Splitting NFP integration tests - part 2
The new gate job for NFP is now functional. So this patch removes the NFP test configuration and invocation from the GBP integration job. Change-Id: I92ce283b839ba0cde53c826f5bba298bd03c7d80
This commit is contained in:
Sumit Naiksatam
parent
775c0f7203
commit
d420f04383
@ -1,138 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# **fw.sh**
|
||||
|
||||
# Sanity check that firewall service is created with NFP
|
||||
|
||||
echo "*********************************************************************"
|
||||
echo "Begin NFP Exercise: $0"
|
||||
echo "*********************************************************************"
|
||||
|
||||
# Settings
|
||||
# ========
|
||||
|
||||
# This script exits on an error so that errors don't compound and you see
|
||||
# only the first error that occurred.
|
||||
set -o errexit
|
||||
|
||||
# Keep track of the current directory
|
||||
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
||||
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
||||
|
||||
source $TOP_DIR/openrc neutron service
|
||||
|
||||
create_gbp_resources() {
|
||||
gbp servicechain-node-create --service-profile base_mode_fw --template-file $TOP_DIR/nfp-templates/fw_template.yml FWNODE
|
||||
gbp servicechain-spec-create --nodes "FWNODE" fw-chainspec
|
||||
gbp policy-action-create --action-type REDIRECT --action-value fw-chainspec redirect-to-fw
|
||||
gbp policy-action-create --action-type ALLOW allow-to-fw
|
||||
gbp policy-classifier-create --protocol tcp --direction bi fw-web-classifier-tcp
|
||||
gbp policy-classifier-create --protocol udp --direction bi fw-web-classifier-udp
|
||||
gbp policy-classifier-create --protocol icmp --direction bi fw-web-classifier-icmp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions redirect-to-fw fw-web-redirect-rule
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions allow-to-fw fw-web-allow-rule-tcp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-udp --actions allow-to-fw fw-web-allow-rule-udp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-icmp --actions allow-to-fw fw-web-allow-rule-icmp
|
||||
gbp policy-rule-set-create --policy-rules "fw-web-redirect-rule fw-web-allow-rule-tcp fw-web-allow-rule-udp fw-web-allow-rule-icmp" fw-webredirect-ruleset
|
||||
gbp group-create fw-consumer --consumed-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
gbp group-create fw-provider --provided-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
}
|
||||
|
||||
delete_gbp_resources() {
|
||||
gbp group-delete fw-provider
|
||||
gbp group-delete fw-consumer
|
||||
gbp policy-rule-set-delete fw-webredirect-ruleset
|
||||
gbp policy-rule-delete fw-web-redirect-rule
|
||||
gbp policy-rule-delete fw-web-allow-rule-tcp
|
||||
gbp policy-rule-delete fw-web-allow-rule-icmp
|
||||
gbp policy-rule-delete fw-web-allow-rule-udp
|
||||
gbp policy-classifier-delete fw-web-classifier-tcp
|
||||
gbp policy-classifier-delete fw-web-classifier-icmp
|
||||
gbp policy-classifier-delete fw-web-classifier-udp
|
||||
gbp policy-action-delete redirect-to-fw
|
||||
gbp policy-action-delete allow-to-fw
|
||||
gbp servicechain-spec-delete fw-chainspec
|
||||
gbp servicechain-node-delete FWNODE
|
||||
}
|
||||
|
||||
validate_gbp_resources() {
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain creation Succeded"
|
||||
else
|
||||
echo "Chain creation failed"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_firewall_resources() {
|
||||
FirewallRuleCount=`neutron firewall-rule-list -f value | grep Rule | wc -l`
|
||||
if [ "$FirewallRuleCount" -eq "4" ]; then
|
||||
echo "Firewall Rule resource created"
|
||||
else
|
||||
echo "Firewall Rule resource not created"
|
||||
fi
|
||||
|
||||
FirewallPolicyCount=`neutron firewall-policy-list -f value | grep fw | wc -l`
|
||||
if [ "$FirewallPolicyCount" -eq "1" ]; then
|
||||
echo "Firewall Policy resource created"
|
||||
else
|
||||
echo "Firewall Policy resource not created"
|
||||
fi
|
||||
|
||||
FirewallCount=`neutron firewall-list -f value | wc -l`
|
||||
if [ "$FirewallCount" -eq "1" ]; then
|
||||
echo "Firewall resource created"
|
||||
FirewallUUID=`neutron firewall-list -f value | awk '{print $1}'`
|
||||
FirewallStatus=`neutron firewall-show $FirewallUUID -f value -c status`
