def test_create_router_interface(self):
ovs = utils.OvsFlowsParser()
flows_before_change = ovs.dump(self.integration_bridge)
router = self.store(objects.RouterTestObj(self.neutron, self.nb_api))
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
subnet = {
'network_id': network_id,
'cidr': '10.30.0.0/24',
'gateway_ip': '10.30.0.1',
'ip_version': 4,
'name': 'subnet-test',
'enable_dhcp': True
}
subnet = self.neutron.create_subnet({'subnet': subnet})
subnet_id = subnet['subnet']['id']
router_id = router.create()
self.assertTrue(router.exists())
subnet_msg = {'subnet_id': subnet_id}
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
self.neutron.add_interface_router(router_id, body=subnet_msg)
dhcp_ip = utils.wait_until_is_and_return(
lambda: self.get_dhcp_ip(network_id, subnet_id),
exception=Exception('DHCP IP was not generated'))
flows_after_change = ovs.dump(self.integration_bridge)
self.assertFalse(self.check_dhcp_rule(flows_before_change, dhcp_ip))
self.assertTrue(self.check_dhcp_rule(flows_after_change, dhcp_ip))
self.neutron.remove_interface_router(router_id, body=subnet_msg)
router.close()
network.close()
utils.wait_until_none(
lambda: self.check_dhcp_rule(ovs.dump(self.integration_bridge),
dhcp_ip),
exception=Exception('DHCP IP was not removed from OpenFlow rules'),
timeout=30)
def _get_arp_table_flows(self):
ovs_flows_parser = test_utils.OvsFlowsParser()
flows = ovs_flows_parser.dump(self.integration_bridge)
flows = [
flow for flow in flows if flow['table'] == str(const.ARP_TABLE)
]
return flows
def _get_vm_flows(self, vm_mac):
ovs_flows_parser = utils.OvsFlowsParser()
flows = ovs_flows_parser.dump(self.integration_bridge)
flows = [flow for flow in flows if
flow['table'] == str(const.ARP_TABLE) and
vm_mac in flow['actions']]
return flows
def test_flat_network_flows(self):
if not self._check_providers_net_app_enable():
return
physical_network = self._parse_flat_network()
if not physical_network:
self.assertIsNotNone(None)
return
# Create network
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_params = {
"name": "flat_1",
"provider:network_type": "flat",
"provider:physical_network": physical_network
}
network_id = network.create(network=network_params)
# Create subnet
subnet_params = {
'network_id': network_id,
'cidr': '100.64.1.0/24',
'gateway_ip': '10.64.1.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True
}
subnet = self.neutron.create_subnet({'subnet': subnet_params})
self.assertIsNotNone(subnet)
# Create VM
ovs = utils.OvsFlowsParser()
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network)
ip = vm.get_first_ipv4()
self.assertIsNotNone(ip)
mac = vm.get_first_mac()
self.assertIsNotNone(mac)
metadataid = utils.wait_until_is_and_return(
lambda: self._get_metadata_id(ovs.dump(self.integration_bridge),
ip, mac),
exception=Exception('Metadata id was not found in OpenFlow rules'))
port = utils.wait_until_is_and_return(
lambda: utils.get_vm_port(self.nb_api, ip, mac),
exception=Exception('No port assigned to VM'))
port_key = port.unique_key
port_key_hex = hex(port_key)
r = self._check_flat_flows(ovs.dump(self.integration_bridge),
metadataid, port_key_hex, mac)
for key, value in r.items():
self.assertIsNotNone(value, key)
vm.server.stop()
vm.close()
network.close()
return None
def test_vm_multicast(self):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create(network={'name': 'private'})
subnet = {
'network_id': network_id,
'cidr': '10.200.0.0/24',
'gateway_ip': '10.200.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True
}
subnet = self.neutron.create_subnet({'subnet': subnet})
ovs = utils.OvsFlowsParser()
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network)
ip = vm.get_first_ipv4()
self.assertIsNotNone(ip)
self.assertIsNotNone(vm.server.addresses['private'])
mac = vm.server.addresses['private'][0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
metadataid = utils.wait_until_is_and_return(
lambda: self._get_metadata_id(ovs.dump(self.integration_bridge),
ip, mac),
exception=Exception('Metadata id was not found in OpenFlow rules'))
port = utils.wait_until_is_and_return(
lambda: self._get_vm_port(ip, mac),
exception=Exception('No port assigned to VM'))
tunnel_key = port.get_tunnel_key()
tunnel_key_hex = hex(tunnel_key)
r = self._check_multicast_rule(ovs.dump(self.integration_bridge),
metadataid, tunnel_key_hex)
self.assertIsNotNone(r)
vm.close()
network.close()
def test_create_update_subnet_with_dhcp(self):
ovs = utils.OvsFlowsParser()
flows_before_change = ovs.dump(self.integration_bridge)
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
subnet = {
'network_id': network_id,
'cidr': '10.10.254.0/24',
'gateway_ip': '10.10.254.1',
'ip_version': 4,
'name': 'subnet-test',
'enable_dhcp': True
}
subnet = self.neutron.create_subnet({'subnet': subnet})
subnet_id = subnet['subnet']['id']
dhcp_ip = utils.wait_until_is_and_return(
lambda: self.get_dhcp_ip(network_id, subnet_id),
exception=Exception('DHCP IP was not generated'))
self.assertFalse(utils.check_dhcp_ip_rule(flows_before_change,
dhcp_ip))
utils.wait_until_true(
lambda: utils.check_dhcp_ip_rule(ovs.dump(self.integration_bridge),
dhcp_ip),
exception=Exception('DHCP ip was not found in OpenFlow rules'),
timeout=5)
# change dhcp
updated_subnet = {'enable_dhcp': False}
self.neutron.update_subnet(subnet_id, {'subnet': updated_subnet})
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
flows_after_update = ovs.dump(self.integration_bridge)
self.assertFalse(utils.check_dhcp_ip_rule(flows_after_update, dhcp_ip))
network.close()
def test_icmp_ping_pong(self):
