def test_slo_intra_node(self): """ Description: Verify security logging for inter-VN intra-Node traffic Steps: 1. create 2 VNs and connect them using policy 2. launch 1 VM in each VN on same compute node 3. set session export rate to 0 4. start icmp/tcp/udp traffic and verify the session logs in agent log as well as in syslog Pass criteria: step 4 should pass """ self._create_resources(test_type='intra-node', session_export_rate=0) policy_obj = self.policy_fixture.policy_obj project_name = self.project.project_name sg_fq_name = '%s:%s:default' % (self.connections.domain_name, project_name) sg_id = get_secgrp_id_from_name(self.connections, sg_fq_name) sg_obj = self.vnc_h._vnc.security_group_read(id=sg_id) parent_obj = self.vnc_h.project_read( fq_name=[self.connections.domain_name, project_name]) slo_rate = 1 slo_fixture = self.create_slo(parent_obj, rate=slo_rate, sg_obj=sg_obj, vn_policy_obj=policy_obj) for vn in self.vn_fixtures: self.add_slo_to_vn(slo_fixture, vn) #For intra node traffic there is no tunnel so underlay_proto would be zero underlay_proto = 0 proto_list = [1, 17, 6] self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in agent logs for SLO for proto in proto_list: self.start_traffic_validate_slo(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto)) # #SLO logged session verification in syslog self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=SYS_LOG, session_type='slo') #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in syslog for proto in proto_list: self.start_traffic_validate_slo_in_syslog(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto) self.logger.info("Expected Session logs found in syslog for " "protocol %s" % (self.proto))
def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") vn_s = {"vn1": "20.1.1.0/24", "vn2": ["10.1.1.0/24"]} self.multi_vn_fixture = self.useFixture( MultipleVNFixture( connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name, ) ) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.multi_vm_fixture = self.useFixture( MultipleVMFixture( project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name="ubuntu-traffic", flavor="contrail_flavor_small", ) ) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ":".join([self.inputs.domain_name, self.inputs.project_name, "default"]) ) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.logger.info("Finished configuring setup for security group tests.")
def add_sg_to_vms(self, vm_fix_list, sg_id=None): default_sg_id = get_secgrp_id_from_name( self.connections, ':'.join( [self.inputs.domain_name, self.inputs.project_name, 'default'])) sg_id = sg_id or default_sg_id for vm in vm_fix_list: vm.add_security_group(secgrp=sg_id)
def add_sg_to_vms(self, vm_fix_list, sg_id=None): default_sg_id = get_secgrp_id_from_name( self.connections, ':'.join([self.inputs.domain_name, self.inputs.project_name, 'default'])) sg_id = sg_id or default_sg_id for vm in vm_fix_list: vm.add_security_group(secgrp=sg_id)
def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") vn_s = {'vn1': '20.1.1.0/24', 'vn2': ['10.1.1.0/24']} self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name='ubuntu-traffic', flavor='contrail_flavor_small')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ':'.join( [self.inputs.domain_name, self.inputs.project_name, 'default'])) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.logger.info( "Finished configuring setup for security group tests.")
