def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self): dhcp_namespace = self.useFixture( net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name l3_namespace = self.useFixture( net_helpers.NamespaceFixture(l3_agent.NS_PREFIX)).name bridge = self.useFixture( net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge self.useFixture(net_helpers.VethPortFixture(bridge, l3_namespace)) # we scope the get_namespaces to our own ones not to affect other # tests, as otherwise cleanup will kill them all self.get_namespaces.return_value = [l3_namespace, dhcp_namespace] # launch processes in each namespace to make sure they're # killed during cleanup procs_launched = self._launch_processes([l3_namespace, dhcp_namespace]) self.assertIsNot(procs_launched, 0) common_utils.wait_until_true( lambda: self._get_num_spawned_procs() == procs_launched, timeout=15, exception=Exception("Didn't spawn expected number of processes")) netns_cleanup.cleanup_network_namespaces(self.conf) self.get_namespaces_p.stop() namespaces_now = ip_lib.IPWrapper.get_namespaces() procs_after = self._get_num_spawned_procs() self.assertEqual(procs_after, 0) self.assertNotIn(l3_namespace, namespaces_now) self.assertNotIn(dhcp_namespace, namespaces_now)
def setUp(self): super(NetcatTesterTestCase, self).setUp() self.ns1 = self.useFixture(net_helpers.NamespaceFixture('nc-')).name self.ns2 = self.useFixture(net_helpers.NamespaceFixture('nc-')).name self.nc = net_helpers.NetcatTester(self.ns1, self.ns2, '10.30.0.2', '1234', 'tcp') ip_wrapper = ip_lib.IPWrapper(namespace=self.ns1) veth1, veth2 = ip_wrapper.add_veth('veth1', 'veth2', self.ns2) veth1.link.set_up() veth1.addr.add('10.30.0.1/24') veth2.link.set_up() veth2.addr.add('10.30.0.2/24')
def test_plug_with_namespace_sets_mtu_higher_than_bridge(self): device_mtu = 1450 # Create a new OVS bridge ovs_bridge = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.assertFalse(ovs_bridge.get_port_name_list()) # Add a new linuxbridge port with reduced MTU to OVS bridge lb_bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge lb_bridge_port = self.useFixture( net_helpers.LinuxBridgePortFixture(lb_bridge)) lb_bridge_port.port.link.set_mtu(device_mtu - 1) ovs_bridge.add_port(lb_bridge_port.port.name) # Now plug a device with intended MTU that is higher than for the port # above and validate that its MTU is not reduced to the least MTU on # the bridge device_name = utils.get_rand_name() mac_address = utils.get_random_mac('fa:16:3e:00:00:00'.split(':')) namespace = self.useFixture(net_helpers.NamespaceFixture()).name self.interface.plug(network_id=uuidutils.generate_uuid(), port_id=uuidutils.generate_uuid(), device_name=device_name, mac_address=mac_address, bridge=ovs_bridge.br_name, namespace=namespace, mtu=device_mtu) self.assertIn(device_name, ovs_bridge.get_port_name_list()) self.assertTrue(ip_lib.device_exists(device_name, namespace)) self.assertEqual( device_mtu, ip_lib.IPDevice(device_name, namespace=namespace).link.mtu)
def setUp(self): # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(_ARPSpoofTestCase, self).setUp() self.skip_without_arp_support() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.dst_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def setUp(self): cfg.CONF.set_override('enable_distributed_routing', True, group='AGENT') super(OVSFlowTestCase, self).setUp() self.phys_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.br_phys = self.br_phys_cls(self.phys_br.br_name) self.br_phys.set_secure_mode() self.br_phys.setup_controllers(cfg.CONF) self.router_addr = '192.168.0.1/24' self.namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.phys_p = self.useFixture( net_helpers.OVSPortFixture(self.br_phys, self.namespace)).port self.tun_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge self.br_tun = self.br_tun_cls(self.tun_br.br_name) self.br_tun.set_secure_mode() self.br_tun.setup_controllers(cfg.CONF) self.tun_p = self.br_tun.add_patch_port( common_utils.get_rand_device_name( prefix=cfg.CONF.OVS.tun_peer_patch_port), common_utils.get_rand_device_name( prefix=cfg.CONF.OVS.int_peer_patch_port)) self.br_tun.setup_default_table(self.tun_p, True)