# the rules of the initial security group associated with port3
# only let icmp echo requests from port1 pass.
self.policy.start(self.topology)
self.policy.wait(30)
# switch the associated security group with port3 to a new security
# group, and rules of this security group only let icmp echo requests
# from port2 pass.
self._switch_to_another_security_group()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
self.policy.start(self.topology)
self.policy.wait(30)
# switch the associated security group with port3 to the initial
# security group
self._switch_to_another_security_group()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
self.policy.start(self.topology)
self.policy.wait(30)
ovs = test_utils.OvsFlowsParser()
LOG.info(_LI("flows are: %s"),
ovs.get_ovs_flows(self.integration_bridge))
if len(self.policy.exceptions) > 0:
raise self.policy.exceptions[0]
def _get_extra_route_flows(self, nw_dst):
match = 'nw_dst=' + nw_dst
ovs_flows_parser = utils.OvsFlowsParser()
flows = ovs_flows_parser.dump(self.integration_bridge)
flows = [flow for flow in flows
if flow['table'] == str(const.L3_LOOKUP_TABLE) and
flow['priority'] == str(const.PRIORITY_VERY_HIGH) and
(match in flow['match'])]
return flows
def test_remote_port(self):
network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(network.close)
network_id = network.create()
self.assertTrue(network.exists())
subnet_info = {
'network_id': network_id,
'cidr': '192.168.150.0/24',
'gateway_ip': '192.168.150.1',
'ip_version': 4,
'name': 'subnet1',
'enable_dhcp': True
}
subnet = objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id)
self.addCleanup(subnet.close)
subnet.create(subnet_info)
self.assertTrue(subnet.exists())
port = objects.PortTestObj(self.neutron, self.nb_api, network_id)
self.addCleanup(port.close)
port_body = {
'admin_state_up': True,
'name': 'port1',
'network_id': network_id,
'binding:profile': {
'port_key': 'remote_port',
'host_ip': '10.10.10.10'
}
}
port.create(port=port_body)
self.assertTrue(port.exists())
time.sleep(test_const.DEFAULT_CMD_TIMEOUT)
network_obj = network.get_network()['network']
network_type = network_obj['provider:network_type']
segmentation_id = network_obj['provider:segmentation_id']
port_num = self.vswitch_api.get_vtp_ofport(network_type)
port_unique_key = port.get_logical_port().unique_key
match = "reg7=" + str(hex(port_unique_key))
action = ("set_field:10.10.10.10" + "->tun_dst,set_field:" +
str(hex(segmentation_id)) + "->tun_id,output:" +
str(port_num))
ovs = utils.OvsFlowsParser()
matched = False
for flow in ovs.dump(self.integration_bridge):
if flow['table'] == str(const.EGRESS_TABLE):
if match in flow['match']:
matched = True
self.assertEqual(action, flow['actions'])
if not matched:
raise Exception("Can't find flows for remote port!")
