Fix security group tests
Change-Id: I13e05c0b73fe8faef2bf5dd5d54eadfac416dfe2
This commit is contained in:
parent
68dc1ebb45
commit
933873f36f
|
@ -40,7 +40,7 @@ def contrail_2_networks(create_network, create_subnet):
|
||||||
def contrail_2_servers_different_networks(
|
def contrail_2_servers_different_networks(
|
||||||
request,
|
request,
|
||||||
flavor,
|
flavor,
|
||||||
security_group,
|
neutron_security_group,
|
||||||
sorted_hypervisors,
|
sorted_hypervisors,
|
||||||
contrail_2_networks,
|
contrail_2_networks,
|
||||||
server_steps):
|
server_steps):
|
||||||
|
@ -91,7 +91,7 @@ def contrail_2_servers_different_networks(
|
||||||
networks=[network],
|
networks=[network],
|
||||||
keypair=keypair,
|
keypair=keypair,
|
||||||
availability_zone='nova:{}'.format(hypervisor.service['host']),
|
availability_zone='nova:{}'.format(hypervisor.service['host']),
|
||||||
security_groups=[security_group],
|
security_groups=[neutron_security_group],
|
||||||
username=username,
|
username=username,
|
||||||
password=password,
|
password=password,
|
||||||
check=False)[0]
|
check=False)[0]
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
import contextlib
|
import contextlib
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from hamcrest import is_
|
from hamcrest import assert_that, is_, greater_than, has_value
|
||||||
from stepler.third_party import ping
|
from stepler.third_party import ping
|
||||||
from stepler.third_party import tcpdump
|
from stepler.third_party import tcpdump
|
||||||
from stepler.third_party import waiter
|
from stepler.third_party import waiter
|
||||||
|
@ -108,13 +108,14 @@ def start_port_listener(server_ssh,
|
||||||
|
|
||||||
|
|
||||||
@contextlib.contextmanager
|
@contextlib.contextmanager
|
||||||
def calc_packets_count(os_faults_steps, nodes, iface, filters):
|
def calc_packets_count(os_faults_steps, nodes, iface, filters,
|
||||||
|
max_packets=10000):
|
||||||
"""CM to calc packages count on nodes' iface.
|
"""CM to calc packages count on nodes' iface.
|
||||||
|
|
||||||
Returns dict: fqdn -> captured packets count.
|
Returns dict: fqdn -> captured packets count.
|
||||||
"""
|
"""
|
||||||
tcpdump_base_path = os_faults_steps.start_tcpdump(
|
tcpdump_base_path = os_faults_steps.start_tcpdump(
|
||||||
nodes, '-i {0} {1}'.format(iface, filters))
|
nodes, '-i {0} {1} -c {2}'.format(iface, filters, max_packets))
|
||||||
result = {node.fqdn: 0 for node in nodes}
|
result = {node.fqdn: 0 for node in nodes}
|
||||||
yield result
|
yield result
|
||||||
os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path)
|
os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path)
|
||||||
|
@ -138,8 +139,20 @@ def start_iperf_pair(client_ssh, server_ssh, ip, port, udp=False, timeout=10):
|
||||||
|
|
||||||
server_ssh.background_call(server_cmd.format(proto=proto, port=port))
|
server_ssh.background_call(server_cmd.format(proto=proto, port=port))
|
||||||
|
|
||||||
if not udp:
|
# if not udp:
|
||||||
time.sleep(10)
|
time.sleep(10)
|
||||||
|
|
||||||
client_ssh.background_call(
|
client_ssh.background_call(
|
||||||
client_cmd.format(proto=proto, ip=ip, port=port, time=timeout))
|
client_cmd.format(proto=proto, ip=ip, port=port, time=timeout))
|
||||||
|
|
||||||
|
|
||||||
|
def check_packets_on_iface(os_faults_steps, node, iface, filters,
|
||||||
|
should_be=True):
|
||||||
|
with calc_packets_count(os_faults_steps, node, iface,
|
||||||
|
filters) as tcp_counts:
|
||||||
|
time.sleep(1)
|
||||||
|
if should_be:
|
||||||
|
matcher = greater_than(0)
|
||||||
|
else:
|
||||||
|
matcher = is_(0)
|
||||||
|
assert_that(tcp_counts, has_value(matcher), 'Wrong packets count')
|
||||||
|
|
|
@ -310,7 +310,7 @@ def test_security_group_rules_uuid_in_contrail_and_neutron(contrail_api_client,
|
||||||
ids=['ubuntu'])
|
ids=['ubuntu'])
|
||||||
def test_add_remove_security_group_with_active_flow(
|
def test_add_remove_security_group_with_active_flow(
|
||||||
contrail_2_servers_diff_nets_with_floating,
|
contrail_2_servers_diff_nets_with_floating,
|
||||||
security_group,
|
neutron_security_group,
|
||||||
contrail_api_client,
|
contrail_api_client,
|
||||||
contrail_network_policy,
