x/group-based-policy
Code Issues Proposed changes

Merge "Adding devstack artifacts for integration gate job" into stable/juno

Browse Source
This commit is contained in:
Jenkins
2015-07-02 04:41:01 +00:00
committed by Gerrit Code Review
parent b75662a30a c5dffd53a1
commit 17947efd58
11 changed files with 839 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
gbpservice/tests/contrib/devstack/exercises/gbp.sh Executable file
View File

@@ -0,0 +1,139 @@
#!/usr/bin/env bash
# **gbp.sh**
# Sanity check that gbp started if enabled
echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
echo "*********************************************************************"
# This script exits on an error so that errors don't compound and you see
# only the first error that occurred.
set -o errexit
# Print the commands being run so that we can see the command that triggers
# an error. It is also useful for following allowing as the install occurs.
set -o xtrace
# Settings
# ========
# Keep track of the current directory
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
source $TOP_DIR/functions
# Import configuration
source $TOP_DIR/openrc
# Import exercise configuration
source $TOP_DIR/exerciserc
source $TOP_DIR/openrc demo demo
function confirm_server_active {
local VM_UUID=$1
if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then
echo "server '$VM_UUID' did not become active!"
false
fi
}
# Create allow action that can used in several rules
gbp policy-action-create allow --action-type allow
# Create ICMP rule
gbp policy-classifier-create icmp-traffic --protocol icmp --direction bi
gbp policy-rule-create ping-policy-rule --classifier icmp-traffic --actions allow
# Create SSH Rule (Optional)
# gbp policy-classifier-create ssh-traffic --protocol tcp --port-range 22 --direction bi
# gbp policy-rule-create ssh-policy-rule --classifier ssh-traffic --actions allow
# Create HTTP Rule
gbp policy-classifier-create web-traffic --protocol tcp --port-range 80 --direction in
gbp policy-rule-create web-policy-rule --classifier web-traffic --actions allow
# Create HTTPs Rule
gbp policy-classifier-create secure-web-traffic --protocol tcp --port-range 443 --direction in
gbp policy-rule-create secure-web-policy-rule --classifier secure-web-traffic --actions allow
# ICMP policy-rule-set
gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
# WEB policy-rule-set
gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
# ====== PROJECT OPERATION ======
# PTGs creation
gbp group-create web
gbp group-create client-1
gbp group-create client-2
# PT creation
WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
CLIENT1_PORT=$(gbp policy-target-create client-pt-1 --policy-target-group client-1 | awk "/port_id/ {print \$4}")
CLIENT2_PORT=$(gbp policy-target-create client-pt-2 --policy-target-group client-2 | awk "/port_id/ {print \$4}")
WEB_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$WEB_PORT web-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
die_if_not_set $LINENO WEB_VM_1_UUID "Failure launching web-vm-1"
confirm_server_active $WEB_VM_1_UUID
CLIENT_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT1_PORT client-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
die_if_not_set $LINENO CLIENT_VM_1_UUID "Failure launching client-vm-1"
confirm_server_active $CLIENT_VM_1_UUID
CLIENT_VM_2_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT2_PORT client-vm-2 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
die_if_not_set $LINENO CLIENT_VM_2_UUID "Failure launching client-vm-2"
confirm_server_active $CLIENT_VM_2_UUID
####CHECKPOINT: No traffic flows
# policy-rule-set Association
gbp group-update client-1 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope"
gbp group-update client-2 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope"
gbp group-update web --provided-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope"
####CHECKPOINT: ICMP and HTTP work from app to web and vice versa
gbp policy-rule-set-update web-policy-rule-set --policy-rules "secure-web-policy-rule"
####CHECKPOINT: HTTP stops working for both the client PTGs, HTTPs is now enabled
nova delete web-vm-1
nova delete client-vm-1
nova delete client-vm-2
if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
die $LINENO "Some VMs failed to shutdown"
fi
gbp policy-target-delete web-pt-1
gbp policy-target-delete client-pt-1
gbp policy-target-delete client-pt-2
gbp group-delete web
gbp group-delete client-1
gbp group-delete client-2
gbp policy-rule-set-delete icmp-policy-rule-set
gbp policy-rule-set-delete web-policy-rule-set
gbp policy-rule-delete secure-web-policy-rule
gbp policy-rule-delete web-policy-rule
gbp policy-rule-delete ping-policy-rule
gbp policy-classifier-delete secure-web-traffic
gbp policy-classifier-delete web-traffic
gbp policy-classifier-delete icmp-traffic
gbp policy-action-delete allow
set +o xtrace
echo "*********************************************************************"
echo "SUCCESS: End DevStack Exercise: $0"
echo "*********************************************************************"

