def _setup_workloads(self, host1, host2): # Create the networks on host1, but it should be usable from all # hosts. We create one network using the default driver, and the # other using the Calico driver. network1 = host1.create_network("testnet1") network2 = host1.create_network("testnet2") networks = [network1, network2] # Assert that the networks can be seen on host2 assert_network(host2, network2) assert_network(host2, network1) n1_workloads = [] n2_workloads = [] # Create two workloads on host1 and one on host2 all in network 1. n1_workloads.append(host2.create_workload("workload_h2n1_1", image="workload", network=network1)) n1_workloads.append(host1.create_workload("workload_h1n1_1", image="workload", network=network1)) n1_workloads.append(host1.create_workload("workload_h1n1_2", image="workload", network=network1)) # Create similar workloads in network 2. n2_workloads.append(host1.create_workload("workload_h1n2_1", image="workload", network=network2)) n2_workloads.append(host1.create_workload("workload_h1n2_2", image="workload", network=network2)) n2_workloads.append(host2.create_workload("workload_h2n2_1", image="workload", network=network2)) print "*******************" print "Network1 is:\n%s\n%s" % ( [x.ip for x in n1_workloads], [x.name for x in n1_workloads]) print "Network2 is:\n%s\n%s" % ( [x.ip for x in n2_workloads], [x.name for x in n2_workloads]) print "*******************" # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) self._check_original_connectivity(n1_workloads, n2_workloads) # Test deleting the network. It will fail if there are any # endpoints connected still. if (host1.networking == NETWORKING_LIBNETWORK or host2.networking == NETWORKING_LIBNETWORK): self.assertRaises(CommandExecError, network1.delete) self.assertRaises(CommandExecError, network2.delete) return n1_workloads, n2_workloads, networks
def _setup_workloads(self, host1, host2): # Create the networks on host1, but they should be usable from all # hosts. network1 = host1.create_network("testnet1") network2 = host1.create_network("testnet2") networks = [network1, network2] n1_workloads = [] n2_workloads = [] # Create two workloads on host1 and one on host2 all in network 1. n1_workloads.append( host2.create_workload("workload_h2n1_1", image="workload", network=network1)) n1_workloads.append( host1.create_workload("workload_h1n1_1", image="workload", network=network1)) n1_workloads.append( host1.create_workload("workload_h1n1_2", image="workload", network=network1)) # Create similar workloads in network 2. n2_workloads.append( host1.create_workload("workload_h1n2_1", image="workload", network=network2)) n2_workloads.append( host1.create_workload("workload_h1n2_2", image="workload", network=network2)) n2_workloads.append( host2.create_workload("workload_h2n2_1", image="workload", network=network2)) print "*******************" print "Network1 is:\n%s\n%s" % ([x.ip for x in n1_workloads ], [x.name for x in n1_workloads]) print "Network2 is:\n%s\n%s" % ([x.ip for x in n2_workloads ], [x.name for x in n2_workloads]) print "*******************" # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) try: self._check_original_connectivity(n1_workloads, n2_workloads) except Exception as e: _log.exception(e) host1.log_extra_diags() host2.log_extra_diags() raise return n1_workloads, n2_workloads, networks
def _setup_workloads(self, host1, host2): # Create the networks on host1, but it should be usable from all # hosts. We create one network using the default driver, and the # other using the Calico driver. network1 = host1.create_network("testnet1") network2 = host1.create_network("testnet2") networks = [network1, network2] # Assert that the networks can be seen on host2 assert_network(host2, network2) assert_network(host2, network1) n1_workloads = [] n2_workloads = [] # Create two workloads on host1 and one on host2 all in network 1. n1_workloads.append(host2.create_workload("workload_h2n1_1", image="workload", network=network1)) n1_workloads.append(host1.create_workload("workload_h1n1_1", image="workload", network=network1)) n1_workloads.append(host1.create_workload("workload_h1n1_2", image="workload", network=network1)) # Create similar