def test_mainline(self):
"""
Setup two endpoints on one host and check connectivity then teardown.
"""
# TODO - add in IPv6 as part of this flow.
with DockerHost('host',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host:
host.start_calico_node("--libnetwork")
# Set up two endpoints on one host
network = host.create_network("testnet")
workload1 = host.create_workload("workload1", network=network)
workload2 = host.create_workload("workload2", network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host, 2)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host, network)
assert_profile(host, profile_name)
# Allow network to converge
# Check connectivity.
workload1.assert_can_ping("workload2", retries=5)
workload2.assert_can_ping("workload1", retries=5)
# Inspect the workload to ensure the MAC address is set
# correctly.
format = "'{{.NetworkSettings.Networks.%s.MacAddress}}'" % network
mac = host.execute("docker inspect --format %s %s" %
(format, workload1.name))
self.assertEquals(mac.lower(), "ee:ee:ee:ee:ee:ee")
# Disconnect endpoints from the network
# Assert can't ping and endpoints are removed from Calico
network.disconnect(host, workload1)
network.disconnect(host, workload2)
workload1.assert_cant_ping(workload2.ip, retries=5)
assert_number_endpoints(host, 0)
# Remove the endpoints on the host
# TODO (assert IPs are released)
host.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host,
profile_name)
def test_mainline(self):
"""
Setup two endpoints on one host and check connectivity then teardown.
"""
# TODO - add in IPv6 as part of this flow.
with DockerHost('host',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host:
host.start_calico_node("--libnetwork")
# Set up two endpoints on one host
network = host.create_network("testnet")
workload1 = host.create_workload("workload1", network=network)
workload2 = host.create_workload("workload2", network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host, 2)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host, network)
assert_profile(host, profile_name)
# Allow network to converge
# Check connectivity.
workload1.assert_can_ping("workload2", retries=5)
workload2.assert_can_ping("workload1", retries=5)
# Inspect the workload to ensure the MAC address is set
# correctly.
format = "'{{.NetworkSettings.Networks.%s.MacAddress}}'" % network
mac = host.execute("docker inspect --format %s %s" % (format,
workload1.name))
self.assertEquals(mac.lower(), "ee:ee:ee:ee:ee:ee")
# Disconnect endpoints from the network
# Assert can't ping and endpoints are removed from Calico
network.disconnect(host, workload1)
network.disconnect(host, workload2)
workload1.assert_cant_ping(workload2.ip, retries=5)
assert_number_endpoints(host, 0)
# Remove the endpoints on the host
# TODO (assert IPs are released)
host.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host, profile_name)
def test_mainline(self):
"""
Setup two endpoints on one host and check connectivity then teardown.
"""
# TODO - add in IPv6 as part of this flow.
with DockerHost('host') as host:
# Set up two endpoints on one host
network = host.create_network(str(uuid.uuid4()))
workload1 = host.create_workload(str(uuid.uuid4()),
network=network)
workload2 = host.create_workload(str(uuid.uuid4()),
network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host, 2)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host, network)
assert_profile(host, profile_name)
# Allow network to converge
# Check connectivity.
workload1.assert_can_ping(workload2.ip, retries=5)
self.assert_connectivity([workload1, workload2])
# Disconnect endpoints from the network
# Assert can't ping and endpoints are removed from Calico
network.disconnect(host, workload1)
network.disconnect(host, workload2)
workload1.assert_cant_ping(workload2.ip, retries=5)
assert_number_endpoints(host, 0)
# Remove the endpoints on the host
# TODO (assert IPs are released)
host.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host,
profile_name)
def test_mainline(self):
"""
Setup two endpoints on one host and check connectivity then teardown.
"""
# TODO - add in IPv6 as part of this flow.
with DockerHost('host') as host:
# Set up two endpoints on one host
network = host.create_network("testnet")
workload1 = host.create_workload(str(uuid.uuid4()), network=network)
workload2 = host.create_workload(str(uuid.uuid4()), network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host, 2)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host, network)
assert_profile(host, profile_name)
# Allow network to converge
# Check connectivity.
workload1.assert_can_ping(workload2.ip, retries=5)
self.assert_connectivity([workload1, workload2])
# Disconnect endpoints from the network
# Assert can't ping and endpoints are removed from Calico
network.disconnect(host, workload1)
network.disconnect(host, workload2)
workload1.assert_cant_ping(workload2.ip, retries=5)
assert_number_endpoints(host, 0)
# Remove the endpoints on the host
# TODO (assert IPs are released)
host.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host, profile_name)
def test_multi_host(self):
"""
Run a mainline multi-host test.
