def test_add_ip(self):
"""
Test adding multiple IPs per workload.
"""
host = DockerHost('host')
ip11 = "192.168.1.1"
ip12 = "192.168.1.2"
ip21 = "192.168.2.1"
ip22 = "192.168.2.2"
ip31 = "192.168.3.1"
node1 = host.create_workload("node1", ip11)
node2 = host.create_workload("node2")
host.calicoctl("container add %s %s --interface=hello" % (node2, ip12))
host.calicoctl("profile add TEST_GROUP")
host.calicoctl("profile TEST_GROUP member add %s" % node1)
host.calicoctl("profile TEST_GROUP member add %s" % node2)
node1.assert_can_ping(ip12, retries=3)
# Add two more addresses to node1 and one more to node2
host.calicoctl("container node1 ip add %s" % ip21)
host.calicoctl("container node1 ip add %s" % ip31)
host.calicoctl("container %s ip add %s --interface=hello" % (node2, ip22))
node1.assert_can_ping(ip22)
node2.assert_can_ping(ip11)
node2.assert_can_ping(ip21)
node2.assert_can_ping(ip31)
# Now stop and restart node 1 and node 2.
host.execute("docker stop %s" % node1, use_powerstrip=True)
host.execute("docker stop %s" % node2, use_powerstrip=True)
host.execute("docker start %s" % node1, use_powerstrip=True)
host.execute("docker start %s" % node2, use_powerstrip=True)
# Test pings between the IPs.
node1.assert_can_ping(ip12, retries=3)
node1.assert_can_ping(ip22)
node2.assert_can_ping(ip11)
node2.assert_can_ping(ip21)
node2.assert_can_ping(ip31)
# Now remove and check pings to the removed addresses no longer work.
host.calicoctl("container %s ip remove %s" % (node1, ip21))
host.calicoctl("container %s ip remove %s --interface=hello" % (node2, ip22))
node1.assert_can_ping(ip12)
node2.assert_can_ping(ip11)
with self.assertRaises(ErrorReturnCode):
node1.assert_can_ping(ip22)
with self.assertRaises(ErrorReturnCode):
node2.assert_can_ping(ip21)
node2.assert_can_ping(ip31)
# Check that we can't remove addresses twice
with self.assertRaises(ErrorReturnCode):
host.calicoctl("container %s ip remove %s" % (node1, ip21))
def test_endpoint_commands_mainline(self):
"""
Run a mainline multi-host test using endpoint commands.
This test uses the "endpoint profile set" command to assign
endpoints to profiles according to the following topology:
Host1: [workload_A, workload_B, workload_C]
Host2: [workload_D, workload_E]
Creates a profile that connects A, C, & E
Creates an additional isolated profile for B.
Creates an additional isolated profile for D.
IP Connectivity is then tested to ensure that only workloads
in the same profile can ping one another
"""
host1 = DockerHost('host1')
host2 = DockerHost('host2')
ip_a = "192.168.1.1"
ip_b = "192.168.1.2"
ip_c = "192.168.1.3"
ip_d = "192.168.1.4"
ip_e = "192.168.1.5"
workload_a = host1.create_workload("workload_a", ip_a)
workload_b = host1.create_workload("workload_b", ip_b)
workload_c = host1.create_workload("workload_c", ip_c)
workload_d = host2.create_workload("workload_d", ip_d)
workload_e = host2.create_workload("workload_e", ip_e)
host1.calicoctl("profile add PROF_1_3_5")
host1.calicoctl("profile add PROF_2")
host1.calicoctl("profile add PROF_4")
workload_a_endpoint_id = host1.calicoctl("container workload_a endpoint-id show").strip()
workload_b_endpoint_id = host1.calicoctl("container workload_b endpoint-id show").strip()
workload_c_endpoint_id = host1.calicoctl("container workload_c endpoint-id show").strip()
workload_d_endpoint_id = host2.calicoctl("container workload_d endpoint-id show").strip()
workload_e_endpoint_id = host2.calicoctl("container workload_e endpoint-id show").strip()
host1.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_a_endpoint_id)
host1.calicoctl("endpoint %s profile set PROF_2" % workload_b_endpoint_id)
host1.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_c_endpoint_id)
host2.calicoctl("endpoint %s profile set PROF_4" % workload_d_endpoint_id)
host2.calicoctl("endpoint %s profile set PROF_1_3_5" % workload_e_endpoint_id)
self.assert_connectivity(pass_list=[workload_a, workload_c, workload_e],
fail_list=[workload_b, workload_d])
self.assert_connectivity(pass_list=[workload_b],
fail_list=[workload_a, workload_c, workload_d, workload_e])
self.assert_connectivity(pass_list=[workload_d],
fail_list=[workload_a, workload_b, workload_c, workload_e])
def test_duplicate_ips(self):
"""
Start two workloads with the same IP on different hosts. Make sure they
can be reached from all places even after one of them is deleted.