|
||||
echo "Firewall resource is in $FirewallStatus state"
|
||||
else
|
||||
echo "Firewall resource not created"
|
||||
fi
|
||||
}
|
||||
|
||||
update_gbp_resources() {
|
||||
# Update existing chain, by removing 2 rules
|
||||
#gbp servicechain-node-update FWNODE --template-file $TOP_DIR/nfp-templates/fw_updated_template.yml
|
||||
|
||||
#FirewallRuleCount=`neutron firewall-rule-list -f value | wc -l`
|
||||
#if [ "$FirewallRuleCount" -eq "2" ]; then
|
||||
# echo "Chain created"
|
||||
#else
|
||||
# echo "Chain not created"
|
||||
#fi
|
||||
|
||||
gbp group-delete fw-provider
|
||||
gbp group-delete fw-consumer
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain deleted"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
# Service chain creation/deletion through PRS update
|
||||
gbp group-create fw-consumer --consumed-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
gbp group-create fw-provider
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain not created"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
gbp group-update fw-provider --provided-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain created"
|
||||
else
|
||||
echo "Chain not created"
|
||||
fi
|
||||
}
|
||||
|
||||
create_gbp_resources
|
||||
validate_gbp_resources
|
||||
validate_firewall_resources
|
||||
|
||||
update_gbp_resources
|
||||
|
||||
delete_gbp_resources
|
||||
@ -1,204 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# **fw_lb.sh**
|
||||
|
||||
# Sanity check that firewall and loadbalancer service chain is created with NFP
|
||||
|
||||
echo "*********************************************************************"
|
||||
echo "Begin NFP Exercise: $0"
|
||||
echo "*********************************************************************"
|
||||
|
||||
# Settings
|
||||
# ========
|
||||
|
||||
# This script exits on an error so that errors don't compound and you see
|
||||
# only the first error that occurred.
|
||||
set -o errexit
|
||||
|
||||
# Keep track of the current directory
|
||||
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
||||
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
||||
|
||||
source $TOP_DIR/openrc neutron service
|
||||
|
||||
create_gbp_resources() {
|
||||
# E-W insertion
|
||||
gbp servicechain-node-create --service-profile base_mode_fw --template-file $TOP_DIR/nfp-templates/fw_template.yml FW_LB-FWNODE
|
||||
gbp servicechain-node-create --service-profile base_mode_lb --template-file $TOP_DIR/nfp-templates/haproxy.template FW_LB-LBNODE
|
||||
gbp servicechain-spec-create --nodes "FW_LB-FWNODE FW_LB-LBNODE" fw_lb_chainspec
|
||||
gbp policy-action-create --action-type REDIRECT --action-value fw_lb_chainspec redirect-to-fw_lb
|
||||
gbp policy-classifier-create --protocol tcp --direction bi fw_lb-webredirect
|
||||
gbp policy-rule-create --classifier fw_lb-webredirect --actions redirect-to-fw_lb fw_lb-web-redirect-rule
|
||||
gbp policy-rule-set-create --policy-rules "fw_lb-web-redirect-rule" fw_lb-webredirect-ruleset
|
||||
gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet fw_lb_nsp
|
||||
gbp group-create fw_lb-consumer --consumed-policy-rule-sets "fw_lb-webredirect-ruleset=None"
|
||||
gbp group-create fw_lb-provider --provided-policy-rule-sets "fw_lb-webredirect-ruleset=None" --network-service-policy fw_lb_nsp
|
||||
}
|
||||
|
||||
delete_gbp_resources() {
|
||||
gbp group-delete fw_lb-provider
|
||||
gbp group-delete fw_lb-consumer
|
||||
gbp network-service-policy-delete fw_lb_nsp
|
||||
gbp policy-rule-set-delete fw_lb-webredirect-ruleset
|
||||
gbp policy-rule-delete fw_lb-web-redirect-rule
|
||||
gbp policy-classifier-delete fw_lb-webredirect
|
||||
gbp policy-action-delete redirect-to-fw_lb
|
||||
gbp servicechain-spec-delete fw_lb_chainspec
|
||||
gbp servicechain-node-delete FW_LB-LBNODE
|
||||
gbp servicechain-node-delete FW_LB-FWNODE
|
||||
}
|
||||
|
||||
validate_gbp_resources() {
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain creation Succeded"
|
||||
else
|
||||
echo "Chain creation failed"
|
||||
fi
|
||||
|
||||
ServiceChainNodeCount=`gbp scn-list -f value | grep FW_LB | wc -l`
|
||||
if [ "$ServiceChainNodeCount" -eq "2" ]; then
|
||||
echo "Network function creation Succeded"