Because multihost tests are slow to setup, this tests most mainline
functionality in a single test.
- Create two hosts
- Create a network using the default IPAM driver, and a workload on
each host assigned to that network.
- Create a network using the Calico IPAM driver, and a workload on
each host assigned to that network.
- Check that hosts on the same network can ping each other.
- Check that hosts on different networks cannot ping each other.
"""
with DockerHost('host1',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host2:
# TODO work IPv6 into this test too
host1.start_calico_node("--libnetwork")
host2.start_calico_node("--libnetwork")
# Create the networks on host1, but it should be usable from all
# hosts. We create one network using the default driver, and the
# other using the Calico driver.
network1 = host1.create_network("testnet1", ipam_driver="default")
network2 = host1.create_network("testnet2", ipam_driver="calico")
# Assert that the networks can be seen on host2
assert_network(host2, network2)
assert_network(host2, network1)
# Assert that the profiles have been created for the networks
profile_name1 = get_profile_name(host1, network1)
assert_profile(host1, profile_name1)
profile_name2 = get_profile_name(host1, network2)
assert_profile(host1, profile_name2)
# Create two workloads on host1 and one on host2 all in network 1.
workload_h1n2_1 = host1.create_workload("workload_h1n2_1",
network=network2)
workload_h1n2_2 = host1.create_workload("workload_h1n2_2",
network=network2)
workload_h2n2_1 = host2.create_workload("workload_h2n2_1",
network=network2)
# Create similar workloads in network 2.
workload_h2n1_1 = host2.create_workload("workload_h2n1_1",
network=network1)
workload_h1n1_1 = host1.create_workload("workload_h1n1_1",
network=network1)
workload_h1n1_2 = host1.create_workload("workload_h1n1_2",
network=network1)
# Assert that endpoints are in Calico
assert_number_endpoints(host1, 4)
assert_number_endpoints(host2, 2)
# Assert that workloads can communicate with each other on network
# 1, and not those on network 2. Ping using IP for all workloads,
# and by hostname for workloads on the same network (note that
# a workloads own hostname does not work).
self.assert_connectivity(pass_list=[workload_h1n1_1,
workload_h1n1_2,
workload_h2n1_1])
# TODO: docker_gwbridge iptable FORWARD rule takes precedence over
# Felix, resulting in temporary lack of isolation between a
# container on the bridge communicating with a non-bridge container
# on the same host. Therefore we cannot yet test isolation.
# fail_list=[workload_h1n2_1,
# workload_h1n2_2,
# workload_h2n2_1])
workload_h1n1_1.execute("ping -c 1 -W 1 workload_h1n1_2")
workload_h1n1_1.execute("ping -c 1 -W 1 workload_h2n1_1")
# Repeat with network 2.
self.assert_connectivity(pass_list=[workload_h1n2_1,
workload_h1n2_2,
workload_h2n2_1])
# TODO - see comment above
# fail_list=[workload_h1n1_1,
# workload_h1n1_2,
# workload_h1n1_1])
workload_h1n2_1.execute("ping -c 1 -W 1 workload_h1n2_2")
workload_h1n2_1.execute("ping -c 1 -W 1 workload_h2n2_1")
# Test deleting the network. It will fail if there are any
# endpoints connected still.
self.assertRaises(CommandExecError, network1.delete)
self.assertRaises(CommandExecError, network2.delete)
# For network 1, disconnect (or "detach" or "leave") the endpoints
# Assert that an endpoint is removed from calico and can't ping
network1.disconnect(host1, workload_h1n1_1)
network1.disconnect(host1, workload_h1n1_2)
assert_number_endpoints(host1, 2)
network1.disconnect(host2, workload_h2n1_1)
assert_number_endpoints(host2, 1)
workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5)
# Repeat for network 2. All endpoints should be removed.
network2.disconnect(host1, workload_h1n2_1)
network2.disconnect(host1, workload_h1n2_2)
assert_number_endpoints(host1, 0)
network2.disconnect(host2, workload_h2n2_1)
assert_number_endpoints(host2, 0)
workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5)
# Remove the workloads, so the endpoints can be unpublished, then
# the delete should succeed.
host1.remove_workloads()
host2.remove_workloads()
# Remove the network and assert profile is removed
network1.delete()
network2.delete()
self.assertRaises(AssertionError, assert_profile, host1,
profile_name1)
def test_multi_host(self):
"""
Run a mainline multi-host test.
