def __init__(self, filename=None, data=None, midonet_api=None):
super(TopologyManager, self).__init__()
# deprecate
self._data = self._get_data(filename, data)
self._midonet_api_host = service.get_container_by_hostname('cluster1')
# New model
self._midonet_api = utils.get_midonet_api()
self._cleanups = callmany.CallMany()
self._resources = {}
def __init__(self, filename=None, data=None, midonet_api=None):
super(TopologyManager, self).__init__()
# deprecate
self._data = self._get_data(filename, data)
self._midonet_api_host = service.get_container_by_hostname('cluster1')
# New model
self._midonet_api = utils.get_midonet_api()
self._cleanups = callmany.CallMany()
self._resources = {}
def test_new_interface_becomes_visible():
"""
mdts.tests.functional_tests.test_midolman_and_interfaces.test_new_interface_becomes_visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
# FIXME: pick the midonet-agent from binding manager (when parallel)
midonet_api = get_midonet_api()
agent = service.get_container_by_hostname('midolman1')
iface_name = 'interface%d' % random.randint(1, 100)
new_interface = get_interface(
midonet_api,
agent.get_midonet_host_id(),
iface_name)
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), iface_name)
# Create a new interface 'interface_01'.
iface = agent.create_vmguest(ifname=iface_name)
attempts = 10
while True:
try:
new_interface = get_interface(
midonet_api,
agent.get_midonet_host_id(),
iface_name)
# Test that the created interface is visible.
assert_that(new_interface, not_none(), iface_name)
agent.destroy_vmguest(iface)
break
except Exception:
if attempts > 0:
attempts -= 1
time.sleep(5)
else:
agent.destroy_vmguest(iface)
raise
def test_new_interface_becomes_visible():
"""
mdts.tests.functional_tests.test_midolman_and_interfaces.test_new_interface_becomes_visible
Scenario:
When: On start up, a Midolman sees no interface,
Then: adds a new interface,
And: Midolman detects a new interface.
"""
# FIXME: pick the midonet-agent from binding manager (when parallel)
midonet_api = get_midonet_api()
agent = service.get_container_by_hostname('midolman1')
iface_name = 'interface%d' % random.randint(1, 100)
new_interface = get_interface(midonet_api, agent.get_midonet_host_id(),
iface_name)
# Test that no interface with name 'interface_01' exists.
assert_that(new_interface, none(), iface_name)
# Create a new interface 'interface_01'.
iface = agent.create_vmguest(ifname=iface_name)
attempts = 10
while True:
try:
new_interface = get_interface(midonet_api,
agent.get_midonet_host_id(),
iface_name)
# Test that the created interface is visible.
assert_that(new_interface, not_none(), iface_name)
agent.destroy_vmguest(iface)
break
except Exception:
if attempts > 0:
attempts -= 1
time.sleep(5)
else:
agent.destroy_vmguest(iface)
raise
def test_l2insertion_fail_open():
"""
Title: Test insertions with fail open
2 L2 insertions on a port, each insertion with a different bad pattern.
One of the insertions is set to fail open.
Test both bad patterns can't get through.
Take down the fail open insertion.
Verify that that bad pattern can now get through.
Take down the non fail open insertion.
Verify that no traffic can get through.
