openstack/fuel-qa
Code Issues Proposed changes

Merge "Add dpdk tests for ovs firewall driver" into stable/mitaka

Browse Source
This commit is contained in:
Jenkins 2017-01-19 09:18:01 +00:00 committed by Gerrit Code Review
commit b13f6ea906
3 changed files with 400 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
fuelweb_test/helpers/checkers.py
View File

@ -34,21 +34,15 @@ import yaml
from core.helpers.log_helpers import logwrap
from fuelweb_test import settings
from fuelweb_test import logger
from fuelweb_test.helpers.ssh_manager import SSHManager
from fuelweb_test.helpers.utils import check_config
from fuelweb_test.helpers.utils import get_ini_config
from fuelweb_test.helpers.utils import get_mongo_partitions
from fuelweb_test.settings import EXTERNAL_DNS
from fuelweb_test.settings import EXTERNAL_NTP
from fuelweb_test.settings import OPENSTACK_RELEASE
from fuelweb_test.settings import OPENSTACK_RELEASE_UBUNTU
from fuelweb_test.settings import POOLS
from fuelweb_test.settings import PUBLIC_TEST_IP
from fuelweb_test.settings import SSH_IMAGE_CREDENTIALS
cirros_auth = SSHAuth(**SSH_IMAGE_CREDENTIALS)
cirros_auth = SSHAuth(**settings.SSH_IMAGE_CREDENTIALS)
ssh_manager = SSHManager()
@ -794,7 +788,8 @@ def check_stats_private_info(collector_remote, postgres_actions,
'nailgun', 'select id from action_logs;').split('\n')]
sent_stats = str(collector_remote.get_installation_info_data(master_uuid))
logger.debug('installation structure is {0}'.format(sent_stats))
used_networks = [POOLS[net_name][0] for net_name in POOLS.keys()]
used_networks = [settings.POOLS[net_name][0]
for net_name in settings.POOLS.keys()]
has_no_private_data = True
logger.debug("Looking for private data in the installation structure, "
@ -829,7 +824,7 @@ def check_kernel(kernel, expected_kernel):
@logwrap
def external_dns_check(ip):
logger.info("External dns check")
provided_dns = EXTERNAL_DNS
provided_dns = settings.EXTERNAL_DNS
logger.debug("provided to test dns is {}".format(provided_dns))
cluster_dns = []
for dns in provided_dns:
@ -846,7 +841,7 @@ def external_dns_check(ip):
command_hostname = ''.join(
ssh_manager.execute(ip,
"host {0} | awk {{'print $5'}}"
.format(PUBLIC_TEST_IP))
.format(settings.PUBLIC_TEST_IP))
["stdout"]).rstrip()
hostname = 'google-public-dns-a.google.com.'
assert_equal(command_hostname, hostname,
@ -884,7 +879,7 @@ def verify_bootstrap_on_node(ip, os_type, uuid=None):
@logwrap
def external_ntp_check(ip, vrouter_vip):
logger.info("External ntp check")
provided_ntp = EXTERNAL_NTP
provided_ntp = settings.EXTERNAL_NTP
logger.debug("provided to test ntp is {}".format(provided_ntp))
cluster_ntp = []
for ntp in provided_ntp:
@ -1120,7 +1115,7 @@ def check_repo_managment(ip):
:type ip: node ip
:rtype Dict
"""
if OPENSTACK_RELEASE == OPENSTACK_RELEASE_UBUNTU:
if settings.OPENSTACK_RELEASE == settings.OPENSTACK_RELEASE_UBUNTU:
cmd = "apt-get clean all && apt-get update > /dev/null"
else:
cmd = "yum -y clean all && yum check-update > /dev/null"
@ -1438,7 +1433,7 @@ def ping6_from_instance(through_host, instance_ip, target_ip):
"{dst_address:s}".format(
ping='ping6',
count=10,
deadline=20,
deadline=40,
packetsize=1452,
dst_address=target_ip),
auth=cirros_auth
@ -1456,3 +1451,13 @@ def ping6_from_instance(through_host, instance_ip, target_ip):
code=res['exit_code'],
stdout=res['stdout_str'],
stderr=res['stderr_str']))
def check_settings_requirements(tests_requirements):
bad_params = set()
for param, value in tests_requirements.items():
if getattr(settings, param) != value:
bad_params.add('{0}={1}'.format(param, value))
assert_true(not bad_params,
'Can not start tests, the following settings are '
'not set properly: {0}'.format(', '.join(bad_params)))

13
fuelweb_test/tests/test_dpdk.py
View File

@ -17,10 +17,10 @@ import random
from devops.helpers import helpers as devops_helpers
from proboscis.asserts import assert_raises
from proboscis.asserts import assert_true
from proboscis import test
from keystoneauth1 import exceptions
