def test_add_ip(self): """ Test adding multiple IPs per workload. """ host = DockerHost('host') ip11 = "192.168.1.1" ip12 = "192.168.1.2" ip21 = "192.168.2.1" ip22 = "192.168.2.2" ip31 = "192.168.3.1" node1 = host.create_workload("node1", ip11) node2 = host.create_workload("node2") host.calicoctl("container add %s %s --interface=hello" % (node2, ip12)) host.calicoctl("profile add TEST_GROUP") host.calicoctl("profile TEST_GROUP member add %s" % node1) host.calicoctl("profile TEST_GROUP member add %s" % node2) node1.assert_can_ping(ip12, retries=3) # Add two more addresses to node1 and one more to node2 host.calicoctl("container node1 ip add %s" % ip21) host.calicoctl("container node1 ip add %s" % ip31) host.calicoctl("container %s ip add %s --interface=hello" % (node2, ip22)) node1.assert_can_ping(ip22) node2.assert_can_ping(ip11) node2.assert_can_ping(ip21) node2.assert_can_ping(ip31) # Now stop and restart node 1 and node 2. host.execute("docker stop %s" % node1, use_powerstrip=True) host.execute("docker stop %s" % node2, use_powerstrip=True) host.execute("docker start %s" % node1, use_powerstrip=True) host.execute("docker start %s" % node2, use_powerstrip=True) # Test pings between the IPs. node1.assert_can_ping(ip12, retries=3) node1.assert_can_ping(ip22) node2.assert_can_ping(ip11) node2.assert_can_ping(ip21) node2.assert_can_ping(ip31) # Now remove and check pings to the removed addresses no longer work. host.calicoctl("container %s ip remove %s" % (node1, ip21)) host.calicoctl("container %s ip remove %s --interface=hello" % (node2, ip22)) node1.assert_can_ping(ip12) node2.assert_can_ping(ip11) with self.assertRaises(ErrorReturnCode): node1.assert_can_ping(ip22) with self.assertRaises(ErrorReturnCode): node2.assert_can_ping(ip21) node2.assert_can_ping(ip31) # Check that we can't remove addresses twice with self.assertRaises(ErrorReturnCode): host.calicoctl("container %s ip remove %s" % (node1, ip21))
def test_endpoint_commands_mainline(self): """ Run a mainline multi-host test using endpoint commands. This test uses the "endpoint profile set" command to assign endpoints to profiles according to the following topology: Host1: [workload_A, workload_B, workload_C] Host2: [workload_D, workload_E] Creates a profile that connects A, C, & E Creates an additional isolated profile for B. Creates an additional isolated profile for D. IP Connectivity is then tested to ensure that only workloads in the same profile can ping one another """ host1 = DockerHost('host1') host2 = DockerHost('host2') ip_a = "192.168.1.1" ip_b = "192.168.1.2" ip_c = "192.168.1.3" ip_d = "192.168.1.4" ip_e = "192.168.1.5" workload_a = host1.create_workload("workload_a", ip_a) workload_b = host1.create_workload("workload_b", ip_b) workload_c = host1.create_workload("workload_c", ip_c) workload_d = host2.create_workload("workload_d", ip_d) workload_e = host2.create_workload("workload_e", ip_e) host1.calicoctl("profile add PROF_1_3_5") host1.calicoctl("profile add PROF_2") host1.calicoctl("profile add PROF_4") workload_a_endpoint_id = host1.calicoctl("container workload_a endpoint-id show").strip() workload_b_endpoint_id = host1.calicoctl("container workload_b endpoint-id show").strip() workload_c_endpoint_id = host1.calicoctl("container workload_c endpoint-id show").strip() workload_d_endpoint_id = host2.calicoctl("container workload_d endpoint-id show").strip() workload_e_endpoint_id = host2.calicoctl("container workload_e endpoint-id show").strip() host1.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_a_endpoint_id) host1.calicoctl("endpoint %s profile set PROF_2" % workload_b_endpoint_id) host1.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_c_endpoint_id) host2.calicoctl("endpoint %s profile set PROF_4" % workload_d_endpoint_id) host2.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_e_endpoint_id) self.assert_connectivity(pass_list=[workload_a, workload_c, workload_e], fail_list=[workload_b, workload_d]) self.assert_connectivity(pass_list=[workload_b], fail_list=[workload_a, workload_c, workload_d, workload_e]) self.assert_connectivity(pass_list=[workload_d], fail_list=[workload_a, workload_b, workload_c, workload_e])
