def test_dvr_router_gateway_redirect_cleanup_on_agent_restart(self):
"""Test to validate the router namespace gateway redirect rule cleanup.
This test checks for the non existence of the gateway redirect
rules in the router namespace after the agent restarts while the
gateway is removed for the router.
"""
self.agent.conf.agent_mode = 'dvr_snat'
router_info = self.generate_dvr_router_info()
router1 = self.manage_router(self.agent, router_info)
self._assert_snat_namespace_exists(router1)
self.assertTrue(self._namespace_exists(router1.ns_name))
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
router1.router['gw_port'] = ""
router1.router['gw_port_host'] = ""
router1.router['external_gateway_info'] = ""
restarted_router = self.manage_router(restarted_agent, router1.router)
self.assertTrue(self._namespace_exists(restarted_router.ns_name))
ns_ipr = ip_lib.IPRule(namespace=router1.ns_name)
ip4_rules_list = ns_ipr.rule.list_rules(lib_constants.IP_VERSION_4)
ip6_rules_list = ns_ipr.rule.list_rules(lib_constants.IP_VERSION_6)
# Just make sure the basic set of rules are there in the router
# namespace
self.assertEqual(3, len(ip4_rules_list))
self.assertEqual(2, len(ip6_rules_list))
def setUp(self):
super(TestIPSecBase, self).setUp()
mock.patch('neutron.agent.l3.agent.L3PluginApi').start()
mock.patch('neutron_vpnaas.services.vpn.device_drivers.ipsec.'
'IPsecVpnDriverApi').start()
# avoid report_status running periodically
mock.patch('oslo_service.loopingcall.FixedIntervalLoopingCall').start()
# Both the vpn agents try to use execute_rootwrap_daemon's socket
# simultaneously during test cleanup, but execute_rootwrap_daemon has
# limitations with simultaneous reads. So avoid using
# root_helper_daemon and instead use root_helper
# https://bugs.launchpad.net/neutron/+bug/1482622
cfg.CONF.set_override('root_helper_daemon', None, group='AGENT')
# Mock the method below because it causes Exception:
# RuntimeError: Second simultaneous read on fileno 5 detected.
# Unless you really know what you're doing, make sure that only
# one greenthread can read any particular socket. Consider using
# a pools.Pool. If you do know what you're doing and want to disable
# this error, call eventlet.debug.hub_prevent_multiple_readers(False)
# Can reproduce the exception in the test only
ip_lib.send_ip_addr_adv_notif = mock.Mock()
self.conf = self._configure_agent('agent1')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
self.vpn_agent = vpn_agent.L3WithVPNaaS(self.conf)
self.driver = self.vpn_agent.device_drivers[0]
self.driver.agent_rpc.get_vpn_services_on_host = mock.Mock(
return_value=[])
self.driver.report_status = mock.Mock()
self.private_nets = list(PRIVATE_NET.subnet(24))
def setUp(self):
super(L3AgentNDPProxyTestFramework, self).setUp()
self.conf.set_override('extensions', ['ndp_proxy'], 'agent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(HOSTNAME,
self.conf)
self.np_ext = np.NDPProxyAgentExtension()
port_id1 = uuidutils.generate_uuid()
port1_binding = ports_obj.PortBinding(port_id=port_id1,
host=self.agent.host)
port1_obj = ports_obj.Port(id=port_id1, bindings=[port1_binding])
port_id2 = uuidutils.generate_uuid()
port2_binding = ports_obj.PortBinding(port_id=port_id1,
host='fake_host')
port2_obj = ports_obj.Port(id=port_id2, bindings=[port2_binding])
self.ports = [port1_obj, port2_obj]
self.port_binding_map = {port_id1: port1_binding,
port_id2: port2_binding}
self.ndpproxy1 = np_obj.NDPProxy(
context=None, id=uuidutils.generate_uuid(),
router_id=uuidutils.generate_uuid(),
port_id=port_id1, ip_address='2002::1:3')
self.ndpproxy2 = np_obj.NDPProxy(
context=None, id=uuidutils.generate_uuid(),
router_id=uuidutils.generate_uuid(),
port_id=port_id2, ip_address='2002::1:4')
self.ndp_proxies = [self.ndpproxy1, self.ndpproxy2]