from fuelweb_test.helpers.checkers import check_settings_requirements
from fuelweb_test.helpers.decorators import log_snapshot_after_test
from fuelweb_test.helpers import os_actions
from fuelweb_test.tests.base_test_case import SetupEnvironment
@ -37,16 +37,7 @@ class TestDPDK(TestBasic):
def __init__(self):
super(TestDPDK, self).__init__()
self.check_settings_requirements()
def check_settings_requirements(self):
bad_params = set()
for param, value in self.tests_requirements.items():
if getattr(settings, param) != value:
bad_params.add('{0}={1}'.format(param, value))
assert_true(not bad_params,
'Can not start tests, the following settings are '
'not set properly: {0}'.format(', '.join(bad_params)))
check_settings_requirements(self.tests_requirements)
def check_dpdk_instance_connectivity(self, os_conn, cluster_id,
mem_page_size='2048'):

391
fuelweb_test/tests/test_ovs_firewall.py
View File

@ -12,20 +12,20 @@
# License for the specific language governing permissions and limitations
# under the License.
from __future__ import unicode_literals
import random
from devops.helpers import helpers as devops_helpers
from devops.helpers.ssh_client import SSHAuth
from proboscis.asserts import assert_equal
from proboscis.asserts import assert_not_equal
from proboscis import test
from fuelweb_test import logger
from fuelweb_test import settings
from fuelweb_test.helpers import os_actions
from fuelweb_test.helpers.checkers import check_firewall_driver
from fuelweb_test.helpers.checkers import check_settings_requirements
from fuelweb_test.helpers.checkers import ping6_from_instance
from fuelweb_test.helpers.decorators import log_snapshot_after_test
from fuelweb_test.helpers.ssh_manager import SSHManager
@ -37,11 +37,8 @@ cirros_auth = SSHAuth(**settings.SSH_IMAGE_CREDENTIALS)
ssh_manager = SSHManager()
@test(groups=["ovs_firewall"])
class TestOVSFirewall(TestBasic):
"""The current test suite checks deployment of clusters
with OVS firewall for neutron security groups
"""
class CheckOVSFirewall(TestBasic):
"""Basic class for the check of OVS firewall deployments"""
@staticmethod
def get_flows(ip):
@ -53,30 +50,91 @@ class TestOVSFirewall(TestBasic):
cmd = 'ip -o link show'
return ssh_manager.check_call(ip, cmd)
def check_ovs_firewall_functionality(self, cluster_id, compute_ip):
@staticmethod
def get_ovs_bridge_ifaces(ip):
cmd = 'ovs-vsctl list-ifaces br-int'
return ssh_manager.check_call(ip, cmd)
def check_ovs_firewall_functionality(self, cluster_id, compute_ip,
dpdk=False):
"""Check firewall functionality
:param cluster_id: int, cluster id
:param compute_ip: str, compute ip
:param dpdk: bool, is DPDK enabled
"""
flows = self.get_flows(compute_ip)
ifaces = self.get_ifaces(compute_ip)
if dpdk:
ifaces = self.get_ovs_bridge_ifaces(compute_ip)
else:
ifaces = self.get_ifaces(compute_ip)
net_name = self.fuel_web.get_cluster_predefined_networks_name(
cluster_id)['private_net']
os_conn = os_actions.OpenStackActions(
self.fuel_web.get_public_vip(cluster_id))
server = os_conn.create_server_for_migration(
label=net_name)
if dpdk:
server = self.boot_dpdk_instance(os_conn, cluster_id)
current_ifaces = self.get_ovs_bridge_ifaces(compute_ip)
else:
server = os_conn.create_server_for_migration(label=net_name)
current_ifaces = self.get_ifaces(compute_ip)
current_flows = self.get_flows(compute_ip)
current_ifaces = self.get_ifaces(compute_ip)
assert_equal(len(set(current_ifaces.stdout) - set(ifaces.stdout)), 1,
"Check is failed. Passed data is not equal:"
" {}\n\n{}".format(ifaces, current_ifaces))
assert_not_equal(set(flows.stdout), set(current_flows.stdout),
"Check is failed. Passed data is equal:"
" {}\n\n{}".format(flows, current_flows))
float_ip = os_conn.assign_floating_ip(server)
logger.info("Floating address {0} associated with instance {1}"
.format(float_ip.ip, server.id))
logger.info("Wait for ping from instance {} "
"by floating ip".format(server.id))
devops_helpers.wait(
lambda: devops_helpers.tcp_ping(float_ip.ip, 22),
timeout=300,
timeout_msg=("Instance {0} is unreachable for {1} seconds".
