def cleanup(self):
env = Environment(name="Cleanup")
with env:
eventlet.sleep(30)
provider = env.manager.realizer.plcy_provider
_, plcy_meta = env.dump_provider_inventory(printable=False)
for type, meta in plcy_meta.items():
if type != provider.SEGMENT and type != provider.SG_RULES_REMOTE_PREFIX:
self.assertEquals(meta["meta"], dict())
def run(self):
"""
Run NSX-T Agent with exported Neutron inventory
"""
description = "Run NSX-T Agent"
parser = argparse.ArgumentParser(description=description)
parser.add_argument(
"--config-file",
action="append",
help="OpenStack Neutron configuration file(s) location(s)")
args = parser.parse_args(sys.argv[2:])
self._init_(args)
load_path = os.path.join(os.getcwd(), "inventory")
with open(os.path.join(load_path, "neutron"), "r") as file:
dataset = json.load(file)
# Add name to the port to be able to use port binding mock
for id, port in dataset["port"].items():
port["name"] = id
env = Environment(inventory=dataset)
with env:
i = env.openstack_inventory
for id, port in dataset["port"].items():
if "segmentation_id" in port["vif_details"]:
i.port_bind(port["name"],
port["vif_details"]["segmentation_id"])
else:
LOG.error("Port:%s does not have segmentation_id", id)
def test_end_to_end(self):
self.cleanup()
c = coverage
LOG.info("Create inventory with the provider")
inventory = copy.deepcopy(coverage.OPENSTACK_INVENTORY)
env = Environment(inventory=inventory)
with env:
i = env.openstack_inventory
i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000")
i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200")
i.port_bind(c.PORT_BACKEND["name"], "3200")
i.port_bind(c.PORT_DB["name"], "3200")
i.port_bind(c.PORT_WITH_3_SG["name"], "1000")
eventlet.sleep(30)
self._assert_create(c, env)
LOG.info("Create inventory with the provider")
env = Environment(inventory=inventory)
with env:
inventory = i = env.openstack_inventory
provider = p = env.manager.realizer.plcy_provider
eventlet.sleep(30)
for index in range(1, 10):
self._pollute(env, index)
# Remove parent
i.port_delete(c.PORT_FRONTEND_INTERNAL["name"])
i.port_delete(c.PORT_WITH_3_SG["name"])
eventlet.sleep(10)
# Remove child
i.port_delete(c.PORT_FRONTEND_EXTERNAL["name"])
eventlet.sleep(60)
self._assert_update(c, env)
def test_synchronous_creation(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.test_synchronous_port_create(
c.PORT_FRONTEND_EXTERNAL["name"], "1001")
eventlet.sleep(10)
pp = env.manager.realizer.plcy_provider
mp = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1001" in mngr_meta[mp.NETWORK]["meta"], True)
# Validate QoS State
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
True)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_creation(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
# LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory())
i = env.openstack_inventory
i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000")
i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200")
i.port_bind(c.PORT_BACKEND["name"], "3200")
i.port_bind(c.PORT_DB["name"], "3200")
eventlet.sleep(10)
# LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
plcy = env.manager.realizer.plcy_provider
mngr = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True)
self.assertEquals("3200" in mngr_meta[mngr.NETWORK]["meta"], True)
self.assertEquals(plcy_meta[plcy.SEGMENT]["meta"], {})
self.assertEquals(plcy_meta[plcy.SEGM_PORT]["meta"], {})
# Validate QoS State
self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mngr.QOS]["meta"],
True)
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mngr.QOS]["meta"],
True)
self.assertEquals(
c.QOS_NOT_REFERENCED["id"] in mngr_meta[mngr.QOS]["meta"], False)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], False)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[plcy.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_RULES]["meta"],
False)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[plcy.SG_RULES]["meta"], False)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[plcy.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_transition_to_static_group_membership(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.port_bind(c.PORT_WITH_3_SG["name"], "1000")
eventlet.sleep(10)
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
plcy = env.manager.realizer.plcy_provider
mngr = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate Networks
self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True)
# Validate Ports
self.assertEquals(
c.PORT_WITH_3_SG["id"] in mngr_meta[mngr.PORT]["meta"], True)
self.assertEquals(
c.PORT_WITH_3_SG["id"] in plcy_meta[plcy.SEGM_PORT]["meta"], True)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
# Assert the new static membership is used
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_FRONTEND["id"]]["sg_members"], True)
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_OPERATIONS["id"]]["sg_members"], True)
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_DB["id"]]["sg_members"], True)
self.assertEquals(
3,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_FRONTEND["id"]]["sg_cidrs"]))
self.assertEquals(
4,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_OPERATIONS["id"]]["sg_cidrs"]))
self.assertEquals(
2,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][c.SECURITY_GROUP_DB["id"]]
["sg_cidrs"]))
def test_cleanup(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000")
i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200")
i.port_bind(c.PORT_BACKEND["name"], "3200")
i.port_bind(c.PORT_DB["name"], "3200")
eventlet.sleep(10)
# LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory())
# Add orphan IPSets
# pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("192.168.0.0/12"))
# pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("::ffff/64"))
i.port_delete(c.PORT_FRONTEND_INTERNAL["name"])
eventlet.sleep(1)
i.port_delete(c.PORT_FRONTEND_EXTERNAL["name"])
eventlet.sleep(10)
# LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
pp = env.manager.realizer.plcy_provider
mp = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1000" in mngr_meta[mp.NETWORK]["meta"], True)
self.assertEquals("3200" in mngr_meta[mp.NETWORK]["meta"], True)
# Validate Ports
self.assertEquals(
c.PORT_FRONTEND_EXTERNAL["id"] in mngr_meta[mp.PORT]["meta"],
False)
self.assertEquals(
c.PORT_FRONTEND_INTERNAL["id"] in mngr_meta[mp.PORT]["meta"],
False)
self.assertEquals(c.PORT_BACKEND["id"] in mngr_meta[mp.PORT]["meta"],
True)
self.assertEquals(c.PORT_DB["id"] in mngr_meta[mp.PORT]["meta"], True)
# Validate QoS State
self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
False)
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
False)
self.assertEquals(
c.QOS_NOT_REFERENCED["id"] in mngr_meta[mp.QOS]["meta"], False)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], False)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[pp.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_RULES]["meta"],
False)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[pp.SG_RULES]["meta"], False)
# Validate Security Group Rules NSGroups
# self.assertEquals(c.SECURITY_GROUP_FRONTEND["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# self.assertEquals(c.SECURITY_GROUP_BACKEND["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_DB["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_OPERATIONS["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_AUTH["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# self.assertEquals(c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def cleanup(self):
env = Environment(name="Cleanup")
with env:
# TODO - define more correct criteria
eventlet.sleep(30)