agent_configurations = {
'agent_mode': constants.L3_AGENT_MODE_DVR_NO_EXTERNAL}
self.agent_obj = agent_obj.Agent(
id=uuidutils.generate_uuid(), host=self.agent.host,
agent_type=constants.AGENT_TYPE_L3,
configurations=agent_configurations)
self._set_pull_mock()
def _setup_dvr_ha_agents(self):
self.agent.conf.agent_mode = 'dvr_snat'
conf = self._configure_agent('agent2')
self.failover_agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent2', conf)
self.failover_agent.conf.agent_mode = 'dvr_snat'
def _configure_agent(self, host):
conf = self._get_config_opts()
l3_agent_main.register_opts(conf)
cfg.CONF.set_override('debug', False)
agent_config.setup_logging()
conf.set_override('interface_driver',
'neutron.agent.linux.interface.OVSInterfaceDriver')
conf.set_override('router_delete_namespaces', True)
br_int = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
br_ex = self.useFixture(net_helpers.OVSBridgeFixture()).bridge
conf.set_override('ovs_integration_bridge', br_int.br_name)
conf.set_override('external_network_bridge', br_ex.br_name)
temp_dir = self.get_new_temp_dir()
get_temp_file_path = functools.partial(self.get_temp_file_path,
root=temp_dir)
conf.set_override('state_path', temp_dir.path)
conf.set_override('metadata_proxy_socket',
get_temp_file_path('metadata_proxy'))
conf.set_override('ha_confs_path', get_temp_file_path('ha_confs'))
conf.set_override('external_pids', get_temp_file_path('external/pids'))
conf.set_override('host', host)
agent = neutron_l3_agent.L3NATAgentWithStateReport(host, conf)
mock.patch.object(ip_lib, '_arping').start()
return agent
def test_ha_router_conf_on_restarted_agent(self):
router_info = self.generate_router_info(enable_ha=True)
router1 = self._create_router(self.agent, router_info)
self._add_fip(router1, '192.168.111.12')
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
self._create_router(restarted_agent, router1.router)
utils.wait_until_true(lambda: self._floating_ips_configured(router1))
def setUp(self):
super(L3AgentTestFramework, self).setUp()
self.mock_plugin_api = mock.patch(
'neutron.agent.l3.agent.L3PluginApi').start().return_value
mock.patch('neutron.agent.rpc.PluginReportStateAPI').start()
self.conf = self._configure_agent('agent1')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport('agent1',
self.conf)
def setUp(self):
super(L3AgentTestFramework, self).setUp()
self.mock_plugin_api = mock.patch(
'neutron.agent.l3.agent.L3PluginApi').start().return_value
mock.patch('neutron.agent.rpc.PluginReportStateAPI').start()
mock.patch('neutron.agent.common.ovs_lib.'
'OVSBridge._set_port_dead').start()
l3_config.register_l3_agent_config_opts(l3_config.OPTS, cfg.CONF)
self.conf = self._configure_agent('agent1')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
def setUp(self):
super(L3AgentFipQoSExtensionTestFramework, self).setUp()
self.conf.set_override('extensions', ['fip_qos'], 'agent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
self._set_pull_mock()
self.set_test_qos_rules(
TEST_POLICY_ID1,
[self.test_bw_limit_rule_1, self.test_bw_limit_rule_2])
self.set_test_qos_rules(TEST_POLICY_ID2, [self.test_bw_limit_rule_3])
self.set_test_qos_rules(TEST_POLICY_ID3, [self.test_bw_limit_rule_4])
self.fip_qos_ext = fip_qos.FipQosAgentExtension()
def test_dvr_router_rem_fips_on_restarted_agent(self):
self.agent.conf.agent_mode = 'dvr_snat'
router_info = self.generate_dvr_router_info()
router1 = self.manage_router(self.agent, router_info)
fip_ns = router1.fip_ns.get_name()
self.assertTrue(self._namespace_exists(fip_ns))
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
router1.router[l3_constants.FLOATINGIP_KEY] = []
self.manage_router(restarted_agent, router1.router)
self._assert_dvr_snat_gateway(router1)
self.assertTrue(self._namespace_exists(fip_ns))