Also verify both directions
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(True)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip()
rcv_filter_ret = 'ip src %s and icmp[icmptype] == 8' % insertion_port.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
set_interface_admin_down(service_port1)
time.sleep(5) # give midolman a chance to see it
LOG.info("Sending dead beef again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef the other way again")
f1 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef")
wait_on_futures([f1, f2])
LOG.info("Sending cafe food again")
f1 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2])
set_interface_admin_down(service_port2)
time.sleep(5)
# nothing should get through
LOG.info("Sending good packet")
f1 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="f00b4c", should_succeed=False)
wait_on_futures([f1])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port,
data="f00b4c", should_succeed=False)
wait_on_futures([f1])
finally:
fakesnort2.kill()
fakesnort1.kill()
def test_l2insertion_both_ends_protected():
"""
Title: Test insertions with both ends protected
2 L2 insertions on 2 ports, each insertion with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different insertions depending on the direction of the packet.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port1 = BM.get_iface_for_port('bridge-000-001', 1)
insertion_port2 = BM.get_iface_for_port('bridge-000-001', 4)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port1.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port1.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port1.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port1.get_mac_addr())
insertion2.create()
insertion3 = api.add_l2insertion()
insertion3.srv_port(service_port1.vport_id)
insertion3.port(insertion_port2.vport_id)
insertion3.position(1)
insertion3.fail_open(False)
insertion3.vlan(3)
insertion3.mac(insertion_port2.get_mac_addr())
insertion3.create()
insertion4 = api.add_l2insertion()
insertion4.srv_port(service_port2.vport_id)
insertion4.port(insertion_port2.vport_id)
insertion4.position(2)
insertion4.fail_open(False)
insertion4.vlan(4)
insertion4.mac(insertion_port2.get_mac_addr())
insertion4.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port2.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10), count=2))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10), count=2))
f3 = async_assert_that(insertion_port2,
receives(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(insertion_port1, insertion_port2,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
finally:
fakesnort2.kill()
fakesnort1.kill()
def test_l2insertion_with_flowstate():
"""
Title: Test insertions with flow state
2 L2 insertions on a port, each with a different bad pattern.
Packets are sent over DNAT so that flow state is generated and necessary to
return the packet.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
router = VTM.get_router('router-000-001')
conntrack_filter = VTM.get_chain('conntrack_filter_001')
router.set_inbound_filter(conntrack_filter)
# Sleep here to make sure that the settings have been propagated.
time.sleep(5)
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
other_port = BM.get_iface_for_port('bridge-000-002', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ip dst %s and icmp[icmptype] == 8' % insertion_port.get_ip()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port,
data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_multi_l2insertion():
"""
Title: Multiple insertions on a port
2 L2 insertions on a port, each with a different bad pattern.
The bad packets matching the different patterns should be blocked at
different points.
Verify that packets are blocked in the same order regardless of the
direction.
"""
api = get_midonet_api()
service_port1 = BM.get_iface_for_port('bridge-000-001', 2)
service_port2 = BM.get_iface_for_port('bridge-000-001', 3)
fakesnort1 = FakeSnort(service_port1, "deadbeef")
fakesnort2 = FakeSnort(service_port2, "cafef00d")
try:
fakesnort1.run()
fakesnort2.run()
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion1 = api.add_l2insertion()
insertion1.srv_port(service_port1.vport_id)
insertion1.port(insertion_port.vport_id)
insertion1.position(1)
insertion1.fail_open(False)
insertion1.vlan(1)
insertion1.mac(insertion_port.get_mac_addr())
insertion1.create()
insertion2 = api.add_l2insertion()
insertion2.srv_port(service_port2.vport_id)
insertion2.port(insertion_port.vport_id)
insertion2.position(2)
insertion2.fail_open(False)
insertion2.vlan(2)
insertion2.mac(insertion_port.get_mac_addr())
insertion2.create()
time.sleep(5)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
other_port = BM.get_iface_for_port('bridge-000-001', 4)
LOG.info("Sending good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port1,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter, within_sec(10)))
f3 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
LOG.info("Sending dead beef the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending cafe food the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="cafef00d", should_succeed=False)
wait_on_futures([f1, f2, f3])
LOG.info("Sending another good packet the other way")
f1 = async_assert_that(service_port1,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(service_port2,
receives(rcv_filter_ret, within_sec(10)))
f3 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="beeff00d")
wait_on_futures([f1, f2, f3])
finally:
fakesnort1.kill()
fakesnort2.kill()
def test_basic_l2insertion():
"""
Title: Basic insertion functionallity
L2Service insertion on 1, which redirects traffic through port 3.