|
||||
else
|
||||
echo "Network function creation failed"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_firewall_resources() {
|
||||
FirewallRuleCount=`neutron firewall-rule-list -f value | grep Rule | wc -l`
|
||||
if [ "$FirewallRuleCount" -eq "4" ]; then
|
||||
echo "Firewall Rule resource created"
|
||||
else
|
||||
echo "Firewall Rule resource not created"
|
||||
fi
|
||||
|
||||
FirewallPolicyCount=`neutron firewall-policy-list -f value | grep fw | wc -l`
|
||||
if [ "$FirewallPolicyCount" -eq "1" ]; then
|
||||
echo "Firewall Policy resource created"
|
||||
else
|
||||
echo "Firewall Policy resource not created"
|
||||
fi
|
||||
|
||||
FirewallCount=`neutron firewall-list -f value | wc -l`
|
||||
if [ "$FirewallCount" -eq "1" ]; then
|
||||
echo "Firewall resource created"
|
||||
FirewallUUID=`neutron firewall-list -f value | awk '{print $1}'`
|
||||
FirewallStatus=`neutron firewall-show $FirewallUUID -f value -c status`
|
||||
echo "Firewall resource is in $FirewallStatus state"
|
||||
else
|
||||
echo "Firewall resource not created"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_loadbalancer_resources() {
|
||||
LBPoolCount=`neutron lb-pool-list -f value | wc -l`
|
||||
if [ "$LBPoolCount" -eq "1" ]; then
|
||||
echo "LB Pool resource created"
|
||||
LBPoolUUID=`neutron lb-pool-list -f value | awk '{print $1}'`
|
||||
LBPoolStatus=`neutron lb-pool-show $LBPoolUUID -f value -c status`
|
||||
echo "LB Pool resource is in $LBPoolStatus state"
|
||||
else
|
||||
echo "LB Pool resource not created"
|
||||
fi
|
||||
|
||||
LBVIPCount=`neutron lb-vip-list -f value | wc -l`
|
||||
if [ "$LBVIPCount" -eq "1" ]; then
|
||||
echo "LB VIP resource created"
|
||||
LBVIPUUID=`neutron lb-vip-list -f value | awk '{print $1}'`
|
||||
LBVIPStatus=`neutron lb-vip-show $LBVIPUUID -f value -c status`
|
||||
echo "LB VIP resource is in $LBVIPStatus state"
|
||||
else
|
||||
echo "LB VIP resource not created"
|
||||
fi
|
||||
|
||||
LBHMCount=`neutron lb-healthmonitor-list -f value | wc -l`
|
||||
if [ "$LBHMCount" -eq "1" ]; then
|
||||
echo "LB Healthmonitor resource created"
|
||||
else
|
||||
echo "LB Healthmonitor resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group fw_lb-provider provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group fw_lb-provider provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "2" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "0" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
}
|
||||
|
||||
update_gbp_resources() {
|
||||
# Update existing chain, by removing 2 rules
|
||||
#gbp servicechain-node-update FW_LB-FWNODE --template-file $TOP_DIR/nfp-templates/fw_updated_template.yml
|
||||
|
||||
#FirewallRuleCount=`neutron firewall-rule-list -f value | wc -l`
|
||||
#if [ "$FirewallRuleCount" -eq "2" ]; then
|
||||
# echo "Chain created"
|
||||
#else
|
||||
# echo "Chain not created"
|
||||
#fi
|
||||
|
||||
gbp group-delete fw_lb-provider
|
||||
gbp group-delete fw_lb-consumer
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain deleted"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
# Service chain creation/deletion through PRS update
|
||||
gbp group-create fw_lb-consumer --consumed-policy-rule-sets "fw_lb-webredirect-ruleset=None"
|
||||
gbp group-create fw_lb-provider
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain not created"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
gbp group-update fw_lb-provider --provided-policy-rule-sets "fw_lb-webredirect-ruleset=None" --network-service-policy fw_lb_nsp
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain created"
|
||||
else
|
||||
echo "Chain not created"
|
||||
fi
|
||||
}
|
||||
|
||||
create_gbp_resources
|
||||
validate_gbp_resources
|
||||
validate_firewall_resources
|
||||
validate_loadbalancer_resources
|
||||
|
||||
update_gbp_resources
|
||||
|
||||
delete_gbp_resources
|
||||
@ -1,138 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# **fw_vm.sh**
|
||||
|
||||
# Sanity check that firewall(in service VM) service is created with NFP
|
||||
|
||||
echo "*********************************************************************"
|
||||
echo "Begin NFP Exercise: $0"
|
||||
echo "*********************************************************************"
