['admin']
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.password, "admin")
self.assertTrue(user.is_admin)
user = topo.coordinator.users['user1']
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.password, "user1")
self.assertFalse(user.is_admin)
user = topo.coordinator.users['user2']
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.password, "user2")
self.assertFalse(user.is_admin)
# Prometheus
self.assertEqual(len(topo.additional_services), 1)
prom = cast(Prometheus, topo.additional_services[0])
self.assertIs(prom.bridge, topo.get_bridge_name("overlay_bridge1"))
self.assertEqual(prom.host, topo.hosts['localhost'])
self.assertFalse(prom.cpu_affinity.is_unrestricted())
self.assertEqual(str(prom.cpu_affinity), "1")
expected = UnderlayAddress(ipaddress.ip_address("192.168.244.2"),
L4Port(9090))
self.assertEqual(prom.exposed_at, expected)
self.assertEqual(prom.scrape_interval, "5s")
self.assertIn(ISD_AS("1-ff00:0:110"), prom.targets)
self.assertIn(ISD_AS("1-ff00:0:111"), prom.targets)
self.assertIn(ISD_AS("1-ff00:0:112"), prom.targets)
# ASes
self.assertEqual(len(topo.ases), 8)
asys = topo.ases[ISD_AS("1-ff00:0:110")]
self.assertTrue(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertTrue(asys.cpu_affinity.is_unrestricted())
self.assertIsNone(asys.owner)
asys = topo.ases[ISD_AS("1-ff00:0:111")]
self.assertFalse(asys.is_core)
self.assertTrue(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertTrue(asys.cpu_affinity.is_unrestricted())
self.assertIsNone(asys.owner)
asys = topo.ases[ISD_AS("1-ff00:0:112")]
self.assertFalse(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertFalse(asys.cpu_affinity.is_unrestricted())
self.assertEqual(str(asys.cpu_affinity), "0,1,2,3")
self.assertEqual(asys.owner, "user1")
asys = topo.ases[ISD_AS("1-ff00:0:113")]
self.assertFalse(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertFalse(asys.cpu_affinity.is_unrestricted())
self.assertEqual(str(asys.cpu_affinity), "2,3,5")
self.assertEqual(asys.owner, "user1")
asys = topo.ases[ISD_AS("2-ff00:0:210")]
self.assertTrue(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertIsNone(asys.owner)
asys = topo.ases[ISD_AS("2-ff00:0:211")]
self.assertFalse(asys.is_core)
self.assertTrue(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['localhost'])
self.assertIsNone(asys.owner)
asys = topo.ases[ISD_AS("2-ff00:0:212")]
self.assertFalse(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['host1'])
self.assertEqual(asys.owner, "user2")
asys = topo.ases[ISD_AS("2-ff00:0:213")]
self.assertFalse(asys.is_core)
self.assertFalse(asys.is_attachment_point)
self.assertIs(asys.host, topo.hosts['host1'])
self.assertEqual(asys.owner, "user2")
# IXPs
self.assertIn("ixp1", topo.ixps)
ixp = topo.ixps["ixp1"]
expected_ases = [ISD_AS("1-ff00:0:112"), ISD_AS("1-ff00:0:113")]
for isd_as in expected_ases:
self.assertIn(isd_as, ixp.ases)
self.assertIs(ixp.ases[isd_as], topo.ases[isd_as])
self.assertIsInstance(ixp.bridge, DockerBridge)
self.assertEqual(ixp.bridge.ip_network,
ipaddress.ip_network("10.0.12.0/24"))
self.assertIn("ixp2", topo.ixps)
ixp = topo.ixps["ixp2"]
expected_ases = [
ISD_AS("1-ff00:0:112"),
ISD_AS("1-ff00:0:113"),
ISD_AS("2-ff00:0:212"),
ISD_AS("2-ff00:0:213")
]
for isd_as in expected_ases:
self.assertIn(isd_as, ixp.ases)
self.assertIs(ixp.ases[isd_as], topo.ases[isd_as])
self.assertIsInstance(ixp.bridge, HostNetwork)
self.assertIs(ixp.bridge, topo.get_bridge_name("physical_network1"))
# Links
self.assertEqual(len(topo.links), 13)
interfaces = dict(topo.ases[ISD_AS("1-ff00:0:110")].links())
link = interfaces[IfId(1)]
subnet = ipaddress.ip_network("10.0.13.0/24")
self.assertIs(link.bridge, topo.get_bridge_subnet(subnet))
interfaces = dict(topo.ases[ISD_AS("1-ff00:0:111")].links())
link = interfaces[IfId(1)]
self.assertTrue(
link.bridge.ip_network.overlaps(topo.default_link_subnet))
link = interfaces[IfId(2)]
self.assertTrue(
link.bridge.ip_network.overlaps(topo.default_link_subnet))
interfaces = dict(topo.ases[ISD_AS("2-ff00:0:211")].links())
link = interfaces[IfId(1)]
self.assertIs(link.bridge, topo.get_bridge_name("overlay_bridge1"))
link = interfaces[IfId(2)]
self.assertIs(link.bridge, topo.get_bridge_name("overlay_bridge1"))
null = LinkEp()
dummy_link_count = 0
for link in topo.links:
if link.type == LinkType.UNSET:
dummy_link_count += 1
self.assertEqual(link.ep_b, null)
elif link.ep_b == null:
self.assertEqual(link.type, LinkType.UNSET)
self.assertNotEqual(link.ep_a, null)
self.assertEqual(dummy_link_count, 6)
# topo_file
self.assertNotIn("link_subnet", topo_file['defaults'])
self.assertNotIn("hosts", topo_file)
self.assertNotIn("networks", topo_file)
self.assertNotIn("coordinator", topo_file)
self.assertNotIn("IXPs", topo_file)
for link in topo_file['links']:
self.assertNotIn('network', link)
def get_http_interface(self, bridge: Bridge) -> UnderlayAddress:
return UnderlayAddress(
unwrap(bridge.get_ip_address(self._COORD_CADDY)),
L4Port(const.COORD_PORT))