def test_vlan_network_flows(self):
if self._check_l2_ml2_app_enable() is False:
return
physical_network, vlan_min = self._parse_network_vlan_ranges()
if physical_network is None or vlan_min is None:
self.assertIsNotNone(None)
return
# Create network
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_params = {
"name": "vlan_1",
"provider:network_type": "vlan",
"provider:physical_network": physical_network,
"provider:segmentation_id": vlan_min
}
network_id = network.create(network=network_params)
# Create subnet
subnet_params = {
'network_id': network_id,
'cidr': '100.64.0.0/24',
'gateway_ip': '10.64.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True
}
subnet = self.neutron.create_subnet({'subnet': subnet_params})
self.assertIsNotNone(subnet)
# Create VM
ovs = utils.OvsFlowsParser()
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network)
ip = vm.get_first_ipv4()
self.assertIsNotNone(ip)
mac = vm.get_first_mac()
self.assertIsNotNone(mac)
metadataid = utils.wait_until_is_and_return(
lambda: self._get_metadata_id(ovs.dump(self.integration_bridge),
ip, mac),
exception=Exception('Metadata id was not found in OpenFlow rules'))
port = utils.wait_until_is_and_return(
lambda: self._get_vm_port(ip, mac),
exception=Exception('No port assigned to VM'))
port_key = port.get_tunnel_key()
port_key_hex = hex(port_key)
r = self._check_vlan_flows(ovs.dump(self.integration_bridge),
metadataid, vlan_min, port_key_hex, mac)
self.assertIsNotNone(r)
vm.server.stop()
vm.close()
network.close()
def _check_not_flow_existed(self, flow_list):
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
for flow in flows:
for expected_flow in flow_list:
if self._is_expected_flow(flow, expected_flow):
# for knowing which flow didn't be removed when the
# test case failed, asserting expected_flow equals to
# None to print expected_flow
self.assertIsNone(expected_flow)
def test_default_flows(self):
found_ingress_skip_flow = False
found_egress_skip_flow = False
found_ingress_default_drop_flow = False
found_egress_default_drop_flow = False
found_ingress_conntrack_established_pass_flow = False
found_egress_conntrack_established_pass_flow = False
found_ingress_conntrack_relative_pass_flow = False
found_egress_conntrack_relative_pass_flow = False
found_ingress_conntrack_invalied_drop_flow = False
found_egress_conntrack_invalied_drop_flow = False
ovs = utils.OvsFlowsParser()
flows = ovs.dump()
for flow in flows:
if self._is_skip_flow(flow=flow, direction='ingress'):
found_ingress_skip_flow = True
elif self._is_skip_flow(flow=flow, direction='egress'):
found_egress_skip_flow = True
elif self._is_default_drop_flow(flow=flow, direction='ingress'):
found_ingress_default_drop_flow = True
elif self._is_default_drop_flow(flow=flow, direction='egress'):
found_egress_default_drop_flow = True
elif self._is_conntrack_established_pass_flow(flow=flow,
direction='ingress'):
found_ingress_conntrack_established_pass_flow = True
elif self._is_conntrack_established_pass_flow(flow=flow,
direction='egress'):
found_egress_conntrack_established_pass_flow = True
elif self._is_conntrack_relative_pass_flow(flow=flow,
direction='ingress'):
found_ingress_conntrack_relative_pass_flow = True
elif self._is_conntrack_relative_pass_flow(flow=flow,
direction='egress'):
found_egress_conntrack_relative_pass_flow = True
elif self._is_conntrack_invalid_drop_flow(flow=flow,
direction='ingress'):
found_ingress_conntrack_invalied_drop_flow = True
elif self._is_conntrack_invalid_drop_flow(flow=flow,
direction='egress'):
found_egress_conntrack_invalied_drop_flow = True
LOG.info(_LI("default flows are: %s"), ovs.get_ovs_flows())
self.assertTrue(found_ingress_skip_flow)
self.assertTrue(found_egress_skip_flow)
self.assertTrue(found_ingress_default_drop_flow)
self.assertTrue(found_egress_default_drop_flow)
self.assertTrue(found_ingress_conntrack_established_pass_flow)
self.assertTrue(found_egress_conntrack_established_pass_flow)
self.assertTrue(found_ingress_conntrack_relative_pass_flow)
self.assertTrue(found_egress_conntrack_relative_pass_flow)
self.assertTrue(found_ingress_conntrack_invalied_drop_flow)
self.assertTrue(found_egress_conntrack_invalied_drop_flow)
def test_broadcast_dhcp_rule(self):
found_dhcp_cast_flow = False
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
for flow in flows:
if flow['table'] == '9' and flow['actions'] == 'goto_table:11':
if ('udp,dl_dst=ff:ff:ff:ff:ff:ff,tp_src=68,tp_dst=67'
in flow['match']):
found_dhcp_cast_flow = True
break
self.assertTrue(found_dhcp_cast_flow)
def _get_sending_arp_to_controller_flows(self, port_key, arp_op):
ovs_flows_parser = utils.OvsFlowsParser()
flows = ovs_flows_parser.dump(self.integration_bridge)
expected_in_port = "reg6=" + hex(port_key)
expected_arp_op = "arp_op=" + str(arp_op)
expected_actions = "CONTROLLER:65535," + "goto_table:" + \
str(const.L2_LOOKUP_TABLE)
flows = [flow for flow in flows
if ((expected_in_port in flow['match']) and
(expected_arp_op in flow['match']) and
('arp' in flow['match']) and
(flow['table'] == str(const.ARP_TABLE)) and
(flow['actions'] == expected_actions))]
return flows
def test_dhcp_packet_rule(self):
found_dhcp_cast_flow = False
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
goto_dhcp = 'goto_table:' + str(constants.DHCP_TABLE)
dhcp_ports = ',tp_src=' + str(constants.DHCP_CLIENT_PORT) + \
',tp_dst=' + str(constants.DHCP_SERVER_PORT)
for flow in flows:
if (flow['table'] == str(constants.SERVICES_CLASSIFICATION_TABLE)
and flow['actions'] == goto_dhcp):
if ('udp' + dhcp_ports in flow['match']):
found_dhcp_cast_flow = True
break
self.assertTrue(found_dhcp_cast_flow)
def test_port_based_flows(self):
if not self._check_if_app_enabled():
return
network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(network.close)
network_id = network.create()
subnet = {
'network_id': network_id,
'cidr': '10.200.0.0/24',
'gateway_ip': '10.200.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True
}
external_host_ip = cfg.CONF.df.external_host_ip
self.assertIsNotNone(external_host_ip)
split_ip = external_host_ip.split('.')
