コード例 #1
0
 def deploy_vnf(self):
     """Deploy ABOT-OAI-EPC."""
     self.__logger.info("Upload VNFD")
     descriptor = self.vnf['descriptor']
     self.__logger.info("Get or create flavor for all Abot-EPC")
     flavor_settings = FlavorConfig(
         name=self.vnf['requirements']['flavor']['name'],
         ram=self.vnf['requirements']['flavor']['ram_min'],
         disk=10,
         vcpus=1)
     flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings)
     flavor_creator.create()
     self.created_object.append(flavor_creator)
     self.__logger.info("Deploying Abot-epc bundle file ...")
     os.system('juju deploy {}'.format('/' + descriptor.get('file_name')))
     self.__logger.info("Waiting for instances .....")
     status = os.system('juju-wait')
     self.__logger.info("juju wait completed: %s", status)
     self.__logger.info("Deployed Abot-epc on Openstack")
     nova_client = nova_utils.nova_client(self.snaps_creds)
     neutron_client = neutron_utils.neutron_client(self.snaps_creds)
     if status == 0:
         instances = os_utils.get_instances(nova_client)
         for items in instances:
             metadata = get_instance_metadata(nova_client, items)
             if 'juju-units-deployed' in metadata:
                 sec_group = ('juju-' + metadata['juju-controller-uuid'] +
                              '-' + metadata['juju-model-uuid'])
                 self.sec_group_id = os_utils.get_security_group_id(
                     neutron_client, sec_group)
                 break
         self.__logger.info("Adding Security group rule....")
         os_utils.create_secgroup_rule(
             neutron_client, self.sec_group_id, 'ingress', 132)
         self.__logger.info("Copying the feature files to Abot_node ")
         os.system('juju scp -- -r {}/featureFiles abot-'
                   'epc-basic/0:~/'.format(self.case_dir))
         self.__logger.info("Copying the feature files in Abot_node ")
         os.system("juju ssh abot-epc-basic/0 'sudo rsync -azvv "
                   "~/featureFiles /etc/rebaca-test-suite"
                   "/featureFiles'")
         count = 0
         while count < 10:
             epcstatus = os.system('juju status oai-epc | '
                                   'grep {} | grep {} | grep {}'
                                   .format('EPC', 'is', 'running'))
             if epcstatus == 0:
                 break
             else:
                 time.sleep(60)
                 count = count + 1
         os.system('juju-wait')
         return True
     return False
コード例 #2
0
    def create_security_group(self):
        sg_id = os_utils.get_security_group_id(self.neutron_client,
                                               self.sg_name)
        if sg_id != '':
            self.logger.info("Using existing security group '%s'..."
                             % self.sg_name)
        else:
            self.logger.info("Creating security group  '%s'..."
                             % self.sg_name)
            SECGROUP = os_utils.create_security_group(self.neutron_client,
                                                      self.sg_name,
                                                      self.sg_desc)
            if not SECGROUP:
                self.logger.error("Failed to create the security group...")
                return None

            sg_id = SECGROUP['id']

            self.logger.debug("Security group '%s' with ID=%s created "
                              "successfully." % (SECGROUP['name'], sg_id))

            self.logger.debug("Adding ICMP rules in security group '%s'..."
                              % self.sg_name)
            if not os_utils.create_secgroup_rule(self.neutron_client, sg_id,
                                                 'ingress', 'icmp'):
                self.logger.error("Failed to create security group rule...")
                return None

            self.logger.debug("Adding SSH rules in security group '%s'..."
                              % self.sg_name)
            if not os_utils.create_secgroup_rule(self.neutron_client, sg_id,
                                                 'ingress', 'tcp',
                                                 '22', '22'):
                self.logger.error("Failed to create security group rule...")
                return None

