Merge "Fullstack SG test for LinuxBridge agent"

2017-01-18 20:53:59 +00:00 · 2017-01-18 20:53:59 +00:00 · 645561e3f8
commit 645561e3f8
parent 75f0f3433c 45e047f843
2 changed files with 53 additions and 37 deletions
--- a/neutron/tests/fullstack/resources/config.py
+++ b/neutron/tests/fullstack/resources/config.py
@ -228,6 +228,9 @@ class LinuxBridgeConfigFixture(ConfigFixture):
                'enable_vxlan': str(self.env_desc.tunneling_enabled),
                'local_ip': local_ip,
                'l2_population': str(self.env_desc.l2_pop),
+            },
+            'securitygroup': {
+                'firewall_driver': host_desc.firewall_driver,
            }
        })
        if env_desc.qos:
--- a/neutron/tests/fullstack/test_securitygroup.py
+++ b/neutron/tests/fullstack/test_securitygroup.py
@ -74,18 +74,26 @@ class BaseSecurityGroupsSameNetworkTest(base.BaseFullStackTestCase):

 class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):

-    l2_agent_type = constants.AGENT_TYPE_OVS
    network_type = 'vxlan'
    scenarios = [
-        ('hybrid', {'firewall_driver': 'iptables_hybrid',
-                    'of_interface': 'native',
-                    'ovsdb_interface': 'native'}),
-        ('openflow-cli_ovsdb-cli', {'firewall_driver': 'openvswitch',
-                                    'of_interface': 'ovs-ofctl',
-                                    'ovsdb_interface': 'vsctl'}),
-        ('openflow-native_ovsdb-native', {'firewall_driver': 'openvswitch',
-                                          'of_interface': 'native',
-                                          'ovsdb_interface': 'native'})]
+        ('ovs-hybrid', {
+            'firewall_driver': 'iptables_hybrid',
+            'of_interface': 'native',
+            'ovsdb_interface': 'native',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('ovs-openflow-cli_ovsdb-cli', {
+            'firewall_driver': 'openvswitch',
+            'of_interface': 'ovs-ofctl',
+            'ovsdb_interface': 'vsctl',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('ovs-openflow-native_ovsdb-native', {
+            'firewall_driver': 'openvswitch',
+            'of_interface': 'native',
+            'ovsdb_interface': 'native',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('linuxbridge-iptables', {
+            'firewall_driver': 'iptables',
+            'l2_agent_type': constants.AGENT_TYPE_LINUXBRIDGE})]

    # NOTE(toshii): As a firewall_driver can interfere with others,
    # the recommended way to add test is to expand this method, not
@ -183,35 +191,40 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
            vms[2].namespace, vms[0].namespace, vms[0].ip, 3355,
            net_helpers.NetcatTester.TCP)

-        index_to_host.append(index_to_host[2])
-        index_to_sg.append(1)
-        ports.append(
-            self.safe_client.create_port(tenant_uuid, network['id'],
-                                         self.environment.hosts[
-                                             index_to_host[3]].hostname,
-                                         security_groups=[sgs[1]['id']]))
+        # NOTE(slaweq) iptables driver currently contains a bug
+        # https://bugs.launchpad.net/neutron/+bug/1657260
+        # where established connections are not dropped after security group
+        # rule is removed.  Remove this workaround once bug #1657260 is fixed.
+        if self.firewall_driver != 'iptables':
+            # 6. check if an established connection stops by deleting
+            #    the supporting SG rule.
+            index_to_host.append(index_to_host[2])
+            index_to_sg.append(1)
+            ports.append(
+                self.safe_client.create_port(tenant_uuid, network['id'],
+                                             self.environment.hosts[
+                                                 index_to_host[3]].hostname,
+                                             security_groups=[sgs[1]['id']]))

-        vms.append(
-            self.useFixture(
-                machine.FakeFullstackMachine(
-                    self.environment.hosts[index_to_host[3]],
-                    network['id'],
-                    tenant_uuid,
-                    self.safe_client,
-                    neutron_port=ports[3])))
+            vms.append(
+                self.useFixture(
+                    machine.FakeFullstackMachine(
+                        self.environment.hosts[index_to_host[3]],
+                        network['id'],
+                        tenant_uuid,
+                        self.safe_client,
+                        neutron_port=ports[3])))

-        vms[3].block_until_boot()
+            vms[3].block_until_boot()

-        netcat = net_helpers.NetcatTester(vms[3].namespace,
-            vms[0].namespace, vms[0].ip, 3355,
-            net_helpers.NetcatTester.TCP)
+            netcat = net_helpers.NetcatTester(vms[3].namespace,
+                vms[0].namespace, vms[0].ip, 3355,
+                net_helpers.NetcatTester.TCP)

-        self.addCleanup(netcat.stop_processes)
-        self.assertTrue(netcat.test_connectivity())
+            self.addCleanup(netcat.stop_processes)
+            self.assertTrue(netcat.test_connectivity())

-        # 6. check if an established connection stops by deleting
-        #    the supporting SG rule.
-        self.client.delete_security_group_rule(rule2['id'])
-        common_utils.wait_until_true(lambda: netcat.test_no_connectivity(),
-                                     sleep=8)
-        netcat.stop_processes()
+            self.client.delete_security_group_rule(rule2['id'])
+            common_utils.wait_until_true(lambda: netcat.test_no_connectivity(),
+                                         sleep=8)
+            netcat.stop_processes()