def test_ha_router_conf_on_restarted_agent(self):
router_info = self.generate_router_info(enable_ha=True)
router1 = self.manage_router(self.agent, router_info)
self._add_fip(router1, '192.168.111.12')
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
self._create_router(restarted_agent, router1.router)
utils.wait_until_true(lambda: self.floating_ips_configured(router1))
self.assertIn(
router1._get_primary_vip(),
self._get_addresses_on_device(router1.ns_name,
router1.get_ha_device_name()))
def setUp(self):
super(L3HATestFailover, self).setUp()
conf = self._configure_agent('agent2')
self.failover_agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent2', conf)
br_int_1 = self._get_agent_ovs_integration_bridge(self.agent)
br_int_2 = self._get_agent_ovs_integration_bridge(self.failover_agent)
veth1, veth2 = self.useFixture(net_helpers.VethFixture()).ports
br_int_1.add_port(veth1.name)
br_int_2.add_port(veth2.name)
def setUp(self):
super(RouterGatewayIPQosAgentExtensionTestFramework, self).setUp()
self.conf.set_override('extensions', ['gateway_ip_qos'], 'agent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
self._set_pull_mock()
self.set_test_qos_rules(
INGRESS_EGRESS_POLICY_ID,
[self.test_bw_limit_rule_1, self.test_bw_limit_rule_2])
self.set_test_qos_rules(INGRESS_POLICY_ID, [self.test_bw_limit_rule_3])
self.set_test_qos_rules(EGRESS_POLICY_ID, [self.test_bw_limit_rule_4])
self.gateway_ip_qos_ext = (
gateway_ip_qos.RouterGatewayIPQosAgentExtension())
def setUp(self):
super(TestStrongSwanScenario, self).setUp()
self.conf.register_opts(strongswan_ipsec.strongswan_opts, 'strongswan')
VPNAAS_STRONGSWAN_DEVICE = ('neutron_vpnaas.services.vpn.'
'device_drivers.strongswan_ipsec.'
'StrongSwanDriver')
cfg.CONF.set_override('vpn_device_driver', [VPNAAS_STRONGSWAN_DEVICE],
'vpnagent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
self.vpn_agent = vpn_agent.L3WithVPNaaS(self.conf)
vpn_service = mock.Mock()
vpn_service.conf = self.conf
self.driver = strongswan_ipsec.StrongSwanDriver(
vpn_service, host=mock.sentinel.host)
def test_dvr_unused_snat_ns_deleted_when_agent_restarts_after_move(self):
"""Test to validate the stale snat namespace delete with snat move.
This test validates the stale snat namespace cleanup when
the agent restarts after the gateway port has been moved
from the agent.
"""
self.agent.conf.agent_mode = 'dvr_snat'
router_info = self.generate_dvr_router_info()
router1 = self.manage_router(self.agent, router_info)
self._assert_snat_namespace_exists(router1)
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
router1.router['gw_port_host'] = "my-new-host"
restarted_router = self.manage_router(restarted_agent, router1.router)
self._assert_snat_namespace_does_not_exist(restarted_router)
def test_prevent_snat_rule_exist_on_restarted_agent(self):
self.agent.conf.agent_mode = 'dvr_snat'
router_info = self.generate_dvr_router_info()
router = self.manage_router(self.agent, router_info)
ext_port = router.get_ex_gw_port()
rfp_devicename = router.get_external_device_interface_name(ext_port)
prevent_snat_rule = router._prevent_snat_for_internal_traffic_rule(
rfp_devicename)
self._assert_iptables_rules_exist(router.iptables_manager, 'nat',
[prevent_snat_rule])
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
restarted_router = self.manage_router(restarted_agent, router_info)
self._assert_iptables_rules_exist(restarted_router.iptables_manager,
'nat', [prevent_snat_rule])
def setUp(self):
super(L3AgentFipPortForwardingExtensionTestFramework, self).setUp()
self.conf.set_override('extensions', ['port_forwarding'], 'agent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport('agent1',
self.conf)
self.fip_pf_ext = pf.PortForwardingAgentExtension()
self.fip_id1 = _uuid()
self.fip_id2 = _uuid()
self.fip_id3 = _uuid()
