Fix security group tests

Change-Id: I13e05c0b73fe8faef2bf5dd5d54eadfac416dfe2
This commit is contained in:
Georgy Dyuldin 2017-03-30 12:06:16 +03:00
parent 68dc1ebb45
commit 933873f36f
3 changed files with 53 additions and 44 deletions

View File

@ -40,7 +40,7 @@ def contrail_2_networks(create_network, create_subnet):
def contrail_2_servers_different_networks( def contrail_2_servers_different_networks(
request, request,
flavor, flavor,
security_group, neutron_security_group,
sorted_hypervisors, sorted_hypervisors,
contrail_2_networks, contrail_2_networks,
server_steps): server_steps):
@ -91,7 +91,7 @@ def contrail_2_servers_different_networks(
networks=[network], networks=[network],
keypair=keypair, keypair=keypair,
availability_zone='nova:{}'.format(hypervisor.service['host']), availability_zone='nova:{}'.format(hypervisor.service['host']),
security_groups=[security_group], security_groups=[neutron_security_group],
username=username, username=username,
password=password, password=password,
check=False)[0] check=False)[0]

View File

@ -13,7 +13,7 @@
import contextlib import contextlib
import time import time
from hamcrest import is_ from hamcrest import assert_that, is_, greater_than, has_value
from stepler.third_party import ping from stepler.third_party import ping
from stepler.third_party import tcpdump from stepler.third_party import tcpdump
from stepler.third_party import waiter from stepler.third_party import waiter
@ -108,13 +108,14 @@ def start_port_listener(server_ssh,
@contextlib.contextmanager @contextlib.contextmanager
def calc_packets_count(os_faults_steps, nodes, iface, filters): def calc_packets_count(os_faults_steps, nodes, iface, filters,
max_packets=10000):
"""CM to calc packages count on nodes' iface. """CM to calc packages count on nodes' iface.
Returns dict: fqdn -> captured packets count. Returns dict: fqdn -> captured packets count.
""" """
tcpdump_base_path = os_faults_steps.start_tcpdump( tcpdump_base_path = os_faults_steps.start_tcpdump(
nodes, '-i {0} {1}'.format(iface, filters)) nodes, '-i {0} {1} -c {2}'.format(iface, filters, max_packets))
result = {node.fqdn: 0 for node in nodes} result = {node.fqdn: 0 for node in nodes}
yield result yield result
os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path) os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path)
@ -138,8 +139,20 @@ def start_iperf_pair(client_ssh, server_ssh, ip, port, udp=False, timeout=10):
server_ssh.background_call(server_cmd.format(proto=proto, port=port)) server_ssh.background_call(server_cmd.format(proto=proto, port=port))
if not udp: # if not udp:
time.sleep(10) time.sleep(10)
client_ssh.background_call( client_ssh.background_call(
client_cmd.format(proto=proto, ip=ip, port=port, time=timeout)) client_cmd.format(proto=proto, ip=ip, port=port, time=timeout))
def check_packets_on_iface(os_faults_steps, node, iface, filters,
should_be=True):
with calc_packets_count(os_faults_steps, node, iface,
filters) as tcp_counts:
time.sleep(1)
if should_be:
matcher = greater_than(0)
else:
matcher = is_(0)
assert_that(tcp_counts, has_value(matcher), 'Wrong packets count')