122
gbpservice/tests/contrib/devstack/exercises/gbp_fip.sh Executable file
View File

@@ -0,0 +1,122 @@
#!/usr/bin/env bash
# **gbp_fip.sh**
# Sanity check that gbp fip support works if enabled
echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
echo "*********************************************************************"
# This script exits on an error so that errors don't compound and you see
# only the first error that occurred.
set -o errexit
# Print the commands being run so that we can see the command that triggers
# an error. It is also useful for following allowing as the install occurs.
set -o xtrace
# Settings
# ========
# Keep track of the current directory
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
source $TOP_DIR/functions
# Import configuration
source $TOP_DIR/openrc
# Import exercise configuration
source $TOP_DIR/exerciserc
source $TOP_DIR/openrc admin admin
function confirm_server_active {
local VM_UUID=$1
if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then
echo "server '$VM_UUID' did not become active!"
false
fi
}
EXT_NET_ID=$(neutron net-list --router:external -c id | grep -v id | awk '{print $2}' )
EXT_NET_TO_BE_CLEANED_UP=false
if [ -z "$EXT_NET_ID" ] ; then
EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
EXT_SUBNET_ID=$(neutron subnet-create --ip_version 4 --gateway 172.16.73.1 --name public-subnet $EXT_NET_ID 172.16.73.0/24 | grep ' id ' | get_field 2)
EXT_NET_TO_BE_CLEANED_UP=true
else
EXT_NET_ID=$(neutron net-list --router:external -c id | grep -v id | awk '{print $2}' )
EXT_SUBNET_ID=$(neutron net-show $EXT_NET_ID | grep subnets | awk '{print $4}' )
fi
die_if_not_set $LINENO EXT_SUBNET_ID "Failure creating external network"
EXT_SUBNET_CIDR=$(neutron subnet-show $EXT_SUBNET_ID | grep cidr | awk '{print $4}' )
EXT_SUBNET_GW=$(neutron subnet-show $EXT_SUBNET_ID | grep gateway_ip | awk '{print $4}' )
EXT_SEGMENT_ID=$(gbp external-segment-create --ip-version 4 --external-route destination=0.0.0.0/0,nexthop=$EXT_SUBNET_GW --shared True --subnet_id=$EXT_SUBNET_ID --cidr $EXT_SUBNET_CIDR default | grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO EXT_SEGMENT_ID "Failure creating external segment"
NAT_POOL_ID=$(gbp nat-pool-create --ip-version 4 --ip-pool $EXT_SUBNET_CIDR --external-segment $EXT_SEGMENT_ID ext_nat_pool | grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO NAT_POOL_ID "Failure creating nat pool"
NSP_ID=$(gbp network-service-policy-create --network-service-params type=ip_pool,name=nat_fip,value=nat_pool nat_pool_nsp | grep ' id ' | awk '{print $4}' )
PTG_ID=$(gbp group-create --network-service-policy nat_pool_nsp provider_ptg | grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO PTG_ID "Failure creating ptg"
PT1_ID=$(gbp policy-target-create --policy-target-group provider_ptg provider_pt1 | grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO PT1_ID "Failure creating policy target"
PT2_ID=$(gbp policy-target-create --policy-target-group provider_ptg provider_pt2 | grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO PT2_ID "Failure creating policy target"
PT2_PORT_ID=$(gbp policy-target-show $PT2_ID | grep ' port_id ' | awk '{print $4}' )
PT2_PORT_IP=$(neutron port-show $PT2_PORT_ID | grep ' fixed_ips ' | awk '{print $7}' | awk -F '"' '{print $2}' )
PT2_FIXED_IP=$(neutron floatingip-list | grep $PT2_PORT_IP | awk '{print $4}' )
die_if_not_set $LINENO PT2_FIXED_IP "Floating IP not assigned to policy target"
PT1_PORT_ID=$(gbp policy-target-show $PT1_ID | grep ' port_id ' | awk '{print $4}' )
PT1_PORT_IP=$(neutron port-show $PT1_PORT_ID | grep ' fixed_ips ' | awk '{print $7}' | awk -F '"' '{print $2}' )
PT1_FIXED_IP=$(neutron floatingip-list | grep $PT1_PORT_IP | awk '{print $4}' )
die_if_not_set $LINENO PT1_FIXED_IP "Floating IP not assigned to policy target"
#############Cleanup###############
gbp policy-target-delete $PT2_ID
gbp policy-target-delete $PT1_ID
gbp group-delete $PTG_ID
gbp network-service-policy-delete $NSP_ID
gbp nat-pool-delete $NAT_POOL_ID
gbp external-segment-delete $EXT_SEGMENT_ID
if [ "$EXT_NET_TO_BE_CLEANED_UP" = true ] ; then
neutron net-delete $EXT_NET_ID
fi
set +o xtrace
echo "*********************************************************************"
echo "SUCCESS: End DevStack Exercise: $0"
echo "*********************************************************************"