            if not os_utils.create_secgroup_rule(
                    self.neutron_client, sg_id, 'egress', 'tcp', '22', '22'):
                self.logger.error("Failed to create security group rule...")
                return None
        return sg_id
コード例 #3
0
def create_security_group(neutron_client):
    sg_id = openstack_utils.get_security_group_id(neutron_client,
                                                  SECGROUP_NAME)
    if sg_id != '':
        logger.info("Using existing security group '%s'..." % SECGROUP_NAME)
    else:
        logger.info("Creating security group  '%s'..." % SECGROUP_NAME)
        SECGROUP = openstack_utils.create_security_group(neutron_client,
                                                         SECGROUP_NAME,
                                                         SECGROUP_DESCR)
        if not SECGROUP:
            logger.error("Failed to create the security group...")
            return False

        sg_id = SECGROUP['id']

        logger.debug("Security group '%s' with ID=%s created successfully."
                     % (SECGROUP['name'], sg_id))

        logger.debug("Adding ICMP rules in security group '%s'..."
                     % SECGROUP_NAME)
        if not openstack_utils.create_secgroup_rule(neutron_client, sg_id,
                                                    'ingress', 'icmp'):
            logger.error("Failed to create the security group rule...")
            return False

        logger.debug("Adding SSH rules in security group '%s'..."
                     % SECGROUP_NAME)
        if not openstack_utils.create_secgroup_rule(neutron_client, sg_id,
                                                    'ingress', 'tcp',
                                                    '22', '22'):
            logger.error("Failed to create the security group rule...")
            return False

        if not openstack_utils.create_secgroup_rule(neutron_client, sg_id,
                                                    'egress', 'tcp',
                                                    '22', '22'):
            logger.error("Failed to create the security group rule...")
            return False
    return sg_id
コード例 #4
0
def main():
    deploymentHandler = DeploymentFactory.get_handler(
        INSTALLER["type"],
        INSTALLER["ip"],
        INSTALLER["user"],
        installer_pwd=INSTALLER["password"])

    cluster = INSTALLER["cluster"]
    openstack_nodes = (deploymentHandler.get_nodes({'cluster': cluster})
                       if cluster is not None
                       else deploymentHandler.get_nodes())

    compute_nodes = [node for node in openstack_nodes
                     if node.is_compute()]

    odl_ip, odl_port = test_utils.get_odl_ip_port(openstack_nodes)

    neutron_client = os_utils.get_neutron_client()
    nova_client = os_utils.get_nova_client()
    tacker_client = os_tacker.get_tacker_client()

    ovs_logger = ovs_log.OVSLogger(
        os.path.join(DEMO_DIR, 'ovs-logs'), RESULTS_DIR)

    sg_id = os_utils.get_security_group_id(neutron_client, SECGROUP_NAME)

    vnfs = ['testVNF1', 'testVNF2']

    topo_seed = 0
    testTopology = topo_shuffler.topology(vnfs, seed=topo_seed)

    logger.info('This test is run with the topology {0}'
                .format(testTopology['id']))
    logger.info('Topology description: {0}'
                .format(testTopology['description']))

    tosca_red = os.path.join(DEMO_DIR, VNFD_DIR, TEST_VNFD)
    os_tacker.create_vnfd(tacker_client, tosca_file=tosca_red)

    default_param_file = os.path.join(
        DEMO_DIR, VNFD_DIR, VNFD_DEFAULT_PARAMS_FILE)

    test_utils.create_vnf_in_av_zone(
        tacker_client, vnfs[0], 'test-vnfd1',
        default_param_file, testTopology[vnfs[0]])

    vnf_id = os_tacker.wait_for_vnf(tacker_client, vnf_name='testVNF1')
    if vnf_id is None:
        logger.error('ERROR while booting vnf')
        sys.exit(1)

    vnf_instance_id = test_utils.get_nova_id(tacker_client, 'vdu1', vnf_id)

    instances = os_utils.get_instances(nova_client)
    for instance in instances:
        if ('client' not in instance.name) and ('server' not in instance.name):
            os_utils.add_secgroup_to_instance(nova_client, instance.id, sg_id)

    os_tacker.create_sfc(tacker_client, 'red', chain_vnf_names=['testVNF1'], symmetrical=True)

    os_tacker.create_sfc_classifier(
        tacker_client, 'red_http', sfc_name='red',
        match={
            'source_port': 0,
            'dest_port': 80,
            'protocol': 6
        })