def _test_assert_pings_during_br_phys_setup_not_lost(self, provider_net): # Separate namespace is needed when pinging from one port to another, # otherwise Linux ping uses loopback instead for sending and receiving # ping, hence ignoring flow setup. ns_phys = self.useFixture(net_helpers.NamespaceFixture()).name ports = self.create_test_ports(amount=2) port_int = ports[0] port_phys = ports[1] ip_int = port_int['fixed_ips'][0]['ip_address'] ip_phys = port_phys['fixed_ips'][0]['ip_address'] self.setup_agent_and_ports(port_dicts=[port_int], create_tunnels=False, network=provider_net) self.plug_ports_to_phys_br(provider_net, [port_phys], namespace=ns_phys) # The OVS agent doesn't monitor the physical bridges, no notification # is sent when a port is up on a physical bridge, hence waiting only # for the ports connected to br-int self.wait_until_ports_state([port_int], up=True) with net_helpers.async_ping(ns_phys, [ip_int]) as done: while not done(): self.agent.setup_physical_bridges(self.agent.bridge_mappings) time.sleep(0.25) with net_helpers.async_ping(self.namespace, [ip_phys]) as done: while not done(): self.agent.setup_physical_bridges(self.agent.bridge_mappings) time.sleep(0.25)
def setup_host_with_linuxbridge_agent(self): #First we need to provide connectivity for agent to prepare proper #bridge mappings in agent's config: self.host_namespace = self.useFixture( net_helpers.NamespaceFixture(prefix="host-")).name self.connect_namespace_to_control_network() agent_cfg_fixture = config.LinuxBridgeConfigFixture( self.env_desc, self.host_desc, self.neutron_config.temp_dir, self.local_ip, physical_device_name=self.host_port.name) self.useFixture(agent_cfg_fixture) self.linuxbridge_agent = self.useFixture( process.LinuxBridgeAgentFixture(self.env_desc, self.host_desc, self.test_name, self.neutron_config, agent_cfg_fixture, namespace=self.host_namespace)) if self.host_desc.l3_agent: self.l3_agent_cfg_fixture = self.useFixture( config.L3ConfigFixture(self.env_desc, self.host_desc, self.neutron_config.temp_dir)) if self.host_desc.dhcp_agent: self.dhcp_agent_cfg_fixture = self.useFixture( config.DhcpConfigFixture(self.env_desc, self.host_desc, self.neutron_config.temp_dir))
def test_set_netns(self): device_name = ( 'int_' + uuidutils.generate_uuid())[:constants.DEVICE_NAME_MAX_LEN] device = ip_lib.IPDevice(device_name, kind='dummy') device.link.create() namespace = self.useFixture(net_helpers.NamespaceFixture()) device.link.set_netns(namespace.name)
def test_in_namespace(self): namespace = self.useFixture(net_helpers.NamespaceFixture()).name expected = get_netns_inode(namespace) before, observed, after = utils.get_in_namespace_netns_inodes( namespace) self.assertEqual(expected, observed) self.assertEqual(before, after)
def test_netns_wrap_success(self): client_ns = self.useFixture(net_helpers.NamespaceFixture()).ip_wrapper ns = client_ns.namespace pth = self.mount_paths % {'ns': ns} cmd = WRAPPER_SCRIPT, pth, '--cmd=ip,addr,show' output = client_ns.netns.execute(cmd) self.assertTrue(STATUS_PATTERN.search(output))
def setUp(self): super(RouteTestCase, self).setUp() self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name self.device_name = 'test_device' ip_lib.IPWrapper(self.namespace).add_dummy(self.device_name) self.device = ip_lib.IPDevice(self.device_name, self.namespace) self.device.link.set_up()
