def credentials(setup_session, fuel_master_ip): Credentials = namedtuple( 'Credentials', ['fuel_ip', 'controller_ip', 'keystone_url', 'username', 'password', 'project', 'cert']) fuel = get_fuel_client(fuel_master_ip) env = fuel.get_last_created_cluster() controller_ip = env.get_primary_controller_ip() cert = env.certificate if cert is None: keystone_url = 'http://{0}:5000/v2.0/'.format(controller_ip) path_to_cert = None else: keystone_url = 'https://{0}:5000/v2.0/'.format(controller_ip) with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f: f.write(cert) path_to_cert = f.name return Credentials(fuel_ip=fuel_master_ip, controller_ip=controller_ip, keystone_url=keystone_url, username='******', password='******', project='admin', cert=path_to_cert)
def test_tunnel_established(self, router): """Check that VxLAN is established on nodes and VNI matching the segmentation_id of a network Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create router01, add interface for net01 and set gateway to external network 3. Boot instance vm1_1 in net01 4. Look on what node l3 agent for this router01 is 5. Check that tunnel is established on controller 6. Check that tunnel is established on compute 7. On node with l3 agent find namespace qrouter 8. Add rules for ping and ssh connection 9. Go to the compute with vm_1 and run tcpdump -vvni any port 4789 -w vxlan.log 10. Ping from qrouter namespace vm1 11. Copy vxlan.log for your computer and open it with Wireshark. Press right button, choose Decode as, Transport and choose VXLAN """ # Create network and instance compute_node = self.zone.hosts.keys()[0] network = self.os_conn.create_network(name='net01') subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net01__subnet', cidr="10.1.1.0/24") self.os_conn.router_interface_add(router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) server = self.os_conn.create_server( name='server01', availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{'net-id': network['network']['id']}], security_groups=[self.security_group.id]) router_node = self.os_conn.get_l3_agent_hosts(router['router']['id'])[ 0] controller = self.env.find_node_by_fqdn(router_node) compute = self.env.find_node_by_fqdn(compute_node) # Check controller and compute for node in (controller, compute): with self.env.get_ssh_to_node(node.data['ip']) as remote: result = remote.execute('ovs-vsctl show | grep -q br-tun') assert result['exit_code'] == 0 log_file = gen_temp_file(prefix='vxlan', suffix='.log') with ExitStack() as stack: stack.enter_context(tcpdump_vxlan(node=compute, log_path=log_file.name)) remote = stack.enter_context(controller.ssh()) vm_ip = self.os_conn.get_nova_instance_ips(server)['fixed'] result = remote.check_call( 'ip netns exec qrouter-{router_id} ping -c1 {ip}'.format( router_id=router['router']['id'], ip=vm_ip)) # Check log vni = network['network']['provider:segmentation_id'] check_all_traffic_has_vni(vni, log_file.name)
def credentials(setup_session, fuel_master_ip): Credentials = namedtuple('Credentials', [ 'fuel_ip', 'controller_ip', 'keystone_url', 'username', 'password', 'project', 'cert' ]) fuel = get_fuel_client(fuel_master_ip) env = fuel.get_last_created_cluster() controller_ip = env.get_primary_controller_ip() cert = env.certificate if cert is None: keystone_url = 'http://{0}:5000/v2.0/'.format(controller_ip) path_to_cert = None else: keystone_url = 'https://{0}:5000/v2.0/'.format(controller_ip) with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f: f.write(cert) path_to_cert = f.name return Credentials(fuel_ip=fuel_master_ip, controller_ip=controller_ip, keystone_url=keystone_url, username='******', password='******', project='admin', cert=path_to_cert)
def admin_ssh_keys_paths(self): if self._admin_ssh_keys_paths is None: self._admin_ssh_keys_paths = [] for key in self.admin_ssh_keys: keyfile = gen_temp_file(prefix="fuel_key_", suffix=".rsa") path = keyfile.name key.write_private_key_file(path) self._admin_ssh_keys_paths.append(path) return self._admin_ssh_keys_paths