    os_tacker.create_sfc_classifier(
        tacker_client, 'red_http_reverse', sfc_name='red',
        match={
            'source_port': 80,
            'dest_port': 0,
            'protocol': 6
        })

    logger.info(test_utils.run_cmd('tacker sfc-list')[1])
    logger.info(test_utils.run_cmd('tacker sfc-classifier-list')[1])

    sf_floating_ip = test_utils.assign_floating_ip(
        nova_client, neutron_client, vnf_instance_id)

    for ip in [sf_floating_ip]:
        logger.info("Checking connectivity towards floating IP [%s]" % ip)
        if not test_utils.ping(ip, retries=50, retry_timeout=1):
            logger.error("Cannot ping floating IP [%s]" % ip)
            sys.exit(1)
        logger.info("Successful ping to floating IP [%s]" % ip)

    if not test_utils.check_ssh([sf_floating_ip]):
        logger.error("Cannot establish SSH connection to the SFs")
        sys.exit(1)

    logger.info("Firewall started, blocking traffic port 80")
    test_utils.vxlan_firewall(sf_floating_ip, port=80)
    cmd = "python vxlan_tool.py --metadata -i eth0 -d forward -v off -b 80"

    cmd = "sh -c 'cd /root;nohup " + cmd + " > /dev/null 2>&1 &'"
    test_utils.run_cmd_remote(sf_floating_ip, cmd)
    time.sleep(7)

    logger.info("Wait for ODL to update the classification rules in OVS")
    time.sleep(10)

    rsps = test_utils.get_odl_resource_list(
        odl_ip, odl_port, 'rendered-service-path', datastore='operational')
    reverse_path_id = next(
        rsp['path-id']
        for rsp in rsps['rendered-service-paths']['rendered-service-path']
        if rsp['name'].endswith('Reverse'))
    hex_path_id = hex(int(reverse_path_id))
    reverse_path_action = "load:{0}->NXM_NX_NSH_C3[]".format(hex_path_id)


    for compute_node in compute_nodes:
        compute_ssh = compute_node.ssh_client
        match_rsp = re.compile(
            r'.+tp_dst=80.+load:(0x[0-9a-f]+)->NXM_NX_NSP\[0\.\.23\].+')
        # First line is OFPST_FLOW reply (OF1.3) (xid=0x2):
        # This is not a flow so ignore
        flows = (ovs_logger.ofctl_dump_flows(compute_ssh, 'br-int', '11')
                 .strip().split('\n')[1:])
        matching_flows = [match_rsp.match(f) for f in flows]
        if all(m is None for m in matching_flows):
            break
        uplink_flow = [f.group(0) for f in matching_flows if f is not None][0]
        actions = uplink_flow.split("actions=")[1]
        actions_c3 = "{0},{1}".format(reverse_path_action, actions)
        cmd = "ovs-ofctl -OOpenflow13 mod-flows br-int \"table=11,tcp,reg0=0x1,tp_dst=80,actions={0}\"".format(actions_c3)
        #compute_node.run_cmd(cmd)
        logger.info("Running: {0}".format(cmd))
        match_port = re.compile(
            r'.+table=158.+output:([0-9]+)')
        flows = (ovs_logger.ofctl_dump_flows(compute_ssh, 'br-int', '158').strip().split('\n')[1:])
        matching_flows = [match_port.match(f) for f in flows]
        sf_port = [f.group(1) for f in matching_flows if f is not None][0]
        cmd = "ovs-ofctl -O Openflow13 add-flow br-int \"table=11,nsi=254,nsp={0} actions=load:0x1->NXM_NX_REG0[],move:NXM_NX_NSH_C2[]->NXM_NX_TUN_ID[0..31],resubmit({1},1)\"".format(reverse_path_id, sf_port)
        #compute_node.run_cmd(cmd)
        logger.info("Running: {0}".format(cmd))
        cmd = "ovs-ofctl -O Openflow13 add-flow br-int \"table=1, priority=40000,nsi=254,nsp={0},reg0=0x1,in_port={1} actions=pop_nsh,goto_table:21\"".format(reverse_path_id, sf_port)
        logger.info("Running: {0}".format(cmd))