149
gbpservice/tests/contrib/devstack/exercises/gbp_servicechain.sh Executable file
View File

@@ -0,0 +1,149 @@
#!/usr/bin/env bash
# **gbp_servicechain.sh**
# Sanity check that gbp servicechain plugin started if enabled
echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
echo "*********************************************************************"
# This script exits on an error so that errors don't compound and you see
# only the first error that occurred.
set -o errexit
# Print the commands being run so that we can see the command that triggers
# an error. It is also useful for following redirecting as the install occurs.
set -o xtrace
# Settings
# ========
# Keep track of the current directory
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
source $TOP_DIR/functions
# Import configuration
source $TOP_DIR/openrc
# Import exercise configuration
source $TOP_DIR/exerciserc
source $TOP_DIR/openrc demo demo
function confirm_server_active {
local VM_UUID=$1
if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then
echo "server '$VM_UUID' did not become active!"
false
fi
}
gbp servicechain-node-create loadbalancer-node --template-file $TOP_DIR//gbp-templates/firewall-lb-servicechain/fw.template --servicetype FIREWALL
gbp servicechain-node-create firewall-node --template-file $TOP_DIR//gbp-templates/firewall-lb-servicechain/lb.template --servicetype LOADBALANCER
gbp servicechain-spec-create firewall-loadbalancer-spec --description spec --nodes "firewall-node loadbalancer-node"
gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet vip_ip_policy
# Create allow action that can used in several rules
gbp policy-action-create allow --action-type allow
# Create redirect action that can used in several rules
gbp policy-action-create redirect --action-type redirect --action-value firewall-loadbalancer-spec
# Create ICMP rule
gbp policy-classifier-create icmp-traffic --protocol icmp --direction bi
gbp policy-rule-create ping-policy-rule --classifier icmp-traffic --actions allow
# Create SSH Rule (Optional)
# gbp policy-classifier-create ssh-traffic --protocol tcp --port-range 22 --direction bi
# gbp policy-rule-create ssh-policy-rule --classifier ssh-traffic --actions allow
# Create HTTP Rule
gbp policy-classifier-create web-traffic --protocol tcp --port-range 80 --direction in
gbp policy-rule-create web-policy-rule --classifier web-traffic --actions redirect
# Create HTTPs Rule
gbp policy-classifier-create secure-web-traffic --protocol tcp --port-range 443 --direction in
gbp policy-rule-create secure-web-policy-rule --classifier secure-web-traffic --actions redirect
# ICMP policy-rule-set
gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
# WEB policy-rule-set
gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
# ====== PROJECT OPERATION ======
# PTGs creation
gbp group-create web
gbp group-create client-1
# PT creation
WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
CLIENT1_PORT=$(gbp policy-target-create client-pt-1 --policy-target-group client-1 | awk "/port_id/ {print \$4}")
##TODO(Magesh): Add traffic testing and use namespace ports instead of launching VMs
WEB_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$WEB_PORT web-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
die_if_not_set $LINENO WEB_VM_1_UUID "Failure launching web-vm-1"
confirm_server_active $WEB_VM_1_UUID
CLIENT_VM_1_UUID=`nova boot --flavor m1.tiny --image cirros-0.3.2-x86_64-uec --nic port-id=$CLIENT1_PORT client-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
die_if_not_set $LINENO CLIENT_VM_1_UUID "Failure launching client-vm-1"
confirm_server_active $CLIENT_VM_1_UUID
####CHECKPOINT: No traffic flows and no Service Chain Instances or Services are created
# policy-rule-set Association
gbp group-update client-1 --consumed-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope"
gbp group-update web --provided-policy-rule-sets "icmp-policy-rule-set=scope,web-policy-rule-set=scope" --network-service-policy vip_ip_policy
# Wait for the heat stacks to be setup completely
sleep 15
####CHECKPOINT: ICMP and HTTP work from app to web and vice versa and a Firewall and LoadBalancer services are created.
nova delete web-vm-1
nova delete client-vm-1
if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
die $LINENO "Some VMs failed to shutdown"
fi
gbp policy-target-delete web-pt-1
gbp policy-target-delete client-pt-1
gbp group-delete web
gbp group-delete client-1
gbp policy-rule-set-delete icmp-policy-rule-set
gbp policy-rule-set-delete web-policy-rule-set
gbp policy-rule-delete secure-web-policy-rule
gbp policy-rule-delete web-policy-rule
gbp policy-rule-delete ping-policy-rule
gbp policy-classifier-delete secure-web-traffic
gbp policy-classifier-delete web-traffic
gbp policy-classifier-delete icmp-traffic
gbp policy-action-delete allow
gbp policy-action-delete redirect
gbp network-service-policy-delete vip_ip_policy
gbp servicechain-spec-delete firewall-loadbalancer-spec
gbp servicechain-node-delete loadbalancer-node
gbp servicechain-node-delete firewall-node
set +o xtrace
echo "*********************************************************************"
echo "SUCCESS: End DevStack Exercise: $0"
echo "*********************************************************************"

