def test_repeated_policy_modify(self): """ Configure policies based on topology; Replace VN's existing policy [same policy name but with different rule set] multiple times and verify. """ ### # Get config for test from topology # very simple topo will do, one vn, one vm, multiple policies with n # rules topology_class_name = sdn_single_vm_multiple_policy_topology.sdn_single_vm_multiple_policy_config self.logger.info("Scenario for the test used is: %s" % (topology_class_name)) # set project name try: # provided by wrapper module if run in parallel test env topo = topology_class_name(project=self.project.project_name, username=self.project.username, password=self.project.password) except NameError: topo = topology_class_name() ### # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} setup_obj = self.useFixture(sdnTopoSetupFixture( self.connections, topo)) out = setup_obj.topo_setup() assertEqual(out['result'], True, out['msg']) if out['result']: topo, config_topo = out['data'] ### # Verify [and assert on fail] after setup # Calling system policy verification, pick any policy fixture to # access fixture verification policy_name = topo.policy_list[0] system_vna_verify_policy(self, config_topo['policy'][policy_name], topo, 'setup') ### # Test procedure: # Test repeated update of a policy attached to a VM test_vm = topo.vmc_list[0] test_vn = topo.vn_of_vm[test_vm] test_vn_fix = config_topo['vn'][test_vn] test_vn_id = test_vn_fix.vn_id for policy in topo.policy_list: # set new policy for test_vn to policy test_policy_fq_names = [] name = config_topo['policy'][policy].policy_fq_name test_policy_fq_names.append(name) state = "policy for %s updated to %s" % (test_vn, policy) test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id) # wait for tables update before checking after making changes to # system time.sleep(5) self.logger.info("new policy list of vn %s is %s" % (test_vn, policy)) # update expected topology with this new info for verification updated_topo = policy_test_utils.update_topo(topo, test_vn, policy) system_vna_verify_policy(self, config_topo['policy'][policy], updated_topo, state) return True
def policy_scale_test_with_ping(self, topo): """ Setup multiple VM, VN and policies to allow traffic. From one VM, send ping to all VMs to test.. Test focus is on the scale of VM/VN created.. """ result = True msg = [] # # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} setup_obj = self.useFixture(sdnTopoSetupFixture( self.connections, topo)) out = setup_obj.topo_setup() #out= setup_obj.topo_setup(vm_verify='yes', skip_cleanup='yes') self.logger.info("Setup completed with result %s" % (out['result'])) self.assertEqual(out['result'], True, out['msg']) if out['result']: topo, config_topo = out['data'] # 1. Define Traffic Params test_vm1 = topo.vmc_list[0] # 'vmc0' test_vm1_fixture = config_topo['vm'][test_vm1] test_vn = topo.vn_of_vm[test_vm1] # 'vnet0' test_vn_fix = config_topo['vn'][test_vn] test_vn_id = test_vn_fix.vn_id test_proto = 'icmp' # Assumption: one policy per VN policy = topo.vn_policy[test_vn][0] policy_info = "policy in effect is : " + str(topo.rules[policy]) self.logger.info(policy_info) for vmi in range(1, len(list(topo.vn_of_vm.items()))): test_vm2 = topo.vmc_list[vmi] test_vm2_fixture = config_topo['vm'][test_vm2] # 2. set expectation to verify.. # Topology guide: One policy attached to VN has one rule for protocol under test # For ping test, set expected result based on action - pass or deny # if action = 'pass', expectedResult= True, else Fail; matching_rule_action = {} num_rules = len(topo.rules[policy]) for i in range(num_rules): proto = topo.rules[policy][i]['protocol'] matching_rule_action[proto] = topo.rules[policy][i][ 'simple_action'] self.logger.info("matching_rule_action: %s" % matching_rule_action) # 3. Test with ping self.logger.info("Verify ping to vm %s" % (vmi)) expectedResult = True if matching_rule_action[ test_proto] == 'pass' else False ret = test_vm1_fixture.ping_with_certainty( test_vm2_fixture.vm_ip, expectation=expectedResult, dst_vm_fixture=test_vm2_fixture) result_msg = "vm ping test result to vm %s is: %s" % (vmi, ret) self.logger.info(result_msg) if not ret: result = False msg.extend([result_msg, policy_info]) self.assertEqual(result, True, msg) return result