def test_dummy_exists(self): namespace = self.useFixture(net_helpers.NamespaceFixture()) dev_name = utils.get_rand_name() device = namespace.ip_wrapper.add_dummy(dev_name) self.addCleanup(self._safe_delete_device, device) self._check_for_device_name(namespace.ip_wrapper, dev_name, True) device.link.delete() self._check_for_device_name(namespace.ip_wrapper, dev_name, False)
def test_list_entries(self): namespace = self.useFixture(net_helpers.NamespaceFixture()).name self._create_entries(namespace, CONNTRACK_CMDS) expected = ((4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2', 3333), (4, 'tcp', 1, 2, '1.1.1.1', '2.2.2.2'), (4, 'udp', 1, 2, '1.1.1.1', '2.2.2.2')) entries_list = nl_lib.list_entries(namespace=namespace) self.assertEqual(expected, entries_list)
def test_set_mtu(self): device_name = utils.get_rand_name() namespace = self.useFixture(net_helpers.NamespaceFixture()).name self._test_mtu_set_after_action( device_name, self.bridge_name, namespace, functools.partial(self.interface.set_mtu, device_name=device_name, namespace=namespace))
def test_list_entries(self): namespace = self.useFixture(net_helpers.NamespaceFixture()).name _create_entries(namespace, self.CONNTRACK_CMDS) expected = ( (4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2', 3333), (6, 'icmpv6', 128, 0, '10::10', '20::20', 3456), ) entries_list = nl_lib.list_entries(namespace=namespace) self.assertEqual(expected, entries_list)
def setUp(self): if not checks.arp_header_match_supported(): self.skipTest("ARP header matching not supported") # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(ARPSpoofTestCase, self).setUp() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.dst_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.pinger = machine_fixtures.Pinger(self.src_namespace, max_attempts=2) self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port
def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self): dhcp_namespace = self.useFixture( net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name l3_namespace = self.useFixture( net_helpers.NamespaceFixture(namespaces.NS_PREFIX)).name bridge = self.useFixture( net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge self.useFixture(net_helpers.VethPortFixture(bridge, l3_namespace)) # we scope the get_namespaces to our own ones not to affect other # tests, as otherwise cleanup will kill them all self.get_namespaces.return_value = [l3_namespace, dhcp_namespace] netns_cleanup.cleanup_network_namespaces(self.conf) self.get_namespaces_p.stop() namespaces_now = ip_lib.IPWrapper.get_namespaces() self.assertNotIn(l3_namespace, namespaces_now) self.assertNotIn(dhcp_namespace, namespaces_now)
def _setUp(self): ns_fixture = self.useFixture(net_helpers.NamespaceFixture()) self.namespace = ns_fixture.name self.port = self.useFixture( net_helpers.PortFixture.get(self.bridge, self.namespace)).port self.port.addr.add(self._ip_cidr) if self.gateway_ip: net_helpers.set_namespace_gateway(self.port, self.gateway_ip)
def setUp(self): # NOTE(kevinbenton): it would be way cooler to use scapy for # these but scapy requires the python process to be running as # root to bind to the ports. super(ARPSpoofTestCase, self).setUp() self.skip_without_arp_support() self.src_addr = '192.168.0.1' self.dst_addr = '192.168.0.2' self.src_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.dst_namespace = self.useFixture( net_helpers.NamespaceFixture()).name self.src_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.src_namespace)).port self.dst_p = self.useFixture( net_helpers.OVSPortFixture(self.br, self.dst_namespace)).port # wait to add IPs until after anti-spoof rules to ensure ARP doesn't # happen before self.addOnException(self.collect_flows_and_ports)