def test_duplicate_ips(self): """ Start two workloads with the same IP on different hosts. Make sure they can be reached from all places even after one of them is deleted. """ host1 = DockerHost('host1') host2 = DockerHost('host2') host3 = DockerHost('host3') # Set up three workloads on three hosts workload1 = host1.create_workload("workload1", "192.168.1.1") workload2 = host2.create_workload("workload2", "192.168.1.2") workload3 = host3.create_workload("workload3", "192.168.1.3") # Set up the workloads with duplicate IPs dup_ip = "192.168.1.4" dup1 = host1.create_workload("dup1", dup_ip) dup2 = host2.create_workload("dup2", dup_ip) host1.calicoctl("profile add TEST_PROFILE") # Add everyone to the same profile workload1_epid = host1.calicoctl("container %s endpoint-id show" % workload1).strip() host1.calicoctl("endpoint %s profile append TEST_PROFILE" % workload1_epid) dup1_epid = host1.calicoctl("container %s endpoint-id show" % dup1).strip() host1.calicoctl("endpoint %s profile append TEST_PROFILE" % dup1_epid) workload2_epid = host2.calicoctl("container %s endpoint-id show" % workload2).strip() host2.calicoctl("endpoint %s profile append TEST_PROFILE" % workload2_epid) dup2_epid = host2.calicoctl("container %s endpoint-id show" % dup2).strip() host2.calicoctl("endpoint %s profile append TEST_PROFILE" % dup2_epid) workload3_dpid = host3.calicoctl("container %s endpoint-id show" % workload3).strip() host3.calicoctl("endpoint %s profile append TEST_PROFILE" % workload3_dpid) # Check for standard connectivity workload1.assert_can_ping(dup_ip, retries=3) workload2.assert_can_ping(dup_ip, retries=3) workload3.assert_can_ping(dup_ip, retries=3) # Delete one of the duplciates. host2.execute("docker rm -f dup2") # Check standard connectivity still works. workload1.assert_can_ping(dup_ip, retries=3) workload2.assert_can_ping(dup_ip, retries=3) workload3.assert_can_ping(dup_ip, retries=3)
def run_ipv6_multi_host(self, default_as=None, per_node_as=None): """ Run a mainline multi-host test with IPv6. Almost identical in function to the vagrant coreOS demo. """ host1 = DockerHost('host1', as_num=per_node_as) host2 = DockerHost('host2', as_num=per_node_as) if default_as: host1.calicoctl("default-node-as 12345") ip1 = "fd80:24e2:f998:72d6::1:1" ip2 = "fd80:24e2:f998:72d6::1:2" ip3 = "fd80:24e2:f998:72d6::1:3" ip4 = "fd80:24e2:f998:72d6::1:4" ip5 = "fd80:24e2:f998:72d6::1:5" # We use this image here because busybox doesn't have ping6. workload1 = host1.create_workload("workload1", ip1, image="phusion/baseimage:0.9.16") workload2 = host1.create_workload("workload2", ip2, image="phusion/baseimage:0.9.16") workload3 = host1.create_workload("workload3", ip3, image="phusion/baseimage:0.9.16") workload4 = host2.create_workload("workload4", ip4, image="phusion/baseimage:0.9.16") workload5 = host2.create_workload("workload5", ip5, image="phusion/baseimage:0.9.16") host1.calicoctl("profile add PROF_1_3_5") host1.calicoctl("profile add PROF_2") host1.calicoctl("profile add PROF_4") host1.calicoctl("profile PROF_1_3_5 member add %s" % workload1) host1.calicoctl("profile PROF_2 member add %s" % workload2) host1.calicoctl("profile PROF_1_3_5 member add %s" % workload3) host2.calicoctl("profile PROF_4 member add %s" % workload4) host2.calicoctl("profile PROF_1_3_5 member add %s" % workload5) self.assert_connectivity(pass_list=[workload1, workload3, workload5], fail_list=[workload2, workload4]) self.assert_connectivity(pass_list=[workload2], fail_list=[workload1, workload3, workload4, workload5]) self.assert_connectivity(pass_list=[workload4], fail_list=[workload1, workload2, workload3, workload5])
