sanity check: Check that ip_nonlocal_bind works with namespaces
Change-Id: Iddde234b871f1e4cd06a56cb019598e586db6250
This commit is contained in:
parent
ce43157dba
commit
7e8f9d490c
|
@ -434,3 +434,36 @@ def dibbler_version_supported():
|
|||
LOG.debug("Exception while checking minimal dibbler version. "
|
||||
"Exception: %s", e)
|
||||
return False
|
||||
|
||||
|
||||
def _fix_ip_nonlocal_bind_root_value(original_value):
|
||||
current_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
|
||||
if current_value != original_value:
|
||||
ip_lib.set_ip_nonlocal_bind(value=original_value, namespace=None)
|
||||
|
||||
|
||||
def ip_nonlocal_bind():
|
||||
ipw = ip_lib.IPWrapper()
|
||||
nsname1 = "ipnonlocalbind1-" + uuidutils.generate_uuid()
|
||||
nsname2 = "ipnonlocalbind2-" + uuidutils.generate_uuid()
|
||||
|
||||
ipw.netns.add(nsname1)
|
||||
try:
|
||||
ipw.netns.add(nsname2)
|
||||
try:
|
||||
original_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
|
||||
try:
|
||||
ip_lib.set_ip_nonlocal_bind(value=0, namespace=nsname1)
|
||||
ip_lib.set_ip_nonlocal_bind(value=1, namespace=nsname2)
|
||||
ns1_value = ip_lib.get_ip_nonlocal_bind(namespace=nsname1)
|
||||
finally:
|
||||
_fix_ip_nonlocal_bind_root_value(original_value)
|
||||
except RuntimeError as e:
|
||||
LOG.debug("Exception while checking ip_nonlocal_bind. "
|
||||
"Exception: %s", e)
|
||||
return False
|
||||
finally:
|
||||
ipw.netns.delete(nsname2)
|
||||
finally:
|
||||
ipw.netns.delete(nsname1)
|
||||
return ns1_value == 0
|
||||
|
|
|
@ -263,6 +263,15 @@ def check_bridge_firewalling_enabled():
|
|||
return result
|
||||
|
||||
|
||||
def check_ip_nonlocal_bind():
|
||||
result = checks.ip_nonlocal_bind()
|
||||
if not result:
|
||||
LOG.error(_LE('This kernel does not isolate ip_nonlocal_bind kernel '
|
||||
'option in namespaces. Please update to kernel '
|
||||
'version > 3.19.'))
|
||||
return result
|
||||
|
||||
|
||||
# Define CLI opts to test specific features, with a callback for the test
|
||||
OPTS = [
|
||||
BoolOptCallback('ovs_vxlan', check_ovs_vxlan, default=False,
|
||||
|
@ -308,7 +317,10 @@ OPTS = [
|
|||
BoolOptCallback('bridge_firewalling', check_bridge_firewalling_enabled,
|
||||
help=_('Check bridge firewalling'),
|
||||
default=False),
|
||||
|
||||
BoolOptCallback('ip_nonlocal_bind', check_ip_nonlocal_bind,
|
||||
help=_('Check ip_nonlocal_bind kernel option works with '
|
||||
'network namespaces.'),
|
||||
default=False),
|
||||
]
|
||||
|
||||
|
||||
|
@ -346,6 +358,7 @@ def enable_tests_from_config():
|
|||
cfg.CONF.set_default('ovsdb_native', True)
|
||||
if cfg.CONF.l3_ha:
|
||||
cfg.CONF.set_default('keepalived_ipv6_support', True)
|
||||
cfg.CONF.set_default('ip_nonlocal_bind', True)
|
||||
if cfg.CONF.SECURITYGROUP.enable_ipset:
|
||||
cfg.CONF.set_default('ipset_installed', True)
|
||||
if cfg.CONF.SECURITYGROUP.enable_security_group:
|
||||
|
|
|
@ -88,3 +88,6 @@ class SanityTestCaseRoot(functional_base.BaseSudoTestCase):
|
|||
|
||||
def test_bridge_firewalling_enabled(self):
|
||||
checks.bridge_firewalling_enabled()
|
||||
|
||||
def test_ip_nonlocal_bind(self):
|
||||
checks.ip_nonlocal_bind()
|
||||
|
|
Loading…
Reference in New Issue