workloads in network 2. n2_workloads.append(host1.create_workload("workload_h1n2_1", image="workload", network=network2)) n2_workloads.append(host1.create_workload("workload_h1n2_2", image="workload", network=network2)) n2_workloads.append(host2.create_workload("workload_h2n2_1", image="workload", network=network2)) print "*******************" print "Network1 is:\n%s\n%s" % ( [x.ip for x in n1_workloads], [x.name for x in n1_workloads]) print "Network2 is:\n%s\n%s" % ( [x.ip for x in n2_workloads], [x.name for x in n2_workloads]) print "*******************" # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) self._check_original_connectivity(n1_workloads, n2_workloads) # Test deleting the network. It will fail if there are any # endpoints connected still. self.assertRaises(CommandExecError, network1.delete) self.assertRaises(CommandExecError, network2.delete) return n1_workloads, n2_workloads, networks
def test_mainline(self): """ Setup two endpoints on one host and check connectivity then teardown. """ # TODO - add in IPv6 as part of this flow. with DockerHost('host', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host: host.start_calico_node("--libnetwork") # Set up two endpoints on one host network = host.create_network("testnet") workload1 = host.create_workload("workload1", network=network) workload2 = host.create_workload("workload2", network=network) # Assert that endpoints are in Calico assert_number_endpoints(host, 2) # Assert that the profile has been created for the network profile_name = get_profile_name(host, network) assert_profile(host, profile_name) # Allow network to converge # Check connectivity. workload1.assert_can_ping("workload2", retries=5) workload2.assert_can_ping("workload1", retries=5) # Inspect the workload to ensure the MAC address is set # correctly. format = "'{{.NetworkSettings.Networks.%s.MacAddress}}'" % network mac = host.execute("docker inspect --format %s %s" % (format, workload1.name)) self.assertEquals(mac.lower(), "ee:ee:ee:ee:ee:ee") # Disconnect endpoints from the network # Assert can't ping and endpoints are removed from Calico network.disconnect(host, workload1) network.disconnect(host, workload2) workload1.assert_cant_ping(workload2.ip, retries=5) assert_number_endpoints(host, 0) # Remove the endpoints on the host # TODO (assert IPs are released) host.remove_workloads() # Remove the network and assert profile is removed network.delete() self.assertRaises(AssertionError, assert_profile, host, profile_name)
def test_assign_specific_ip(self): """ Test that a libnetwork assigned IP is allocated to the container with Calico when using the '--ip' flag on docker run. """ with DockerHost('host1', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host1, \ DockerHost('host2', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host2: host1.start_calico_node("--libnetwork") host2.start_calico_node("--libnetwork") # Set up one endpoints on each host workload1_ip = "192.168.1.101" workload2_ip = "192.168.1.102" subnet = "192.168.0.0/16" network = host1.create_network("testnet", subnet=subnet) workload1 = host1.create_workload("workload1", network=network, ip=workload1_ip) workload2 = host2.create_workload("workload2", network=network, ip=workload2_ip) self.assertEquals(workload1_ip, workload1.ip) self.assertEquals(workload2_ip, workload2.ip) # Allow network to converge # Check connectivity with assigned IPs workload1.assert_can_ping(workload2_ip, retries=5) workload2.assert_can_ping(workload1_ip, retries=5) # Disconnect endpoints from the network # Assert can't ping and endpoints are removed from Calico network.disconnect(host1, workload1) network.disconnect(host2, workload2) workload1.assert_cant_ping(workload2_ip, retries=5) assert_number_endpoints(host1, 0) assert_number_endpoints(host2, 0) network.delete()
