From c5dffd53a1afb428e29c8585cc2bb7d2e6c6d0b8 Mon Sep 17 00:00:00 2001 From: Sumit Naiksatam Date: Fri, 26 Jun 2015 15:48:01 -0700 Subject: [PATCH] Adding devstack artifacts for integration gate job This will allow using the upstream devstack branch. The gbp-specific artifacts will be patched on top of that branch. Also checking to see if resources are not getting cleaned up after the exercise script run. Closes-bug: 1469545 Change-Id: I610774366cd72348dd756c91c9989add9288de15 --- .../tests/contrib/devstack/exercises/gbp.sh | 139 ++++++++++++++++ .../contrib/devstack/exercises/gbp_fip.sh | 122 ++++++++++++++ .../devstack/exercises/gbp_servicechain.sh | 149 ++++++++++++++++++ .../firewall-lb-servicechain/demo.yaml | 133 ++++++++++++++++ .../firewall-lb-servicechain/fw.template | 36 +++++ .../firewall-lb-servicechain/lb.template | 73 +++++++++ gbpservice/tests/contrib/devstack/lib/gbp | 59 +++++++ gbpservice/tests/contrib/devstack/local.conf | 74 +++++++++ gbpservice/tests/contrib/functions-gbp | 43 +++++ gbpservice/tests/contrib/gate_hook.sh | 16 +- gbpservice/tests/contrib/post_test_hook.sh | 11 +- 11 files changed, 839 insertions(+), 16 deletions(-) create mode 100755 gbpservice/tests/contrib/devstack/exercises/gbp.sh create mode 100755 gbpservice/tests/contrib/devstack/exercises/gbp_fip.sh create mode 100755 gbpservice/tests/contrib/devstack/exercises/gbp_servicechain.sh create mode 100644 gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/demo.yaml create mode 100644 gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/fw.template create mode 100644 gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/lb.template create mode 100644 gbpservice/tests/contrib/devstack/lib/gbp create mode 100644 gbpservice/tests/contrib/devstack/local.conf diff --git a/gbpservice/tests/contrib/devstack/exercises/gbp.sh b/gbpservice/tests/contrib/devstack/exercises/gbp.sh new file mode 100755 index 000000000..537e50e40 --- /dev/null +++ b/gbpservice/tests/contrib/devstack/exercises/gbp.sh @@ -0,0 +1,139 @@ +#!/usr/bin/env bash + +# **gbp.sh** + +# Sanity check that gbp started if enabled + +echo "*********************************************************************" +echo "Begin DevStack Exercise: $0" +echo "*********************************************************************" + +# This script exits on an error so that errors don't compound and you see +# only the first error that occurred. +set -o errexit + +# Print the commands being run so that we can see the command that triggers +# an error. It is also useful for following allowing as the install occurs. +set -o xtrace + + +# Settings +# ======== + +# Keep track of the current directory +EXERCISE_DIR=$(cd $(dirname "$0") && pwd) +TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) + +# Import common functions +source $TOP_DIR/functions + +# Import configuration +source $TOP_DIR/openrc + +# Import exercise configuration +source $TOP_DIR/exerciserc + +source $TOP_DIR/openrc demo demo + +function confirm_server_active { + local VM_UUID=$1 + if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then + echo "server '$VM_UUID' did not become active!" + false + fi +} + +# Create allow action that can used in several rules +gbp policy-action-create allow --action-type allow + +# Create ICMP rule +gbp policy-classifier-create icmp-traffic --protocol icmp --direction bi +gbp policy-rule-create ping-policy-rule --classifier icmp-traffic --actions allow + +# Create SSH Rule (Optional) +# gbp policy-classifier-create ssh-traffic --protocol tcp --port-range 22 --direction bi +# gbp policy-rule-create ssh-policy-rule --classifier ssh-traffic --actions allow + +# Create HTTP Rule +gbp policy-classifier-create web-traffic --protocol tcp --port-range 80 --direction in +gbp policy-rule-create web-policy-rule --classifier web-traffic --actions allow + +# Create HTTPs Rule +gbp policy-classifier-create secure-web-traffic --protocol tcp --port-range 443 --direction in +gbp