133
gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/demo.yaml Normal file
View File

@@ -0,0 +1,133 @@
#!highlight yaml
heat_template_version: 2013-05-23
resources:
# Create firewall service chain node
sc_fw_node:
type: OS::Neutron::ServiceChainNode
properties:
name: SvcChainFWNode
service_type: FIREWALL
config: { get_file: fw.template }
# Create loadbalancer service chain node
sc_lb_node:
type: OS::Neutron::ServiceChainNode
properties:
name: SvcChainLBNode
service_type: LOADBALANCER
config: { get_file: lb.template }
# Tie the services into a chain
sc_spec:
type: OS::Neutron::ServiceChainSpec
properties:
name: svc_chain_spec
nodes:
- { get_resource: sc_fw_node }
- { get_resource: sc_lb_node }
# Create a network service policy
vip_ip_policy:
type: OS::Neutron::NetworkServicePolicy
properties:
name: vip_ip_policy
network_service_params:
- type: ip_single
name: vip_ip
value: self_subnet
shared: True
# Creating a classifier for all tcp traffic
any_tcp_classifier:
type: OS::Neutron::PolicyClassifier
properties:
name: any_tcp_classifier
protocol: tcp
direction: in
shared: True
# Creating redirect action
redirect_to_chain:
type: OS::Neutron::PolicyAction
properties:
name: redirect_to_chain
action_type: redirect
action_value: { get_resource: sc_spec }
shared: False
# Creating a policy rule set
tcp_traffic_rule:
type: OS::Neutron::PolicyRule
properties:
name: tcp_traffic_rule
policy_classifier_id: { get_resource: any_tcp_classifier }
policy_actions: [{ get_resource: redirect_to_chain }]
shared: False
tcp_rule_set:
type: OS::Neutron::PolicyRuleSet
properties:
name: tcp_rule_set
policy_rules: [{ get_resource: tcp_traffic_rule }]
child_policy_rule_sets: []
shared: False
# Create EPGs for providers and consumers
app_ptg:
type: OS::Neutron::PolicyTargetGroup
properties:
name: app_ptg
provided_policy_rule_sets:
- policy_rule_set_id: { get_resource: tcp_rule_set }
policy_rule_set_scope:
network_service_policy_id: { get_resource: vip_ip_policy }
shared: False
user_ptg:
type: OS::Neutron::PolicyTargetGroup
depends_on: app_server_pt
properties:
name: user_ptg
consumed_policy_rule_sets:
- policy_rule_set_id: { get_resource: tcp_rule_set }
policy_rule_set_scope:
shared: False
# Create webserver
app_server_pt:
type: OS::Neutron::PolicyTarget
properties:
name: app_server_pt
policy_target_group_id: { get_resource: app_ptg }
app_server:
type: OS::Nova::Server
properties:
name: app_svr
image: cirros-0.3.2-x86_64-uec
flavor: m1.tiny
networks:
- port: {get_attr: [app_server_pt, port_id]}
# Create a user
user_server_pt:
type: OS::Neutron::PolicyTarget
properties:
name: user_server_pt
policy_target_group_id: { get_resource: user_ptg }
user_server:
type: OS::Nova::Server
properties:
name: user_svr
image: cirros-0.3.2-x86_64-uec
flavor: m1.tiny
networks:
- port: {get_attr: [user_server_pt, port_id]}