|
||||
|
||||
# Settings
|
||||
# ========
|
||||
|
||||
# This script exits on an error so that errors don't compound and you see
|
||||
# only the first error that occurred.
|
||||
set -o errexit
|
||||
|
||||
# Keep track of the current directory
|
||||
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
||||
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
||||
|
||||
source $TOP_DIR/openrc neutron service
|
||||
|
||||
create_gbp_resources() {
|
||||
gbp servicechain-node-create --service-profile base_mode_fw_vm --config 'custom_json:{"mimetype": "config/custom+json","rules": [{"action": "log", "name": "tcp", "service": "tcp/80"}, {"action": "log", "name": "tcp", "service": "tcp/8080"}, {"action": "accept", "name": "tcp", "service": "tcp/22"}, {"action": "accept", "name": "icmp", "service": "icmp"}]}' FWNODE
|
||||
gbp servicechain-spec-create --nodes "FWNODE" fw-chainspec
|
||||
gbp policy-action-create --action-type REDIRECT --action-value fw-chainspec redirect-to-fw
|
||||
gbp policy-action-create --action-type ALLOW allow-to-fw
|
||||
gbp policy-classifier-create --protocol tcp --direction bi fw-web-classifier-tcp
|
||||
gbp policy-classifier-create --protocol udp --direction bi fw-web-classifier-udp
|
||||
gbp policy-classifier-create --protocol icmp --direction bi fw-web-classifier-icmp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions redirect-to-fw fw-web-redirect-rule
|
||||
gbp policy-rule-create --classifier fw-web-classifier-tcp --actions allow-to-fw fw-web-allow-rule-tcp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-udp --actions allow-to-fw fw-web-allow-rule-udp
|
||||
gbp policy-rule-create --classifier fw-web-classifier-icmp --actions allow-to-fw fw-web-allow-rule-icmp
|
||||
gbp policy-rule-set-create --policy-rules "fw-web-redirect-rule fw-web-allow-rule-tcp fw-web-allow-rule-udp fw-web-allow-rule-icmp" fw-webredirect-ruleset
|
||||
gbp group-create fw-consumer --consumed-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
gbp group-create fw-provider --provided-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
}
|
||||
|
||||
delete_gbp_resources() {
|
||||
gbp group-delete fw-provider
|
||||
gbp group-delete fw-consumer
|
||||
gbp policy-rule-set-delete fw-webredirect-ruleset
|
||||
gbp policy-rule-delete fw-web-redirect-rule
|
||||
gbp policy-rule-delete fw-web-allow-rule-tcp
|
||||
gbp policy-rule-delete fw-web-allow-rule-icmp
|
||||
gbp policy-rule-delete fw-web-allow-rule-udp
|
||||
gbp policy-classifier-delete fw-web-classifier-tcp
|
||||
gbp policy-classifier-delete fw-web-classifier-icmp
|
||||
gbp policy-classifier-delete fw-web-classifier-udp
|
||||
gbp policy-action-delete redirect-to-fw
|
||||
gbp policy-action-delete allow-to-fw
|
||||
gbp servicechain-spec-delete fw-chainspec
|
||||
gbp servicechain-node-delete FWNODE
|
||||
}
|
||||
|
||||
validate_gbp_resources() {
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain creation Succeded"
|
||||
else
|
||||
echo "Chain creation failed"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_firewall_resources() {
|
||||
FirewallRuleCount=`neutron firewall-rule-list -f value | grep Rule | wc -l`
|
||||
if [ "$FirewallRuleCount" -eq "4" ]; then
|
||||
echo "Firewall Rule resource created"
|
||||
else
|
||||
echo "Firewall Rule resource not created"
|
||||
fi
|
||||
|
||||
FirewallPolicyCount=`neutron firewall-policy-list -f value | grep fw | wc -l`
|
||||
if [ "$FirewallPolicyCount" -eq "1" ]; then
|
||||
echo "Firewall Policy resource created"
|
||||
else
|
||||
echo "Firewall Policy resource not created"
|
||||
fi
|
||||
|
||||
FirewallCount=`neutron firewall-list -f value | wc -l`
|
||||
if [ "$FirewallCount" -eq "1" ]; then
|
||||
echo "Firewall resource created"
|
||||
FirewallUUID=`neutron firewall-list -f value | awk '{print $1}'`
|
||||
FirewallStatus=`neutron firewall-show $FirewallUUID -f value -c status`
|
||||
echo "Firewall resource is in $FirewallStatus state"
|
||||
else
|
||||
echo "Firewall resource not created"
|
||||
fi
|
||||
}
|
||||
|
||||
update_gbp_resources() {
|
||||
# Update existing chain, by removing 2 rules
|
||||
#gbp servicechain-node-update FWNODE --template-file $TOP_DIR/nfp-templates/fw_updated_template.yml
|
||||
|
||||