ip2mac = '{:02x}:{:02x}:{:02x}:{:02x}'.format(*map(int, split_ip))
external_host_mac = const.CHASSIS_MAC_PREFIX + ip2mac
subnet = self.neutron.create_subnet({'subnet': subnet})
self.assertIsNotNone(subnet)
# Create VM
ovs = utils.OvsFlowsParser()
vm = objects.VMTestObj(self, self.neutron)
self.addCleanup(vm.close)
vm.create(network=network)
ip = vm.get_first_ipv4()
self.assertIsNotNone(ip)
mac = vm.get_first_mac()
self.assertIsNotNone(mac)
port = utils.wait_until_is_and_return(
lambda: utils.find_logical_port(self.nb_api, ip, mac),
exception=Exception('No port assigned to VM'))
port_key = port.unique_key
network_key = network.nb_api.get(
l2.LogicalSwitch(id=network_id)).unique_key
r = self._check_port_based_flows(ovs.dump(self.integration_bridge),
hex(port_key), hex(network_key),
external_host_mac, mac)
for key, value in r.items():
self.assertIsNotNone(value, key)
vm.close()
network.close()
def test_tunnel_network_flows(self):
if self._check_tunneling_app_enable() is False:
return
network = objects.NetworkTestObj(self.neutron, self.nb_api)
self.addCleanup(network.close)
network_id = network.create()
network_params = network.get_network()
segmentation_id = network_params['network']['provider:segmentation_id']
subnet = {'network_id': network_id,
'cidr': '10.200.0.0/24',
'gateway_ip': '10.200.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True}
subnet = self.neutron.create_subnet({'subnet': subnet})
self.assertIsNotNone(subnet)
ovs = utils.OvsFlowsParser()
vm = objects.VMTestObj(self, self.neutron)
self.addCleanup(vm.close)
vm.create(network=network)
ip = vm.get_first_ipv4()
self.assertIsNotNone(ip)
self.assertIsNotNone(vm.server.addresses['mynetwork'])
mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
metadataid = utils.wait_until_is_and_return(
lambda: self._get_metadata_id(ovs.dump(self.integration_bridge),
ip, mac),
exception=Exception('Metadata id was not found in OpenFlow rules')
)
port = utils.wait_until_is_and_return(
lambda: utils.find_logical_port(self.nb_api, ip, mac),
exception=Exception('No port assigned to VM')
)
tunnel_key = port.unique_key
tunnel_key_hex = hex(tunnel_key)
n_type = network.get_network()['network']['provider:network_type']
port_num = self.vswitch_api.get_vtp_ofport(n_type)
r = self._check_tunnel_flows(ovs.dump(self.integration_bridge),
metadataid,
hex(segmentation_id),
tunnel_key_hex,
mac, port_num)
for key, value in r.items():
self.assertIsNotNone(value, key)
vm.close()
network.close()
def _check_all_flows_existed(self, expected_flow_list):
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
for flow in flows:
for expected_flow in expected_flow_list:
if expected_flow.get("aleady_found"):
continue
if self._is_expected_flow(flow, expected_flow):
expected_flow["aleady_found"] = True
for expected_flow in expected_flow_list:
if not expected_flow.get("aleady_found"):
# for knowing which flow didn't be installed when the test
# case failed, asserting expected_flow equals to None to print
# expected_flow
self.assertIsNone(expected_flow)
def _icmp_ping_pong(self):