def test_policy(self): """ Configure policies based on topology and run policy related verifications. """ result = True # # Get config for test from topology topology_class_name = sdn_basic_topology.sdn_basic_config self.logger.info( "Scenario for the test used is: %s" % (topology_class_name)) # set project name try: # provided by wrapper module if run in parallel test env topo = topology_class_name( project=self.project.project_name, username=self.project.project_username, password=self.project.project_user_password) except NameError: topo = topology_class_name() # # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} setup_obj = self.useFixture( sdnTopoSetupFixture(self.connections, topo)) out = setup_obj.topo_setup() assertEqual(out['result'], True, out['msg']) if out['result']: topo, config_topo = out['data'] # # Verify [and assert on fail] after setup # Calling system policy verification, pick any policy fixture to # access fixture verification policy_name = topo.policy_list[0] system_vna_verify_policy( self, config_topo['policy'][policy_name], topo, 'setup') # Verify ICMP traffic between the two VM's. if not config_topo['vm'][topo.vmc_list[0]].ping_with_certainty( expectation=True, dst_vm_fixture=config_topo['vm'][topo.vmc_list[1]]): self.logger.error( 'Ping from %s to %s failed,expected it to pass' % (config_topo['vm'][topo.vmc_list[0]].vm_name, config_topo['vm'][topo.vmc_list[1]].vm_name)) return False return True
def test_policy_modify_vn_policy(self): """ Configure policies based on topology; """ ### # Get config for test from topology # very simple topo will do, one vn, one vm, one policy, 3 rules topology_class_name = sdn_single_vm_policy_topology.sdn_single_vm_policy_config self.logger.info("Scenario for the test used is: %s" % (topology_class_name)) # set project name try: # provided by wrapper module if run in parallel test env topo = topology_class_name(project=self.project.project_name, username=self.project.username, password=self.project.password) except NameError: topo = topology_class_name() ### # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} setup_obj = self.useFixture(sdnTopoSetupFixture( self.connections, topo)) out = setup_obj.topo_setup() assertEqual(out['result'], True, out['msg']) if out['result']: topo, config_topo = out['data'] ### # Verify [and assert on fail] after setup # Calling system policy verification, pick any policy fixture to # access fixture verification policy_name = topo.policy_list[0] system_vna_verify_policy(self, config_topo['policy'][policy_name], topo, 'setup') ### # Test procedure: # Test adding new policy to VN's exiting policy list state = "add policy: " test_vm = topo.vmc_list[0] test_vn = topo.vn_of_vm[test_vm] # Init test data, take backup of current topology initial_vn_policy_list = copy.copy(topo.vn_policy[test_vn]) new_policy_to_add = policy_test_utils.get_policy_not_in_vn( initial_vn_policy_list, topo.policy_list) if not new_policy_to_add: result = 'False' msg = "test %s cannot be run as required config not available in topology; aborting test" self.logger.info(msg) assertEqual(result, True, msg) initial_policy_vn_list = copy.copy(topo.policy_vn[new_policy_to_add]) new_vn_policy_list = copy.copy(initial_vn_policy_list) new_policy_vn_list = copy.copy(initial_policy_vn_list) new_vn_policy_list.append(new_policy_to_add) new_policy_vn_list.append(test_vn) test_vn_fix = config_topo['vn'][test_vn] test_vn_id = test_vn_fix.vn_id # configure new policy config_topo['policy'][new_policy_to_add] = self.useFixture( PolicyFixture(policy_name=new_policy_to_add, rules_list=topo.rules[new_policy_to_add], inputs=self.inputs, connections=self.connections)) # get new policy_set to be pushed for the vn test_policy_fq_names = [] for policy in new_vn_policy_list: name = config_topo['policy'][policy].policy_fq_name