def test_mainline(self): """ Setup two endpoints on one host and check connectivity then teardown. """ # TODO - add in IPv6 as part of this flow. with DockerHost('host') as host: # Set up two endpoints on one host network = host.create_network(str(uuid.uuid4())) workload1 = host.create_workload(str(uuid.uuid4()), network=network) workload2 = host.create_workload(str(uuid.uuid4()), network=network) # Assert that endpoints are in Calico assert_number_endpoints(host, 2) # Assert that the profile has been created for the network profile_name = get_profile_name(host, network) assert_profile(host, profile_name) # Allow network to converge # Check connectivity. workload1.assert_can_ping(workload2.ip, retries=5) self.assert_connectivity([workload1, workload2]) # Disconnect endpoints from the network # Assert can't ping and endpoints are removed from Calico network.disconnect(host, workload1) network.disconnect(host, workload2) workload1.assert_cant_ping(workload2.ip, retries=5) assert_number_endpoints(host, 0) # Remove the endpoints on the host # TODO (assert IPs are released) host.remove_workloads() # Remove the network and assert profile is removed network.delete() self.assertRaises(AssertionError, assert_profile, host, profile_name)
def test_mainline(self): """ Setup two endpoints on one host and check connectivity then teardown. """ # TODO - add in IPv6 as part of this flow. with DockerHost('host') as host: # Set up two endpoints on one host network = host.create_network("testnet") workload1 = host.create_workload(str(uuid.uuid4()), network=network) workload2 = host.create_workload(str(uuid.uuid4()), network=network) # Assert that endpoints are in Calico assert_number_endpoints(host, 2) # Assert that the profile has been created for the network profile_name = get_profile_name(host, network) assert_profile(host, profile_name) # Allow network to converge # Check connectivity. workload1.assert_can_ping(workload2.ip, retries=5) self.assert_connectivity([workload1, workload2]) # Disconnect endpoints from the network # Assert can't ping and endpoints are removed from Calico network.disconnect(host, workload1) network.disconnect(host, workload2) workload1.assert_cant_ping(workload2.ip, retries=5) assert_number_endpoints(host, 0) # Remove the endpoints on the host # TODO (assert IPs are released) host.remove_workloads() # Remove the network and assert profile is removed network.delete() self.assertRaises(AssertionError, assert_profile, host, profile_name)
def test_multi_host(self): """ Run a mainline multi-host test. Because multihost tests are slow to setup, this tests most mainline functionality in a single test. - Create two hosts - Create a network using the default IPAM driver, and a workload on each host assigned to that network. - Create a network using the Calico IPAM driver, and a workload on each host assigned to that network. - Check that hosts on the same network can ping each other. - Check that hosts on different networks cannot ping each other. """ with DockerHost('host1', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host1, \ DockerHost('host2', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host2: # TODO work IPv6 into this test too host1.start_calico_node("--libnetwork") host2.start_calico_node("--libnetwork") # Create the networks on host1, but it should be usable from all # hosts. We create one network using the default driver, and the # other using the Calico driver. network1 = host1.create_network("testnet1", ipam_driver="default") network2 = host1.create_network("testnet2", ipam_driver="calico") # Assert that the networks can be seen on host2 assert_network(host2, network2) assert_network(host2, network1) # Assert that the profiles have been created for the networks profile_name1 = get_profile_name(host1, network1) assert_profile(host1, profile_name1) profile_name2 = get_profile_name(host1, network2) assert_profile(host1, profile_name2) # Create two workloads on host1 and one on host2 all in network 1. workload_h1n2_1 = host1.create_workload("workload_h1n2_1", network=network2) workload_h1n2_2 = host1.create_workload("workload_h1n2_2", network=network2) workload_h2n2_1 = host2.create_workload("workload_h2n2_1", network=network2) # Create similar workloads in network 2. workload_h2n1_1 = host2.create_workload("workload_h2n1_1", network=network1) workload_h1n1_1 = host1.create_workload("workload_h1n1_1", network=network1) workload_h1n1_2 = host1.create_workload("workload_h1n1_2", network=network1) # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) # Assert that workloads