def test_slo_on_vmi(self): """ Description: Verify SLO on vmi Steps: 1. create 2 VNs and connect them using network and firewall policy 2. launch 1 VM in each VN on diff compute node 3. set session export rate to 0 and attach SLO to dest vmi only 4. start udp traffic and verify the session logs in agent log on dest node and no logs in src node Pass criteria: step 4 should pass """ self._create_resources(test_type='inter-node', session_export_rate=0) policy_obj = self.policy_fixture.policy_obj project_name = self.project.project_name sg_fq_name = '%s:%s:default' % (self.connections.domain_name, project_name) sg_id = get_secgrp_id_from_name(self.connections, sg_fq_name) sg_obj = self.vnc_h._vnc.security_group_read(id=sg_id) parent_obj = self.vnc_h.project_read( fq_name=[self.connections.domain_name, project_name]) slo_rate = 1 slo_fixture = self.create_slo(parent_obj, rate=slo_rate, sg_obj=sg_obj, vn_policy_obj=policy_obj) server_vmi_id = self.server_fixture.get_vmi_ids().values()[0] self.add_slo_to_vmi(slo_fixture, server_vmi_id) #create firewall rule and policy slo_rate_obj = SloRateType(rate=slo_rate) slo_dict = {'slo_obj': slo_fixture.obj, 'rate_obj':slo_rate_obj} fw_objs_dict = self.config_tag_firewall_policy(self.vn_fixtures, slo=slo_dict) underlay_proto = UNDERLAY_PROTO[ self.connections.read_vrouter_config_encap()[0]] proto_list = [17] self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') self.enable_logging_on_compute(self.server_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in agent logs for SLO for proto in proto_list: self.start_traffic_validate_slo_fw(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, sg_uuid=sg_id, fw_objs_dict=fw_objs_dict, exp_clnt_session_count=0) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto))
def _test_slo_with_fw(self, exp_srv_session_count=None, exp_clnt_session_count=None, create_resources=True, slo_fixture=None, fw_objs_dict=None): if create_resources: self._create_resources(test_type='inter-node', session_export_rate=0) policy_obj = self.policy_fixture.policy_obj project_name = self.project.project_name sg_fq_name = '%s:%s:default' % (self.connections.domain_name, project_name) sg_id = get_secgrp_id_from_name(self.connections, sg_fq_name) sg_obj = self.vnc_h._vnc.security_group_read(id=sg_id) parent_obj = self.vnc_h.project_read( fq_name=[self.connections.domain_name, project_name]) slo_rate = 1 if slo_fixture is None: slo_fixture = self.create_slo(parent_obj, rate=slo_rate) for vn in self.vn_fixtures: self.add_slo_to_vn(slo_fixture, vn) if fw_objs_dict is None: #create firewall rule and policy slo_rate_obj = SloRateType(rate=slo_rate) slo_dict = {'slo_obj': slo_fixture.obj, 'rate_obj':slo_rate_obj} fw_objs_dict = self.config_tag_firewall_policy(self.vn_fixtures, slo=slo_dict) underlay_proto = UNDERLAY_PROTO[ self.connections.read_vrouter_config_encap()[0]] proto_list = [17] self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') self.enable_logging_on_compute(self.server_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in agent logs for SLO for proto in proto_list: self.start_traffic_validate_slo_fw(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, sg_uuid=sg_id, fw_objs_dict=fw_objs_dict, exp_srv_session_count=exp_srv_session_count, exp_clnt_session_count=exp_clnt_session_count) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto)) return {'sg_obj':sg_obj, 'slo_fix':slo_fixture, 'fw_objs':fw_objs_dict}