36
gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/fw.template Normal file
View File

@@ -0,0 +1,36 @@
{
"heat_template_version": "2013-05-23",
"resources": {
"Firewall_service": {
"type": "OS::Neutron::Firewall",
"properties": {
"admin_state_up": true,
"firewall_policy_id": {"get_resource": "Firewall_policy"},
"name": "testFirewall",
"description": "test Firewall"
}
},
"Firewall_policy": {
"type": "OS::Neutron::FirewallPolicy",
"properties": {
"shared": false,
"description": "test firewall policy",
"name": "testFWPolicy",
"firewall_rules": [{"get_resource": "Firewall_rule"}],
"audited": true
}
},
"Firewall_rule": {
"type": "OS::Neutron::FirewallRule",
"properties": {
"protocol": "tcp",
"description": "firewall rule 1",
"enabled": true,
"destination_port": "80",
"shared": false,
"action": "allow",
"name": "testFw"
}
}
}
}

73
gbpservice/tests/contrib/devstack/gbp-templates/firewall-lb-servicechain/lb.template Normal file
View File

@@ -0,0 +1,73 @@
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description": "Template to test Haproxy Loadbalacer service",
"Parameters": {
"Subnet": {
"Description": "Pool Subnet CIDR, on which VIP port should be created",
"Type": "String"
},
"PoolMemberIPs": {
"Description": "Pool Member IP Address",
"Type": "String"
},
"vip_ip": {
"Description": "VIP IP Address",
"Type": "String"
}
},
"Resources" : {
"HttpHM": {
"Type": "OS::Neutron::HealthMonitor",
"Properties": {
"admin_state_up": true,
"delay": 20,
"expected_codes": "200",
"http_method": "GET",
"max_retries": 3,
"timeout": 10,
"type": "HTTP",
"url_path": "/"
}
},
"HaproxyPool": {
"Type": "OS::Neutron::Pool",
"Properties": {
"admin_state_up": true,
"description": "Haproxy pool from teplate",
"lb_method": "ROUND_ROBIN",
"monitors": [{"Ref":"HttpHM"}],
"name": "Haproxy pool",
"protocol": "HTTP",
"subnet_id": {"Ref":"Subnet"},
"vip": {
"subnet": {"Ref":"Subnet"},
"address": {"Ref":"vip_ip"},
"name": "Haproxy vip",
"protocol_port": 80,
"connection_limit": -1,
"admin_state_up": true,
"description": "Haproxy vip from template"
}
}
},
"HaproxyLb": {
"Type": "OS::Neutron::LoadBalancer",
"Properties": {
"pool_id": {"Ref":"HaproxyPool"},
"protocol_port": 80
}
},
"Member1": {
"Type": "OS::Neutron::PoolMember",
"Properties": {
"address": {"Ref":"PoolMemberIPs"},
"admin_state_up": true,
"pool_id": {"Ref":"HaproxyPool"},
"protocol_port": 80,
"weight": 1
}
}
}
}

