c591a980fd
Scenarios in this patchset are achieving one goal, to actually ensure that TAAS is working properly using tcpdump to verify. This creates one new requirement to our test environment, image with tcpdump. Usually, we can expect compute.image_ref to point at cirros or similar basic distro, and can't force users to overwrite it with a much bigger distro that includes tcpdump because it will drastically increase the time needed to run other tests. Solution is to change tempest.conf part of TAAS: [taas_plugin_options] advanced_image_ref = <uuid of tcpdump capable image> advanced_image_ssh_user = <user to be used in image above> advanced_image_flavor_ref = <flavor big enough for image above> Where advanced_image_ref is UUID of the image with preinstalled tcpdump, and advanced_image_ssh_user is a user we can use to ssh into VM. In my case, I just used a default ubuntu cloud image. New tests are running with your default networks (usually OVS), and, if taas configuration is provided, against provider network. Change-Id: Icdff0fe63a8977d6065808c18a9fdc674cef6d4f
246 lines
9.5 KiB
Python
246 lines
9.5 KiB
Python
# Copyright (c) 2019 AT&T
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from contextlib import contextmanager
|
|
from oslo_log import log
|
|
import testtools
|
|
|
|
from tempest.common import utils
|
|
from tempest import config
|
|
from tempest.lib.common.utils.linux import remote_client
|
|
from tempest.lib import decorators
|
|
|
|
from neutron_taas_tempest_plugin.tests.scenario import base
|
|
|
|
|
|
CONF = config.CONF
|
|
LOG = log.getLogger(__name__)
|
|
|
|
|
|
class TestTaaSTrafficScenarios(base.TaaSScenarioTest):
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(TestTaaSTrafficScenarios, cls).setup_clients()
|
|
|
|
if CONF.image_feature_enabled.api_v1:
|
|
cls.image_client = cls.os_primary.image_client
|
|
elif CONF.image_feature_enabled.api_v2:
|
|
cls.image_client = cls.os_primary.image_client_v2
|
|
else:
|
|
raise cls.skipException(
|
|
'Either api_v1 or api_v2 must be True in '
|
|
'[image-feature-enabled].')
|
|
|
|
@classmethod
|
|
@utils.requires_ext(extension="router", service="network")
|
|
def resource_setup(cls):
|
|
super(TestTaaSTrafficScenarios, cls).resource_setup()
|
|
for ext in ['taas']:
|
|
if not utils.is_extension_enabled(ext, 'network'):
|
|
msg = "%s Extension not enabled." % ext
|
|
raise cls.skipException(msg)
|
|
|
|
cls.network, cls.subnet, cls.router = cls.create_networks()
|
|
cls.provider_network = None
|
|
cls.keypair = cls.create_keypair()
|
|
cls.secgroup = cls._create_security_group()
|
|
|
|
@contextmanager
|
|
def _setup_topology(self, taas=True, use_taas_cloud_image=False,
|
|
provider_net=False):
|
|
"""Setup topology for the test
|
|
|
|
+------------+
|
|
| monitor vm |
|
|
+-----+------+
|
|
|
|
|
+-----v---+
|
|
+--+ network <--+
|
|
| +----^----+ |
|
|
| | |
|
|
| +----+-+ +---+--+
|
|
| | vm 1 | | vm 2 |
|
|
| +------+ +------+
|
|
|
|
|
| +--------+
|
|
+--> router |
|
|
+-----+--+
|
|
|
|
|
+-----v------+
|
|
| public net |
|
|
+------------+
|
|
"""
|
|
if provider_net:
|
|
if CONF.taas_plugin_options.provider_physical_network:
|
|
self.provider_network = self._setup_provider_network()
|
|
else:
|
|
msg = "provider_physical_network not provided"
|
|
raise self.skipException(msg)
|
|
|
|
self.mon_port, mon_fip = self._create_server_with_floatingip(
|
|
use_taas_cloud_image=use_taas_cloud_image,
|
|
provider_net=provider_net)
|
|
self.left_port, left_fip = self._create_server_with_floatingip(
|
|
provider_net=provider_net)
|
|
self.right_port, right_fip = self._create_server_with_floatingip(
|
|
provider_net=provider_net)
|
|
|
|
if taas:
|
|
LOG.debug("Create TAAS service")
|
|
tap_service = self.create_tap_service(port_id=self.mon_port['id'])
|
|
self.create_tap_flow(tap_service_id=tap_service['id'],
|
|
direction='BOTH',
|
|
source_port=self.left_port['id'])
|
|
self.create_tap_flow(tap_service_id=tap_service['id'],
|
|
direction='BOTH',
|
|
source_port=self.right_port['id'])
|
|
|
|
user = CONF.validation.image_ssh_user
|
|
if use_taas_cloud_image:
|
|
user = CONF.taas_plugin_options.advanced_image_ssh_user
|
|
|
|
self.monitor_client = remote_client.RemoteClient(
|
|
mon_fip['floating_ip_address'], user,
|
|
pkey=self.keypair['private_key'])
|
|
self.left_client = remote_client.RemoteClient(
|
|
left_fip['floating_ip_address'], CONF.validation.image_ssh_user,
|
|
pkey=self.keypair['private_key'])
|
|
self.right_client = remote_client.RemoteClient(
|
|
right_fip['floating_ip_address'], CONF.validation.image_ssh_user,
|
|
pkey=self.keypair['private_key'])
|
|
yield
|
|
|
|
def _check_icmp_traffic(self):
|
|
log_location = "/tmp/tcpdumplog"
|
|
|
|
right_ip = self.right_port['fixed_ips'][0]['ip_address']
|
|
left_ip = self.left_port['fixed_ips'][0]['ip_address']
|
|
|
|
# Run tcpdump in background
|
|
self._run_in_background(self.monitor_client,
|
|
"sudo tcpdump -n -nn > %s" % log_location)
|
|
|
|
# Ensure tcpdump is up and running
|
|
psax = self.monitor_client.exec_command("ps -ax")
|
|
self.assertTrue("tcpdump" in psax)
|
|
|
|
# Run traffic from left_vm to right_vm
|
|
self.left_client.exec_command("ping -c 50 %s" % right_ip)
|
|
|
|
# Collect tcpdump results
|
|
output = self.monitor_client.exec_command("cat %s" % log_location)
|
|
self.assertTrue(len(output) > 0)
|
|
|
|
looking_for = ["IP %s > %s: ICMP echo request" % (left_ip, right_ip),
|
|
"IP %s > %s: ICMP echo reply" % (right_ip, left_ip)]
|
|
|
|
results = []
|
|
for tcpdump_line in looking_for:
|
|
results.append(tcpdump_line in output)
|
|
|
|
return all(results)
|
|
|
|
def _test_taas_connectivity(self, use_provider_net=False):
|
|
"""Ensure TAAS doesn't break connectivity
|
|
|
|
This test creates TAAS service between two servers and checks that
|
|
it doesn't break basic connectivity between them.