format(server.id, 300)))
os_conn.delete_instance(server)
def boot_dpdk_instance(self, os_conn, cluster_id,
mem_page_size='2048', net_name=None):
"""Boot VM with HugePages with enabled DPDK for private network
:param os_conn: an object of connection to openstack services
:param cluster_id: an integer number of cluster id
:param mem_page_size: huge pages size
:param net_name: str, network name
:return: obj, object of booted instance
"""
extra_specs = {
'hw:mem_page_size': mem_page_size
}
if net_name is None:
net_name = self.fuel_web.get_cluster_predefined_networks_name(
cluster_id)['private_net']
flavor_id = random.randint(10, 10000)
name = 'system_test-{}'.format(random.randint(10, 10000))
flavor = os_conn.create_flavor(name=name, ram=64,
vcpus=1, disk=1,
flavorid=flavor_id,
extra_specs=extra_specs)
server = os_conn.create_server_for_migration(neutron=True,
label=net_name,
flavor_id=flavor.id)
os_conn.verify_instance_status(server, 'ACTIVE')
return server
@test(groups=["ovs_firewall"])
class TestOVSFirewall(CheckOVSFirewall):
"""The current test suite checks deployment of clusters
with OVS firewall for neutron security groups
"""
@test(depends_on=[SetupEnvironment.prepare_slaves_3],
groups=["deploy_non_ha_cluster_with_ovs_firewall_vlan"])
@log_snapshot_after_test
@ -368,3 +426,312 @@ class TestOVSFirewall(TestBasic):
self.env.make_snapshot(
'deploy_non_ha_cluster_with_ovs_firewall_ipv6_vxlan')
@test(groups=["ovs_firewall_with_dpdk"])
class TestOVSFirewallDPDK(CheckOVSFirewall):
"""The current test suite checks deployment of clusters
with OVS firewall for neutron security groups with enabled DPDK
"""
tests_requirements = {'KVM_USE': True}
def __init__(self):
super(TestOVSFirewallDPDK, self).__init__()
check_settings_requirements(self.tests_requirements)
@test(depends_on=[SetupEnvironment.prepare_slaves_3],
groups=["deploy_ovs_firewall_and_dpdk_vlan"])
@log_snapshot_after_test
def deploy_ovs_firewall_and_dpdk_vlan(self):
"""Deploy non-HA cluster with VLAN, OVS firewall driver and DPDK
Scenario:
1. Create new environment with VLAN segmentation for Neutron
2. Add controller and compute nodes
3. Enable OVS firewall driver for neutron security groups
4. Configure HugePages for compute nodes
5. Configure private network in DPDK mode
6. Run network verification
7. Deploy environment
8. Run OSTF
9. Check option "firewall_driver" in config files
10. Boot instance with custom security group
Snapshot: deploy_ovs_firewall_and_dpdk_vlan
"""
self.check_run("deploy_ovs_firewall_and_dpdk_vlan")
self.env.revert_snapshot("ready_with_3_slaves")
self.show_step(1)
cluster_id = self.fuel_web.create_cluster(
name=self.__class__.__name__,
mode=settings.DEPLOYMENT_MODE,
settings={
"net_provider": 'neutron',
"net_segment_type": "vlan"
}
)
self.show_step(2)
self.fuel_web.update_nodes(
cluster_id,
{
'slave-01': ['controller'],
'slave-02': ['compute']
})
compute = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
cluster_id, ['compute'], role_status='pending_roles')[0]
self.show_step(3)
self.fuel_web.set_ovs_firewall_driver(cluster_id)
self.show_step(4)
self.fuel_web.setup_hugepages(
compute['id'], hp_2mb=256, hp_dpdk_mb=1024)
self.show_step(5)
self.fuel_web.enable_dpdk(compute['id'])
self.show_step(6)