#FirewallRuleCount=`neutron firewall-rule-list -f value | wc -l`
|
||||
#if [ "$FirewallRuleCount" -eq "2" ]; then
|
||||
# echo "Chain created"
|
||||
#else
|
||||
# echo "Chain not created"
|
||||
#fi
|
||||
|
||||
gbp group-delete fw-provider
|
||||
gbp group-delete fw-consumer
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain deleted"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
# Service chain creation/deletion through PRS update
|
||||
gbp group-create fw-consumer --consumed-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
gbp group-create fw-provider
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain not created"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
gbp group-update fw-provider --provided-policy-rule-sets "fw-webredirect-ruleset=None"
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain created"
|
||||
else
|
||||
echo "Chain not created"
|
||||
fi
|
||||
}
|
||||
|
||||
create_gbp_resources
|
||||
validate_gbp_resources
|
||||
validate_firewall_resources
|
||||
|
||||
update_gbp_resources
|
||||
|
||||
delete_gbp_resources
|
||||
@ -1,204 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# **fw_vm_lb.sh**
|
||||
|
||||
# Sanity check that firewall(in service VM) and loadbalancer service chain is created with NFP
|
||||
|
||||
echo "*********************************************************************"
|
||||
echo "Begin NFP Exercise: $0"
|
||||
echo "*********************************************************************"
|
||||
|
||||
# Settings
|
||||
# ========
|
||||
|
||||
# This script exits on an error so that errors don't compound and you see
|
||||
# only the first error that occurred.
|
||||
set -o errexit
|
||||
|
||||
# Keep track of the current directory
|
||||
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
||||
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
||||
|
||||
source $TOP_DIR/openrc neutron service
|
||||
|
||||
create_gbp_resources() {
|
||||
# E-W insertion
|
||||
gbp servicechain-node-create --service-profile base_mode_fw_vm --config 'custom_json:{"mimetype": "config/custom+json","rules": [{"action": "log", "name": "tcp", "service": "tcp/80"}, {"action": "log", "name": "tcp", "service": "tcp/8080"}, {"action": "accept", "name": "tcp", "service": "tcp/22"}, {"action": "accept", "name": "icmp", "service": "icmp"}]}' FW_LB-FWNODE
|
||||
gbp servicechain-node-create --service-profile base_mode_lb --template-file $TOP_DIR/nfp-templates/haproxy.template FW_LB-LBNODE
|
||||
gbp servicechain-spec-create --nodes "FW_LB-FWNODE FW_LB-LBNODE" fw_lb_chainspec
|
||||
gbp policy-action-create --action-type REDIRECT --action-value fw_lb_chainspec redirect-to-fw_lb
|
||||
gbp policy-classifier-create --protocol tcp --direction bi fw_lb-webredirect
|
||||
gbp policy-rule-create --classifier fw_lb-webredirect --actions redirect-to-fw_lb fw_lb-web-redirect-rule
|
||||
gbp policy-rule-set-create --policy-rules "fw_lb-web-redirect-rule" fw_lb-webredirect-ruleset
|
||||
gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet fw_lb_nsp
|
||||
gbp group-create fw_lb-consumer --consumed-policy-rule-sets "fw_lb-webredirect-ruleset=None"
|
||||
gbp group-create fw_lb-provider --provided-policy-rule-sets "fw_lb-webredirect-ruleset=None" --network-service-policy fw_lb_nsp
|
||||
}
|
||||
|
||||
delete_gbp_resources() {
|
||||
gbp group-delete fw_lb-provider
|
||||
gbp group-delete fw_lb-consumer
|
||||
gbp network-service-policy-delete fw_lb_nsp
|
||||
gbp policy-rule-set-delete fw_lb-webredirect-ruleset
|
||||
gbp policy-rule-delete fw_lb-web-redirect-rule
|
||||
gbp policy-classifier-delete fw_lb-webredirect
|
||||
gbp policy-action-delete redirect-to-fw_lb
|
||||
gbp servicechain-spec-delete fw_lb_chainspec
|
||||
gbp servicechain-node-delete FW_LB-LBNODE
|
||||
gbp servicechain-node-delete FW_LB-FWNODE
|
||||
}
|
||||
|
||||
validate_gbp_resources() {
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain creation Succeded"
|
||||
else
|
||||
echo "Chain creation failed"
|
||||
fi
|
||||
|
||||
ServiceChainNodeCount=`gbp scn-list -f value | grep FW_LB | wc -l`
|
||||
if [ "$ServiceChainNodeCount" -eq "2" ]; then
|
||||
echo "Network function creation Succeded"
|
||||
else
|
||||