|
|
"""
|
|
|
|
# Check uninterrupted traffic between VMs
|
|
with self._setup_topology(provider_net=use_provider_net):
|
|
# Left to right
|
|
self._check_remote_connectivity(
|
|
self.left_client,
|
|
self.right_port['fixed_ips'][0]['ip_address'])
|
|
|
|
# Right to left
|
|
self._check_remote_connectivity(
|
|
self.right_client,
|
|
self.left_port['fixed_ips'][0]['ip_address'])
|
|
|
|
# TAAS vm to right
|
|
self._check_remote_connectivity(
|
|
self.monitor_client,
|
|
self.right_port['fixed_ips'][0]['ip_address'])
|
|
|
|
# TAAS vm to left
|
|
self._check_remote_connectivity(
|
|
self.monitor_client,
|
|
self.left_port['fixed_ips'][0]['ip_address'])
|
|
|
|
@decorators.idempotent_id('ff414b7d-e81c-47f2-b6c8-53bc2f1e9b00')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_provider_network_connectivity(self):
|
|
self._test_taas_connectivity(use_provider_net=True)
|
|
|
|
@decorators.idempotent_id('e3c52e91-7abf-4dfd-8687-f7c071cdd333')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_network_connectivity(self):
|
|
self._test_taas_connectivity(use_provider_net=False)
|
|
|
|
@decorators.idempotent_id('fcb15ca3-ef61-11e9-9792-f45c89c47e11')
|
|
@testtools.skipUnless(CONF.taas_plugin_options.advanced_image_ref,
|
|
'Cloud image not found.')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_forwarded_traffic_positive(self):
|
|
"""Check that TAAS forwards traffic as expected"""
|
|
|
|
with self._setup_topology(use_taas_cloud_image=True):
|
|
# Check that traffic was forwarded to TAAS service
|
|
self.assertTrue(self._check_icmp_traffic())
|
|
|
|
@decorators.idempotent_id('6c54d9c5-075a-4a1f-bbe6-12c3c9abf1e2')
|
|
@testtools.skipUnless(CONF.taas_plugin_options.advanced_image_ref,
|
|
'Cloud image not found.')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_forwarded_traffic_negative(self):
|
|
"""Check that TAAS doesn't forward traffic"""
|
|
|
|
with self._setup_topology(taas=False, use_taas_cloud_image=True):
|
|
# Check that traffic was NOT forwarded to TAAS service
|
|
self.assertFalse(self._check_icmp_traffic())
|
|
|
|
@decorators.idempotent_id('fcb15ca3-ef61-11e9-9792-f45c89c47e12')
|
|
@testtools.skipUnless(CONF.taas_plugin_options.advanced_image_ref,
|
|
'Cloud image not found.')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_forwarded_traffic_provider_net_positive(self):
|
|
"""Check that TAAS forwards traffic as expected in provider network"""
|
|
|
|
with self._setup_topology(use_taas_cloud_image=True,
|
|
provider_net=True):
|
|
# Check that traffic was forwarded to TAAS service
|
|
self.assertTrue(self._check_icmp_traffic())
|
|
|
|
@decorators.idempotent_id('6c54d9c5-075a-4a1f-bbe6-12c3c9abf1e3')
|
|
@testtools.skipUnless(CONF.taas_plugin_options.advanced_image_ref,
|
|
'Cloud image not found.')
|
|
@decorators.attr(type='slow')
|
|
@utils.services('compute', 'network')
|
|
def test_taas_forwarded_traffic_provider_net_negative(self):
|
|
"""Check that TAAS doesn't forward traffic in provider network"""
|
|
|
|
with self._setup_topology(taas=False, use_taas_cloud_image=True,
|
|
provider_net=True):
|
|
# Check that traffic was NOT forwarded to TAAS service
|
|
self.assertFalse(self._check_icmp_traffic())
|