Because multihost tests are slow to setup, this tests most mainline
functionality in a single test.
- Create two hosts
- Create a network using the default IPAM driver, and a workload on
each host assigned to that network.
- Create a network using the Calico IPAM driver, and a workload on
each host assigned to that network.
- Check that hosts on the same network can ping each other.
- Check that hosts on different networks cannot ping each other.
"""
with DockerHost('host1',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS,
post_docker_commands=POST_DOCKER_COMMANDS,
start_calico=False) as host2:
# TODO work IPv6 into this test too
host1.start_calico_node("--libnetwork")
host2.start_calico_node("--libnetwork")
# Create the networks on host1, but it should be usable from all
# hosts. We create one network using the default driver, and the
# other using the Calico driver.
network1 = host1.create_network("testnet1", ipam_driver="default")
network2 = host1.create_network("testnet2", ipam_driver="calico")
# Assert that the networks can be seen on host2
assert_network(host2, network2)
assert_network(host2, network1)
# Assert that the profiles have been created for the networks
profile_name1 = get_profile_name(host1, network1)
assert_profile(host1, profile_name1)
profile_name2 = get_profile_name(host1, network2)
assert_profile(host1, profile_name2)
# Create two workloads on host1 and one on host2 all in network 1.
workload_h1n2_1 = host1.create_workload("workload_h1n2_1",
network=network2)
workload_h1n2_2 = host1.create_workload("workload_h1n2_2",
network=network2)
workload_h2n2_1 = host2.create_workload("workload_h2n2_1",
network=network2)
# Create similar workloads in network 2.
workload_h2n1_1 = host2.create_workload("workload_h2n1_1",
network=network1)
workload_h1n1_1 = host1.create_workload("workload_h1n1_1",
network=network1)
workload_h1n1_2 = host1.create_workload("workload_h1n1_2",
network=network1)
# Assert that endpoints are in Calico
assert_number_endpoints(host1, 4)
assert_number_endpoints(host2, 2)
# Assert that workloads can communicate with each other on network
# 1, and not those on network 2. Ping using IP for all workloads,
# and by hostname for workloads on the same network (note that
# a workloads own hostname does not work).
self.assert_connectivity(retries=2,
pass_list=[workload_h1n1_1,
workload_h1n1_2,
workload_h2n1_1])
# TODO: docker_gwbridge iptable FORWARD rule takes precedence over
# Felix, resulting in temporary lack of isolation between a
# container on the bridge communicating with a non-bridge container
# on the same host. Therefore we cannot yet test isolation.
# fail_list=[workload_h1n2_1,
# workload_h1n2_2,
# workload_h2n2_1])
workload_h1n1_1.execute("ping -c 1 -W 1 workload_h1n1_2")
workload_h1n1_1.execute("ping -c 1 -W 1 workload_h2n1_1")
# Repeat with network 2.
self.assert_connectivity(pass_list=[workload_h1n2_1,
workload_h1n2_2,
workload_h2n2_1])
# TODO - see comment above
# fail_list=[workload_h1n1_1,
# workload_h1n1_2,
# workload_h1n1_1])
workload_h1n2_1.execute("ping -c 1 -W 1 workload_h1n2_2")
workload_h1n2_1.execute("ping -c 1 -W 1 workload_h2n2_1")
# Test deleting the network. It will fail if there are any
# endpoints connected still.
self.assertRaises(CommandExecError, network1.delete)
self.assertRaises(CommandExecError, network2.delete)
# For network 1, disconnect (or "detach" or "leave") the endpoints
# Assert that an endpoint is removed from calico and can't ping
network1.disconnect(host1, workload_h1n1_1)
network1.disconnect(host1, workload_h1n1_2)
assert_number_endpoints(host1, 2)
network1.disconnect(host2, workload_h2n1_1)
assert_number_endpoints(host2, 1)
workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5)