|
contrail_network_policy,
|
||||||
set_network_policy,
|
set_network_policy,
|
||||||
|
@ -345,7 +345,8 @@ def test_add_remove_security_group_with_active_flow(
|
||||||
set_network_policy(network, contrail_network_policy)
|
set_network_policy(network, contrail_network_policy)
|
||||||
|
|
||||||
# Add rule to group
|
# Add rule to group
|
||||||
contrail_sg = contrail_api_client.security_group_read(id=security_group.id)
|
contrail_sg = contrail_api_client.security_group_read(
|
||||||
|
id=neutron_security_group['id'])
|
||||||
sg_entries = contrail_sg.security_group_entries
|
sg_entries = contrail_sg.security_group_entries
|
||||||
rules = [
|
rules = [
|
||||||
types.PolicyRuleType(
|
types.PolicyRuleType(
|
||||||
|
@ -401,6 +402,12 @@ def test_add_remove_security_group_with_active_flow(
|
||||||
server2_ssh = enter(server_steps.get_server_ssh(server2))
|
server2_ssh = enter(server_steps.get_server_ssh(server2))
|
||||||
|
|
||||||
# Start TCP and UDP traffic
|
# Start TCP and UDP traffic
|
||||||
|
connectivity.start_iperf_pair(
|
||||||
|
client_ssh=server2_ssh,
|
||||||
|
server_ssh=server1_ssh,
|
||||||
|
ip=ip1,
|
||||||
|
port=TCP_PORT,
|
||||||
|
timeout=60 * 1000)
|
||||||
connectivity.start_iperf_pair(
|
connectivity.start_iperf_pair(
|
||||||
client_ssh=server1_ssh,
|
client_ssh=server1_ssh,
|
||||||
server_ssh=server2_ssh,
|
server_ssh=server2_ssh,
|
||||||
|
@ -408,46 +415,35 @@ def test_add_remove_security_group_with_active_flow(
|
||||||
port=UDP_PORT,
|
port=UDP_PORT,
|
||||||
udp=True,
|
udp=True,
|
||||||
timeout=60 * 1000)
|
timeout=60 * 1000)
|
||||||
connectivity.start_iperf_pair(
|
|
||||||
client_ssh=server2_ssh,
|
|
||||||
server_ssh=server1_ssh,
|
|
||||||
ip=ip1,
|
|
||||||
port=TCP_PORT,
|
|
||||||
timeout=60 * 1000)
|
|
||||||
|
|
||||||
# Check that some packets are captured
|
# Check that some packets are captured
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
connectivity.check_packets_on_iface(os_faults_steps, computes[0],
|
||||||
ifaces[0],
|
ifaces[0], tcp_filter)
|
||||||
tcp_filter) as tcp_counts:
|
connectivity.check_packets_on_iface(os_faults_steps, computes[1],
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
ifaces[1], udp_filter)
|
||||||
ifaces[1],
|
|
||||||
udp_filter) as udp_counts:
|
|
||||||
time.sleep(1)
|
|
||||||
assert_that(next(iter(tcp_counts.values())), greater_than(0))
|
|
||||||
assert_that(next(iter(udp_counts.values())), greater_than(0))
|
|
||||||
|
|
||||||
# Remove security group from server1
|
# Remove security group from server1
|
||||||
server1.remove_security_group(security_group.id)
|
server1.remove_security_group(neutron_security_group['id'])
|
||||||
|
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
connectivity.check_packets_on_iface(
|
||||||
ifaces[0],
|
os_faults_steps,
|
||||||
tcp_filter) as tcp_counts:
|
computes[0],
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
ifaces[0],
|
||||||
ifaces[1],
|
tcp_filter,
|
||||||
udp_filter) as udp_counts:
|
should_be=False)
|
||||||
time.sleep(1)
|
connectivity.check_packets_on_iface(
|
||||||
assert_that(next(iter(tcp_counts.values())), equal_to(0))
|
os_faults_steps,
|
||||||
assert_that(next(iter(udp_counts.values())), equal_to(0))
|
computes[1],
|
||||||
|
ifaces[1],
|
||||||
|
udp_filter,
|
||||||
|
should_be=False)
|
||||||
|
|
||||||
# Add security group from server1
|
# Add security group from server1
|
||||||
server1.add_security_group(security_group.id)
|
server1.add_security_group(neutron_security_group['id'])
|
||||||
|
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
time.sleep(10)
|
||||||
ifaces[0],
|
|
||||||
tcp_filter) as tcp_counts:
|
connectivity.check_packets_on_iface(os_faults_steps, computes[0],
|
||||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
ifaces[0], tcp_filter)
|
||||||
ifaces[1],
|
connectivity.check_packets_on_iface(os_faults_steps, computes[1],
|
||||||
udp_filter) as udp_counts:
|
ifaces[1], udp_filter)
|
||||||
time.sleep(1)
|
|
||||||
assert_that(next(iter(tcp_counts.values())), greater_than(0))
|
|
||||||
assert_that(next(iter(udp_counts.values())), greater_than(0))
|
|
||||||
|
|
Loading…
Reference in New Issue