# the rules of the initial security group associated with port3
# only let icmp echo requests from port1 pass.
self._update_policy()
self._create_allowed_address_pairs_policy()
apps.start_policy(self.policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)
# switch the associated security group with port3 to a new security
# group, and rules of this security group only let icmp echo requests
# from port2 pass.
self._switch_to_another_security_group()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
apps.start_policy(self.policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)
# switch the associated security group with port3 to the initial
# security group
self._switch_to_another_security_group()
time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
apps.start_policy(self.policy, self.topology,
const.DEFAULT_RESOURCE_READY_TIMEOUT)
ovs = test_utils.OvsFlowsParser()
LOG.info("flows are: %s",
ovs.get_ovs_flows(self.integration_bridge))
if len(self.policy.exceptions) > 0:
raise self.policy.exceptions[0]
self.port3.update({"security_groups": [
self.allowed_address_pairs_security_group_id]})
time.sleep(const.DEFAULT_CMD_TIMEOUT)
self.allowed_address_pairs_policy.start(self.topology)
self.allowed_address_pairs_policy.wait(30)
if len(self.allowed_address_pairs_policy.exceptions) > 0:
raise self.allowed_address_pairs_policy.exceptions[0]
def test_create_update_subnet_without_dhcp(self):
ovs = utils.OvsFlowsParser()
flows_before_change = ovs.dump(self.integration_bridge)
network, network_id, network_key = self._create_network()
subnet = {'network_id': network_id,
'cidr': '10.20.0.0/24',
'gateway_ip': '10.20.0.1',
'ip_version': 4,
'name': 'subnet-test',
'enable_dhcp': False}
subnet = self.neutron.create_subnet({'subnet': subnet})
subnet_id = subnet['subnet']['id']
time.sleep(const.DEFAULT_CMD_TIMEOUT)
flows_after_change = ovs.dump(self.integration_bridge)
# change dhcp
updated_subnet = {'enable_dhcp': True}
self.neutron.update_subnet(subnet_id, {'subnet': updated_subnet})
dhcp_ip = utils.wait_until_is_and_return(
lambda: self.get_dhcp_ip(network_id, subnet_id),
exception=Exception('DHCP IP was not generated')
)
self.assertIsNotNone(dhcp_ip)
self.assertFalse(utils.check_dhcp_network_rule(
flows_before_change, network_key))
self.assertFalse(utils.check_dhcp_network_rule(
flows_after_change, network_key))
utils.wait_until_true(
lambda: utils.check_dhcp_network_rule(
ovs.dump(self.integration_bridge),
network_key),
exception=Exception('DHCP ip was not found in OpenFlow rules'),
timeout=5
)
network.close()
utils.wait_until_none(
lambda: utils.check_dhcp_network_rule(
ovs.dump(self.integration_bridge),
network_key),
exception=Exception('DHCP IP was not removed from OpenFlow rules'),
timeout=30
)
def internal_predicate():
ovs = test_utils.OvsFlowsParser()
return (self._check_dhcp_block_rule(
ovs.dump(self.integration_bridge)))
def test_db_consistent(self):
self.db_sync_time = self.conf.db_sync_time
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
topic = network.get_topic()
subnet = self.store(objects.SubnetTestObj(self.neutron, self.nb_api,
network_id))
subnet_body = {'network_id': network_id,
'cidr': '10.50.0.0/24',
'gateway_ip': '10.50.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True}
subnet.create(subnet=subnet_body)
time.sleep(constants.DEFAULT_RESOURCE_READY_TIMEOUT)
self.assertTrue(network.exists())
self.assertTrue(subnet.exists())
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network)
self.assertIsNotNone(vm.server.addresses['mynetwork'])
mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
ovs = utils.OvsFlowsParser()
utils.wait_until_true(
lambda: self._check_l2_lookup_rule(
ovs.dump(self.integration_bridge), mac),
timeout=10, sleep=1,
exception=Exception('no rule for vm in l2 lookup table')
)
net_id = '11111111-1111-1111-1111-111111111111'
df_network = l2.LogicalSwitch(
id=net_id,
topic=topic,
name='df_nw1',
network_type='vxlan',
segmentation_id=4000,
is_external=False,
mtu=1500,
unique_key=1,
version=1)
df_subnet = l2.Subnet(
id='22222222-2222-2222-2222-222222222222',
topic=topic,
name='df_sn1',
enable_dhcp=True,
cidr='10.60.0.0/24',
dhcp_ip='10.60.0.2',
gateway_ip='10.60.0.1')
df_network.add_subnet(df_subnet)
df_network_json = df_network.to_json()
self.nb_api.driver.create_key(
'lswitch', net_id, df_network_json, topic)