def __init__(self, controller_ip, user='******', password='******', tenant='admin', cert=None, env=None, proxy_session=None): logger.debug('Init OpenStack clients on {0}'.format(controller_ip)) self.controller_ip = controller_ip self.username = user self.password = password self.tenant = tenant if cert is None: auth_url = 'http://{0}:5000/v2.0/'.format(self.controller_ip) self.path_to_cert = None self.insecure = True else: auth_url = 'https://{0}:5000/v2.0/'.format(self.controller_ip) with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f: f.write(cert) self.path_to_cert = f.name self.insecure = False logger.debug('Auth URL is {0}'.format(auth_url)) auth = KeystonePassword(username=user, password=password, auth_url=auth_url, tenant_name=tenant) self.session = session.Session(auth=auth, verify=self.path_to_cert) self.keystone = KeystoneClient(session=self.session) self.keystone.management_url = auth_url self.nova = nova_client.Client(version=2, session=self.session) self.cinder = cinderclient.Client(version=2, session=self.session) self.neutron = neutron_client.Client(session=self.session) self.glance = GlanceClient(session=self.session) endpoint_url = self.session.get_endpoint(service_type='orchestration', endpoint_type='publicURL') token = self.session.get_token() self.heat = HeatClient(endpoint=endpoint_url, token=token) self.env = env
def __init__(self, controller_ip, user='******', password='******', tenant='admin', cert=None, env=None): logger.debug('Init OpenStack clients on {0}'.format(controller_ip)) self.controller_ip = controller_ip self.username = user self.password = password self.tenant = tenant if cert is None: auth_url = 'http://{0}:5000/v2.0/'.format(self.controller_ip) self.path_to_cert = None self.insecure = True else: auth_url = 'https://{0}:5000/v2.0/'.format(self.controller_ip) with gen_temp_file(prefix="fuel_cert_", suffix=".pem") as f: f.write(cert) self.path_to_cert = f.name self.insecure = False logger.debug('Auth URL is {0}'.format(auth_url)) self.nova = nova_client.Client(version=2, username=user, api_key=password, project_id=tenant, auth_url=auth_url, cacert=self.path_to_cert) self.cinder = cinderclient.Client(2, user, password, tenant, auth_url, cacert=self.path_to_cert) self.neutron = neutronclient.Client(username=user, password=password, tenant_name=tenant, auth_url=auth_url, ca_cert=self.path_to_cert) self.keystone = self._get_keystoneclient(username=user, password=password, tenant_name=tenant, auth_url=auth_url, ca_cert=self.path_to_cert) token = self.keystone.auth_token glance_endpoint = self.keystone.service_catalog.url_for( service_type='image', endpoint_type='publicURL') logger.debug('Glance endpoint is {0}'.format(glance_endpoint)) self.glance = GlanceClient(endpoint=glance_endpoint, token=token, cacert=self.path_to_cert) heat_endpoint = self.keystone.service_catalog.url_for( service_type='orchestration', endpoint_type='publicURL') logger.debug('Heat endpoint is {0}'.format(heat_endpoint)) self.heat = HeatClient(endpoint=heat_endpoint, token=token, cacert=self.path_to_cert, ca_file=self.path_to_cert) self.env = env
def test_broadcast_traffic_propagation_single_net(self, router): """Check broadcast traffic between instances placed in a single private network and hosted on different nodes Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 in net01 and compute1 5. Boot instances vm2 in net01 and compute2 6. Boot instances vm3 in net02 and compute2 7. On the compute2 start listen traffic from vm1 fixed ip on tap interface of vm3 8. Go to the vm1's console and initiate broadcast traffic to vm3 9. Check that ARP traffic appears on listened interface 10. On the compute2 start listen traffic from vm1 fixed ip om tap interface of vm2 11. Go to the vm1's console and initiate broadcast traffic to vm3 12. Check that ARP traffic is absent on listened interface """ # Create networks compute_nodes = self.zone.hosts.keys()[:2] net1, subnet1 = self.create_internal_network_with_subnet(suffix=1) net2, subnet2 = self.create_internal_network_with_subnet(suffix=2) for subnet in (subnet1, subnet2): self.os_conn.router_interface_add( router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) # Create instances: for i, (node, net) in enumerate(((compute_nodes[0], net1), (compute_nodes[1], net1), (compute_nodes[1], net2)), 