View File

@ -310,7 +310,7 @@ def test_security_group_rules_uuid_in_contrail_and_neutron(contrail_api_client,
ids=['ubuntu']) ids=['ubuntu'])
def test_add_remove_security_group_with_active_flow( def test_add_remove_security_group_with_active_flow(
contrail_2_servers_diff_nets_with_floating, contrail_2_servers_diff_nets_with_floating,
security_group, neutron_security_group,
contrail_api_client, contrail_api_client,
contrail_network_policy, contrail_network_policy,
set_network_policy, set_network_policy,
@ -345,7 +345,8 @@ def test_add_remove_security_group_with_active_flow(
set_network_policy(network, contrail_network_policy) set_network_policy(network, contrail_network_policy)
# Add rule to group # Add rule to group
contrail_sg = contrail_api_client.security_group_read(id=security_group.id) contrail_sg = contrail_api_client.security_group_read(
id=neutron_security_group['id'])
sg_entries = contrail_sg.security_group_entries sg_entries = contrail_sg.security_group_entries
rules = [ rules = [
types.PolicyRuleType( types.PolicyRuleType(
@ -401,6 +402,12 @@ def test_add_remove_security_group_with_active_flow(
server2_ssh = enter(server_steps.get_server_ssh(server2)) server2_ssh = enter(server_steps.get_server_ssh(server2))
# Start TCP and UDP traffic # Start TCP and UDP traffic
connectivity.start_iperf_pair(
client_ssh=server2_ssh,
server_ssh=server1_ssh,
ip=ip1,
port=TCP_PORT,
timeout=60 * 1000)
connectivity.start_iperf_pair( connectivity.start_iperf_pair(
client_ssh=server1_ssh, client_ssh=server1_ssh,
server_ssh=server2_ssh, server_ssh=server2_ssh,
@ -408,46 +415,35 @@ def test_add_remove_security_group_with_active_flow(
port=UDP_PORT, port=UDP_PORT,
udp=True, udp=True,
timeout=60 * 1000) timeout=60 * 1000)
connectivity.start_iperf_pair(
client_ssh=server2_ssh,
server_ssh=server1_ssh,
ip=ip1,
port=TCP_PORT,
timeout=60 * 1000)
# Check that some packets are captured # Check that some packets are captured
with connectivity.calc_packets_count(os_faults_steps, computes[0], connectivity.check_packets_on_iface(os_faults_steps, computes[0],
ifaces[0], ifaces[0], tcp_filter)
tcp_filter) as tcp_counts: connectivity.check_packets_on_iface(os_faults_steps, computes[1],
with connectivity.calc_packets_count(os_faults_steps, computes[1], ifaces[1], udp_filter)
ifaces[1],
udp_filter) as udp_counts:
time.sleep(1)
assert_that(next(iter(tcp_counts.values())), greater_than(0))
assert_that(next(iter(udp_counts.values())), greater_than(0))
# Remove security group from server1 # Remove security group from server1
server1.remove_security_group(security_group.id) server1.remove_security_group(neutron_security_group['id'])
with connectivity.calc_packets_count(os_faults_steps, computes[0], connectivity.check_packets_on_iface(
ifaces[0], os_faults_steps,
tcp_filter) as tcp_counts: computes[0],
with connectivity.calc_packets_count(os_faults_steps, computes[1], ifaces[0],
ifaces[1], tcp_filter,
udp_filter) as udp_counts: should_be=False)
time.sleep(1) connectivity.check_packets_on_iface(
assert_that(next(iter(tcp_counts.values())), equal_to(0)) os_faults_steps,
assert_that(next(iter(udp_counts.values())), equal_to(0)) computes[1],
ifaces[1],
udp_filter,
should_be=False)
# Add security group from server1 # Add security group from server1
server1.add_security_group(security_group.id) server1.add_security_group(neutron_security_group['id'])
with connectivity.calc_packets_count(os_faults_steps, computes[0], time.sleep(10)
ifaces[0],
tcp_filter) as tcp_counts: connectivity.check_packets_on_iface(os_faults_steps, computes[0],
with connectivity.calc_packets_count(os_faults_steps, computes[1], ifaces[0], tcp_filter)
ifaces[1], connectivity.check_packets_on_iface(os_faults_steps, computes[1],
udp_filter) as udp_counts: ifaces[1], udp_filter)
time.sleep(1)
assert_that(next(iter(tcp_counts.values())), greater_than(0))
assert_that(next(iter(udp_counts.values())), greater_than(0))