policy-rule-create secure-web-policy-rule --classifier secure-web-traffic --actions allow + +# ICMP policy-rule-set +gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule + +# WEB policy-rule-set +gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule + +# ====== PROJECT OPERATION ====== +# PTGs creation +gbp group-create web +gbp group-create client-1 +gbp group-create client-2 + +# PT creation +WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}") +CLIENT1_PORT=$(gbp policy-target-create client-pt-1 --policy-target-group client-1 | awk "/port_id/ {print \$4}") +CLIENT2_PORT=$(gbp policy-target-create client-pt-2 --policy-target-group client-2 | awk "/port_id/ {print \$4}") + +WEB_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$WEB_PORT web-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` +die_if_not_set $LINENO WEB_VM_1_UUID "Failure launching web-vm-1" +confirm_server_active $WEB_VM_1_UUID + +CLIENT_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT1_PORT client-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` +die_if_not_set $LINENO CLIENT_VM_1_UUID "Failure launching client-vm-1" +confirm_server_active $CLIENT_VM_1_UUID + +CLIENT_VM_2_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT2_PORT client-vm-2 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` +die_if_not_set $LINENO CLIENT_VM_2_UUID "Failure launching client-vm-2" +confirm_server_active $CLIENT_VM_2_UUID + +####CHECKPOINT: No traffic flows + +# policy-rule-set Association +gbp group-update client-1 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" +gbp group-update client-2 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" +gbp group-update web --provided-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" + +####CHECKPOINT: ICMP and HTTP work from app to web and vice versa + +gbp policy-rule-set-update web-policy-rule-set --policy-rules "secure-web-policy-rule" + +####CHECKPOINT: HTTP stops working for both the client PTGs, HTTPs is now enabled + +nova delete web-vm-1 +nova delete client-vm-1 +nova delete client-vm-2 + +if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then + die $LINENO "Some VMs failed to shutdown" +fi + +gbp policy-target-delete web-pt-1 +gbp policy-target-delete client-pt-1 +gbp policy-target-delete client-pt-2 + +gbp group-delete web +gbp group-delete client-1 +gbp group-delete client-2 + +gbp policy-rule-set-delete icmp-policy-rule-set +gbp policy-rule-set-delete web-policy-rule-set + +gbp policy-rule-delete secure-web-policy-rule +gbp policy-rule-delete web-policy-rule +gbp policy-rule-delete ping-policy-rule + +gbp policy-classifier-delete secure-web-traffic +gbp policy-classifier-delete web-traffic +gbp policy-classifier-delete icmp-traffic + +gbp policy-action-delete allow + +set +o xtrace +echo "*********************************************************************" +echo "SUCCESS: End DevStack Exercise: $0" +echo "*********************************************************************" diff --git a/gbpservice/tests/contrib/devstack/exercises/gbp_fip.sh b/gbpservice/tests/contrib/devstack/exercises/gbp_fip.sh new file mode 100755 index 000000000..ca4dddcdb --- /dev/null +++ b/gbpservice/tests/contrib/devstack/exercises/gbp_fip.sh @@ -0,0 +1,122 @@ +#!/usr/bin/env bash + +# **gbp_fip.sh** + +# Sanity check that gbp fip support works if enabled + +echo "*********************************************************************" +echo "Begin DevStack Exercise: $0" +echo "*********************************************************************" + +# This script exits on an error so that errors don't compound and you see +# only the first error that occurred. +set -o errexit + +# Print the commands being run so that we can see the command that triggers +# an error. It is also useful for following allowing as the install occurs. +set -o xtrace + + +# Settings +# ======== + +# Keep track of the current directory +EXERCISE_DIR=$(cd $(dirname "$0") && pwd) +TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) + +# Import common functions +source $TOP_DIR/functions + +# Import configuration +source $TOP_DIR/openrc + +# Import exercise configuration +source $TOP_DIR/exerciserc + +source $TOP_DIR/openrc admin admin + +function confirm_server_active { + local VM_UUID=$1 + if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then + echo "server '$VM_UUID' did not become active!" + false + fi +} + + +EXT_NET_ID=$(neutron net-list --router:external -c id | grep -v id | awk '{print $2}' ) +EXT_NET_TO_BE_CLEANED_UP=false + +if [ -z "$EXT_NET_ID" ] ; then + EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2) + EXT_SUBNET_ID=$(neutron subnet-create --ip_version 4 --gateway 172.16.73.1 --name public-subnet $EXT_NET_ID 172.16.73.0/24 | grep ' id ' | get_field 2) + EXT_NET_TO_BE_CLEANED_UP=true +else + EXT_NET_ID=$(neutron net-list --router:external -c id | grep -v id | awk '{print $2}' ) + EXT_SUBNET_ID=$(neutron net-show $EXT_NET_ID | grep subnets | awk '{print $4}' ) +fi + +die_if_not_set $LINENO EXT_SUBNET_ID "Failure creating external network" + +EXT_SUBNET_CIDR=$(neutron subnet-show $EXT_SUBNET_ID | grep cidr | awk '{print $4}' ) + +EXT_SUBNET_GW=$(neutron subnet-show $EXT_SUBNET_ID | grep gateway_ip | awk '{print $4}' ) + +EXT_SEGMENT_ID=$(gbp external-segment-create --ip-version 4 --external-route destination=0.0.0.0/0,nexthop=$EXT_SUBNET_GW --shared True --subnet_id=$EXT_SUBNET_ID --cidr $EXT_SUBNET_CIDR default | grep ' id ' | awk '{print $4}' ) + +die_if_not_set $LINENO EXT_SEGMENT_ID "Failure creating external segment" + +NAT_POOL_ID=$(gbp nat-pool-create --ip-version 4 --ip-pool $EXT_SUBNET_CIDR --external-segment $EXT_SEGMENT_ID ext_nat_pool | grep ' id ' | awk '{print $4}' ) + +die_if_not_set $LINENO NAT_POOL_ID "Failure creating nat pool" + +NSP_ID=$(gbp network-service-policy-create --network-service-params type=ip_pool,name=nat_fip,value=nat_pool nat_pool_nsp | grep ' id ' | awk '{print $4}' ) + +PTG_ID=$(gbp group-create --network-service-policy nat_pool_nsp provider_ptg | grep ' id ' | awk '{print $4}' ) + +die_if_not_set $LINENO PTG_ID "Failure creating ptg" + +PT1_ID=$(gbp policy-target-create --policy-target-group provider_ptg provider_pt1 | grep ' id ' | awk '{print $4}' ) + +die_if_not_set $LINENO PT1_ID "Failure creating policy target" + +PT2_ID=$(gbp policy-target-create --policy-target-group provider_ptg provider_pt2 | grep ' id ' | awk '{print $4}' ) + +die_if_not_set $LINENO PT2_ID "Failure creating policy target" + +PT2_PORT_ID=$(gbp policy-target-show $PT2_ID | grep ' port_id ' | awk '{print $4}' ) + +PT2_PORT_IP=$(neutron port-show $PT2_PORT_ID | grep ' fixed_ips ' | awk '{print $7}' | awk -F '"' '{print $2}' ) + +PT2_FIXED_IP=$(neutron floatingip-list | grep $PT2_PORT_IP | awk '{print $4}' ) + +die_if_not_set $LINENO PT2_FIXED_IP "Floating IP not assigned to policy target" + +PT1_PORT_ID=$(gbp policy-target-show $PT1_ID | grep ' port_id ' | awk '{print $4}' ) + +PT1_PORT_IP=$(neutron port-show $PT1_PORT_ID | grep ' fixed_ips ' | awk '{print $7}' | awk -F '"' '{print $2}' ) + +PT1_FIXED_IP=$(neutron floatingip-list | grep $PT1_PORT_IP | awk '{print $4}' ) + +die_if_not_set $LINENO PT1_FIXED_IP "Floating IP not assigned to policy target" + + + +#############Cleanup############### + + +gbp policy-target-delete $PT2_ID +gbp policy-target-delete $PT1_ID +gbp group-delete $PTG_ID +gbp network-service-policy-delete $NSP_ID +gbp nat-pool-delete $NAT_POOL_ID +gbp external-segment-delete $EXT_SEGMENT_ID + +if [ "$EXT_NET_TO_BE_CLEANED_UP" = true ] ; then + neutron net-delete $EXT_NET_ID +fi + +set +o xtrace +echo "*********************************************************************" +echo "SUCCESS: End DevStack Exercise: $0" +echo "*********************************************************************" diff --git a/gbpservice/tests/contrib/devstack/exercises/gbp_servicechain.sh b/gbpservice/tests/contrib/devstack/exercises/gbp_servicechain.sh new file mode 100755 index 000000000..a4e4ad566 --- /dev/null +++ b/gbpservice/tests/contrib/devstack/exercises/gbp_servicechain.sh @@ -0,0 +1,149 @@ +#!