self.fuel_web.verify_network(cluster_id)
self.show_step(7)
self.fuel_web.deploy_cluster_wait(cluster_id)
self.show_step(8)
self.fuel_web.run_ostf(cluster_id=cluster_id)
self.show_step(9)
nodes = self.fuel_web.client.list_cluster_nodes(cluster_id=cluster_id)
for node in nodes:
check_firewall_driver(node['ip'], node['roles'][0], 'openvswitch')
self.show_step(10)
compute = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
cluster_id, ['compute'])[0]
self.check_ovs_firewall_functionality(cluster_id, compute['ip'],
dpdk=True)
self.env.make_snapshot(
"deploy_ovs_firewall_and_dpdk_vlan", is_make=True)
@test(depends_on=[SetupEnvironment.prepare_slaves_3],
groups=["deploy_ovs_firewall_and_dpdk_vxlan"])
@log_snapshot_after_test
def deploy_ovs_firewall_and_dpdk_vxlan(self):
"""Deploy non-HA cluster with VXLAN, OVS firewall driver and DPDK
Scenario:
1. Create new environment with VLAN segmentation for Neutron
2. Add controller and compute nodes
3. Enable OVS firewall driver for neutron security groups
4. Configure HugePages for compute nodes
5. Configure private network in DPDK mode
6. Run network verification
7. Deploy environment
8. Run OSTF
9. Check option "firewall_driver" in config files
10. Boot instance with custom security group
Snapshot: deploy_ovs_firewall_and_dpdk_vxlan
"""
self.check_run("deploy_ovs_firewall_and_dpdk_vxlan")
self.env.revert_snapshot("ready_with_3_slaves")
self.show_step(1)
cluster_id = self.fuel_web.create_cluster(
name=self.__class__.__name__,
mode=settings.DEPLOYMENT_MODE,
settings={
"net_provider": 'neutron',
"net_segment_type": "tun"
}
)
self.show_step(2)
self.fuel_web.update_nodes(
cluster_id,
{
'slave-01': ['controller'],
'slave-02': ['compute']
})
compute = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
cluster_id, ['compute'], role_status='pending_roles')[0]
self.show_step(3)
self.fuel_web.set_ovs_firewall_driver(cluster_id)
self.show_step(4)
self.fuel_web.setup_hugepages(
compute['id'], hp_2mb=256, hp_dpdk_mb=1024)
self.show_step(5)
self.fuel_web.enable_dpdk(compute['id'])
self.show_step(6)
self.fuel_web.verify_network(cluster_id)
self.show_step(7)
self.fuel_web.deploy_cluster_wait(cluster_id)
self.show_step(8)
self.fuel_web.run_ostf(cluster_id=cluster_id)
self.show_step(9)
nodes = self.fuel_web.client.list_cluster_nodes(cluster_id=cluster_id)
for node in nodes:
check_firewall_driver(node['ip'], node['roles'][0], 'openvswitch')
self.show_step(10)
compute = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
cluster_id, ['compute'])[0]
self.check_ovs_firewall_functionality(cluster_id, compute['ip'],
dpdk=True)
self.env.make_snapshot(
"deploy_ovs_firewall_and_dpdk_vxlan", is_make=True)
@test(depends_on_groups=["deploy_ovs_firewall_and_dpdk_vlan"],
groups=["deploy_ovs_firewall_and_dpdk_vlan_ipv6"])
@log_snapshot_after_test
def deploy_ovs_firewall_and_dpdk_vlan_ipv6(self):
"""Deploy non-HA cluster with DPDK, VLAN, OVS firewall driver with the
check of IPv6 functionality
Scenario:
1. Revert deploy_ovs_firewall_and_dpdk_vlan snapshot
2. Create network resources: two dualstack network IPv6 subnets
(should be in SLAAC mode,
address space should not intersect),
virtual router and set gateway.
3. Create a Security Group,
that allows SSH and ICMP for both IPv4 and IPv6.