1): self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, node), key_name=self.instance_keypair.name, nics=[{'net-id': net['network']['id']}], security_groups=[self.security_group.id]) server1 = self.os_conn.nova.servers.find(name="server01") server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed'] server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed'] server3 = self.os_conn.nova.servers.find(name="server03") server3_ip = self.os_conn.get_nova_instance_ips(server3)['fixed'] compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) server2_port = self.os_conn.get_port_by_fixed_ip(server2_ip) server2_tap = 'tap{}'.format(server2_port['id'][:11]) # Initiate broadcast traffic from server1 to server2 broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log') with tcpdump( ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=' -n src host {ip} -i {interface}'.format( ip=server1_ip, interface=server2_tap,) ): cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format( server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name) server3_port = self.os_conn.get_port_by_fixed_ip(server3_ip) server3_tap = 'tap{}'.format(server3_port['id'][:11]) # Initiate broadcast traffic from server1 to server3 with tcpdump( ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=' -n src host {ip} -i {interface}'.format( ip=server1_ip, interface=server3_tap,) ): cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format( server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name)
def test_broadcast_traffic_propagation(self, router, tcpdump_args): """Check broadcast traffic propagation for network segments Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 in net01 and vm2 in net02 on different computes 5. Check that net02 got a new segmentation_id, different from net1 6. Go to the vm1's console and initiate broadcast traffic to vm2 7. On the compute where vm2 is hosted start listen vxlan port 4789 8. Check that no ARP traffic associated with vm1-vm2 pair appears on compute node's console 9. Go to the vm1's console, stop arping and initiate unicast traffic to vm2 10. Check that ICMP unicast traffic associated with vm1-vm2 pair was captured on compute node's console """ # Create network and instance compute_nodes = self.zone.hosts.keys()[:2] for i, compute_node in enumerate(compute_nodes, 1): network = self.os_conn.create_network(name='net%02d' % i) subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net%02d__subnet' % i, cidr="10.1.%d.0/24" % i) self.os_conn.router_interface_add( router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{'net-id': network['network']['id']}], security_groups=[self.security_group.id]) net1, net2 = [x for x in self.os_conn.list_networks()['networks'] if x['name'] in ("net01", "net02")] # Check that networks has different segmentation_id assert (net1['provider:segmentation_id'] != net2['provider:segmentation_id']) server1 = self.os_conn.nova.servers.find(name="server01") server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed'] server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed'] compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) # Initiate broadcast traffic from server1 to server2 broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log') with tcpdump( ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=tcpdump_args.format(source_ip=server1_ip) ): cmd = 'sudo /usr/sbin/arping -I eth0 -c 4 {0}; true'.format( server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name) # Initiate unicast traffic from server1 to server2 unicast_log_file = gen_temp_file(prefix='unicast', suffix='.log') with tcpdump( ip=compute2.data['ip'], env=self.env, log_path=unicast_log_file.name, tcpdump_args=tcpdump_args.format(source_ip=server1_ip) ): cmd = 'ping -c 4 {0}; true'.format(server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_icmp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=unicast_log_file.name)