test_policy_fq_names.append(name) self.logger.info("adding policy %s to vn %s" % (new_policy_to_add, test_vn)) test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id) # wait for tables update before checking after making changes to system time.sleep(5) self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list)) # update expected topology with this new info for verification topo.vn_policy[test_vn] = new_vn_policy_list topo.policy_vn[new_policy_to_add] = new_policy_vn_list system_vna_verify_policy(self, config_topo['policy'][new_policy_to_add], topo, state) # Test unbinding all policies from VN state = "unbinding all policies" test_vn_fix.unbind_policies(test_vn_id) # wait for tables update before checking after making changes to system time.sleep(5) current_vn_policy_list = new_vn_policy_list new_vn_policy_list = [] self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list)) # update expected topology with this new info for verification topo.vn_policy[test_vn] = new_vn_policy_list for policy in current_vn_policy_list: topo.policy_vn[policy].remove(test_vn) system_vna_verify_policy(self, config_topo['policy'][new_policy_to_add], topo, state) return True
def test_traffic_connections_while_control_nodes_go_down(self): """Tests related to connections and traffic while switching from normal mode to headless and back i.e. control nodes go down and come online.""" if len(self.inputs.compute_ips) < 2: raise unittest.SkipTest("This test needs atleast 2 compute nodes.") else: self.logger.info( "Required resources are in place to run the test.") result = True topology_class_name = None self.compute_fixture_dict = {} for each_compute in self.inputs.compute_ips: self.compute_fixture_dict[each_compute] = self.useFixture( ComputeNodeFixture(connections=self.connections, node_ip=each_compute, username=self.inputs.username, password=self.inputs.password)) mode = self.compute_fixture_dict[ each_compute].get_agent_headless_mode() if mode is False: self.compute_fixture_dict[ each_compute].set_agent_headless_mode() # # Get config for test from topology result = True msg = [] if not topology_class_name: topology_class_name = test_headless_vrouter_topo.sdn_headless_vrouter_topo self.logger.info("Scenario for the test used is: %s" % (topology_class_name)) # # Create a list of compute node IP's and pass it to topo if you want to pin # a vm to a particular node topo_obj = topology_class_name( compute_node_list=self.inputs.compute_ips) # # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} topo = {} topo_objs = {} config_topo = {} setup_obj = self.useFixture( sdnTopoSetupFixture(self.connections, topo_obj)) out = setup_obj.sdn_topo_setup() self.assertEqual(out['result'], True, out['msg']) if out['result']: topo_objs, config_topo, vm_fip_info = out['data'] # Start Test proj = config_topo.keys() vms = config_topo[proj[0]]['vm'].keys() src_vm = config_topo[proj[0]]['vm'][vms[0]] dest_vm = config_topo[proj[0]]['vm'][vms[1]] flow_cache_timeout = 180 # Setup Traffic. stream = Stream(protocol="ip", proto="icmp", src=src_vm.vm_ip, dst=dest_vm.vm_ip) profile = ContinuousProfile(stream=stream, count=0, capfilter="icmp") tx_vm_node_ip = src_vm.vm_node_ip rx_vm_node_ip = dest_vm.vm_node_ip tx_local_host = Host(tx_vm_node_ip, self.inputs.username, self.inputs.password) rx_local_host = Host(rx_vm_node_ip, self.inputs.username, self.inputs.password) send_host = Host(src_vm.local_ip, src_vm.vm_username, src_vm.vm_password) recv_host = Host(dest_vm.local_ip, dest_vm.vm_username, dest_vm.vm_password) sender = Sender("icmp", profile, tx_local_host, send_host, self.inputs.logger) receiver = Receiver("icmp", profile, rx_local_host, recv_host, self.inputs.logger) receiver.start() sender.start() self.logger.info("Waiting for 5 sec for traffic to be setup ...") time.sleep(5) flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) headless_vr_utils.stop_all_control_services(self) self.addCleanup(self.inputs.start_service, 'contrail-control', self.inputs.bgp_ips, container='control') headless_vr_utils.check_through_tcpdump(self, dest_vm, src_vm) flow_index_list2 = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if flow_index_list == flow_index_list2: self.logger.info("Flow indexes have not changed.") else: self.logger.error( "Flow indexes have changed. Test Failed, Exiting") return False # wait_for_flow_cache_timeout time.sleep(flow_cache_timeout) # verify_flow_is_not_recreated flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if flow_index_list == flow_index_list2: self.logger.info("Flow indexes have not changed.") else: self.logger.error( "Flow indexes have changed. Test Failed, Exiting") return False receiver.stop() sender.stop() # wait_for_flow_cache_timeout time.sleep(flow_cache_timeout + 5) # verify_flow_is_cleared flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if not len(flow_index_list): self.logger.info("No flows are present") else: self.logger.error("Flows are still present.") return False # start_ping receiver.start() sender.start() self.logger.info("Waiting for 5 sec for traffic to be setup ...") time.sleep(5) # verify_flow_is_recreated flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if (flow_index_list[0] and flow_index_list[1]): self.logger.info("Flows are recreated.") else: self.logger.error("Flows are still absent.") return False headless_vr_utils.start_all_control_services(self) headless_vr_utils.check_through_tcpdump(self, dest_vm, src_vm) # wait_for_flow_cache_timeout time.sleep(flow_cache_timeout + 5) flow_index_list2 = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if flow_index_list == flow_index_list2: self.logger.info("Flow indexes have not changed.") else: self.logger.error( "Flow indexes have changed. Test Failed, Exiting") return False receiver.stop() sender.stop() # wait_for_flow_cache_timeout time.sleep(flow_cache_timeout + 5) # verify_flow_is_cleared flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if not len(flow_index_list): self.logger.info("No flows are present") else: self.logger.error("Flows are still present.") return False # start_ping receiver.start() sender.start() self.logger.info("Waiting for 5 sec for traffic to be setup ...") time.sleep(5) # verify_flow_is_recreated flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if (flow_index_list[0] and flow_index_list[1]): self.logger.info("Flows are recreated.") else: self.logger.error("Flows are still absent.") return False receiver.stop() sender.stop() return True
def test_config_add_change_while_control_nodes_go_down(self): """Tests related to configuration add, change, and delete while switching from normal mode to headless and back i.e. control nodes go down and come online.""" if len(self.inputs.compute_ips) < 2: raise unittest.SkipTest("This test needs atleast 2 compute nodes.") else: self.logger.info( "Required resources are in place to run the test.") result = True topology_class_name = None self.compute_fixture_dict = {} for each_compute in self.inputs.compute_ips: self.compute_fixture_dict[each_compute] = self.useFixture( ComputeNodeFixture(connections=self.connections, node_ip=each_compute, username=self.inputs.username, password=self.inputs.password)) mode = self.compute_fixture_dict[ each_compute].get_agent_headless_mode() if mode is False: self.compute_fixture_dict[ each_compute].set_agent_headless_mode() # # Get config for test from topology result = True msg = [] if not topology_class_name: topology_class_name = test_headless_vrouter_topo.sdn_headless_vrouter_topo self.logger.info("Scenario for the test used is: %s" % (topology_class_name)) # # Create a list of compute node IP's and pass it to topo if you want to pin # a vm to a particular node topo_obj = topology_class_name( compute_node_list=self.inputs.compute_ips) # # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} topo = {} topo_objs = {} config_topo = {} setup_obj = self.useFixture( sdnTopoSetupFixture(self.connections, topo_obj)) out = setup_obj.sdn_topo_setup() self.assertEqual(out['result'], True, out['msg']) if out['result']: topo_objs, config_topo, vm_fip_info = out['data'] # Start Test proj = config_topo.keys() vms = config_topo[proj[0]]['vm'].keys() src_vm = config_topo[proj[0]]['vm'][vms[0]] dest_vm = config_topo[proj[0]]['vm'][vms[1]] flow_cache_timeout = 180 # Setup Traffic. stream = Stream(protocol="ip", proto="icmp", src=src_vm.vm_ip, dst=dest_vm.vm_ip) profile = ContinuousProfile(stream=stream, count=0, capfilter="icmp") tx_vm_node_ip = src_vm.vm_node_ip rx_vm_node_ip = dest_vm.vm_node_ip tx_local_host = Host(tx_vm_node_ip, self.inputs.username, self.inputs.password) rx_local_host = Host(rx_vm_node_ip, self.inputs.username, self.inputs.password) send_host = Host(src_vm.local_ip, src_vm.vm_username, src_vm.vm_password) recv_host = Host(dest_vm.local_ip, dest_vm.vm_username, dest_vm.vm_password) sender = Sender("icmp", profile, tx_local_host, send_host, self.inputs.logger) receiver = Receiver("icmp", profile, rx_local_host, recv_host, self.inputs.logger) receiver.start() sender.start() self.logger.info("Waiting for 5 sec for traffic to be setup ...") time.sleep(5) #self.start_ping(src_vm, dest_vm) flow_index_list = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) headless_vr_utils.stop_all_control_services(self) self.addCleanup(self.inputs.start_service, 'contrail-control', self.inputs.bgp_ips, container='control') time.sleep(10) headless_vr_utils.check_through_tcpdump(self, dest_vm, src_vm) flow_index_list2 = headless_vr_utils.get_flow_index_list( self, src_vm, dest_vm) if set(flow_index_list) == set(flow_index_list2): self.logger.info("Flow indexes have not changed.") else: self.logger.error( "Flow indexes have changed. Test Failed, Exiting") return False receiver.stop() sender.stop() project1_instance = config_topo['project1']['project']['project1'] project1_instance.get_project_connections() vnet2_instance = config_topo['project1']['vn']['vnet2'] # add VM to existing VN VM22_fixture = self.useFixture( VMFixture( connections=project1_instance.project_connections['juniper'], vn_obj=vnet2_instance.obj, vm_name='VM22', project_name=project1_instance.project_name)) # create new IPAM ipam3_obj = self.useFixture( IPAMFixture(project_obj=project1_instance, name='ipam3')) ipam4_obj = self.useFixture( IPAMFixture(project_obj=project1_instance, name='ipam4')) # create new VN VN3_fixture = self.useFixture( VNFixture( project_name=project1_instance.project_name, connections=project1_instance.project_connections['juniper'], vn_name='VN3', inputs=project1_instance.inputs, subnets=['10.3.1.0/24'], ipam_fq_name=ipam3_obj.fq_name)) VN4_fixture = self.useFixture( VNFixture( project_name=project1_instance.project_name, connections=project1_instance.project_connections['juniper'], vn_name='VN4', inputs=project1_instance.inputs, subnets=['10.4.1.0/24'], ipam_fq_name=ipam4_obj.fq_name)) # create policy policy_name = 'policy34' rules = [] rules = [{ 'direction': '<>', 'protocol': 'icmp', 'dest_network': VN4_fixture.vn_fq_name, 'source_network': VN3_fixture.vn_fq_name, 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any' }, { 'direction': '<>', 'protocol': 'icmp', 'dest_network': VN3_fixture.vn_fq_name, 'source_network': VN4_fixture.vn_fq_name, 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any' }] policy34_fixture = self.useFixture( PolicyFixture( policy_name=policy_name, rules_list=rules, inputs=project1_instance.inputs, connections=project1_instance.project_connections['juniper'], project_fixture=project1_instance)) # create VN to policy mapping in a dict of policy list. vn_policys = { VN3_fixture.vn_name: [policy_name], VN4_fixture.vn_name: [policy_name] } # create a policy object list of policies to be attached to a vm policy_obj_dict = {} policy_obj_dict[VN3_fixture.vn_name] = [policy34_fixture.policy_obj] policy_obj_dict[VN4_fixture.vn_name] = [policy34_fixture.policy_obj] # vn fixture dictionary. vn_obj_dict = {} vn_obj_dict[VN3_fixture.vn_name] = VN3_fixture vn_obj_dict[VN4_fixture.vn_name] = VN4_fixture # attach policy to VN VN3_policy_fixture = self.useFixture( VN_Policy_Fixture( connections=project1_instance.project_connections['juniper'], vn_name=VN3_fixture.vn_name, policy_obj=policy_obj_dict, vn_obj=vn_obj_dict, vn_policys=vn_policys[VN3_fixture.vn_name], project_name=project1_instance.project_name)) VN4_policy_fixture = self.useFixture( VN_Policy_Fixture( connections=project1_instance.project_connections['juniper'], vn_name=VN4_fixture.vn_name, policy_obj=policy_obj_dict, vn_obj=vn_obj_dict, vn_policys=vn_policys[VN4_fixture.vn_name], project_name=project1_instance.project_name)) # add VM to new VN VM31_fixture = self.useFixture( VMFixture( connections=project1_instance.project_connections['juniper'], vn_obj=VN3_fixture.obj, vm_name='VM31', project_name=project1_instance.project_name)) VM41_fixture = self.useFixture( VMFixture( connections=project1_instance.project_connections['juniper'], vn_obj=VN4_fixture.obj, vm_name='VM41', project_name=project1_instance.project_name)) # verification routines. test_flag = 0 if ((VN3_fixture.verify_vn_in_api_server()) and (VN3_fixture.verify_vn_not_in_agent()) and (VN3_fixture.verify_vn_policy_in_api_server()['result'])): self.logger.info( "Verification of VN3 PASSED while control nodes down.") else: self.logger.error( "Verification of VN3 FAILED while control nodes down.") test_flag = 1 if ((VN4_fixture.verify_vn_in_api_server()) and (VN4_fixture.verify_vn_not_in_agent()) and (VN4_fixture.verify_vn_policy_in_api_server()['result'])): self.logger.info( "Verification of VN4 PASSED while control nodes down.") else: self.logger.error( "Verification of VN4 FAILED while control nodes down.") test_flag = 1 if ((VM22_fixture.verify_vm_launched()) and (VM22_fixture.verify_vm_in_api_server())): self.logger.info( "Verification of VM22 PASSED while control nodes down.") else: self.logger.error( "Verification of VM22 FAILED while control nodes down.") test_flag = 1 if ((VM31_fixture.verify_vm_launched()) and (VM31_fixture.verify_vm_in_api_server())): self.logger.info( "Verification of VM31 PASSED while control nodes down.") else: self.logger.error( "Verification of VM31 FAILED while control nodes down.") test_flag = 1 if ((VM41_fixture.verify_vm_launched()) and (VM41_fixture.verify_vm_in_api_server())): self.logger.info( "Verification of VM41 PASSED while control nodes down.") else: self.logger.error( "Verification of VM41 FAILED while control nodes down.") test_flag = 1 # start all control services. headless_vr_utils.start_all_control_services(self) # if something went wrong in the controller down state bail out here. if test_flag == 1: self.logger.error( "Verifications and Test failed while the controllers were down in \ headless state of agent. Check earlier error logs" ) return False # wait for 3 to 5 sec for configuration sync from control nodes to the # agents. time.sleep(5) # wait till VM's are up. VM22_fixture.wait_till_vm_is_up() VM31_fixture.wait_till_vm_is_up() VM41_fixture.wait_till_vm_is_up() # verify vm config gets downloaded to the agents. if ((VM22_fixture.verify_vm_in_agent()) and (VM31_fixture.verify_vm_in_agent()) and (VM41_fixture.verify_vm_in_agent())): self.logger.info("VM verification on the agent PASSED") else: self.logger.error("VM verification on the agent FAILED") return False # check ping success between the two VM's assert config_topo['project1']['vm']['VM11'].ping_with_certainty( VM22_fixture.vm_ip, expectation=True) assert VM31_fixture.ping_with_certainty(VM41_fixture.vm_ip, expectation=True) assert VM41_fixture.ping_with_certainty(VM31_fixture.vm_ip, expectation=True) # verification routines. if ((VN3_fixture.verify_on_setup()) and (VN4_fixture.verify_on_setup()) and (VM22_fixture.verify_on_setup()) and (VM31_fixture.verify_on_setup()) and (VM41_fixture.verify_on_setup())): self.logger.info( "All verifications passed after controllers came up in headless agent mode" ) else: self.logger.error( "Verifications FAILED after controllers came up in headless agent mode" ) return False return True