self.portforwarding1 = pf_obj.PortForwarding(
context=None, id=_uuid(), floatingip_id=self.fip_id1,
external_port=1111, protocol='tcp', internal_port_id=_uuid(),
external_port_range='1111:1111',
internal_port_range='11111:11111',
internal_ip_address='1.1.1.1', internal_port=11111,
floating_ip_address='111.111.111.111', router_id=_uuid())
self.portforwarding2 = pf_obj.PortForwarding(
context=None, id=_uuid(), floatingip_id=self.fip_id1,
external_port=1112, protocol='tcp', internal_port_id=_uuid(),
external_port_range='1112:1112',
internal_port_range='11112:11112',
internal_ip_address='1.1.1.2', internal_port=11112,
floating_ip_address='111.111.111.111', router_id=_uuid())
self.portforwarding3 = pf_obj.PortForwarding(
context=None, id=_uuid(), floatingip_id=self.fip_id2,
external_port=1113, protocol='tcp', internal_port_id=_uuid(),
internal_ip_address='1.1.1.3', internal_port=11113,
external_port_range='1113:1113',
internal_port_range='11113:11113',
floating_ip_address='111.222.111.222', router_id=_uuid())
self.portforwarding4 = pf_obj.PortForwarding(
context=None, id=_uuid(), floatingip_id=self.fip_id3,
external_port=2222, protocol='tcp', internal_port_id=_uuid(),
external_port_range='2222:2222',
internal_port_range='22222:22222',
internal_ip_address='2.2.2.2', internal_port=22222,
floating_ip_address='222.222.222.222', router_id=_uuid())
self.port_forwardings = [self.portforwarding1, self.portforwarding2,
self.portforwarding3, self.portforwarding4]
self._set_bulk_pull_mock()
self.managed_fips = [self.fip_id1, self.fip_id2, self.fip_id3]
self.fip_list_for_pf = ['111.111.111.111/32', '111.222.111.222/32',
'222.222.222.222/32']
def setUp(self):
super(L3AgentConntrackHelperExtensionTestFramework, self).setUp()
self.conf.set_override('extensions', ['conntrack_helper'], 'agent')
self.agent = neutron_l3_agent.L3NATAgentWithStateReport(
'agent1', self.conf)
self.cth_ext = conntrack_helper.ConntrackHelperAgentExtension()
self.router_id1 = uuidutils.generate_uuid()
self.router_id2 = uuidutils.generate_uuid()
self.conntrackhelper1 = cth_obj.ConntrackHelper(
context=None,
id=uuidutils.generate_uuid(),
protocol='udp',
port=69,
helper='tftp',
router_id=self.router_id1)
self.conntrackhelper2 = cth_obj.ConntrackHelper(
context=None,
id=uuidutils.generate_uuid(),
protocol='tcp',
port=21,
helper='ftp',
router_id=self.router_id2)
self.conntrack_helpers = [self.conntrackhelper1, self.conntrackhelper2]
self.managed_cths = {}
self.managed_cths[self.conntrackhelper1.id] = self.conntrackhelper1
self.managed_cths[self.conntrackhelper2.id] = self.conntrackhelper2
self.router_cth_map = collections.defaultdict(set)
self.router_cth_map[self.router_id1].add(self.conntrackhelper1.id)
self.router_cth_map[self.router_id2].add(self.conntrackhelper2.id)
self._set_bulk_poll_mock()
def test_prevent_snat_rule_exist_on_restarted_agent(self):
self.agent.conf.agent_mode = 'dvr_snat'
router_info = self.generate_dvr_router_info()
router = self.manage_router(self.agent, router_info)
ext_port = router.get_ex_gw_port()
gw_ip = self._port_first_ip_cidr(ext_port).partition('/')[0]
rfp_devicename = router.get_external_device_interface_name(ext_port)
prevent_snat_rule = router.external_gateway_nat_fip_rules(
gw_ip, rfp_devicename)
def is_prevent_snat_rule_exist(router_iptables_manager):
rules = router_iptables_manager.get_rules_for_table('nat')
return all(
str(iptables_manager.IptablesRule(nat_rule[0], nat_rule[1])) in
rules for nat_rule in prevent_snat_rule)
self.assertTrue(is_prevent_snat_rule_exist(router.iptables_manager))
restarted_agent = neutron_l3_agent.L3NATAgentWithStateReport(
self.agent.host, self.agent.conf)
restarted_router = self.manage_router(restarted_agent, router_info)
self.assertTrue(
is_prevent_snat_rule_exist(restarted_router.iptables_manager))