def setUp(self): super(GetLinkAttributesTestCase, self).setUp() self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name self.device_name = 'test_device' ip_lib.IPWrapper(self.namespace).add_dummy(self.device_name) self.device = ip_lib.IPDevice(self.device_name, self.namespace) self.pyroute_dev = priv_ip_lib.get_link_devices( self.namespace, ifname=self.device_name) self.assertEqual(1, len(self.pyroute_dev)) self.pyroute_dev = self.pyroute_dev[0]
def setUp(self): super(IpRouteCommandTestCase, self).setUp() self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name ip_lib.IPWrapper(self.namespace).add_dummy('test_device') self.device = ip_lib.IPDevice('test_device', namespace=self.namespace) self.device.link.set_up() self.device_cidr_ipv4 = '192.168.100.1/24' self.device_cidr_ipv6 = '2020::1/64' self.device.addr.add(self.device_cidr_ipv4) self.device.addr.add(self.device_cidr_ipv6) self.cidrs = ['192.168.0.0/24', '10.0.0.0/8', '2001::/64', 'faaa::/96']
def setUp(self): super(InNamespaceTest, self).setUp() self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name ip = ip_lib.IPWrapper() root_dev_name = neutron_utils.get_rand_device_name() netns_dev_name = neutron_utils.get_rand_device_name() self.root_dev, self.netns_dev = ip.add_veth(root_dev_name, netns_dev_name, namespace2=self.namespace) self.addCleanup(self.root_dev.link.delete)
def test_veth_exists(self): namespace1 = self.useFixture(net_helpers.NamespaceFixture()) namespace2 = self.useFixture(net_helpers.NamespaceFixture()) dev_name1 = utils.get_rand_name() dev_name2 = utils.get_rand_name() device1, device2 = namespace1.ip_wrapper.add_veth( dev_name1, dev_name2, namespace2.name) self.addCleanup(self._safe_delete_device, device1) self.addCleanup(self._safe_delete_device, device2) self._check_for_device_name(namespace1.ip_wrapper, dev_name1, True) self._check_for_device_name(namespace2.ip_wrapper, dev_name2, True) self._check_for_device_name(namespace1.ip_wrapper, dev_name2, False) self._check_for_device_name(namespace2.ip_wrapper, dev_name1, False) # As it is veth pair, remove of device1 should be enough to remove # both devices device1.link.delete() self._check_for_device_name(namespace1.ip_wrapper, dev_name1, False) self._check_for_device_name(namespace2.ip_wrapper, dev_name2, False)
def test_cleanup_network_namespaces_cleans_dhcp_and_l3_namespaces(self): dhcp_namespace = self.useFixture( net_helpers.NamespaceFixture(dhcp.NS_PREFIX)).name l3_namespace = self.useFixture( net_helpers.NamespaceFixture(namespaces.NS_PREFIX)).name bridge = self.useFixture( net_helpers.VethPortFixture(namespace=dhcp_namespace)).bridge self.useFixture( net_helpers.VethPortFixture(bridge, l3_namespace)) # we scope the get_namespaces to our own ones not to affect other # tests, as otherwise cleanup will kill them all self.get_namespaces.return_value = [l3_namespace, dhcp_namespace] # launch processes in each namespace to make sure they're # killed during cleanup procs_launched = self._launch_processes([l3_namespace, dhcp_namespace]) self.assertIsNot(procs_launched, 0) try: common_utils.wait_until_true( lambda: self._get_num_spawned_procs() == procs_launched, timeout=15) except eventlet.Timeout: num_spawned_procs = self._get_num_spawned_procs() err_str = ("Expected number/spawned number: {0}/{1}\nProcess " "information:\n".format(num_spawned_procs, procs_launched)) cmd = ['ps', '-f', '-u', 'root'] err_str += utils.execute(cmd, run_as_root=True) raise Exception(err_str) netns_cleanup.cleanup_network_namespaces(self.conf) self.get_namespaces_p.stop() namespaces_now = ip_lib.list_network_namespaces() procs_after = self._get_num_spawned_procs() self.assertEqual(procs_after, 0) self.assertNotIn(l3_namespace, namespaces_now) self.assertNotIn(dhcp_namespace, namespaces_now)