can communicate with each other on network # 1, and not those on network 2. Ping using IP for all workloads, # and by hostname for workloads on the same network (note that # a workloads own hostname does not work). self.assert_connectivity(pass_list=[workload_h1n1_1, workload_h1n1_2, workload_h2n1_1]) # TODO: docker_gwbridge iptable FORWARD rule takes precedence over # Felix, resulting in temporary lack of isolation between a # container on the bridge communicating with a non-bridge container # on the same host. Therefore we cannot yet test isolation. # fail_list=[workload_h1n2_1, # workload_h1n2_2, # workload_h2n2_1]) workload_h1n1_1.execute("ping -c 1 -W 1 workload_h1n1_2") workload_h1n1_1.execute("ping -c 1 -W 1 workload_h2n1_1") # Repeat with network 2. self.assert_connectivity(pass_list=[workload_h1n2_1, workload_h1n2_2, workload_h2n2_1]) # TODO - see comment above # fail_list=[workload_h1n1_1, # workload_h1n1_2, # workload_h1n1_1]) workload_h1n2_1.execute("ping -c 1 -W 1 workload_h1n2_2") workload_h1n2_1.execute("ping -c 1 -W 1 workload_h2n2_1") # Test deleting the network. It will fail if there are any # endpoints connected still. self.assertRaises(CommandExecError, network1.delete) self.assertRaises(CommandExecError, network2.delete) # For network 1, disconnect (or "detach" or "leave") the endpoints # Assert that an endpoint is removed from calico and can't ping network1.disconnect(host1, workload_h1n1_1) network1.disconnect(host1, workload_h1n1_2) assert_number_endpoints(host1, 2) network1.disconnect(host2, workload_h2n1_1) assert_number_endpoints(host2, 1) workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5) # Repeat for network 2. All endpoints should be removed. network2.disconnect(host1, workload_h1n2_1) network2.disconnect(host1, workload_h1n2_2) assert_number_endpoints(host1, 0) network2.disconnect(host2, workload_h2n2_1) assert_number_endpoints(host2, 0) workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5) # Remove the workloads, so the endpoints can be unpublished, then # the delete should succeed. host1.remove_workloads() host2.remove_workloads() # Remove the network and assert profile is removed network1.delete() network2.delete() self.assertRaises(AssertionError, assert_profile, host1, profile_name1)
def _setup_workloads(self, host1, host2): # Create the networks on host1, but they should be usable from all # hosts. network1 = host1.create_network("testnet1") network2 = host1.create_network("testnet2") networks = [network1, network2] n1_workloads = [] n2_workloads = [] # Create two workloads on host1 and one on host2 all in network 1. n1_workloads.append( host2.create_workload("workload_h2n1_1", image="workload", network=network1)) n1_workloads.append( host1.create_workload("workload_h1n1_1", image="workload", network=network1)) n1_workloads.append( host1.create_workload("workload_h1n1_2", image="workload", network=network1)) # Create similar workloads in network 2. n2_workloads.append( host1.create_workload("workload_h1n2_1", image="workload", network=network2)) n2_workloads.append( host1.create_workload("workload_h1n2_2", image="workload", network=network2)) n2_workloads.append( host2.create_workload("workload_h2n2_1", image="workload", network=network2)) print "*******************" print "Network1 is:\n%s\n%s" % ([x.ip for x in n1_workloads ], [x.name for x in n1_workloads]) print "Network2 is:\n%s\n%s" % ([x.ip for x in n2_workloads ], [x.name for x in n2_workloads]) print "*******************" # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) try: self._check_original_connectivity(n1_workloads, n2_workloads) except Exception as e: _log.exception(e) host1.log_extra_diags() host2.log_extra_diags() raise # Test deleting the network. It will fail if there are any # endpoints connected still. if (host1.networking == NETWORKING_LIBNETWORK or host2.networking == NETWORKING_LIBNETWORK): self.assertRaises(CommandExecError, network1.delete) self.assertRaises(CommandExecError, network2.delete) return n1_workloads, n2_workloads, networks