def test_vni_for_icmp_between_instances(self, router): """Check VNI and segmentation_id for icmp traffic between instances on different computers Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 and vm2 on different computers 5. Check that net02 got a new segmentation_id, different from net1 6. Ping vm1 from vm2 7. On compute with vm_1 start listen vxlan port 4789 8. On compute with vm_2 start listen vxlan port 4789 9. Ping vm2 from vm1 10. Check that when traffic goes through net02 tunnel (from vm2 to router01_02) all packets have VNI of net02 and when they travel through net01 tunnel (from router to vm1) they have VNI of net01 """ # Create network and instance compute_nodes = self.zone.hosts.keys()[:2] for i, compute_node in enumerate(compute_nodes, 1): network = self.os_conn.create_network(name='net%02d' % i) subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net%02d__subnet' % i, cidr="10.1.%d.0/24" % i) self.os_conn.router_interface_add( router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{'net-id': network['network']['id']}], security_groups=[self.security_group.id]) net1, net2 = [x for x in self.os_conn.list_networks()['networks'] if x['name'] in ("net01", "net02")] # Check that networks has different segmentation_id assert (net1['provider:segmentation_id'] != net2['provider:segmentation_id']) # Check ping from server1 to server2 server1 = self.os_conn.nova.servers.find(name="server01") server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2).values()[0] network_checks.check_ping_from_vm(self.env, self.os_conn, server1, self.instance_keypair, server2_ip) # Start tcpdump compute1 = self.env.find_node_by_fqdn(compute_nodes[0]) compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) log_file1 = gen_temp_file(prefix='vxlan', suffix='.log') log_file2 = gen_temp_file(prefix='vxlan', suffix='.log') with tcpdump_vxlan( ip=compute1.data['ip'], env=self.env, log_path=log_file1.name), tcpdump_vxlan( ip=compute2.data['ip'], env=self.env, log_path=log_file2.name): # Ping server1 from server2 server1_ip = self.os_conn.get_nova_instance_ips( server1).values()[0] network_checks.check_ping_from_vm( self.env, self.os_conn, server2, self.instance_keypair, server1_ip) # Check traffic check_all_traffic_has_vni(net1['provider:segmentation_id'], log_file1.name) check_all_traffic_has_vni(net2['provider:segmentation_id'], log_file2.name)
def test_broadcast_traffic_propagation_single_net(self, router): """Check broadcast traffic between instances placed in a single private network and hosted on different nodes Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 in net01 and compute1 5. Boot instances vm2 in net01 and compute2 6. Boot instances vm3 in net02 and compute2 7. On the compute2 start listen traffic from vm1 fixed ip on tap interface of vm3 8. Go to the vm1's console and initiate broadcast traffic to vm3 9. Check that ARP traffic appears on listened interface 10. On the compute2 start listen traffic from vm1 fixed ip om tap interface of vm2 11. Go to the vm1's console and initiate broadcast traffic to vm3 12. Check that ARP traffic is absent on listened interface """ # Create networks compute_nodes = self.zone.hosts.keys()[:2] net1, subnet1 = self.create_internal_network_with_subnet(suffix=1) net2, subnet2 = self.create_internal_network_with_subnet(suffix=2) for subnet in (subnet1, subnet2): self.os_conn.router_interface_add(router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) # Create instances: for i, (node, net) in enumerate( ((compute_nodes[0], net1), (compute_nodes[1], net1), (compute_nodes[1], net2)), 1): self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, node), key_name=self.instance_keypair.name, nics=[{ 'net-id': net['network']['id'] }], security_groups=[self.security_group.id]) server1 = self.os_conn.nova.servers.find(name="server01") server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed'] server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed'] server3 = self.os_conn.nova.servers.find(name="server03") server3_ip = self.os_conn.get_nova_instance_ips(server3)['fixed'] compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) server2_port = self.os_conn.get_port_by_fixed_ip(server2_ip) server2_tap = 'tap{}'.format(server2_port['id'][:11]) # Initiate broadcast traffic from server1 to server2 broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log') with tcpdump(ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=' -n src host {ip} -i {interface}'.format( ip=server1_ip, interface=server2_tap, )): cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name) server3_port = self.os_conn.get_port_by_fixed_ip(server3_ip) server3_tap = 'tap{}'.format(server3_port['id'][:11]) # Initiate broadcast traffic from server1 to server3 with tcpdump(ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=' -n src host {ip} -i {interface}'.format( ip=server1_ip, interface=server3_tap, )): cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name)
def test_broadcast_traffic_propagation(self, router, tcpdump_args): """Check broadcast traffic propagation for network segments Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 in net01 and vm2 in net02 on different computes 5. Check that net02 got a new segmentation_id, different from net1 6. Go to the vm1's console and initiate broadcast traffic to vm2 7. On the compute where vm2 is hosted start listen vxlan port 4789 8. Check that no ARP traffic associated with vm1-vm2 pair appears on compute node's console 9. Go to the vm1's console, stop arping and initiate unicast traffic to vm2 10. Check that ICMP unicast traffic associated with vm1-vm2 pair was captured on compute node's console """ # Create network and instance compute_nodes = self.zone.hosts.keys()[:2] for i, compute_node in enumerate(compute_nodes, 1): network = self.os_conn.create_network(name='net%02d' % i) subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net%02d__subnet' % i, cidr="10.1.%d.0/24" % i) self.os_conn.router_interface_add(router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{ 'net-id': network['network']['id'] }], security_groups=[self.security_group.id]) net1, net2 = [ x for x in self.os_conn.list_networks()['networks'] if x['name'] in ("net01", "net02") ] # Check that networks has different segmentation_id assert (net1['provider:segmentation_id'] != net2['provider:segmentation_id']) server1 = self.os_conn.nova.servers.find(name="server01") server1_ip = self.os_conn.get_nova_instance_ips(server1)['fixed'] server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2)['fixed'] compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) # Initiate broadcast traffic from server1 to server2 broadcast_log_file = gen_temp_file(prefix='broadcast', suffix='.log') with tcpdump(ip=compute2.data['ip'], env=self.env, log_path=broadcast_log_file.name, tcpdump_args=tcpdump_args.format(source_ip=server1_ip)): cmd = 'sudo arping -I eth0 -c 4 {0}; true'.format(server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_no_arp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=broadcast_log_file.name) # Initiate unicast traffic from server1 to server2 unicast_log_file = gen_temp_file(prefix='unicast', suffix='.log') with tcpdump(ip=compute2.data['ip'], env=self.env, log_path=unicast_log_file.name, tcpdump_args=tcpdump_args.format(source_ip=server1_ip)): cmd = 'ping -c 4 {0}; true'.format(server2_ip) network_checks.run_on_vm(self.env, self.os_conn, server1, self.instance_keypair, cmd) check_icmp_traffic(src_ip=server1_ip, dst_ip=server2_ip, log_file=unicast_log_file.name)
def test_vni_for_icmp_between_instances(self, router): """Check VNI and segmentation_id for icmp traffic between instances on different computers Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create private network net02, subnet 10.1.2.0/24 3. Create router01_02 and connect net01 and net02 with it 4. Boot instances vm1 and vm2 on different computers 5. Check that net02 got a new segmentation_id, different from net1 6. Ping vm1 from vm2 7. On compute with vm_1 start listen vxlan port 4789 8. On compute with vm_2 start listen vxlan port 4789 9. Ping vm2 from vm1 10. Check that when traffic goes through net02 tunnel (from vm2 to router01_02) all packets have VNI of net02 and when they travel through net01 tunnel (from router to vm1) they have VNI of net01 """ # Create network and instance compute_nodes = self.zone.hosts.keys()[:2] for i, compute_node in enumerate(compute_nodes, 1): network = self.os_conn.create_network(name='net%02d' % i) subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net%02d__subnet' % i, cidr="10.1.