def run_multi_host(self, default_as=None, per_node_as=None): """ Run a mainline multi-host test. Almost identical in function to the vagrant coreOS demo. """ host1 = DockerHost('host1', as_num=per_node_as) host2 = DockerHost('host2', as_num=per_node_as) if default_as: host1.calicoctl("default-node-as 12345") ip1 = "192.168.1.1" ip2 = "192.168.1.2" ip3 = "192.168.1.3" ip4 = "192.168.1.4" ip5 = "192.168.1.5" workload1 = host1.create_workload("workload1", ip1) workload2 = host1.create_workload("workload2", ip2) workload3 = host1.create_workload("workload3", ip3) workload4 = host2.create_workload("workload4", ip4) workload5 = host2.create_workload("workload5", ip5) host1.calicoctl("profile add PROF_1_3_5") host1.calicoctl("profile add PROF_2") host1.calicoctl("profile add PROF_4") host1.calicoctl("profile PROF_1_3_5 member add %s" % workload1) host1.calicoctl("profile PROF_2 member add %s" % workload2) host1.calicoctl("profile PROF_1_3_5 member add %s" % workload3) host2.calicoctl("profile PROF_4 member add %s" % workload4) host2.calicoctl("profile PROF_1_3_5 member add %s" % workload5) self.assert_connectivity(pass_list=[workload1, workload3, workload5], fail_list=[workload2, workload4]) self.assert_connectivity(pass_list=[workload2], fail_list=[workload1, workload3, workload4, workload5]) self.assert_connectivity(pass_list=[workload4], fail_list=[workload1, workload2, workload3, workload5])
def test_no_powerstrip(self): """ Test mainline functionality without using powerstrip. """ host = DockerHost("host") host.calicoctl("profile add TEST_GROUP") # Remove the environment variable such that docker run does not utilize # powerstrip. node1 = host.create_workload("node1", use_powerstrip=False) node2 = host.create_workload("node2", use_powerstrip=False) # Attempt to configure the nodes with the same profiles. This will fail # since we didn't use powerstrip to create the nodes. with self.assertRaises(ErrorReturnCode): host.calicoctl("profile TEST_GROUP member add %s" % node1) with self.assertRaises(ErrorReturnCode): host.calicoctl("profile TEST_GROUP member add %s" % node2) # Add the nodes to Calico networking. ip1, ip2 = "192.168.1.1", "192.168.1.2" host.calicoctl("container add %s %s" % (node1, ip1)) host.calicoctl("container add %s %s" % (node2, ip2)) # Now add the profiles. host.calicoctl("profile TEST_GROUP member add %s" % node1) host.calicoctl("profile TEST_GROUP member add %s" % node2) # Inspect the nodes (ensure this works without powerstrip) host.execute("docker inspect %s" % node1) host.execute("docker inspect %s" % node2) # Check it works node1.assert_can_ping(ip1, retries=3) node1.assert_can_ping(ip2) node2.assert_can_ping(ip1) node2.assert_can_ping(ip2) # Test the teardown commands host.calicoctl("profile remove TEST_GROUP") host.calicoctl("container remove %s" % node1) host.calicoctl("container remove %s" % node2) host.calicoctl("pool remove 192.168.0.0/16") host.calicoctl("node stop")
def test_add_container(self): """ Test adding container to calico networking after it exists. """ host = DockerHost('host') node = host.create_workload("node") # Use the `container add` command instead of passing a CALICO_IP on # container creation. Note this no longer needs DOCKER_HOST specified. host.calicoctl("container add %s 192.168.1.1" % node.name) host.calicoctl("profile add TEST_GROUP") host.calicoctl("profile TEST_GROUP member add %s" % node.name) # Wait for felix to program down the route. check_route = partial(host.execute, "ip route | grep '192\.168\.1\.1'") retry_until_success(check_route, ex_class=ErrorReturnCode)
def test_ipv6(self): """ Test mainline functionality with IPv6 addresses. """ host = DockerHost("host") ip1, ip2 = "fd80:24e2:f998:72d6::1:1", "fd80:24e2:f998:72d6::1:2" # We use this image here because busybox doesn't have ping6. node1 = host.create_workload("node1", ip=ip1, image="phusion/baseimage:0.9.16") node2 = host.create_workload("node2", ip=ip2, image="phusion/baseimage:0.9.16") # Configure the nodes with the same profiles. host.calicoctl("profile add TEST_GROUP") host.calicoctl("profile TEST_GROUP member add %s" % node1) host.calicoctl("profile TEST_GROUP member add %s" % node2) node1.assert_can_ping(ip2, retries=3) # Check connectivity. self.assert_connectivity([node1, node2])