# Repeat for network 2. All endpoints should be removed.
network2.disconnect(host1, workload_h1n2_1)
network2.disconnect(host1, workload_h1n2_2)
assert_number_endpoints(host1, 0)
network2.disconnect(host2, workload_h2n2_1)
assert_number_endpoints(host2, 0)
workload_h1n1_1.assert_cant_ping(workload_h2n2_1.ip, retries=5)
# Remove the workloads, so the endpoints can be unpublished, then
# the delete should succeed.
host1.remove_workloads()
host2.remove_workloads()
# Remove the network and assert profile is removed
network1.delete()
network2.delete()
self.assertRaises(AssertionError, assert_profile, host1,
profile_name1)
def test_multi_host(self):
"""
Run a mainline multi-host test.
Because multihost tests are slow to setup, this tests most mainline
functionality in a single test.
Create two hosts, a single network, one workload on each host and
ping between them.
"""
with DockerHost('host1') as host1, DockerHost('host2') as host2:
# TODO work IPv6 into this test too
# Create the network on host1, but it should be usable from all
# hosts.
network = host1.create_network("testnet")
# Assert that the network can be seen on host2
assert_network(host2, network)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host1, network)
assert_profile(host1, profile_name)
# Create two hosts
workload_host1 = host1.create_workload("workload1",
network=network)
workload_host2 = host2.create_workload("workload2",
network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host1, 1)
assert_number_endpoints(host2, 1)
# Assert that workloads can communicate with each other
workload_host1.assert_can_ping(workload_host2.ip, retries=5)
self.assert_connectivity(pass_list=[workload_host1,
workload_host2])
# Ping using container names
workload_host1.execute("ping -c 1 -W 1 workload2")
workload_host2.execute("ping -c 1 -W 1 workload1")
# Test deleting the network. It will fail if there are any
# endpoints connected still.
self.assertRaises(CommandExecError, network.delete)
# Disconnect (or "detach" or "leave") the endpoints
# Assert that the endpoints are removed from calico and can't ping
network.disconnect(host1, workload_host1)
assert_number_endpoints(host1, 0)
network.disconnect(host2, workload_host2)
assert_number_endpoints(host2, 0)
workload_host1.assert_cant_ping(workload_host2.ip, retries=5)
# Remove the workloads, so the endpoints can be unpublished, then
# the delete should succeed.
host1.remove_workloads()
host2.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host1, profile_name)
def test_multi_host(self):
"""
Run a mainline multi-host test.
Because multihost tests are slow to setup, this tests most mainline
functionality in a single test.
Create two hosts, a single network, one workload on each host and
ping between them.
"""
with DockerHost('host1') as host1, DockerHost('host2') as host2:
# TODO work IPv6 into this test too
# Create the network on host1, but it should be usable from all
# hosts.
network = host1.create_network(str(uuid.uuid4()))
# Assert that the network can be seen on host2
assert_network(host2, network)
# Assert that the profile has been created for the network
profile_name = get_profile_name(host1, network)
assert_profile(host1, profile_name)
# Create two hosts
workload_host1 = host1.create_workload("workload1",
network=network)
workload_host2 = host2.create_workload("workload2",
network=network)
# Assert that endpoints are in Calico
assert_number_endpoints(host1, 1)
assert_number_endpoints(host2, 1)
# Assert that workloads can communicate with each other
workload_host1.assert_can_ping(workload_host2.ip, retries=5)
self.assert_connectivity(
pass_list=[workload_host1, workload_host2])
# Ping using container names
workload_host1.execute("ping -c 1 -W 1 workload2")
workload_host2.execute("ping -c 1 -W 1 workload1")
# Test deleting the network. It will fail if there are any
# endpoints connected still.
self.assertRaises(CommandExecError, network.delete)
# Disconnect (or "detach" or "leave") the endpoints
# Assert that the endpoints are removed from calico and can't ping
network.disconnect(host1, workload_host1)
assert_number_endpoints(host1, 0)
network.disconnect(host2, workload_host2)
assert_number_endpoints(host2, 0)
workload_host1.assert_cant_ping(workload_host2.ip, retries=5)
# Remove the workloads, so the endpoints can be unpublished, then
# the delete should succeed.
host1.remove_workloads()
host2.remove_workloads()
# Remove the network and assert profile is removed
network.delete()
self.assertRaises(AssertionError, assert_profile, host1,
profile_name)