echo "Network function creation failed"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_firewall_resources() {
|
||||
FirewallRuleCount=`neutron firewall-rule-list -f value | grep Rule | wc -l`
|
||||
if [ "$FirewallRuleCount" -eq "4" ]; then
|
||||
echo "Firewall Rule resource created"
|
||||
else
|
||||
echo "Firewall Rule resource not created"
|
||||
fi
|
||||
|
||||
FirewallPolicyCount=`neutron firewall-policy-list -f value | grep fw | wc -l`
|
||||
if [ "$FirewallPolicyCount" -eq "1" ]; then
|
||||
echo "Firewall Policy resource created"
|
||||
else
|
||||
echo "Firewall Policy resource not created"
|
||||
fi
|
||||
|
||||
FirewallCount=`neutron firewall-list -f value | wc -l`
|
||||
if [ "$FirewallCount" -eq "1" ]; then
|
||||
echo "Firewall resource created"
|
||||
FirewallUUID=`neutron firewall-list -f value | awk '{print $1}'`
|
||||
FirewallStatus=`neutron firewall-show $FirewallUUID -f value -c status`
|
||||
echo "Firewall resource is in $FirewallStatus state"
|
||||
else
|
||||
echo "Firewall resource not created"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_loadbalancer_resources() {
|
||||
LBPoolCount=`neutron lb-pool-list -f value | wc -l`
|
||||
if [ "$LBPoolCount" -eq "1" ]; then
|
||||
echo "LB Pool resource created"
|
||||
LBPoolUUID=`neutron lb-pool-list -f value | awk '{print $1}'`
|
||||
LBPoolStatus=`neutron lb-pool-show $LBPoolUUID -f value -c status`
|
||||
echo "LB Pool resource is in $LBPoolStatus state"
|
||||
else
|
||||
echo "LB Pool resource not created"
|
||||
fi
|
||||
|
||||
LBVIPCount=`neutron lb-vip-list -f value | wc -l`
|
||||
if [ "$LBVIPCount" -eq "1" ]; then
|
||||
echo "LB VIP resource created"
|
||||
LBVIPUUID=`neutron lb-vip-list -f value | awk '{print $1}'`
|
||||
LBVIPStatus=`neutron lb-vip-show $LBVIPUUID -f value -c status`
|
||||
echo "LB VIP resource is in $LBVIPStatus state"
|
||||
else
|
||||
echo "LB VIP resource not created"
|
||||
fi
|
||||
|
||||
LBHMCount=`neutron lb-healthmonitor-list -f value | wc -l`
|
||||
if [ "$LBHMCount" -eq "1" ]; then
|
||||
echo "LB Healthmonitor resource created"
|
||||
else
|
||||
echo "LB Healthmonitor resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group fw_lb-provider provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group fw_lb-provider provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "2" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "0" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
}
|
||||
|
||||
update_gbp_resources() {
|
||||
# Update existing chain, by removing 2 rules
|
||||
#gbp servicechain-node-update FW_LB-FWNODE --template-file $TOP_DIR/nfp-templates/fw_updated_template.yml
|
||||
|
||||
#FirewallRuleCount=`neutron firewall-rule-list -f value | wc -l`
|
||||
#if [ "$FirewallRuleCount" -eq "2" ]; then
|
||||
# echo "Chain created"
|
||||
#else
|
||||
# echo "Chain not created"
|
||||
#fi
|
||||
|
||||
gbp group-delete fw_lb-provider
|
||||
gbp group-delete fw_lb-consumer
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain deleted"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
# Service chain creation/deletion through PRS update
|
||||
gbp group-create fw_lb-consumer --consumed-policy-rule-sets "fw_lb-webredirect-ruleset=None"
|
||||
gbp group-create fw_lb-provider
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain not created"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
gbp group-update fw_lb-provider --provided-policy-rule-sets "fw_lb-webredirect-ruleset=None" --network-service-policy fw_lb_nsp
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep fw_lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain created"
|
||||
else
|
||||
echo "Chain not created"
|
||||
fi
|
||||
}
|
||||
|
||||
create_gbp_resources
|
||||
validate_gbp_resources
|
||||
validate_firewall_resources
|
||||
validate_loadbalancer_resources
|
||||
|
||||
update_gbp_resources
|
||||
|
||||
delete_gbp_resources
|
||||
@ -1,159 +0,0 @@
|
||||
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# **lb.sh**
|
||||
|
||||
# Sanity check that loadbalancer service is created with NFP
|
||||
|
||||
echo "*********************************************************************"
|
||||
echo "Begin NFP Exercise: $0"
|
||||
echo "*********************************************************************"