/usr/bin/env bash + +# **gbp_servicechain.sh** + +# Sanity check that gbp servicechain plugin started if enabled + +echo "*********************************************************************" +echo "Begin DevStack Exercise: $0" +echo "*********************************************************************" + +# This script exits on an error so that errors don't compound and you see +# only the first error that occurred. +set -o errexit + +# Print the commands being run so that we can see the command that triggers +# an error. It is also useful for following redirecting as the install occurs. +set -o xtrace + + +# Settings +# ======== + +# Keep track of the current directory +EXERCISE_DIR=$(cd $(dirname "$0") && pwd) +TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) + +# Import common functions +source $TOP_DIR/functions + +# Import configuration +source $TOP_DIR/openrc + +# Import exercise configuration +source $TOP_DIR/exerciserc + +source $TOP_DIR/openrc demo demo + +function confirm_server_active { + local VM_UUID=$1 + if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then + echo "server '$VM_UUID' did not become active!" + false + fi +} + +gbp servicechain-node-create loadbalancer-node --template-file $TOP_DIR//gbp-templates/firewall-lb-servicechain/fw.template --servicetype FIREWALL +gbp servicechain-node-create firewall-node --template-file $TOP_DIR//gbp-templates/firewall-lb-servicechain/lb.template --servicetype LOADBALANCER + +gbp servicechain-spec-create firewall-loadbalancer-spec --description spec --nodes "firewall-node loadbalancer-node" + +gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet vip_ip_policy + +# Create allow action that can used in several rules +gbp policy-action-create allow --action-type allow + +# Create redirect action that can used in several rules +gbp policy-action-create redirect --action-type redirect --action-value firewall-loadbalancer-spec + +# Create ICMP rule +gbp policy-classifier-create icmp-traffic --protocol icmp --direction bi +gbp policy-rule-create ping-policy-rule --classifier icmp-traffic --actions allow + +# Create SSH Rule (Optional) +# gbp policy-classifier-create ssh-traffic --protocol tcp --port-range 22 --direction bi +# gbp policy-rule-create ssh-policy-rule --classifier ssh-traffic --actions allow + +# Create HTTP Rule +gbp policy-classifier-create web-traffic --protocol tcp --port-range 80 --direction in +gbp policy-rule-create web-policy-rule --classifier web-traffic --actions redirect + +# Create HTTPs Rule +gbp policy-classifier-create secure-web-traffic --protocol tcp --port-range 443 --direction in +gbp policy-rule-create secure-web-policy-rule --classifier secure-web-traffic --actions redirect + +# ICMP policy-rule-set +gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule + +# WEB policy-rule-set +gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule + +# ====== PROJECT OPERATION ====== +# PTGs creation +gbp group-create web +gbp group-create client-1 + +# PT creation +WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}") +CLIENT1_PORT=$(gbp policy-target-create client-pt-1 --policy-target-group client-1 | awk "/port_id/ {print \$4}") + +##TODO(Magesh): Add traffic testing and use namespace ports instead of launching VMs +WEB_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$WEB_PORT web-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` +die_if_not_set $LINENO WEB_VM_1_UUID "Failure launching web-vm-1" +confirm_server_active $WEB_VM_1_UUID + +CLIENT_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT1_PORT client-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'` +die_if_not_set $LINENO CLIENT_VM_1_UUID "Failure launching client-vm-1" +confirm_server_active $CLIENT_VM_1_UUID + + +####CHECKPOINT: No traffic flows and no Service Chain Instances