time.sleep(self.db_sync_time)
utils.wait_until_true(
lambda: utils.check_dhcp_ip_rule(
ovs.dump(self.integration_bridge), '10.60.0.2'),
timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1,
exception=Exception('no goto dhcp rule for lswitch')
)
df_network.version = 2
df_network.subnets[0].dhcp_ip = '10.60.0.3'
df_network_json = df_network.to_json()
self.nb_api.driver.set_key('lswitch', net_id, df_network_json, topic)
time.sleep(self.db_sync_time)
utils.wait_until_true(
lambda: utils.check_dhcp_ip_rule(
ovs.dump(self.integration_bridge), '10.60.0.3'),
timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1,
exception=Exception('no goto dhcp rule for lswitch')
)
self.nb_api.driver.delete_key('lswitch', net_id, topic)
time.sleep(self.db_sync_time)
utils.wait_until_true(
lambda: self._check_no_lswitch_dhcp_rule(
ovs.dump(self.integration_bridge), '10.60.0.3'),
timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1,
exception=Exception('could not delete goto dhcp rule for lswitch')
)
vm.close()
subnet.close()
network.close()
def _test_associating_flows(self, subnet_info):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
self.assertTrue(network.exists())
subnet_info['network_id'] = network_id
subnet = self.store(
objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id))
subnet.create(subnet_info)
self.assertTrue(subnet.exists())
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network, security_groups=[security_group_id])
addresses = vm.server.addresses['mynetwork']
self.assertIsNotNone(addresses)
ip = addresses[0]['addr']
self.assertIsNotNone(ip)
mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
port = utils.wait_until_is_and_return(
lambda: utils.get_vm_port(self.nb_api, ip, mac),
exception=Exception('No port assigned to VM'))
tunnel_key = port.unique_key
tunnel_key_hex = hex(tunnel_key)
of_port = self.vswitch_api.get_port_ofport_by_id(port.id)
self.assertIsNotNone(of_port)
ovs = utils.OvsFlowsParser()
flows_after_change = ovs.dump(self.integration_bridge)
# Check if the associating flows were installed.
ingress_associating_flow, egress_associating_flow = \
self._find_associating_flows(flows_after_change, tunnel_key_hex)
LOG.info(
"flows after associating a port and a security group"
" are: %s", ovs.get_ovs_flows(self.integration_bridge))
self.assertIsNotNone(ingress_associating_flow)
self.assertIsNotNone(egress_associating_flow)
vm.close()
time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT)
flows_after_update = ovs.dump(self.integration_bridge)
# Check if the associating flows were removed.
ingress_associating_flow, egress_associating_flow = \
self._find_associating_flows(flows_after_update, tunnel_key_hex)
self.assertIsNone(ingress_associating_flow)
self.assertIsNone(egress_associating_flow)
def _test_rule_flows(self, subnet_info):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
self.assertTrue(network.exists())
cidr = subnet_info['cidr']
network_obj = netaddr.IPNetwork(cidr)
ethertype = utils.ip_version_to_ethertype(subnet_info['ip_version'])
gateway_ip = network_obj[1]
subnet_info['gateway_ip'] = gateway_ip
subnet_info['network_id'] = network_id
subnet = self.store(
objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id))
subnet.create(subnet_info)
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
ingress_rule_info = {
'ethertype': ethertype,
'direction': 'ingress',
'protocol': 'tcp',
'port_range_min': '80',
'port_range_max': '81',
'remote_ip_prefix': cidr
}
ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
egress_rule_info = {
'ethertype': ethertype,
'direction': 'egress',
'protocol': 'udp',
'port_range_min': '53',
'port_range_max': '53',
'remote_group_id': security_group_id
}
egress_rule_id = security_group.rule_create(secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
# Get addresses for VMs
vm1_ip = network_obj[4]
vm2_ip = network_obj[5]
vm1 = self.store(objects.VMTestObj(self, self.neutron))
vm1.create(network=network,
security_groups=[security_group_id],
net_address=vm1_ip)
vm2 = self.store(objects.VMTestObj(self, self.neutron))
vm2.create(network=network,
security_groups=[security_group_id],
net_address=vm2_ip)
time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT)
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
LOG.info("flows after adding rules are: %s",
ovs.get_ovs_flows(self.integration_bridge))