|
||||
|
||||
# Settings
|
||||
# ========
|
||||
|
||||
# This script exits on an error so that errors don't compound and you see
|
||||
# only the first error that occurred.
|
||||
set -o errexit
|
||||
|
||||
# Keep track of the current directory
|
||||
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
||||
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
||||
|
||||
source $TOP_DIR/openrc neutron service
|
||||
|
||||
create_gbp_resources() {
|
||||
# E-W insertion
|
||||
gbp servicechain-node-create --service-profile base_mode_lb --template-file $TOP_DIR/nfp-templates/haproxy.template LB-NODE
|
||||
gbp servicechain-spec-create --nodes "LB-NODE" lb_chainspec
|
||||
gbp policy-action-create --action-type REDIRECT --action-value lb_chainspec redirect-to-lb
|
||||
gbp policy-classifier-create --protocol tcp --direction bi lb-webredirect
|
||||
gbp policy-rule-create --classifier lb-webredirect --actions redirect-to-lb lb-webredirect-rule
|
||||
gbp policy-rule-set-create --policy-rules "lb-webredirect-rule" lb-webredirect-ruleset
|
||||
gbp network-service-policy-create --network-service-params type=ip_single,name=vip_ip,value=self_subnet lb_nsp
|
||||
gbp group-create lb-consumer --consumed-policy-rule-sets "lb-webredirect-ruleset=None"
|
||||
gbp group-create lb-provider --provided-policy-rule-sets "lb-webredirect-ruleset=None" --network-service-policy lb_nsp
|
||||
}
|
||||
|
||||
delete_gbp_resources() {
|
||||
gbp group-delete lb-consumer
|
||||
gbp group-delete lb-provider
|
||||
gbp network-service-policy-delete lb_nsp
|
||||
gbp policy-rule-set-delete lb-webredirect-ruleset
|
||||
gbp policy-rule-delete lb-webredirect-rule
|
||||
gbp policy-classifier-delete lb-webredirect
|
||||
gbp policy-action-delete redirect-to-lb
|
||||
gbp servicechain-spec-delete lb_chainspec
|
||||
gbp servicechain-node-delete LB-NODE
|
||||
}
|
||||
|
||||
validate_gbp_resources() {
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain creation Succeded"
|
||||
else
|
||||
echo "Chain creation failed"
|
||||
fi
|
||||
}
|
||||
|
||||
validate_loadbalancer_resources() {
|
||||
LBPoolCount=`neutron lb-pool-list -f value | wc -l`
|
||||
if [ "$LBPoolCount" -eq "1" ]; then
|
||||
echo "LB Pool resource created"
|
||||
LBPoolUUID=`neutron lb-pool-list -f value | awk '{print $1}'`
|
||||
LBPoolStatus=`neutron lb-pool-show $LBPoolUUID -f value -c status`
|
||||
echo "LB Pool resource is in $LBPoolStatus state"
|
||||
else
|
||||
echo "LB Pool resource not created"
|
||||
fi
|
||||
|
||||
LBVIPCount=`neutron lb-vip-list -f value | wc -l`
|
||||
if [ "$LBVIPCount" -eq "1" ]; then
|
||||
echo "LB VIP resource created"
|
||||
LBVIPUUID=`neutron lb-vip-list -f value | awk '{print $1}'`
|
||||
LBVIPStatus=`neutron lb-vip-show $LBVIPUUID -f value -c status`
|
||||
echo "LB VIP resource is in $LBVIPStatus state"
|
||||
else
|
||||
echo "LB VIP resource not created"
|
||||
fi
|
||||
|
||||
LBHMCount=`neutron lb-healthmonitor-list -f value | wc -l`
|
||||
if [ "$LBHMCount" -eq "1" ]; then
|
||||
echo "LB Healthmonitor resource created"
|
||||
else
|
||||
echo "LB Healthmonitor resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group lb-provider provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-create --policy-target-group lb-provider provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "2" ]; then