or Services are created + +# policy-rule-set Association +gbp group-update client-1 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" +gbp group-update web --provided-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" --network-service-policy vip_ip_policy + +# Wait for the heat stacks to be setup completely +sleep 15 + +####CHECKPOINT: ICMP and HTTP work from app to web and vice versa and a Firewall and LoadBalancer services are created. + + +nova delete web-vm-1 +nova delete client-vm-1 + +if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then + die $LINENO "Some VMs failed to shutdown" +fi + +gbp policy-target-delete web-pt-1 +gbp policy-target-delete client-pt-1 + +gbp group-delete web +gbp group-delete client-1 + +gbp policy-rule-set-delete icmp-policy-rule-set +gbp policy-rule-set-delete web-policy-rule-set + +gbp policy-rule-delete secure-web-policy-rule +gbp policy-rule-delete web-policy-rule +gbp policy-rule-delete ping-policy-rule + +gbp policy-classifier-delete secure-web-traffic +gbp policy-classifier-delete web-traffic +gbp policy-classifier-delete icmp-traffic + +gbp policy-action-delete allow +gbp policy-action-delete redirect + +gbp network-service-policy-delete vip_ip_policy + +gbp servicechain-spec-delete firewall-loadbalancer-spec + +gbp servicechain-node-delete loadbalancer-node +gbp servicechain-node-delete firewall-node + +set +o xtrace +echo "*********************************************************************" +echo "SUCCESS: End DevStack Exercise: $0" +echo "*********************************************************************" diff --git a/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/demo.yaml b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/demo.yaml new file mode 100644 index 000000000..9b04c8d58 --- /dev/null +++ b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/demo.yaml @@ -0,0 +1,133 @@ +#!highlight yaml + +heat_template_version: 2013-05-23 + +resources: + +# Create firewall service chain node + sc_fw_node: + type: OS::Neutron::ServiceChainNode + properties: + name: SvcChainFWNode + service_type: FIREWALL + config: { get_file: fw.template } + +# Create loadbalancer service chain node + sc_lb_node: + type: OS::Neutron::ServiceChainNode + properties: + name: SvcChainLBNode + service_type: LOADBALANCER + config: { get_file: lb.template } + +# Tie the services into a chain + sc_spec: + type: OS::Neutron::ServiceChainSpec + properties: + name: svc_chain_spec + nodes: + - { get_resource: sc_fw_node } + - { get_resource: sc_lb_node } + +# Create a network service policy + vip_ip_policy: + type: OS::Neutron::NetworkServicePolicy + properties: + name: vip_ip_policy + network_service_params: + - type: ip_single + name: vip_ip + value: self_subnet + shared: True + +# Creating a classifier for all tcp traffic + any_tcp_classifier: + type: OS::Neutron::PolicyClassifier + properties: + name: any_tcp_classifier + protocol: tcp + direction: in + shared: True + +# Creating redirect action + redirect_to_chain: + type: OS::Neutron::PolicyAction + properties: + name: redirect_to_chain + action_type: redirect + action_value: { get_resource: sc_spec } + shared: False + +# Creating a policy rule set + tcp_traffic_rule: + type: OS::Neutron::PolicyRule + properties: + name: tcp_traffic_rule + policy_classifier_id: { get_resource: any_tcp_classifier } + policy_actions: [{ get_resource: redirect_to_chain }] + shared: False + + tcp_rule_set: + type: OS::Neutron::PolicyRuleSet + properties: + name: tcp_rule_set + policy_rules: [{ get_resource: tcp_traffic_rule }] + child_policy_rule_sets: [] + shared: False + +# Create EPGs for providers and consumers + app_ptg: + type: OS::Neutron::PolicyTargetGroup + properties: + name: app_ptg + provided_policy_rule_sets: + - policy_rule_set_id: { get_resource: tcp_rule_set } + policy_rule_set_scope: + network_service_policy_id: { get_resource: vip_ip_policy } + shared: False + + user_ptg: + type: OS::Neutron::PolicyTargetGroup + depends_on: app_server_pt + properties: + name: user_ptg + consumed_policy_rule_sets: + - policy_rule_set_id: { get_resource: tcp_rule_set } + policy_rule_set_scope: + shared: False + +# Create webserver + + app_server_pt: + type: OS::Neutron::PolicyTarget + properties: + name: app_server_pt + policy_target_group_id: { get_resource: app_ptg } + + app_server: + type: OS::Nova::Server + properties: + name: app_svr + image: cirros-0.3.2-x86_64-uec + flavor: m1.tiny + networks: + - port: {get_attr: [app_server_pt, port_id]} + +# Create a user + + user_server_pt: + type: OS::Neutron::PolicyTarget + properties: + name: user_server_pt + policy_target_group_id: { get_resource: user_ptg } + + user_server: + type: OS::Nova::Server + properties: + name: user_svr + image: cirros-0.3.2-x86_64-uec + flavor: m1.tiny + networks: + - port: {get_attr: [user_server_pt, port_id]} + + diff --git a/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/fw.template b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/fw.template new file mode 100644 index 000000000..6d70394a8 --- /dev/null +++ b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/fw.template @@ -0,0 +1,36 @@ +{ + "heat_template_version": "2013-05-23", + "resources": { + "Firewall_service": { + "type": "OS::Neutron::Firewall", + "properties": { + "admin_state_up": true, + "firewall_policy_id": {"get_resource": "Firewall_policy"}, + "name": "testFirewall", + "description": "test Firewall" + } + }, + "Firewall_policy": { + "type": "OS::Neutron::FirewallPolicy", + "properties": { + "shared": false, + "description": "test firewall policy", + "name": "testFWPolicy", + "firewall_rules": [{"get_resource": "Firewall_rule"}], + "audited": true + } + }, + "Firewall_rule": { + "type": "OS::Neutron::FirewallRule", + "properties": { + "protocol": "tcp", + "description": "firewall rule 1", + "enabled": true, + "destination_port": "80", + "shared": false, + "action": "allow", + "name": "testFw" + } + } + } +} diff --git a/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/lb.template b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/lb.template new file mode 100644 index 000000000..a02cb8b1d --- /dev/null +++ b/gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/lb.template @@ -0,0 +1,73 @@ +{ + "AWSTemplateFormatVersion" : "2010-09-09", + "Description": "Template to test Haproxy Loadbalacer service", + + "Parameters": { + "Subnet": { + "Description": "Pool Subnet CIDR, on which VIP port should be created", + "Type": "String" + }, + "PoolMemberIPs": { + "Description": "Pool Member IP Address", + "Type": "String" + }, + "vip_ip": { + "Description": "VIP IP Address", + "Type": "String" + } + }, + + "Resources" : { + "HttpHM": { + "Type": "OS::Neutron::HealthMonitor", + "Properties": { + "admin_state_up": true, + "delay": 20, + "expected_codes": "200", + "http_method": "GET", + "max_retries": 3, + "timeout": 10, + "type": "HTTP", + "url_path": "/" + } + }, + "HaproxyPool": { + "Type": "OS::Neutron::Pool", + "Properties": { + "admin_state_up": true, + "description": "Haproxy pool from teplate", + "lb_method": "ROUND_ROBIN", + "monitors": [{"Ref":"HttpHM"}], + "name": "Haproxy pool", + "protocol": "HTTP", + "subnet_id": {"Ref":"Subnet"}, + "vip": { + "subnet": {"Ref":"Subnet"}, + "address": {"Ref":"vip_ip"}, + "name": "Haproxy vip", + "protocol_port": 80, + "connection_limit": -1, + "admin_state_up": true, + "description": "Haproxy vip from template" + } + } + }, + "HaproxyLb": { + "Type": "OS::Neutron::LoadBalancer", + "Properties": { + "pool_id": {"Ref":"HaproxyPool"}, + "protocol_port": 80 + } + }, + "Member1": { + "Type": "OS::Neutron::PoolMember", + "Properties": { + "address": {"Ref":"PoolMemberIPs"}, + "admin_state_up": true, + "pool_id": {"Ref":"HaproxyPool"}, + "protocol_port": 80, + "weight": 1 + } + } + } +} diff --git a/gbpservice/tests/contrib/devstack/lib/gbp b/gbpservice/tests/contrib/devstack/lib/gbp new file mode 100644 index 000000000..3c14ec4ea --- /dev/null +++ b/gbpservice/tests/contrib/devstack/lib/gbp @@ -0,0 +1,59 @@ +# lib/gbp +# functions - functions specific to group-based-policy + +# Dependencies: +# ``functions`` file +# ``DEST`` must be defined +# ``STACK_USER`` must be defined + +# ``stack.sh`` calls the entry points in this order: +# +# - install_gbpservice +# - install_gbpclient +# - init_gbpservice +# +# ``unstack.sh`` calls the entry points in this order: + +# Set up default directories +GBPSERVICE_DIR=$DEST/group-based-policy +GBPCLIENT_DIR=$DEST/python-group-based-policy-client +GBPHEAT_DIR=$DEST/group-based-policy-automation +GBPUI_DIR=$DEST/group-based-policy-ui +NEUTRON_CONF_DIR=/etc/neutron +NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf + +# Save trace setting +XTRACE=$(set +o | grep xtrace) +set +o xtrace + + +# Functions +# --------- + +# init_gbpservice() - Initialize databases, etc. +function init_gbpservice { + # Run GBP db migrations + gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head +} + +# install_gbpservice() - Collect source and prepare +function install_gbpservice { + sed -i '/gbptestneutron/d' $GBPSERVICE_DIR/test-requirements.txt + setup_develop $GBPSERVICE_DIR +} + +# install_gbpclient() - Collect source and prepare +function install_gbpclient { + sudo rm -rf $GBPCLIENT_DIR + git_clone $GBPCLIENT_REPO $GBPCLIENT_DIR $GBPCLIENT_BRANCH + setup_develop $GBPCLIENT_DIR + sudo install -D -m 0644 -o $STACK_USER {$GBPCLIENT_DIR/tools/,/etc/bash_completion.d/}gbp.bash_completion +} + +# Restore xtrace +$XTRACE + +# Tell emacs to use shell-script-mode +## Local variables: +## mode: shell-script +## End: diff --git a/gbpservice/tests/contrib/devstack/local.conf b/gbpservice/tests/contrib/devstack/local.conf new file mode 100644 index 000000000..231ab867d --- /dev/null +++ b/gbpservice/tests/contrib/devstack/local.conf @@ -0,0 +1,74 @@ +[[local|localrc]] +ADMIN_PASSWORD=abc123 +MYSQL_PASSWORD=abc123 +RABBIT_PASSWORD=abc123 +SERVICE_PASSWORD=$ADMIN_PASSWORD +SERVICE_TOKEN=abc123 + +Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,servicechain + +# Using group-policy branches +# --------------------------- + +GIT_BASE=http://github.com + + +GBPSERVICE_REPO=${GIT_BASE}/stackforge/group-based-policy.git +GBPSERVICE_BRANCH=stable/juno +GBPUI_REPO=${GIT_BASE}/stackforge/group-based-policy-ui.git +GBPUI_BRANCH=stable/juno +GBPHEAT_REPO=${GIT_BASE}/stackforge/group-based-policy-automation.git +GBPHEAT_BRANCH=stable/juno +GBPCLIENT_REPO=${GIT_BASE}/stackforge/python-group-based-policy-client.git +GBPCLIENT_BRANCH=0.9.1 + +# Enable neutron for group-policy-poc +# ----------------------------------- +disable_service n-net +#disable_service h-eng +#disable_service h-api +#disable_service h-api-cfn +#disable_service h-api-cw +enable_service q-svc +enable_service q-agt +enable_service q-dhcp +enable_service q-l3 +enable_service q-fwaas +enable_service q-lbaas +enable_service q-meta +enable_service neutron +enable_service group-policy +disable_service tempest + +SYSLOG=True +DEST=/opt/stack/new +SCREEN_LOGDIR=$DEST/logs/screen +LOGFILE=$DEST/logs/stack.sh.log +SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,client-args,sec_groups,neutron-adv-test,floating_ips,horizon,gbp_heat + +#OFFLINE=True +RECLONE=True + +# Group-based Policy configuration +# Comment the lines below if you don't want to configure the datapath +# and use the dummy driver. +[[post-config|/etc/heat/heat.conf]] +[DEFAULT] +plugin_dirs=/opt/stack/gbpautomation/gbpautomation/heat + +[[post-config|/etc/neutron/neutron.conf]] +[group_policy] +policy_drivers=implicit_policy,resource_mapping + +[servicechain] +servicechain_drivers = simplechain_driver + +[quotas] +default_quota = -1 +quota_network = -1 +quota_subnet = -1 +quota_port = -1 +quota_security_group = -1 +quota_security_group_rule = -1 +quota_router = -1 +quota_floatingip = -1 diff --git a/gbpservice/tests/contrib/functions-gbp b/gbpservice/tests/contrib/functions-gbp index d8049b411..01877bc3a 100644 --- a/gbpservice/tests/contrib/functions-gbp +++ b/gbpservice/tests/contrib/functions-gbp @@ -7,6 +7,25 @@ SCRIPTS_DIR="/usr/local/jenkins/slave_scripts" LOGS_DIR="$NEW_BASE/logs" ARCHIVE_LOGS_DIR="$BASE/logs" +function prepare_gbp_devstack { + cd $TOP_DIR + sudo git checkout stable/juno + sudo cp $CONTRIB_DIR/devstack/local.conf $TOP_DIR/local.conf + sudo cp $CONTRIB_DIR/devstack/exercises/*.sh $TOP_DIR/exercises/ + sudo cp $CONTRIB_DIR/devstack/lib/* $TOP_DIR/lib/ + sudo cp -r $CONTRIB_DIR/devstack/gbp-templates $TOP_DIR + sudo sed -i "s/.