# Check if the rule flows were installed.
if ethertype == n_const.IPv4:
expected_ingress_match = "tcp,nw_src={}".format(network_obj)
elif ethertype == n_const.IPv6:
expected_ingress_match = "tcp6,ipv6_src={}".format(network_obj)
expected_ingress_match += ",tp_dst=0x50/0xfffe"
# Calculate vm1, vm2 network
vms_ip_set = netaddr.IPSet([vm1_ip, vm2_ip])
vms_ip_set.compact()
if ethertype == n_const.IPv4:
expected_egress_match = "udp,nw_dst={}".format(vms_ip_set.pop())
elif ethertype == n_const.IPv6:
expected_egress_match = "udp6,ipv6_dst={}".format(vms_ip_set.pop())
expected_egress_match += ",tp_dst=53"
self._check_rule_flows(flows, expected_ingress_match,
expected_egress_match, True)
vm1.close()
vm2.close()
def test_db_consistent(self):
self.db_sync_time = self.conf.db_sync_time
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create()
self.addCleanup(network.close)
topic = network.get_topic()
subnet = self.store(objects.SubnetTestObj(self.neutron, self.nb_api,
network_id))
subnet_body = {'network_id': network_id,
'cidr': '10.50.0.0/24',
'gateway_ip': '10.50.0.1',
'ip_version': 4,
'name': 'private',
'enable_dhcp': True}
subnet.create(subnet=subnet_body)
self.addCleanup(subnet.close)
time.sleep(constants.DEFAULT_RESOURCE_READY_TIMEOUT)
self.assertTrue(network.exists())
self.assertTrue(subnet.exists())
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network)
self.addCleanup(vm.close)
self.assertIsNotNone(vm.server.addresses['mynetwork'])
mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
ovs = utils.OvsFlowsParser()
utils.wait_until_true(
lambda: self._check_l2_lookup_rule(
ovs.dump(self.integration_bridge), mac),
timeout=10, sleep=1,
exception=Exception('no rule for vm in l2 lookup table')
)
net_id = '11111111-1111-1111-1111-111111111111'
df_network = l2.LogicalSwitch(
id=net_id,
topic=topic,
name='df_nw1',
network_type='vxlan',
segmentation_id=4000,
is_external=False,
mtu=1500,
unique_key=1,
version=1)
df_network_json = df_network.to_json()
self.nb_api.driver.create_key(l2.LogicalSwitch.table_name,
net_id, df_network_json, topic)
self.addCleanup(self.nb_api.driver.delete_key, 'lswitch',
net_id, topic)
subnet_id = '22222222-2222-2222-2222-222222222222'
df_subnet = l2.Subnet(
id=subnet_id,
topic=topic,
name='df_sn1',
enable_dhcp=True,
cidr='10.60.0.0/24',
dhcp_ip='10.60.0.2',
gateway_ip='10.60.0.1',
version=1,
lswitch=net_id)
self.nb_api.driver.create_key(l2.Subnet.table_name,
subnet_id, df_subnet.to_json(), topic)
self.addCleanup(self.nb_api.driver.delete_key, l2.Subnet.table_name,
subnet_id, topic)
port_id = '33333333-2222-2222-2222-222222222222,'
dhcp_port = l2.LogicalPort(
topic=topic,
name='df_dhcp1',
macs=['aa:bb:cc:dd:ee:ff'],
id=port_id,
ips=['10.60.0.2'],
subnets=[df_subnet.id],
device_owner=n_const.DEVICE_OWNER_DHCP,
lswitch=df_network.id,
unique_key=1
).to_json()
self.nb_api.driver.create_key(
'lport', port_id, dhcp_port, topic)
df_net_unique_key = df_network.unique_key
time.sleep(self.db_sync_time)
utils.wait_until_true(
lambda: utils.check_dhcp_network_rule(
ovs.dump(self.integration_bridge), df_net_unique_key),
timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1,
exception=Exception('no goto dhcp rule for lswitch')
)
self.nb_api.driver.delete_key('lport', port_id, topic)
time.sleep(self.db_sync_time)
utils.wait_until_true(
lambda: self._check_no_lswitch_dhcp_rule(
ovs.dump(self.integration_bridge), df_net_unique_key),
timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1,
exception=Exception('could not delete goto dhcp rule for lswitch')
)
def test_rule_flows(self):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create(network={'name': 'test_network2'})
self.assertTrue(network.exists())
subnet_info = {
'network_id': network_id,
'cidr': '192.168.124.0/24',
'gateway_ip': '192.168.124.1',
'ip_version': 4,
'name': 'test_subnet4',
'enable_dhcp': True
}
subnet = self.store(
objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id))
subnet.create(subnet_info)
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
ingress_rule_info = {
'ethertype': 'IPv4',
'direction': 'ingress',
'protocol': 'tcp',
'port_range_min': '80',
'port_range_max': '81',
'remote_ip_prefix': '192.168.124.0/24'
}
ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
egress_rule_info = {
'ethertype': 'IPv4',
'direction': 'egress',
'protocol': '17',
'port_range_min': '53',
'port_range_max': '53',
'remote_group_id': security_group_id
}
egress_rule_id = security_group.rule_create(secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
vm1 = self.store(objects.VMTestObj(self, self.neutron))
vm1.create(network=network,
security_groups=[security_group_id],
net_address='192.168.124.8')
vm2 = self.store(objects.VMTestObj(self, self.neutron))
vm2.create(network=network,
security_groups=[security_group_id],
net_address='192.168.124.9')
time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT)
ovs = utils.OvsFlowsParser()
flows = ovs.dump(self.integration_bridge)
LOG.info(_LI("flows after adding rules are: %s"),
ovs.get_ovs_flows(self.integration_bridge))