"""
host1 = DockerHost('host1')
host2 = DockerHost('host2')
host3 = DockerHost('host3')
# Set up three workloads on three hosts
workload1 = host1.create_workload("workload1", "192.168.1.1")
workload2 = host2.create_workload("workload2", "192.168.1.2")
workload3 = host3.create_workload("workload3", "192.168.1.3")
# Set up the workloads with duplicate IPs
dup_ip = "192.168.1.4"
dup1 = host1.create_workload("dup1", dup_ip)
dup2 = host2.create_workload("dup2", dup_ip)
host1.calicoctl("profile add TEST_PROFILE")
# Add everyone to the same profile
workload1_epid = host1.calicoctl("container %s endpoint-id show" % workload1).strip()
host1.calicoctl("endpoint %s profile append TEST_PROFILE" % workload1_epid)
dup1_epid = host1.calicoctl("container %s endpoint-id show" % dup1).strip()
host1.calicoctl("endpoint %s profile append TEST_PROFILE" % dup1_epid)
workload2_epid = host2.calicoctl("container %s endpoint-id show" % workload2).strip()
host2.calicoctl("endpoint %s profile append TEST_PROFILE" % workload2_epid)
dup2_epid = host2.calicoctl("container %s endpoint-id show" % dup2).strip()
host2.calicoctl("endpoint %s profile append TEST_PROFILE" % dup2_epid)
workload3_dpid = host3.calicoctl("container %s endpoint-id show" % workload3).strip()
host3.calicoctl("endpoint %s profile append TEST_PROFILE" % workload3_dpid)
# Check for standard connectivity
workload1.assert_can_ping(dup_ip, retries=3)
workload2.assert_can_ping(dup_ip, retries=3)
workload3.assert_can_ping(dup_ip, retries=3)
# Delete one of the duplciates.
host2.execute("docker rm -f dup2")
# Check standard connectivity still works.
workload1.assert_can_ping(dup_ip, retries=3)
workload2.assert_can_ping(dup_ip, retries=3)
workload3.assert_can_ping(dup_ip, retries=3)
def run_ipv6_multi_host(self, default_as=None, per_node_as=None):
"""
Run a mainline multi-host test with IPv6.
Almost identical in function to the vagrant coreOS demo.
"""
host1 = DockerHost('host1', as_num=per_node_as)
host2 = DockerHost('host2', as_num=per_node_as)
if default_as:
host1.calicoctl("default-node-as 12345")
ip1 = "fd80:24e2:f998:72d6::1:1"
ip2 = "fd80:24e2:f998:72d6::1:2"
ip3 = "fd80:24e2:f998:72d6::1:3"
ip4 = "fd80:24e2:f998:72d6::1:4"
ip5 = "fd80:24e2:f998:72d6::1:5"
# We use this image here because busybox doesn't have ping6.
workload1 = host1.create_workload("workload1", ip1, image="phusion/baseimage:0.9.16")
workload2 = host1.create_workload("workload2", ip2, image="phusion/baseimage:0.9.16")
workload3 = host1.create_workload("workload3", ip3, image="phusion/baseimage:0.9.16")
workload4 = host2.create_workload("workload4", ip4, image="phusion/baseimage:0.9.16")
workload5 = host2.create_workload("workload5", ip5, image="phusion/baseimage:0.9.16")
host1.calicoctl("profile add PROF_1_3_5")
host1.calicoctl("profile add PROF_2")
host1.calicoctl("profile add PROF_4")
host1.calicoctl("profile PROF_1_3_5 member add %s" % workload1)
host1.calicoctl("profile PROF_2 member add %s" % workload2)
host1.calicoctl("profile PROF_1_3_5 member add %s" % workload3)
host2.calicoctl("profile PROF_4 member add %s" % workload4)
host2.calicoctl("profile PROF_1_3_5 member add %s" % workload5)
self.assert_connectivity(pass_list=[workload1, workload3, workload5],
fail_list=[workload2, workload4])
self.assert_connectivity(pass_list=[workload2],
fail_list=[workload1, workload3, workload4, workload5])
self.assert_connectivity(pass_list=[workload4],
fail_list=[workload1, workload2, workload3, workload5])
def run_multi_host(self, default_as=None, per_node_as=None):
"""
Run a mainline multi-host test.