|
||||
echo "LB Member resource created"
|
||||
else
|
||||
echo "LB Member resource not created"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt1
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "1" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
|
||||
gbp policy-target-delete provider_pt2
|
||||
sleep 5
|
||||
LBMemberCount=`neutron lb-member-list -f value | wc -l`
|
||||
if [ "$LBMemberCount" -eq "0" ]; then
|
||||
echo "LB Member resource deleted"
|
||||
else
|
||||
echo "LB Member resource not deleted"
|
||||
fi
|
||||
}
|
||||
|
||||
update_gbp_resources() {
|
||||
gbp group-delete lb-provider
|
||||
gbp group-delete lb-consumer
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain deleted"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
# Service chain creation/deletion through PRS update
|
||||
gbp group-create lb-consumer --consumed-policy-rule-sets "lb-webredirect-ruleset=None"
|
||||
gbp group-create lb-provider
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "0" ]; then
|
||||
echo "Chain not created"
|
||||
else
|
||||
echo "Chain not deleted"
|
||||
fi
|
||||
|
||||
gbp group-update lb-provider --provided-policy-rule-sets "lb-webredirect-ruleset=None" --network-service-policy lb_nsp
|
||||
ServiceChainInstanceCount=`gbp sci-list -f value | grep lb-provider | wc -l`
|
||||
if [ "$ServiceChainInstanceCount" -eq "1" ]; then
|
||||
echo "Chain created"
|
||||
else
|
||||
echo "Chain not created"
|
||||
fi
|
||||
}
|
||||
|
||||
create_gbp_resources
|
||||
validate_gbp_resources
|
||||
validate_loadbalancer_resources
|
||||
|
||||
update_gbp_resources
|
||||
|
||||
delete_gbp_resources
|
||||
@ -27,6 +27,8 @@ function prepare_gbp_devstack {
|
||||
function prepare_nfp_devstack {
|
||||
cd $TOP_DIR
|
||||
sudo cp $CONTRIB_DIR/devstack/local-nfp.conf $TOP_DIR/local.conf
|
||||
sudo rm -rf $TOP_DIR/exercises/*.sh
|
||||
sudo cp $CONTRIB_DIR/devstack/exercises-nfp/*.sh $TOP_DIR/exercises/
|
||||
sudo cp -r $CONTRIB_DIR/devstack/nfp-templates $TOP_DIR
|
||||
sudo cp $CONTRIB_DIR/devstack/nfp $TOP_DIR/lib/
|
||||
sed -i 's/source $TOP_DIR\/lib\/dstat/source $TOP_DIR\/lib\/dstat\nsource $TOP_DIR\/lib\/nfp/g' stack.sh
|
||||
|
||||
@ -9,7 +9,6 @@ set -x
|
||||
trap prepare_logs ERR
|
||||
|
||||
prepare_gbp_devstack
|
||||
prepare_nfp_devstack
|
||||
$TOP_DIR/stack.sh
|
||||
|
||||
# Use devstack functions to install mysql and psql servers
|
||||
|
||||
@ -10,11 +10,7 @@ trap prepare_logs ERR
|
||||
$TOP_DIR/exercise.sh
|
||||
exercises_exit_code=$?
|
||||
|
||||
source $TOP_DIR/lib/nfp
|
||||
delete_nfp_gbp_resources $TOP_DIR
|
||||
|
||||
# Check if exercises left any resources undeleted
|
||||
check_residual_resources neutron service
|
||||
check_residual_resources admin admin
|
||||
check_residual_resources admin demo
|
||||
check_residual_resources demo demo
|
||||
|
||||
@ -6,8 +6,6 @@ set -x
|
||||
|
||||
trap prepare_logs ERR
|
||||
|
||||
rm -rf $TOP_DIR/exercises/*
|
||||
cp $TOP_DIR/exercises-nfp/* $TOP_DIR/exercises/
|
||||
# Run exercise scripts
|
||||
$TOP_DIR/exercise.sh
|
||||
exercises_exit_code=$?
|
||||
|
||||
Loading…
Reference in New Issue
Block a user