def test_disable_policy_sg_inter_vn(self): """ Description: Verify disabling policy for inter VN,inter/intra node traffic with SG Steps: 1. launch 2 VNs and launch 3 VMs in it. 2. disable policy only on destination VMs and add/remove SG and start traffic Pass criteria: 1. traffic should go through and flow should not be created """ compute_hosts = self.orch.get_hosts() if len(compute_hosts) < 2: raise self.skipTest("Skipping test case,\ this test needs atleast 2 compute nodes") vn_fixtures = self.create_vns(count=2, rt_number='10000') self.verify_vns(vn_fixtures) vn1_fixture = vn_fixtures[0] vn2_fixture = vn_fixtures[1] #Launch 1 VM in first VN and 2 VMs in another VN image = 'ubuntu-traffic' src_vm_fixture = self.create_vms(vn_fixture=vn1_fixture, count=1, node_name=compute_hosts[0], image_name=image)[0] dst_vm_fixture1 = self.create_vms(vn_fixture=vn2_fixture, count=1, node_name=compute_hosts[0], image_name=image)[0] dst_vm_fixture2 = self.create_vms(vn_fixture=vn2_fixture, count=1, node_name=compute_hosts[1], image_name=image)[0] self.verify_vms([src_vm_fixture, dst_vm_fixture1, dst_vm_fixture2]) self.disable_policy_for_vms([dst_vm_fixture1, dst_vm_fixture2]) default_sg_id = get_secgrp_id_from_name( self.connections, ':'.join([ self.connections.domain_name, self.inputs.project_name, 'default' ])) rule = [{ 'direction': '<>', 'protocol': 'udp', 'dst_addresses': [{ 'subnet': { 'ip_prefix': '10.1.1.0', 'ip_prefix_len': 24 } }], 'dst_ports': [{ 'start_port': 0, 'end_port': -1 }], 'src_ports': [{ 'start_port': 0, 'end_port': -1 }], 'src_addresses': [{ 'security_group': 'local' }], }] sg_fixture = self.create_sg(entries=rule) self.verify_sg(sg_fixture) proto = 'udp' #For Inter node traffic test, use src_vm_fixture and dst_vm_fixture2 #For Intra node, use src_vm_fixture and dst_vm_fixture1 for vm in [dst_vm_fixture1, dst_vm_fixture2]: if (vm == dst_vm_fixture1): #Intra Node ff_exp = 1 rf_exp = 1 else: #Inter Node ff_exp = 0 rf_exp = 0 #1. receiver VMI SG with allow rule, use default SG self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #2. receiver VMI SG with only egress rule self.remove_sg_from_vms([vm], sg_id=default_sg_id) self.add_sg_to_vms([vm], sg_id=sg_fixture.secgrp_id) self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #3. receiver VMI SG without any rule sg_fixture.delete_all_rules() self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #4. receiver VMI without SG self.remove_sg_from_vms([vm], sg_id=sg_fixture.secgrp_id) self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp)
def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") self.vn1_subnets = get_random_cidrs(self.inputs.get_af()) self.vn2_subnets = get_random_cidrs(self.inputs.get_af()) self.vn1_prefix = self.vn1_subnets[0].split('/')[0] self.vn1_prefix_len = int(self.vn1_subnets[0].split('/')[1]) self.vn2_prefix = self.vn2_subnets[0].split('/')[0] self.vn2_prefix_len = int(self.vn2_subnets[0].split('/')[1]) vn_s = {'vn1': self.vn1_subnets[0], 'vn2': self.vn2_subnets} self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.logger.debug("Verify the configured VN's.") assert self.multi_vn_fixture.verify_on_setup() self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name='ubuntu-traffic', flavor='contrail_flavor_small')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ':'.join([ self.connections.domain_name, self.inputs.project_name, 'default' ])) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.set_tcp_port_use_optimizations([ self.vm1_fix, self.vm2_fix, self.vm3_fix, self.vm4_fix, self.vm5_fix, self.vm6_fix ]) self.logger.info( "Finished configuring setup for security group tests.")
def test_slo_rate(self): """ Description: Verify security logging rate for inter/intra node traffic Steps: 1. create 2 VNs and connect them using policy 2. launch 1 VM in each VN on diff compute node 3. set session export rate to 0 and SLO rate to 5 4. send 10 ping packets and verify the no. of session logs in agent log Pass criteria: No. of session logs should be 1 for session creation and 1 for teardown """ self._create_resources(test_type='intra-node', session_export_rate=0) policy_obj = self.policy_fixture.policy_obj project_name = self.project.project_name sg_fq_name = '%s:%s:default' % (self.connections.domain_name, project_name) sg_id = get_secgrp_id_from_name(self.connections, sg_fq_name) sg_obj = self.vnc_h._vnc.security_group_read(id=sg_id) parent_obj = self.vnc_h.project_read( fq_name=[self.connections.domain_name, project_name]) slo_rate = 5 slo_fixture = self.create_slo(parent_obj, rate=slo_rate, vn_policy_obj=policy_obj) for vn in self.vn_fixtures: self.add_slo_to_vn(slo_fixture, vn) underlay_proto = 0 proto = 1 self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=AGENT_LOG) #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in agent logs for SLO self.start_traffic_validate_slo(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, exp_session_count=2) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto)) ## #Verify SLO rate for inter node icmp traffic compute_hosts = self.orch.get_hosts() if not (len(compute_hosts) < 2): client_node_ip = self.client_fixture.vm_node_ip server2_node_name = compute_hosts[1] if self.inputs.compute_info[ compute_hosts[1]] != client_node_ip else compute_hosts[0] server2_fixture = self.create_vms(vn_fixture=self.vn2_fixture, count=1, node_name=server2_node_name, image_name='ubuntu-traffic')[0] self.verify_vms([server2_fixture]) self.enable_logging_on_compute(server2_fixture.vm_node_ip, log_type=AGENT_LOG) #Clear local ips after agent restart server2_fixture.clear_local_ips() underlay_proto = UNDERLAY_PROTO[ self.connections.read_vrouter_config_encap()[0]] #Verify Session logs in agent logs for SLO self.start_traffic_validate_slo(self.client_fixture, server2_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, sg_uuid=sg_id, exp_session_count=2) self.logger.info( "SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto))
def test_disable_policy_sg_inter_vn(self): """ Description: Verify disabling policy for inter VN,inter/intra node traffic with SG Steps: 1. launch 2 VNs and launch 3 VMs in it. 2. disable policy only on destination VMs and add/remove SG and start traffic Pass criteria: 1. traffic should go through and flow should not be created """ compute_hosts = self.orch.get_hosts() if len(compute_hosts) < 2: raise self.skipTest("Skipping test case,\ this test needs atleast 2 compute nodes") vn_fixtures = self.create_vns(count=2, rt_number='10000') self.verify_vns(vn_fixtures) vn1_fixture = vn_fixtures[0] vn2_fixture = vn_fixtures[1] #Launch 1 VM in first VN and 2 VMs in another VN image = 'ubuntu-traffic' src_vm_fixture = self.create_vms(vn_fixture= vn1_fixture,count=1, node_name=compute_hosts[0], image_name=image)[0] dst_vm_fixture1 = self.create_vms(vn_fixture= vn2_fixture,count=1, node_name=compute_hosts[0], image_name=image)[0] dst_vm_fixture2 = self.create_vms(vn_fixture= vn2_fixture,count=1, node_name=compute_hosts[1], image_name=image)[0] self.verify_vms([src_vm_fixture, dst_vm_fixture1, dst_vm_fixture2]) self.disable_policy_for_vms([dst_vm_fixture1, dst_vm_fixture2]) default_sg_id = get_secgrp_id_from_name( self.connections, ':'.join([self.inputs.domain_name, self.inputs.project_name, 'default'])) rule = [{'direction': '<>', 'protocol': 'udp', 'dst_addresses': [{'subnet': {'ip_prefix': '10.1.1.0', 'ip_prefix_len': 24}}], 'dst_ports': [{'start_port': 0, 'end_port': -1}], 'src_ports': [{'start_port': 0, 'end_port': -1}], 'src_addresses': [{'security_group': 'local'}], }] sg_fixture = self.create_sg(entries=rule) self.verify_sg(sg_fixture) proto = 'udp' #For Inter node traffic test, use src_vm_fixture and dst_vm_fixture2 #For Intra node, use src_vm_fixture and dst_vm_fixture1 for vm in [dst_vm_fixture1, dst_vm_fixture2]: if (vm == dst_vm_fixture1): #Intra Node ff_exp = 1 rf_exp = 1 else: #Inter Node ff_exp = 0 rf_exp = 0 #1. receiver VMI SG with allow rule, use default SG self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #2. receiver VMI SG with only egress rule self.remove_sg_from_vms([vm], sg_id=default_sg_id) self.add_sg_to_vms([vm], sg_id=sg_fixture.secgrp_id) self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #3. receiver VMI SG without any rule sg_fixture.delete_all_rules() self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp) #4. receiver VMI without SG self.remove_sg_from_vms([vm], sg_id=sg_fixture.secgrp_id) self.send_traffic_verify_flow_dst_compute(src_vm_fixture, vm, proto, ff_exp=ff_exp, rf_exp=rf_exp)