%d.0/24" % i) self.os_conn.router_interface_add(router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) self.os_conn.create_server( name='server%02d' % i, availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{ 'net-id': network['network']['id'] }], security_groups=[self.security_group.id]) net1, net2 = [ x for x in self.os_conn.list_networks()['networks'] if x['name'] in ("net01", "net02") ] # Check that networks has different segmentation_id assert (net1['provider:segmentation_id'] != net2['provider:segmentation_id']) # Check ping from server1 to server2 server1 = self.os_conn.nova.servers.find(name="server01") server2 = self.os_conn.nova.servers.find(name="server02") server2_ip = self.os_conn.get_nova_instance_ips(server2).values()[0] network_checks.check_ping_from_vm(self.env, self.os_conn, server1, self.instance_keypair, server2_ip) # Start tcpdump compute1 = self.env.find_node_by_fqdn(compute_nodes[0]) compute2 = self.env.find_node_by_fqdn(compute_nodes[1]) log_file1 = gen_temp_file(prefix='vxlan', suffix='.log') log_file2 = gen_temp_file(prefix='vxlan', suffix='.log') with tcpdump_vxlan(ip=compute1.data['ip'], env=self.env, log_path=log_file1.name), tcpdump_vxlan( ip=compute2.data['ip'], env=self.env, log_path=log_file2.name): # Ping server1 from server2 server1_ip = self.os_conn.get_nova_instance_ips( server1).values()[0] network_checks.check_ping_from_vm(self.env, self.os_conn, server2, self.instance_keypair, server1_ip) # Check traffic check_all_traffic_has_vni(net1['provider:segmentation_id'], log_file1.name) check_all_traffic_has_vni(net2['provider:segmentation_id'], log_file2.name)
def test_tunnel_established(self, router): """Check that VxLAN is established on nodes and VNI matching the segmentation_id of a network Scenario: 1. Create private network net01, subnet 10.1.1.0/24 2. Create router01, add interface for net01 and set gateway to external network 3. Boot instance vm1_1 in net01 4. Look on what node l3 agent for this router01 is 5. Check that tunnel is established on controller 6. Check that tunnel is established on compute 7. On node with l3 agent find namespace qrouter 8. Add rules for ping and ssh connection 9. Go to the compute with vm_1 and run tcpdump -vvni any port 4789 -w vxlan.log 10. Ping from qrouter namespace vm1 11. Copy vxlan.log for your computer and open it with Wireshark. Press right button, choose Decode as, Transport and choose VXLAN """ # Create network and instance compute_node = self.zone.hosts.keys()[0] network = self.os_conn.create_network(name='net01') subnet = self.os_conn.create_subnet( network_id=network['network']['id'], name='net01__subnet', cidr="10.1.1.0/24") self.os_conn.router_interface_add(router_id=router['router']['id'], subnet_id=subnet['subnet']['id']) server = self.os_conn.create_server( name='server01', availability_zone='{}:{}'.format(self.zone.zoneName, compute_node), key_name=self.instance_keypair.name, nics=[{ 'net-id': network['network']['id'] }], security_groups=[self.security_group.id]) router_node = self.os_conn.get_l3_agent_hosts( router['router']['id'])[0] controller = self.env.find_node_by_fqdn(router_node) compute = self.env.find_node_by_fqdn(compute_node) # Check controller and compute for node in (controller, compute): with self.env.get_ssh_to_node(node.data['ip']) as remote: result = remote.execute('ovs-vsctl show | grep -q br-tun') assert result['exit_code'] == 0 log_file = gen_temp_file(prefix='vxlan', suffix='.log') with tcpdump_vxlan(ip=compute.data['ip'], env=self.env, log_path=log_file.name): with self.env.get_ssh_to_node(controller.data['ip']) as remote: vm_ip = self.os_conn.get_nova_instance_ips(server)['fixed'] result = remote.execute( 'ip netns exec qrouter-{router_id} ping -c1 {ip}'.format( router_id=router['router']['id'], ip=vm_ip)) # Check log vni = network['network']['provider:segmentation_id'] check_all_traffic_has_vni(vni, log_file.name)
def image_file(): image_file = common.gen_temp_file(prefix='image', suffix='.img') yield image_file image_file.unlink(image_file.name)