def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
self.client, self.server = self.useFixture(
machine_fixtures.PeerMachines(bridge)).machines
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=bridge.namespace)
self._set_src_mac(self.MAC_REAL)
client_br_port_name = net_helpers.VethFixture.get_peer_name(
self.client.port.name)
self.src_port_desc = {
'admin_state_up': True,
'device': client_br_port_name,
'device_owner': DEVICE_OWNER_COMPUTE,
'fixed_ips': [self.client.ip],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def create_bridge_port_fixture(self):
bridge = self.useFixture(
net_helpers.LinuxBridgeFixture(namespace=None)).bridge
port_fixture = self.useFixture(
net_helpers.LinuxBridgePortFixture(
bridge, port_id=uuidutils.generate_uuid()))
return bridge, port_fixture
def _test_linuxbridge_cleanup(self, bridge_exists, callback):
br_fixture = self.useFixture(
tools.SafeCleanupFixture(
net_helpers.LinuxBridgeFixture(
prefix=lb_agent.BRIDGE_NAME_PREFIX))).fixture
config = callback(br_fixture)
# NOTE(slaweq): use of oslo.privsep inside neutron-linuxbridge-cleanup
# script requires rootwrap helper to be configured in this script's
# config
config.update({
'AGENT': {
'root_helper': tests_base.get_rootwrap_cmd(),
'root_helper_daemon': tests_base.get_rootwrap_daemon_cmd()
}
})
config.update({'VXLAN': {'enable_vxlan': 'False'}})
temp_dir = self.useFixture(fixtures.TempDir()).path
conf = self.useFixture(
config_fixtures.ConfigFileFixture(base_filename='neutron.conf',
config=config,
temp_dir=temp_dir))
cmd = 'neutron-linuxbridge-cleanup', '--config-file', conf.filename
ip_wrapper = ip_lib.IPWrapper(br_fixture.namespace)
ip_wrapper.netns.execute(cmd)
self.assertEqual(
bridge_exists,
ip_lib.device_exists(br_fixture.bridge.name, br_fixture.namespace))
def test_plug_with_namespace_sets_mtu_higher_than_bridge(self):
device_mtu = 1450
# Create a new OVS bridge
ovs_bridge = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
self.assertFalse(ovs_bridge.get_port_name_list())
# Add a new linuxbridge port with reduced MTU to OVS bridge
lb_bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
lb_bridge_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(lb_bridge))
lb_bridge_port.port.link.set_mtu(device_mtu - 1)
ovs_bridge.add_port(lb_bridge_port.port.name)
# Now plug a device with intended MTU that is higher than for the port
# above and validate that its MTU is not reduced to the least MTU on
# the bridge
device_name = utils.get_rand_name()
mac_address = utils.get_random_mac('fa:16:3e:00:00:00'.split(':'))
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.interface.plug(network_id=uuidutils.generate_uuid(),
port_id=uuidutils.generate_uuid(),
device_name=device_name,
mac_address=mac_address,
bridge=ovs_bridge.br_name,
namespace=namespace,
mtu=device_mtu)
self.assertIn(device_name, ovs_bridge.get_port_name_list())
self.assertTrue(ip_lib.device_exists(device_name, namespace))
self.assertEqual(
device_mtu,
ip_lib.IPDevice(device_name, namespace=namespace).link.mtu)
def _setUp(self):
super(LinuxBridgeConnectionTester, self)._setUp()
self.bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
machines = self.useFixture(
machine_fixtures.PeerMachines(self.bridge, self.ip_cidr)).machines
self._peer = machines[0]
self._vm = machines[1]
def setUp(self):
super(LinuxBridgeARPSpoofTestCase, self).setUp()
lbfixture = self.useFixture(net_helpers.LinuxBridgeFixture())
self.addCleanup(setattr, arp_protect, 'NAMESPACE', None)
arp_protect.NAMESPACE = lbfixture.namespace
bridge = lbfixture.bridge
self.source, self.destination, self.observer = self.useFixture(
machine_fixtures.PeerMachines(bridge, amount=3)).machines
def _setUp(self):
super(LinuxBridgeConnectionTester, self)._setUp()