def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") self.vn1_subnets = get_random_cidrs(self.inputs.get_af()) self.vn2_subnets = get_random_cidrs(self.inputs.get_af()) self.vn1_prefix = self.vn1_subnets[0].split('/')[0] self.vn1_prefix_len = int(self.vn1_subnets[0].split('/')[1]) self.vn2_prefix = self.vn2_subnets[0].split('/')[0] self.vn2_prefix_len = int(self.vn2_subnets[0].split('/')[1]) vn_s = {'vn1': self.vn1_subnets[0], 'vn2': self.vn2_subnets} self.multi_vn_fixture = self.useFixture(MultipleVNFixture( connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.logger.debug("Verify the configured VN's.") assert self.multi_vn_fixture.verify_on_setup() self.multi_vm_fixture = self.useFixture(MultipleVMFixture( project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name='ubuntu-traffic', flavor='contrail_flavor_small')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ':'.join([self.connections.domain_name, self.inputs.project_name, 'default'])) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.set_tcp_port_use_optimizations([self.vm1_fix, self.vm2_fix, self.vm3_fix, self.vm4_fix, self.vm5_fix, self.vm6_fix]) self.logger.info( "Finished configuring setup for security group tests.")
def test_slo_rate(self): """ Description: Verify security logging rate for inter/intra node traffic Steps: 1. create 2 VNs and connect them using policy 2. launch 1 VM in each VN on diff compute node 3. set session export rate to 0 and SLO rate to 5 4. send 10 ping packets and verify the no. of session logs in agent log Pass criteria: No. of session logs should be 1 for session creation and 1 for teardown """ self._create_resources(test_type='intra-node', session_export_rate=0) policy_obj = self.policy_fixture.policy_obj project_name = self.project.project_name sg_fq_name = '%s:%s:default' % (self.connections.domain_name, project_name) sg_id = get_secgrp_id_from_name(self.connections, sg_fq_name) sg_obj = self.vnc_h._vnc.security_group_read(id=sg_id) parent_obj = self.vnc_h.project_read( fq_name=[self.connections.domain_name, project_name]) slo_rate = 5 slo_fixture = self.create_slo(parent_obj, rate=slo_rate, vn_policy_obj=policy_obj) for vn in self.vn_fixtures: self.add_slo_to_vn(slo_fixture, vn) underlay_proto = 0 proto = 1 self.enable_logging_on_compute(self.client_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') #Clear local ips after agent restart self.client_fixture.clear_local_ips() self.server_fixture.clear_local_ips() #Verify Session logs in agent logs for SLO self.start_traffic_validate_slo(self.client_fixture, self.server_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, exp_session_count=2) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto)) ## #Verify SLO rate for inter node icmp traffic compute_hosts = self.orch.get_hosts() if not (len(compute_hosts) < 2): client_node_ip = self.client_fixture.vm_node_ip server2_node_name = compute_hosts[1] if self.inputs.compute_info[ compute_hosts[1]] != client_node_ip else compute_hosts[0] server2_fixture = self.create_vms(vn_fixture=self.vn2_fixture, count=1, node_name=server2_node_name, image_name='ubuntu-traffic')[0] self.verify_vms([server2_fixture]) self.enable_logging_on_compute(server2_fixture.vm_node_ip, log_type=AGENT_LOG, session_type='slo') #Clear local ips after agent restart server2_fixture.clear_local_ips() underlay_proto = UNDERLAY_PROTO[ self.connections.read_vrouter_config_encap()[0]] #Verify Session logs in agent logs for SLO self.start_traffic_validate_slo(self.client_fixture, server2_fixture, self.policy_fixture, proto=proto, underlay_proto=underlay_proto, slo_rate=slo_rate, sg_uuid=sg_id, exp_session_count=2) self.logger.info("SLO: Expected Session logs found in agent log for " "protocol %s" % (self.proto))