# Check if the rule flows were installed.
expected_ingress_rule_match = \
"tcp,nw_src=192.168.124.0/24,tp_dst=0x50/0xfffe"
expected_egress_rule_match = \
"udp,nw_dst=192.168.124.8/31,tp_dst=53"
self._check_rule_flows(flows, expected_ingress_rule_match,
expected_egress_rule_match, True)
vm1.close()
vm2.close()
def test_rule_flows(self):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create(network={'name': 'test_network2'})
self.assertTrue(network.exists())
subnet_info = {
'network_id': network_id,
'cidr': '192.168.124.0/24',
'gateway_ip': '192.168.124.1',
'ip_version': 4,
'name': 'test_subnet4',
'enable_dhcp': True
}
subnet = self.store(
objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id))
subnet.create(subnet_info)
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
ingress_rule_info = {
'ethertype': 'IPv4',
'direction': 'ingress',
'protocol': 'tcp',
'port_range_min': '8000',
'port_range_max': '8100',
'remote_ip_prefix': '192.168.124.0/24'
}
ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info)
self.assertTrue(security_group.rule_exists(ingress_rule_id))
egress_rule_info = {
'ethertype': 'IPv4',
'direction': 'egress',
'protocol': '17',
'port_range_min': '53',
'port_range_max': '53',
'remote_group_id': security_group_id
}
egress_rule_id = security_group.rule_create(secrule=egress_rule_info)
self.assertTrue(security_group.rule_exists(egress_rule_id))
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network, security_groups=[security_group_id])
time.sleep(utils.DEFAULT_CMD_TIMEOUT)
ovs = utils.OvsFlowsParser()
flows_after_change = ovs.dump()
LOG.info(_LI("flows after adding rules are: %s"), ovs.get_ovs_flows())
# Check if the rule flows were installed.
self._check_rule_flows(flows_after_change, True)
vm.server.stop()
vm.close()
def test_associating_flows(self):
network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api))
network_id = network.create(network={'name': 'test_network1'})
self.assertTrue(network.exists())
subnet_info = {
'network_id': network_id,
'cidr': '192.168.123.0/24',
'gateway_ip': '192.168.123.1',
'ip_version': 4,
'name': 'test_subnet1',
'enable_dhcp': True
}
subnet = self.store(
objects.SubnetTestObj(self.neutron,
self.nb_api,
network_id=network_id))
subnet.create(subnet_info)
self.assertTrue(subnet.exists())
security_group = self.store(
objects.SecGroupTestObj(self.neutron, self.nb_api))
security_group_id = security_group.create()
self.assertTrue(security_group.exists())
vm = self.store(objects.VMTestObj(self, self.neutron))
vm.create(network=network, security_groups=[security_group_id])
addresses = vm.server.addresses['test_network1']
self.assertIsNotNone(addresses)
ip = addresses[0]['addr']
self.assertIsNotNone(ip)
mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr']
self.assertIsNotNone(mac)
port = utils.wait_until_is_and_return(
lambda: self._get_vm_port(ip, mac),
exception=Exception('No port assigned to VM'))
tunnel_key = port.get_tunnel_key()
tunnel_key_hex = hex(tunnel_key)
of_port = self._get_of_port(port.get_id())
self.assertIsNotNone(of_port)
ovs = utils.OvsFlowsParser()
flows_after_change = ovs.dump()
# Check if the associating flows were installed.
ingress_associating_flow, egress_associating_flow = \
self._find_associating_flows(flows_after_change, of_port,
tunnel_key_hex)
LOG.info(
_LI("flows after associating a port and a security group"
" are: %s"), ovs.get_ovs_flows())
self.assertIsNotNone(ingress_associating_flow)
self.assertIsNotNone(egress_associating_flow)
vm.server.stop()
vm.close()
time.sleep(utils.DEFAULT_CMD_TIMEOUT)
flows_after_update = ovs.dump()
# Check if the associating flows were removed.
ingress_associating_flow, egress_associating_flow = \
self._find_associating_flows(flows_after_update, of_port,
tunnel_key_hex)
self.assertIsNone(ingress_associating_flow)
self.assertIsNone(egress_associating_flow)