def test_multi_host(self): """ Run a mainline multi-host test. Because multihost tests are slow to setup, this tests most mainline functionality in a single test. - Create two hosts - Create a network using the default IPAM driver, and a workload on each host assigned to that network. - Create a network using the Calico IPAM driver, and a workload on each host assigned to that network. - Check that hosts on the same network can ping each other. - Check that hosts on different networks cannot ping each other. """ with DockerHost('host1', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host1, \ DockerHost('host2', additional_docker_options=ADDITIONAL_DOCKER_OPTIONS, post_docker_commands=POST_DOCKER_COMMANDS, start_calico=False) as host2: # TODO work IPv6 into this test too host1.start_calico_node("--libnetwork") host2.start_calico_node("--libnetwork") # Create the networks on host1, but it should be usable from all # hosts. We create one network using the default driver, and the # other using the Calico driver. network1 = host1.create_network("testnet1", ipam_driver="default") network2 = host1.create_network("testnet2", ipam_driver="calico") # Assert that the networks can be seen on host2 assert_network(host2, network2) assert_network(host2, network1) # Assert that the profiles have been created for the networks profile_name1 = get_profile_name(host1, network1) assert_profile(host1, profile_name1) profile_name2 = get_profile_name(host1, network2) assert_profile(host1, profile_name2) # Create two workloads on host1 and one on host2 all in network 1. workload_h1n2_1 = host1.create_workload("workload_h1n2_1", network=network2) workload_h1n2_2 = host1.create_workload("workload_h1n2_2", network=network2) workload_h2n2_1 = host2.create_workload("workload_h2n2_1", network=network2) # Create similar workloads in network 2. workload_h2n1_1 = host2.create_workload("workload_h2n1_1", network=network1) workload_h1n1_1 = host1.create_workload("workload_h1n1_1", network=network1) workload_h1n1_2 = host1.create_workload("workload_h1n1_2", network=network1) # Assert that endpoints are in Calico assert_number_endpoints(host1, 4) assert_number_endpoints(host2, 2) # Assert that workloads can communicate with each other on network # 1, and not those on network 2. Ping using IP for all workloads, # and by hostname for workloads on the same network (note that # a workloads own hostname does not work). self.assert_connectivity(retries=2, pass_list=[workload_h1n1_1, workload_h1n1_2, workload_h2n1_1]) # TODO: docker_gwbridge iptable FORWARD rule takes precedence over # Felix, resulting in temporary lack of isolation between a # container on the bridge communicating with a non-bridge container # on the same host. Therefore we cannot yet test isolation. # fail_list=[workload_h1n2_1, # workload_h1n2_2, # workload_h2n2_1]) workload_h1n1_1.execute("ping -c 1 -W 1 workload_h1n1_2") workload_h1n1_1.execute("ping -c 1 -W 1 workload_h2n1_1") # Repeat with network 2. self.assert_connectivity(pass_list=[workload_h1n2_1, workload_h1n2_2, workload_h2n2_1]) # TODO - see comment above # fail_list=[workload_h1n1_1, # workload_h1n1_2, # workload_h1n1_1]) workload_h1n2_1.execute("ping -c 1 -W 1 workload_h1n2_2") workload_h1n2_1.execute("ping -c 1 -W 1 workload_h2n2_1") # Test deleting the network. It will fail if there are any # endpoints connected still. self.assertRaises(CommandExecError, network1.delete) self.assertRaises(CommandExecError, network2.delete) # For network 1, disconnect (or "detach" or "leave") the endpoints # Assert that an endpoint is removed from calico and can't ping network1.disconnect(host1, workload_h1n1_1) network1.disconnect(host1, workload_h1n1_2) assert_number_endpoints(host1, 2) network1.disconnect(host2, workload_h2n1_1) assert_number_endpoints(host2, 1) workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5) # Repeat for network 2. All endpoints should be removed. network2.disconnect(host1, workload_h1n2_1) network2.disconnect(host1, workload_h1n2_2) assert_number_endpoints(host1, 0) network2.disconnect(host2, workload_h2n2_1) assert_number_endpoints(host2, 0) workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5) # Remove the workloads, so the endpoints can be unpublished, then # the delete should succeed. host1.remove_workloads() host2.remove_workloads() # Remove the network and assert profile is removed network1.delete() network2.delete() self.assertRaises(AssertionError, assert_profile, host1, profile_name1)