59
gbpservice/tests/contrib/devstack/lib/gbp Normal file
View File

@@ -0,0 +1,59 @@
# lib/gbp
# functions - functions specific to group-based-policy
# Dependencies:
# ``functions`` file
# ``DEST`` must be defined
# ``STACK_USER`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# - install_gbpservice
# - install_gbpclient
# - init_gbpservice
#
# ``unstack.sh`` calls the entry points in this order:
# Set up default directories
GBPSERVICE_DIR=$DEST/group-based-policy
GBPCLIENT_DIR=$DEST/python-group-based-policy-client
GBPHEAT_DIR=$DEST/group-based-policy-automation
GBPUI_DIR=$DEST/group-based-policy-ui
NEUTRON_CONF_DIR=/etc/neutron
NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Functions
# ---------
# init_gbpservice() - Initialize databases, etc.
function init_gbpservice {
# Run GBP db migrations
gbp-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
}
# install_gbpservice() - Collect source and prepare
function install_gbpservice {
sed -i '/gbptestneutron/d' $GBPSERVICE_DIR/test-requirements.txt
setup_develop $GBPSERVICE_DIR
}
# install_gbpclient() - Collect source and prepare
function install_gbpclient {
sudo rm -rf $GBPCLIENT_DIR
git_clone $GBPCLIENT_REPO $GBPCLIENT_DIR $GBPCLIENT_BRANCH
setup_develop $GBPCLIENT_DIR
sudo install -D -m 0644 -o $STACK_USER {$GBPCLIENT_DIR/tools/,/etc/bash_completion.d/}gbp.bash_completion
}
# Restore xtrace
$XTRACE
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End:

74
gbpservice/tests/contrib/devstack/local.conf Normal file
View File

@@ -0,0 +1,74 @@
[[local|localrc]]
ADMIN_PASSWORD=abc123
MYSQL_PASSWORD=abc123
RABBIT_PASSWORD=abc123
SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=abc123
Q_SERVICE_PLUGIN_CLASSES=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,group_policy,servicechain
# Using group-policy branches
# ---------------------------
GIT_BASE=http://github.com
GBPSERVICE_REPO=${GIT_BASE}/stackforge/group-based-policy.git
GBPSERVICE_BRANCH=stable/juno
GBPUI_REPO=${GIT_BASE}/stackforge/group-based-policy-ui.git
GBPUI_BRANCH=stable/juno
GBPHEAT_REPO=${GIT_BASE}/stackforge/group-based-policy-automation.git
GBPHEAT_BRANCH=stable/juno
GBPCLIENT_REPO=${GIT_BASE}/stackforge/python-group-based-policy-client.git
GBPCLIENT_BRANCH=0.9.1
# Enable neutron for group-policy-poc
# -----------------------------------
disable_service n-net
#disable_service h-eng
#disable_service h-api
#disable_service h-api-cfn
#disable_service h-api-cw
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-fwaas
enable_service q-lbaas
enable_service q-meta
enable_service neutron
enable_service group-policy
disable_service tempest
SYSLOG=True
DEST=/opt/stack/new
SCREEN_LOGDIR=$DEST/logs/screen
LOGFILE=$DEST/logs/stack.sh.log
SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,client-args,sec_groups,neutron-adv-test,floating_ips,horizon,gbp_heat
#OFFLINE=True
RECLONE=True
# Group-based Policy configuration
# Comment the lines below if you don't want to configure the datapath
# and use the dummy driver.
[[post-config|/etc/heat/heat.conf]]
[DEFAULT]
plugin_dirs=/opt/stack/gbpautomation/gbpautomation/heat
[[post-config|/etc/neutron/neutron.conf]]
[group_policy]
policy_drivers=implicit_policy,resource_mapping
[servicechain]
servicechain_drivers = simplechain_driver
[quotas]
default_quota = -1
quota_network = -1
quota_subnet = -1
quota_port = -1
quota_security_group = -1
quota_security_group_rule = -1
quota_router = -1
quota_floatingip = -1