def setup_common_objects(self, inputs, connections): self.inputs = inputs self.connections = connections self.base_rel = get_release() (self.vn11_name, self.vn11_subnets) = ("vn11", ["192.168.1.0/24"]) (self.vn22_name, self.vn22_subnets) = ("vn22", ["192.168.2.0/24"]) (self.fip_vn_name, self.fip_vn_subnets) = ("fip_vn", ['200.1.1.0/24']) (self.vn11_vm1_name, self.vn11_vm2_name, self.vn11_vm3_name, self.vn11_vm4_name) = ('vn11_vm1', 'vn11_vm2', 'vn11_vm3', 'vn11_vm4') self.vn22_vm1_name = 'vn22_vm1' self.vn22_vm2_name = 'vn22_vm2' self.fvn_vm1_name = 'fvn_vm1' # Configure 3 VNs, 2 of them vn11, vn22 and 1 fip_vn self.vn11_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, inputs=self.inputs, vn_name=self.vn11_name, subnets=self.vn11_subnets)) assert self.vn11_fixture.verify_on_setup() self.vn22_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, inputs=self.inputs, vn_name=self.vn22_name, subnets=self.vn22_subnets)) self.fvn_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, inputs=self.inputs, vn_name=self.fip_vn_name, subnets=self.fip_vn_subnets)) # Configure 4 VMs in VN11, 2 VM in VN22, and 1 VM in FVN self.vn11_vm1_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm1_name, image_name='ubuntu')) self.vn11_vm2_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm2_name, image_name='ubuntu')) self.vn11_vm3_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm3_name, image_name='ubuntu')) self.vn11_vm4_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm4_name, image_name='ubuntu')) self.vn22_vm1_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm1_name, image_name='ubuntu')) self.vn22_vm2_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm2_name, image_name='ubuntu')) self.fvn_vm1_fixture = self.useFixture(VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.fvn_fixture.obj, vm_name=self.fvn_vm1_name, image_name='ubuntu')) # Adding Policy between vn11 and vn22 ###### assert self.vn11_fixture.verify_on_setup() assert self.vn22_fixture.verify_on_setup() rules = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'any', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, ] policy_name = 'p1' self.policy_fixture = self.useFixture( PolicyFixture( policy_name=policy_name, rules_list=rules, inputs=self.inputs, connections=self.connections)) policy_fq_name = [self.policy_fixture.policy_fq_name] self.vn11_fixture.bind_policies( policy_fq_name, self.vn11_fixture.vn_id) self.addCleanup(self.vn11_fixture.unbind_policies, self.vn11_fixture.vn_id, [self.policy_fixture.policy_fq_name]) self.vn22_fixture.bind_policies( policy_fq_name, self.vn22_fixture.vn_id) self.addCleanup(self.vn22_fixture.unbind_policies, self.vn22_fixture.vn_id, [self.policy_fixture.policy_fq_name]) # Adding Floating ip ### assert self.fvn_fixture.verify_on_setup() fip_pool_name = 'some-pool1' self.fip_fixture = self.useFixture( FloatingIPFixture( project_name=self.inputs.project_name, inputs=self.inputs, connections=self.connections, pool_name=fip_pool_name, vn_id=self.fvn_fixture.vn_id)) self.vn11_vm1_fixture.verify_on_setup() self.vn11_vm1_fixture.wait_till_vm_is_up() self.fip_id = self.fip_fixture.create_and_assoc_fip( self.fvn_fixture.vn_id, self.vn11_vm1_fixture.vm_id) self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id) assert self.fip_fixture.verify_fip( self.fip_id, self.vn11_vm1_fixture, self.fvn_fixture) self.vn22_vm1_fixture.verify_on_setup() self.vn22_vm1_fixture.wait_till_vm_is_up() self.fip_id1 = self.fip_fixture.create_and_assoc_fip( self.fvn_fixture.vn_id, self.vn22_vm1_fixture.vm_id) assert self.fip_fixture.verify_fip( self.fip_id1, self.vn22_vm1_fixture, self.fvn_fixture) self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id1) # Adding the service chaining resources for firewall ### si_count = 1 svc_scaling = False max_inst = 1 svc_mode = 'in-network' flavor = 'm1.medium' self.vn1_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn1" self.vn1_name = "in_network_vn1" self.vn1_subnets = ['10.1.1.0/24'] self.vm1_name = 'in_network_vm1' self.vn2_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn2" self.vn2_name = "in_network_vn2" self.vn2_subnets = ['20.2.2.0/24'] self.vm2_name = 'in_network_vm2' self.action_list = [] self.if_list = [['management', False], ['left', True], ['right', True]] self.st_name = 