def test_set_link_netns(self): attr = self.generate_device_details() device = self.manage_device(attr) original_namespace = device.namespace original_ip_wrapper = ip_lib.IPWrapper(namespace=original_namespace) new_namespace = self.useFixture(net_helpers.NamespaceFixture()) device.link.set_netns(new_namespace.name) self.assertEqual(new_namespace.name, device.namespace) self._check_for_device_name(new_namespace.ip_wrapper, device.name, True) self._check_for_device_name(original_ip_wrapper, device.name, False)
def setUp(self): super().setUp() self.namespace = self.useFixture(net_helpers.NamespaceFixture()).name self.device_names = ['test_device1', 'test_device2'] self.device_ips = ['10.0.0.1/24', '10.0.1.1/24'] self.device_cidrs = [ netaddr.IPNetwork(ip_address).cidr for ip_address in self.device_ips ] for idx, dev in enumerate(self.device_names): ip_lib.IPWrapper(self.namespace).add_dummy(dev) device = ip_lib.IPDevice(dev, namespace=self.namespace) device.link.set_up() device.addr.add(self.device_ips[idx])
def test_plug_succeeds(self): device_name = utils.get_rand_name() mac_address = net.get_random_mac('fa:16:3e:00:00:00'.split(':')) namespace = self.useFixture(net_helpers.NamespaceFixture()).name self.assertFalse(self.bridge.get_port_name_list()) self.interface.plug(network_id=uuidutils.generate_uuid(), port_id=uuidutils.generate_uuid(), device_name=device_name, mac_address=mac_address, bridge=self.bridge.br_name, namespace=namespace) self.assertIn(device_name, self.bridge.get_port_name_list()) self.assertTrue(ip_lib.device_exists(device_name, namespace))
def setUp(self): cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP') super(IptablesFirewallTestCase, self).setUp() bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge # FIXME(cbrandily): temporary, will be replaced by fake machines self.src_ip_wrapper = self.useFixture( net_helpers.NamespaceFixture()).ip_wrapper src_port_fixture = self.useFixture( net_helpers.LinuxBridgePortFixture(bridge, self.src_ip_wrapper.namespace)) self.src_port = src_port_fixture.port self._set_ip_up(self.src_port, '%s/24' % self.SRC_ADDRESS) self.dst_ip_wrapper = self.useFixture( net_helpers.NamespaceFixture()).ip_wrapper self.dst_port = self.useFixture( net_helpers.LinuxBridgePortFixture( bridge, self.dst_ip_wrapper.namespace)).port self._set_ip_up(self.dst_port, '%s/24' % self.DST_ADDRESS) self.firewall = iptables_firewall.IptablesFirewallDriver( namespace=bridge.namespace) self._set_src_mac(self.MAC_REAL) self.src_port_desc = { 'admin_state_up': True, 'device': src_port_fixture.br_port.name, 'device_owner': 'compute:None', 'fixed_ips': [self.SRC_ADDRESS], 'mac_address': self.MAC_REAL, 'port_security_enabled': True, 'security_groups': [self.FAKE_SECURITY_GROUP_ID], 'status': 'ACTIVE' }
def test_assigned_value(self): namespace = self.useFixture(net_helpers.NamespaceFixture()) for expected in (0, 1): try: ip_lib.set_ip_nonlocal_bind(expected, namespace.name) except RuntimeError as rte: stat_message = ( 'cannot stat /proc/sys/net/ipv4/ip_nonlocal_bind') if stat_message in str(rte): raise self.skipException( "This kernel doesn't support %s in network " "namespaces." % ip_lib.IP_NONLOCAL_BIND) raise observed = ip_lib.get_ip_nonlocal_bind(namespace.name) self.assertEqual(expected, observed)
def test_ipv6_lla_create_and_get(self): lla_address = "fe80::f816:3eff:fe66:73bf/64" global_address = "2001::1/64" device_name = utils.get_rand_name() namespace = self.useFixture(net_helpers.NamespaceFixture()) namespace.ip_wrapper.add_dummy(device_name) self.interface.add_ipv6_addr( device_name, lla_address, namespace.name, 'link') self.interface.add_ipv6_addr( device_name, global_address, namespace.name, 'global') existing_addresses = [ a['cidr'] for a in self.interface.get_ipv6_llas( device_name, namespace.name)] self.assertIn(lla_address, existing_addresses) self.assertNotIn(global_address, existing_addresses)