43
gbpservice/tests/contrib/functions-gbp
View File

@@ -7,6 +7,25 @@ SCRIPTS_DIR="/usr/local/jenkins/slave_scripts"
LOGS_DIR="$NEW_BASE/logs"
ARCHIVE_LOGS_DIR="$BASE/logs"
function prepare_gbp_devstack {
cd $TOP_DIR
sudo git checkout stable/juno
sudo cp $CONTRIB_DIR/devstack/local.conf $TOP_DIR/local.conf
sudo cp $CONTRIB_DIR/devstack/exercises/*.sh $TOP_DIR/exercises/
sudo cp $CONTRIB_DIR/devstack/lib/* $TOP_DIR/lib/
sudo cp -r $CONTRIB_DIR/devstack/gbp-templates $TOP_DIR
sudo sed -i "s/.*REQUIREMENTS_REPO.*/&\n sed -i 's\/.*python-neutronclient.*\/python-neutronclient==2.3.9\/g' \$REQUIREMENTS_DIR\/global-requirements.txt/g" $TOP_DIR/lib/infra
sudo sed -i 's/DEST=\/opt\/stack/DEST=\/opt\/stack\/new/g' $TOP_DIR/stackrc
sudo sed -i 's/exit 1/echo/g' $TOP_DIR/exercise.sh
sudo sed -i 's/source $TOP_DIR\/lib\/neutron-legacy/&\nsource $TOP_DIR\/lib\/gbp/g' $TOP_DIR/stack.sh
sudo sed -i 's/# Extras Configuration/source $TOP_DIR\/lib\/gbp\ninit_gbpservice\ninstall_gbpclient\n&/g' $TOP_DIR/stack.sh
sudo sed -i 's/echo_summary "Creating initial neutron network elements"//g' $TOP_DIR/stack.sh
sudo sed -i 's/create_neutron_initial_network//g' $TOP_DIR/stack.sh
source $TOP_DIR/functions
source $TOP_DIR/functions-common
pip_install -e $GBP_DIR
}
# Prepare the log files for Jenkins to upload
function prepare_logs {
cd $LOGS_DIR
@@ -31,3 +50,27 @@ function generate_testr_results {
sudo mv ./*.gz $ARCHIVE_LOGS_DIR/
fi
}
function check_residual_resources {
source $NEW_BASE/devstack/openrc $1 $2
gbp l3policy-list
gbp l2policy-list
gbp group-list
gbp policy-target-list
gbp policy-rule-set-list
gbp policy-rule-list
gbp policy-classifier-list
gbp policy-action-list
gbp servicechain-instance-list
gbp servicechain-node-list
gbp servicechain-spec-list
gbp network-service-policy-list
gbp nat-pool-list
gbp external-policy-list
gbp external-segment-list
neutron router-list
neutron net-list
neutron subnet-list
neutron port-list
}

16
gbpservice/tests/contrib/gate_hook.sh
View File

@@ -1,24 +1,14 @@
#!/bin/bash
cp /opt/stack/new/group-based-policy/gbpservice/tests/contrib/functions-gbp .
CONTRIB_DIR="$BASE/new/group-based-policy/gbpservice/tests/contrib"
cp $CONTRIB_DIR/functions-gbp .
source functions-gbp
set -x
trap prepare_logs ERR
cd $TOP_DIR
sudo git remote add group-policy http://github.com/group-policy/devstack
sudo git fetch group-policy
sudo git checkout -t group-policy/test-fip-exercices-juno-gate
CONTRIB_DIR="$BASE/new/group-based-policy/gbpservice/tests/contrib"
source $TOP_DIR/functions
source $TOP_DIR/functions-common
sudo -H pip install httplib2
install_package openvswitch-switch
pip_install -e /opt/stack/new/group-based-policy
prepare_gbp_devstack
$TOP_DIR/stack.sh
# Add a rootwrap filter to support test-only

11
gbpservice/tests/contrib/post_test_hook.sh
View File

@@ -6,16 +6,21 @@ set -x
trap prepare_logs ERR
# Run exercise scripts
$TOP_DIR/exercise.sh
# Check if any gbp exercises failed
exercises_exit_code=0
if grep -qs "FAILED gbp*" $LOGS_DIR/*; then
exercises_exit_code=1
fi
# Run integration tests
# Check if exercises left any resources undeleted
check_residual_resources admin admin
check_residual_resources admin demo
check_residual_resources demo demo
# Run gbpfunc integration tests
echo "Running gbpfunc test suite"
cd $NEW_BASE/devstack
source openrc demo demo
cd $NEW_BASE
sudo git clone https://github.com/noironetworks/devstack -b jishnub/testsuites gbpfunctests
cd gbpfunctests/testcases/testcases_func