Good traffic should go through. Traffic that matches the bad pattern
should be dropped.
"""
api = get_midonet_api()
service_port = BM.get_iface_for_port('bridge-000-001', 2)
fakesnort = FakeSnort(service_port, "deadbeef")
fakesnort.run()
try:
insertion_port = BM.get_iface_for_port('bridge-000-001', 1)
insertion = api.add_l2insertion()
insertion.srv_port(service_port.vport_id)
insertion.port(insertion_port.vport_id)
insertion.position(1)
insertion.fail_open(False)
insertion.mac(insertion_port.get_mac_addr())
insertion.create()
time.sleep(5)
other_port = BM.get_iface_for_port('bridge-000-001', 3)
rcv_filter = 'ether dst %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
rcv_filter_ret = 'ether src %s and icmp[icmptype] == 8' % insertion_port.get_mac_addr()
LOG.info("Sending good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending dead beef")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
should_NOT_receive(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending another good packet")
f1 = async_assert_that(service_port,
receives(rcv_filter, within_sec(10)))
f2 = async_assert_that(insertion_port,
receives(rcv_filter, within_sec(10)))
ping_port(other_port, insertion_port, data="f00b4c")
wait_on_futures([f1, f2])
LOG.info("Sending bad packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
should_NOT_receive(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="deadbeef",
should_succeed=False)
wait_on_futures([f1, f2])
LOG.info("Sending good packet the other way")
f1 = async_assert_that(service_port,
receives(rcv_filter_ret, within_sec(10)))
f2 = async_assert_that(other_port,
receives(rcv_filter_ret, within_sec(10)))
ping_port(insertion_port, other_port, data="b00f00")
wait_on_futures([f1, f2])
finally:
fakesnort.kill()
def bind(self, filename=None):
self._ptm.build()
self._vtm.build()
# Get a new api ref to workaround previous zk failures
self._api = get_midonet_api()
bindings = self._data['bindings']
for b in bindings:
binding = b['binding']
host_id = binding['host_id']
iface_id = binding['interface_id']
device_name = binding['device_name']
port_id = binding['port_id']
device_port = self._vtm.get_device_port(device_name, port_id)
mn_vport = device_port._mn_resource
if mn_vport.get_type() == 'InteriorRouter' or \
mn_vport.get_type() == 'InteriorBridge':
LOG.error("Cannot bind interior port")
sys.exit(-1) # TODO: make this fancier
# FIXME: some hosts are specified by midonet host_id while others
# are referenced by hostname. Need a coherent mechanism
# Cleanup everything not related to bindings from here
if 'host_id' in binding:
host_id = binding['host_id']
# FIXME:
# Clean up yamls or remove them completely, this is so ugly
_host = filter(lambda x: x['host']['id'] == host_id,
self._ptm._hosts)[0]['host']
elif 'hostname' in binding:
hostname = binding['hostname']
_host = filter(lambda x: x['host']['hostname'] == hostname,
self._ptm._hosts)[0]['host']
else:
raise RuntimeError("Hosts in the binding should have a"
"host_id or a hostname property")
_interface = filter(lambda x: x['interface']['id'] == iface_id,
_host['interfaces'])[0]['interface']
mn_vport_id = mn_vport.get_id()
host = service.get_container_by_hostname('midolman%s' % host_id)
if _interface['type'] == 'netns':
iface = host.create_vmguest(**_interface)
elif _interface['type'] == 'trunk':
iface = host.create_trunk(**_interface)
else: # provided
iface = host.create_provided(**_interface)
self._port_if_map[(device_name, port_id)] = iface
iface.vport_id = mn_vport_id
self._interfaces.append((iface, host))
iface.clear_arp(sync=True)
iface.vport_id = mn_vport_id
host.bind_port(iface, mn_vport_id)
await_port_active(mn_vport_id)