def run_mainline(self, ip1, ip2): """ Setup two endpoints on one host and check connectivity. """ host = DockerHost('host') node1 = host.create_workload("node1", ip1) node2 = host.create_workload("node2", ip2) # Configure the nodes with the same profiles. host.calicoctl("profile add TEST_GROUP") host.calicoctl("profile TEST_GROUP member add %s" % node1) host.calicoctl("profile TEST_GROUP member add %s" % node2) # Check connectivity. self.assert_connectivity([node1, node2]) # Test calicoctl teardown commands. host.calicoctl("profile remove TEST_GROUP") host.calicoctl("container remove %s" % node1) host.calicoctl("container remove %s" % node2) host.calicoctl("pool remove 192.168.0.0/16") host.calicoctl("node stop")
def test_endpoint_commands(self): """ Run a mainline multi-host test using endpoint commands Performs more complicated endpoint profile assignments to test the append, set, and remove commands in situations where the commands specify multiple profiles at once. """ host1 = DockerHost('host1') host2 = DockerHost('host2') ip_main = "192.168.1.1" ip_a = "192.168.1.2" ip_b = "192.168.1.3" ip_c = "192.168.1.4" workload_main = host1.create_workload("workload_main", ip_main) host2.create_workload("workload_a", ip_a) host2.create_workload("workload_b", ip_b) host2.create_workload("workload_c", ip_c) workload_main_endpoint_id = host1.calicoctl("container workload_main endpoint-id show").strip() workload_a_endpoint_id = host2.calicoctl("container workload_a endpoint-id show").strip() workload_b_endpoint_id = host2.calicoctl("container workload_b endpoint-id show").strip() workload_c_endpoint_id = host2.calicoctl("container workload_c endpoint-id show").strip() host1.calicoctl("profile add PROF_A") host1.calicoctl("profile add PROF_B") host1.calicoctl("profile add PROF_C") host2.calicoctl("endpoint %s profile set PROF_A" % workload_a_endpoint_id) host2.calicoctl("endpoint %s profile set PROF_B" % workload_b_endpoint_id) host2.calicoctl("endpoint %s profile set PROF_C" % workload_c_endpoint_id) # Test set single profile host1.calicoctl("endpoint %s profile set PROF_A" % workload_main_endpoint_id) workload_main.assert_can_ping(ip_a, retries=4) workload_main.assert_cant_ping(ip_b) workload_main.assert_cant_ping(ip_c) # Test set multiple profiles (note: PROF_A should now be removed) host1.calicoctl("endpoint %s profile set PROF_B PROF_C" % workload_main_endpoint_id) workload_main.assert_cant_ping(ip_a, retries=4) workload_main.assert_can_ping(ip_b) workload_main.assert_can_ping(ip_c) # Test set profile to None host1.calicoctl("endpoint %s profile set" % workload_main_endpoint_id) workload_main.assert_cant_ping(ip_a, retries=4) workload_main.assert_cant_ping(ip_b) workload_main.assert_cant_ping(ip_c) # Append a single profile host1.calicoctl("endpoint %s profile append PROF_A" % workload_main_endpoint_id) workload_main.assert_can_ping(ip_a, retries=4) workload_main.assert_cant_ping(ip_b) workload_main.assert_cant_ping(ip_c) # Append two profiles at once host1.calicoctl("endpoint %s profile append PROF_B PROF_C" % workload_main_endpoint_id) workload_main.assert_can_ping(ip_a, retries=4) workload_main.assert_can_ping(ip_b) workload_main.assert_can_ping(ip_c) # Remove a single profile host1.calicoctl("endpoint %s profile remove PROF_C" % workload_main_endpoint_id) workload_main.assert_can_ping(ip_a, retries=4) workload_main.assert_can_ping(ip_b) workload_main.assert_cant_ping(ip_c) # Remove two profiles at once host1.calicoctl("endpoint %s profile remove PROF_A PROF_B" % workload_main_endpoint_id) workload_main.assert_cant_ping(ip_a, retries=4) workload_main.assert_cant_ping(ip_b) workload_main.assert_cant_ping(ip_c)