Almost identical in function to the vagrant coreOS demo.
"""
host1 = DockerHost('host1', as_num=per_node_as)
host2 = DockerHost('host2', as_num=per_node_as)
if default_as:
host1.calicoctl("default-node-as 12345")
ip1 = "192.168.1.1"
ip2 = "192.168.1.2"
ip3 = "192.168.1.3"
ip4 = "192.168.1.4"
ip5 = "192.168.1.5"
workload1 = host1.create_workload("workload1", ip1)
workload2 = host1.create_workload("workload2", ip2)
workload3 = host1.create_workload("workload3", ip3)
workload4 = host2.create_workload("workload4", ip4)
workload5 = host2.create_workload("workload5", ip5)
host1.calicoctl("profile add PROF_1_3_5")
host1.calicoctl("profile add PROF_2")
host1.calicoctl("profile add PROF_4")
host1.calicoctl("profile PROF_1_3_5 member add %s" % workload1)
host1.calicoctl("profile PROF_2 member add %s" % workload2)
host1.calicoctl("profile PROF_1_3_5 member add %s" % workload3)
host2.calicoctl("profile PROF_4 member add %s" % workload4)
host2.calicoctl("profile PROF_1_3_5 member add %s" % workload5)
self.assert_connectivity(pass_list=[workload1, workload3, workload5],
fail_list=[workload2, workload4])
self.assert_connectivity(pass_list=[workload2],
fail_list=[workload1, workload3, workload4, workload5])
self.assert_connectivity(pass_list=[workload4],
fail_list=[workload1, workload2, workload3, workload5])
def test_no_powerstrip(self):
"""
Test mainline functionality without using powerstrip.
"""
host = DockerHost("host")
host.calicoctl("profile add TEST_GROUP")
# Remove the environment variable such that docker run does not utilize
# powerstrip.
node1 = host.create_workload("node1", use_powerstrip=False)
node2 = host.create_workload("node2", use_powerstrip=False)
# Attempt to configure the nodes with the same profiles. This will fail
# since we didn't use powerstrip to create the nodes.
with self.assertRaises(ErrorReturnCode):
host.calicoctl("profile TEST_GROUP member add %s" % node1)
with self.assertRaises(ErrorReturnCode):
host.calicoctl("profile TEST_GROUP member add %s" % node2)
# Add the nodes to Calico networking.
ip1, ip2 = "192.168.1.1", "192.168.1.2"
host.calicoctl("container add %s %s" % (node1, ip1))
host.calicoctl("container add %s %s" % (node2, ip2))
# Now add the profiles.
host.calicoctl("profile TEST_GROUP member add %s" % node1)
host.calicoctl("profile TEST_GROUP member add %s" % node2)
# Inspect the nodes (ensure this works without powerstrip)
host.execute("docker inspect %s" % node1)
host.execute("docker inspect %s" % node2)
# Check it works
node1.assert_can_ping(ip1, retries=3)
node1.assert_can_ping(ip2)
node2.assert_can_ping(ip1)
node2.assert_can_ping(ip2)
# Test the teardown commands
host.calicoctl("profile remove TEST_GROUP")
host.calicoctl("container remove %s" % node1)
host.calicoctl("container remove %s" % node2)
host.calicoctl("pool remove 192.168.0.0/16")
host.calicoctl("node stop")
def test_add_container(self):
"""
Test adding container to calico networking after it exists.
"""
host = DockerHost('host')
node = host.create_workload("node")
# Use the `container add` command instead of passing a CALICO_IP on
# container creation. Note this no longer needs DOCKER_HOST specified.
host.calicoctl("container add %s 192.168.1.1" % node.name)
host.calicoctl("profile add TEST_GROUP")
host.calicoctl("profile TEST_GROUP member add %s" % node.name)
# Wait for felix to program down the route.
check_route = partial(host.execute, "ip route | grep '192\.168\.1\.1'")
retry_until_success(check_route, ex_class=ErrorReturnCode)
def test_ipv6(self):
"""
Test mainline functionality with IPv6 addresses.
"""
host = DockerHost("host")
ip1, ip2 = "fd80:24e2:f998:72d6::1:1", "fd80:24e2:f998:72d6::1:2"
# We use this image here because busybox doesn't have ping6.
node1 = host.create_workload("node1", ip=ip1, image="phusion/baseimage:0.9.16")
node2 = host.create_workload("node2", ip=ip2, image="phusion/baseimage:0.9.16")
# Configure the nodes with the same profiles.
host.calicoctl("profile add TEST_GROUP")
host.calicoctl("profile TEST_GROUP member add %s" % node1)
host.calicoctl("profile TEST_GROUP member add %s" % node2)
node1.assert_can_ping(ip2, retries=3)
# Check connectivity.
self.assert_connectivity([node1, node2])
def run_mainline(self, ip1, ip2):
"""
Setup two endpoints on one host and check connectivity.