4. Launch two instances, one for each network.
5. Attach Floating IP for both instances.
6. SSH to the main instance and ping6 another instance.
Duration 10m
Snapshot deploy_ovs_firewall_and_dpdk_vlan_ipv6
"""
self.show_step(1)
self.env.revert_snapshot("deploy_ovs_firewall_and_dpdk_vlan")
cluster_id = self.fuel_web.get_last_created_cluster()
public_vip = self.fuel_web.get_public_vip(cluster_id)
logger.info('Public vip is %s', public_vip)
os_conn = os_actions.OpenStackActions(
self.fuel_web.get_public_vip(cluster_id))
tenant = os_conn.get_tenant('admin')
self.show_step(2)
net1, net2 = os_conn.create_network_resources_for_ipv6_test(tenant)
self.show_step(3)
instance1 = self.boot_dpdk_instance(os_conn, cluster_id,
net_name=net1['name'])
instance2 = self.boot_dpdk_instance(os_conn, cluster_id,
net_name=net2['name'])
self.show_step(5)
floating_ip = os_conn.assign_floating_ip(instance1)
floating_ip2 = os_conn.assign_floating_ip(instance2)
self.show_step(6)
get_instance_ipv6(instance1, net1)
instance2_ipv6 = get_instance_ipv6(instance2, net2)
node_ip = self.fuel_web.get_node_ip_by_devops_name("slave-01")
remote = ssh_manager.get_remote(node_ip)
for instance_ip, instance in (
(floating_ip.ip, instance1),
(floating_ip2.ip, instance2)
):
logger.info("Wait for ping from instance {} "
"by floating ip".format(instance.id))
devops_helpers.wait(
lambda: devops_helpers.tcp_ping(instance_ip, 22),
timeout=300,
timeout_msg=("Instance {0} is unreachable for {1} seconds".
format(instance.id, 300)))
ping6_from_instance(remote, floating_ip.ip, instance2_ipv6)
self.env.make_snapshot('deploy_ovs_firewall_and_dpdk_vlan_ipv6')
@test(depends_on_groups=["deploy_ovs_firewall_and_dpdk_vxlan"],
groups=["deploy_ovs_firewall_and_dpdk_vxlan_ipv6"])
@log_snapshot_after_test
def deploy_ovs_firewall_and_dpdk_vxlan_ipv6(self):
"""Deploy non-HA cluster with DPDK, VXLAN, OVS firewall driver with
the check of IPv6 functionality
Scenario:
1. Revert deploy_ovs_firewall_and_dpdk_vlan snapshot
2. Create network resources: two dualstack network IPv6 subnets
(should be in SLAAC mode,
address space should not intersect),
virtual router and set gateway.
3. Create a Security Group,
that allows SSH and ICMP for both IPv4 and IPv6.
4. Launch two instances, one for each network.
5. Attach Floating IP for both instances.
6. SSH to the main instance and ping6 another instance.
Duration 10m
Snapshot deploy_ovs_firewall_and_dpdk_vxlan_ipv6
"""
self.show_step(1)
self.env.revert_snapshot("deploy_ovs_firewall_and_dpdk_vxlan")
cluster_id = self.fuel_web.get_last_created_cluster()
public_vip = self.fuel_web.get_public_vip(cluster_id)
logger.info('Public vip is %s', public_vip)
os_conn = os_actions.OpenStackActions(
self.fuel_web.get_public_vip(cluster_id))
tenant = os_conn.get_tenant('admin')
self.show_step(2)
net1, net2 = os_conn.create_network_resources_for_ipv6_test(tenant)
self.show_step(3)
instance1 = self.boot_dpdk_instance(os_conn, cluster_id,
net_name=net1['name'])
instance2 = self.boot_dpdk_instance(os_conn, cluster_id,
net_name=net2['name'])
self.show_step(5)
floating_ip = os_conn.assign_floating_ip(instance1)
floating_ip2 = os_conn.assign_floating_ip(instance2)
self.show_step(6)
get_instance_ipv6(instance1, net1)
instance2_ipv6 = get_instance_ipv6(instance2, net2)
node_ip = self.fuel_web.get_node_ip_by_devops_name("slave-01")
remote = ssh_manager.get_remote(node_ip)
for instance_ip, instance in (
(floating_ip.ip, instance1),
(floating_ip2.ip, instance2)
):
logger.info("Wait for ping from instance {} "
"by floating ip".format(instance.id))
devops_helpers.wait(
lambda: devops_helpers.tcp_ping(instance_ip, 22),
timeout=300,
timeout_msg=("Instance {0} is unreachable for {1} seconds".
format(instance.id, 300)))
ping6_from_instance(remote, floating_ip.ip, instance2_ipv6)
self.env.make_snapshot('deploy_ovs_firewall_and_dpdk_vxlan_ipv6')