*REQUIREMENTS_REPO.*/&\n sed -i 's\/.*python-neutronclient.*\/python-neutronclient==2.3.9\/g' \$REQUIREMENTS_DIR\/global-requirements.txt/g" $TOP_DIR/lib/infra + sudo sed -i 's/DEST=\/opt\/stack/DEST=\/opt\/stack\/new/g' $TOP_DIR/stackrc + sudo sed -i 's/exit 1/echo/g' $TOP_DIR/exercise.sh + sudo sed -i 's/source $TOP_DIR\/lib\/neutron-legacy/&\nsource $TOP_DIR\/lib\/gbp/g' $TOP_DIR/stack.sh + sudo sed -i 's/# Extras Configuration/source $TOP_DIR\/lib\/gbp\ninit_gbpservice\ninstall_gbpclient\n&/g' $TOP_DIR/stack.sh + sudo sed -i 's/echo_summary "Creating initial neutron network elements"//g' $TOP_DIR/stack.sh + sudo sed -i 's/create_neutron_initial_network//g' $TOP_DIR/stack.sh + source $TOP_DIR/functions + source $TOP_DIR/functions-common + pip_install -e $GBP_DIR +} + # Prepare the log files for Jenkins to upload function prepare_logs { cd $LOGS_DIR @@ -31,3 +50,27 @@ function generate_testr_results { sudo mv ./*.gz $ARCHIVE_LOGS_DIR/ fi } + +function check_residual_resources { + source $NEW_BASE/devstack/openrc $1 $2 + gbp l3policy-list + gbp l2policy-list + gbp group-list + gbp policy-target-list + gbp policy-rule-set-list + gbp policy-rule-list + gbp policy-classifier-list + gbp policy-action-list + gbp servicechain-instance-list + gbp servicechain-node-list + gbp servicechain-spec-list + gbp network-service-policy-list + gbp nat-pool-list + gbp external-policy-list + gbp external-segment-list + + neutron router-list + neutron net-list + neutron subnet-list + neutron port-list +} diff --git a/gbpservice/tests/contrib/gate_hook.sh b/gbpservice/tests/contrib/gate_hook.sh index b38fe308f..d7f6adcac 100644 --- a/gbpservice/tests/contrib/gate_hook.sh +++ b/gbpservice/tests/contrib/gate_hook.sh @@ -1,24 +1,14 @@ #!/bin/bash -cp /opt/stack/new/group-based-policy/gbpservice/tests/contrib/functions-gbp . +CONTRIB_DIR="$BASE/new/group-based-policy/gbpservice/tests/contrib" +cp $CONTRIB_DIR/functions-gbp . source functions-gbp set -x trap prepare_logs ERR -cd $TOP_DIR -sudo git remote add group-policy http://github.com/group-policy/devstack -sudo git fetch group-policy -sudo git checkout -t group-policy/test-fip-exercices-juno-gate - -CONTRIB_DIR="$BASE/new/group-based-policy/gbpservice/tests/contrib" - -source $TOP_DIR/functions -source $TOP_DIR/functions-common -sudo -H pip install httplib2 -install_package openvswitch-switch -pip_install -e /opt/stack/new/group-based-policy +prepare_gbp_devstack $TOP_DIR/stack.sh # Add a rootwrap filter to support test-only diff --git a/gbpservice/tests/contrib/post_test_hook.sh b/gbpservice/tests/contrib/post_test_hook.sh index e7d9b927f..8c1168264 100644 --- a/gbpservice/tests/contrib/post_test_hook.sh +++ b/gbpservice/tests/contrib/post_test_hook.sh @@ -6,16 +6,21 @@ set -x trap prepare_logs ERR +# Run exercise scripts +$TOP_DIR/exercise.sh # Check if any gbp exercises failed exercises_exit_code=0 if grep -qs "FAILED gbp*" $LOGS_DIR/*; then exercises_exit_code=1 fi -# Run integration tests +# Check if exercises left any resources undeleted +check_residual_resources admin admin +check_residual_resources admin demo +check_residual_resources demo demo + +# Run gbpfunc integration tests echo "Running gbpfunc test suite" -cd $NEW_BASE/devstack -source openrc demo demo cd $NEW_BASE sudo git clone https://github.com/noironetworks/devstack -b jishnub/testsuites gbpfunctests cd gbpfunctests/testcases/testcases_func