'in_net_svc_template_1' si_prefix = 'in_net_svc_instance_' self.policy_name = 'policy_in_network' self.vn1_fixture = self.config_vn(self.vn1_name, self.vn1_subnets) self.vn2_fixture = self.config_vn(self.vn2_name, self.vn2_subnets) self.vm1_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name) self.vm2_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name) svc_chain_info = self.config_svc_chain( left_vn_fixture=self.vn1_fixture, right_vn_fixture=self.vn2_fixture, service_mode=svc_mode, max_inst=max_inst, left_vm_fixture=self.vm1_fixture, right_vm_fixture=self.vm2_fixture) self.st_fixture = svc_chain_info['st_fixture'] self.si_fixture = svc_chain_info['si_fixture'] self.policy_fixture = svc_chain_info['policy_fixture'] # non-admin tenant config result = True msg = [] self.topo_obj = sdn_topo_with_multi_project() self.setup_obj = self.useFixture( sdnTopoSetupFixture(self.connections, self.topo_obj)) out = self.setup_obj.sdn_topo_setup() self.assertEqual(out['result'], True, out['msg']) if out['result'] == True: self.topo_objs, self.config_topo, vm_fip_info = out['data']
def repeated_policy_update_test_with_ping(self, topo): """ Pick 2 VM's for testing, test with ping; modify policy of one VN [in which VM is present] and verify the rule functionality with ping. """ result = True msg = [] # # Test setup: Configure policy, VN, & VM # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} # Returned topo is of following format: # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} setup_obj = self.useFixture( sdnTopoSetupFixture(self.connections, topo)) out = setup_obj.topo_setup() #out= setup_obj.topo_setup(vm_verify='yes', skip_cleanup='yes') self.logger.info("Setup completed with result %s" % (out['result'])) assertEqual(out['result'], True, out['msg']) if out['result']: topo, config_topo = out['data'] # 1. Define Traffic Params test_vm1 = topo.vmc_list[0] # 'vmc0' test_vm2 = topo.vmc_list[1] # 'vmc1' test_vm1_fixture = config_topo['vm'][test_vm1] test_vm2_fixture = config_topo['vm'][test_vm2] test_vn = topo.vn_of_vm[test_vm1] # 'vnet0' test_vn_fix = config_topo['vn'][test_vn] test_vn_id = test_vn_fix.vn_id test_proto = 'icmp' for policy in topo.policy_test_order: # 2. set new policy for test_vn to policy test_policy_fq_names = [] name = config_topo['policy'][policy].policy_fq_name test_policy_fq_names.append(name) state = "policy for " + test_vn + " updated to " + policy test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id) # wait for tables update before checking after making changes to # system time.sleep(5) self.logger.info("new policy list of vn %s is %s" % (test_vn, policy)) # update expected topology with this new info for verification updated_topo = policy_test_utils.update_topo(topo, test_vn, policy) self.logger.info("Starting Verifications after %s" % (state)) policy_info = "policy in effect is : %s" % (topo.rules[policy]) self.logger.info(policy_info) # 3. set expectation to verify.. matching_rule_action = {} # Topology guide: There is only one policy assigned to test_vn and there is one rule affecting traffic proto. # For ping test, set expected result based on action - pass or deny # if action = 'pass', expectedResult= True, else Fail; num_rules = len(topo.rules[policy]) for i in range(num_rules): proto = topo.rules[policy][i]['protocol'] matching_rule_action[proto] = topo.rules[ policy][i]['simple_action'] if num_rules == 0: matching_rule_action[test_proto] = 'deny' self.logger.info("matching_rule_action: %s" % matching_rule_action) # 4. Test with ping expectedResult = True if matching_rule_action[ test_proto] == 'pass' else False ret = test_vm1_fixture.ping_with_certainty( test_vm2_fixture.vm_ip, expectation=expectedResult, dst_vm_fixture=test_vm2_fixture) result_msg = "vm ping test result after %s is: %s" % (state, ret) self.logger.info(result_msg) if not ret: result = False msg.extend([result_msg, policy_info]) all_policy_verify( self, config_topo, updated_topo, state, fixture_only='yes') assertEqual(result, True, msg) test_vn_fix.unbind_policies(test_vn_id) return result