def test_multi_host(self): """ Run a mainline multi-host test. Because multihost tests are slow to setup, this tests most mainline functionality in a single test. Create two hosts, a single network, one workload on each host and ping between them. """ with DockerHost('host1') as host1, DockerHost('host2') as host2: # TODO work IPv6 into this test too # Create the network on host1, but it should be usable from all # hosts. network = host1.create_network("testnet") # Assert that the network can be seen on host2 assert_network(host2, network) # Assert that the profile has been created for the network profile_name = get_profile_name(host1, network) assert_profile(host1, profile_name) # Create two hosts workload_host1 = host1.create_workload("workload1", network=network) workload_host2 = host2.create_workload("workload2", network=network) # Assert that endpoints are in Calico assert_number_endpoints(host1, 1) assert_number_endpoints(host2, 1) # Assert that workloads can communicate with each other workload_host1.assert_can_ping(workload_host2.ip, retries=5) self.assert_connectivity(pass_list=[workload_host1, workload_host2]) # Ping using container names workload_host1.execute("ping -c 1 -W 1 workload2") workload_host2.execute("ping -c 1 -W 1 workload1") # Test deleting the network. It will fail if there are any # endpoints connected still. self.assertRaises(CommandExecError, network.delete) # Disconnect (or "detach" or "leave") the endpoints # Assert that the endpoints are removed from calico and can't ping network.disconnect(host1, workload_host1) assert_number_endpoints(host1, 0) network.disconnect(host2, workload_host2) assert_number_endpoints(host2, 0) workload_host1.assert_cant_ping(workload_host2.ip, retries=5) # Remove the workloads, so the endpoints can be unpublished, then # the delete should succeed. host1.remove_workloads() host2.remove_workloads() # Remove the network and assert profile is removed network.delete() self.assertRaises(AssertionError, assert_profile, host1, profile_name)
def test_multi_host(self): """ Run a mainline multi-host test. Because multihost tests are slow to setup, this tests most mainline functionality in a single test. Create two hosts, a single network, one workload on each host and ping between them. """ with DockerHost('host1') as host1, DockerHost('host2') as host2: # TODO work IPv6 into this test too # Create the network on host1, but it should be usable from all # hosts. network = host1.create_network(str(uuid.uuid4())) # Assert that the network can be seen on host2 assert_network(host2, network) # Assert that the profile has been created for the network profile_name = get_profile_name(host1, network) assert_profile(host1, profile_name) # Create two hosts workload_host1 = host1.create_workload("workload1", network=network) workload_host2 = host2.create_workload("workload2", network=network) # Assert that endpoints are in Calico assert_number_endpoints(host1, 1) assert_number_endpoints(host2, 1) # Assert that workloads can communicate with each other workload_host1.assert_can_ping(workload_host2.ip, retries=5) self.assert_connectivity( pass_list=[workload_host1, workload_host2]) # Ping using container names workload_host1.execute("ping -c 1 -W 1 workload2") workload_host2.execute("ping -c 1 -W 1 workload1") # Test deleting the network. It will fail if there are any # endpoints connected still. self.assertRaises(CommandExecError, network.delete) # Disconnect (or "detach" or "leave") the endpoints # Assert that the endpoints are removed from calico and can't ping network.disconnect(host1, workload_host1) assert_number_endpoints(host1, 0) network.disconnect(host2, workload_host2) assert_number_endpoints(host2, 0) workload_host1.assert_cant_ping(workload_host2.ip, retries=5) # Remove the workloads, so the endpoints can be unpublished, then # the delete should succeed. host1.remove_workloads() host2.remove_workloads() # Remove the network and assert profile is removed network.delete() self.assertRaises(AssertionError, assert_profile, host1, profile_name)