    logger.info("HTTP traffic from client to server should be blocked")
    logger.info("When trying to send HTTP traffic to server it should respond with TCP RESET")
コード例 #5
0
def main():
    deploymentHandler = DeploymentFactory.get_handler(
        INSTALLER["type"],
        INSTALLER["ip"],
        INSTALLER["user"],
        installer_pwd=INSTALLER["password"])

    cluster = INSTALLER["cluster"]
    openstack_nodes = (deploymentHandler.get_nodes({'cluster': cluster}) if
                       cluster is not None else deploymentHandler.get_nodes())

    compute_nodes = [node for node in openstack_nodes if node.is_compute()]

    odl_ip, odl_port = test_utils.get_odl_ip_port(openstack_nodes)

    neutron_client = os_utils.get_neutron_client()
    nova_client = os_utils.get_nova_client()
    tacker_client = os_tacker.get_tacker_client()

    compute_clients = test_utils.get_ssh_clients(compute_nodes)

    ovs_logger = ovs_log.OVSLogger(os.path.join(DEMO_DIR, 'ovs-logs'),
                                   RESULTS_DIR)

    sg_id = os_utils.get_security_group_id(neutron_client, SECGROUP_NAME)

    vnfs = ['testVNF1', 'testVNF2']

    topo_seed = 0
    testTopology = topo_shuffler.topology(vnfs, seed=topo_seed)

    logger.info('This test is run with the topology {0}'.format(
        testTopology['id']))
    logger.info('Topology description: {0}'.format(
        testTopology['description']))

    tosca_red = os.path.join(DEMO_DIR, VNFD_DIR, TEST_VNFD_RED)
    os_tacker.create_vnfd(tacker_client, tosca_file=tosca_red)

    tosca_blue = os.path.join(DEMO_DIR, VNFD_DIR, TEST_VNFD_BLUE)
    os_tacker.create_vnfd(tacker_client, tosca_file=tosca_blue)

    default_param_file = os.path.join(DEMO_DIR, VNFD_DIR,
                                      VNFD_DEFAULT_PARAMS_FILE)

    test_utils.create_vnf_in_av_zone(tacker_client, vnfs[0], 'test-vnfd1',
                                     default_param_file, testTopology[vnfs[0]])
    test_utils.create_vnf_in_av_zone(tacker_client, vnfs[1], 'test-vnfd2',
                                     default_param_file, testTopology[vnfs[1]])

    vnf1_id = os_tacker.wait_for_vnf(tacker_client, vnf_name='testVNF1')
    vnf2_id = os_tacker.wait_for_vnf(tacker_client, vnf_name='testVNF2')
    if vnf1_id is None or vnf2_id is None:
        logger.error('ERROR while booting vnfs')
        sys.exit(1)

    instances = os_utils.get_instances(nova_client)
    for instance in instances:
        if ('client' not in instance.name) and ('server' not in instance.name):
            os_utils.add_secgroup_to_instance(nova_client, instance.id, sg_id)

    os_tacker.create_sfc(tacker_client, 'red', chain_vnf_names=['testVNF1'])
    os_tacker.create_sfc(tacker_client, 'blue', chain_vnf_names=['testVNF2'])

    os_tacker.create_sfc_classifier(tacker_client,
                                    'red_http',
                                    sfc_name='red',
                                    match={
                                        'source_port': 0,
                                        'dest_port': 80,
                                        'protocol': 6
                                    })

    os_tacker.create_sfc_classifier(tacker_client,
                                    'red_ssh',
                                    sfc_name='red',
                                    match={
                                        'source_port': 0,
                                        'dest_port': 22,
                                        'protocol': 6
                                    })

    logger.info(test_utils.run_cmd('tacker sfc-list')[1])
    logger.info(test_utils.run_cmd('tacker sfc-classifier-list')[1])

    num_chains = 2

    # Start measuring the time it takes to implement the classification rules
    t1 = threading.Thread(target=test_utils.wait_for_classification_rules,
                          args=(
                              ovs_logger,
                              compute_nodes,
                              odl_ip,
                              odl_port,
                              testTopology,
                          ))

    try:
        t1.start()
    except Exception, e:
        logger.error("Unable to start the thread that counts time %s" % e)