"""
host = DockerHost('host')
node1 = host.create_workload("node1", ip1)
node2 = host.create_workload("node2", ip2)
# Configure the nodes with the same profiles.
host.calicoctl("profile add TEST_GROUP")
host.calicoctl("profile TEST_GROUP member add %s" % node1)
host.calicoctl("profile TEST_GROUP member add %s" % node2)
# Check connectivity.
self.assert_connectivity([node1, node2])
# Test calicoctl teardown commands.
host.calicoctl("profile remove TEST_GROUP")
host.calicoctl("container remove %s" % node1)
host.calicoctl("container remove %s" % node2)
host.calicoctl("pool remove 192.168.0.0/16")
host.calicoctl("node stop")
def test_endpoint_commands(self):
"""
Run a mainline multi-host test using endpoint commands
Performs more complicated endpoint profile assignments to test
the append, set, and remove commands in situations where the commands
specify multiple profiles at once.
"""
host1 = DockerHost('host1')
host2 = DockerHost('host2')
ip_main = "192.168.1.1"
ip_a = "192.168.1.2"
ip_b = "192.168.1.3"
ip_c = "192.168.1.4"
workload_main = host1.create_workload("workload_main", ip_main)
host2.create_workload("workload_a", ip_a)
host2.create_workload("workload_b", ip_b)
host2.create_workload("workload_c", ip_c)
workload_main_endpoint_id = host1.calicoctl("container workload_main endpoint-id show").strip()
workload_a_endpoint_id = host2.calicoctl("container workload_a endpoint-id show").strip()
workload_b_endpoint_id = host2.calicoctl("container workload_b endpoint-id show").strip()
workload_c_endpoint_id = host2.calicoctl("container workload_c endpoint-id show").strip()
host1.calicoctl("profile add PROF_A")
host1.calicoctl("profile add PROF_B")
host1.calicoctl("profile add PROF_C")
host2.calicoctl("endpoint %s profile set PROF_A" % workload_a_endpoint_id)
host2.calicoctl("endpoint %s profile set PROF_B" % workload_b_endpoint_id)
host2.calicoctl("endpoint %s profile set PROF_C" % workload_c_endpoint_id)
# Test set single profile
host1.calicoctl("endpoint %s profile set PROF_A" % workload_main_endpoint_id)
workload_main.assert_can_ping(ip_a, retries=4)
workload_main.assert_cant_ping(ip_b)
workload_main.assert_cant_ping(ip_c)
# Test set multiple profiles (note: PROF_A should now be removed)
host1.calicoctl("endpoint %s profile set PROF_B PROF_C" % workload_main_endpoint_id)
workload_main.assert_cant_ping(ip_a, retries=4)
workload_main.assert_can_ping(ip_b)
workload_main.assert_can_ping(ip_c)
# Test set profile to None
host1.calicoctl("endpoint %s profile set" % workload_main_endpoint_id)
workload_main.assert_cant_ping(ip_a, retries=4)
workload_main.assert_cant_ping(ip_b)
workload_main.assert_cant_ping(ip_c)
# Append a single profile
host1.calicoctl("endpoint %s profile append PROF_A" % workload_main_endpoint_id)
workload_main.assert_can_ping(ip_a, retries=4)
workload_main.assert_cant_ping(ip_b)
workload_main.assert_cant_ping(ip_c)
# Append two profiles at once
host1.calicoctl("endpoint %s profile append PROF_B PROF_C" % workload_main_endpoint_id)
workload_main.assert_can_ping(ip_a, retries=4)
workload_main.assert_can_ping(ip_b)
workload_main.assert_can_ping(ip_c)
# Remove a single profile
host1.calicoctl("endpoint %s profile remove PROF_C" % workload_main_endpoint_id)
workload_main.assert_can_ping(ip_a, retries=4)
workload_main.assert_can_ping(ip_b)
workload_main.assert_cant_ping(ip_c)
# Remove two profiles at once
host1.calicoctl("endpoint %s profile remove PROF_A PROF_B" % workload_main_endpoint_id)
workload_main.assert_cant_ping(ip_a, retries=4)
workload_main.assert_cant_ping(ip_b)
workload_main.assert_cant_ping(ip_c)