bridge_args = {}
if self.bridge_name:
bridge_args = {'prefix': self.bridge_name,
'prefix_is_full_name': True}
self.bridge = self.useFixture(
net_helpers.LinuxBridgeFixture(**bridge_args)).bridge
machines = self.useFixture(
machine_fixtures.PeerMachines(
self.bridge, self.ip_cidr)).machines
self._peer = machines[0]
self._vm = machines[1]
def get_bridge(self, network_id):
if "ovs" in self.agents.keys():
return self.ovs_agent.br_int
elif "linuxbridge" in self.agents.keys():
bridge = self.network_bridges.get(network_id, None)
if not bridge:
br_prefix = lb_agent.LinuxBridgeManager.get_bridge_name(
network_id)
bridge = self.useFixture(
net_helpers.LinuxBridgeFixture(
prefix=br_prefix,
namespace=self.host_namespace,
prefix_is_full_name=True)).bridge
self.network_bridges[network_id] = bridge
return bridge
def test_plug_with_namespace_sets_mtu_higher_than_bridge(self):
# First, add a new linuxbridge port with reduced MTU to OVS bridge
lb_bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
lb_bridge_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(lb_bridge))
lb_bridge_port.port.link.set_mtu(1400)
self.bridge.add_port(lb_bridge_port.port.name)
device_name = utils.get_rand_name()
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
# Now plug a device with intended MTU that is higher than for the port
# above and validate that its MTU is not reduced to the least MTU on
# the bridge
self._test_mtu_set_after_action(device_name, self.bridge_name,
namespace)
def _test_linuxbridge_cleanup(self, bridge_exists, callback):
br_fixture = self.useFixture(
tools.SafeCleanupFixture(
net_helpers.LinuxBridgeFixture(
prefix=lb_agent.BRIDGE_NAME_PREFIX))).fixture
config = callback(br_fixture)
temp_dir = self.useFixture(fixtures.TempDir()).path
conf = self.useFixture(
config_fixtures.ConfigFileFixture(base_filename='neutron.conf',
config=config,
temp_dir=temp_dir))
cmd = 'neutron-linuxbridge-cleanup', '--config-file', conf.filename
ip_wrapper = ip_lib.IPWrapper(br_fixture.namespace)
ip_wrapper.netns.execute(cmd)
self.assertEqual(
bridge_exists,
ip_lib.device_exists(br_fixture.bridge.name, br_fixture.namespace))
def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
# FIXME(cbrandily): temporary, will be replaced by fake machines
self.src_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
src_port_fixture = self.useFixture(
net_helpers.LinuxBridgePortFixture(bridge,
self.src_ip_wrapper.namespace))
self.src_port = src_port_fixture.port
self._set_ip_up(self.src_port, '%s/24' % self.SRC_ADDRESS)
self.dst_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
self.dst_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(
bridge, self.dst_ip_wrapper.namespace)).port
self._set_ip_up(self.dst_port, '%s/24' % self.DST_ADDRESS)
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=bridge.namespace)
self._set_src_mac(self.MAC_REAL)
self.src_port_desc = {
'admin_state_up': True,
'device': src_port_fixture.br_port.name,
'device_owner': 'compute:None',
'fixed_ips': [self.SRC_ADDRESS],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def create_bridge_port_fixture(self):
bridge = self.useFixture(
net_helpers.LinuxBridgeFixture(namespace=None)).bridge
port_fixture = self.useFixture(
net_helpers.LinuxBridgePortFixture(bridge))
return bridge, port_fixture
def setUp(self):
super(BridgeInterfaceDriverTestCase, self).setUp()
conf = cfg.ConfigOpts()
conf.register_opts(interface.OPTS)
self.interface = interface.BridgeInterfaceDriver(conf)
self.bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
def _setUp(self):
super(LinuxBridgeConnectionTester, self)._setUp()
self._bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
self._peer, self._vm = self.useFixture(
machine_fixtures.PeerMachines(self._bridge)).machines
