aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrexlee8776 <limingjiang@huawei.com>2018-08-08 08:54:59 +0000
committerRex Lee <limingjiang@huawei.com>2018-08-27 03:45:49 +0000
commitac4587e04248eb53c4df9519b6f918567949bedc (patch)
treec33f0fc1002072eacb7eff7b1749b174f647a0d1
parent8af5c098fb0f30cc1bda0dd4431dbce1b2403a16 (diff)
Make security group configurable - dovetail
Make sercurity group can be configured via the context. The format would be: context: name: demo image: yardstick-image flavor: yardstick-flavor user: ubuntu security_group: rules: - remote_ip_prefix: "0.0.0.0/0" protocol: "tcp" port_range_min: 1 port_range_max: 65535 - remote_ip_prefix: "0.0.0.0/0" protocol: "udp" port_range_min: 1 port_range_max: 65535 - remote_ip_prefix: "0.0.0.0/0" protocol: "icmp" JIRA: YARDSTICK-1360 Change-Id: I00c45767ee2d70b790590e824599d5a4c274bced Signed-off-by: rexlee8776 <limingjiang@huawei.com> (cherry picked from commit cea576574ac0554c1320179bffe6965ac1333972)
-rw-r--r--samples/ping-security-group.yaml74
-rw-r--r--yardstick/benchmark/contexts/heat.py6
-rw-r--r--yardstick/orchestrator/heat.py121
-rw-r--r--yardstick/tests/unit/benchmark/contexts/test_heat.py3
-rw-r--r--yardstick/tests/unit/orchestrator/test_heat.py19
5 files changed, 165 insertions, 58 deletions
diff --git a/samples/ping-security-group.yaml b/samples/ping-security-group.yaml
new file mode 100644
index 000000000..1545ee1cf
--- /dev/null
+++ b/samples/ping-security-group.yaml
@@ -0,0 +1,74 @@
+##############################################################################
+# Copyright (c) 2018 Huawei Technologies Co.,Ltd and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+# Sample ping test case using custom security group
+# measure network latency using ping
+
+schema: "yardstick:task:0.1"
+
+{% set provider = provider or none %}
+{% set physical_network = physical_network or 'physnet1' %}
+{% set segmentation_id = segmentation_id or none %}
+scenarios:
+-
+ type: Ping
+ options:
+ packetsize: 200
+ host: athena.demo
+ target: ares.demo
+
+ runner:
+ type: Duration
+ duration: 60
+ interval: 1
+
+ sla:
+ max_rtt: 10
+ action: monitor
+
+context:
+ name: demo
+ image: yardstick-image
+ flavor: yardstick-flavor
+ user: ubuntu
+ security_group:
+ rules:
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "tcp"
+ port_range_min: 1
+ port_range_max: 65535
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "udp"
+ port_range_min: 1
+ port_range_max: 65535
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "icmp"
+
+ placement_groups:
+ pgrp1:
+ policy: "availability"
+
+ servers:
+ athena:
+ floating_ip: true
+ placement: "pgrp1"
+ ares:
+ placement: "pgrp1"
+
+
+ networks:
+ test:
+ cidr: '10.0.1.0/24'
+ {% if provider == "vlan" %}
+ provider: {{provider}}
+ physical_network: {{physical_network}}
+ {% if segmentation_id %}
+ segmentation_id: {{segmentation_id}}
+ {% endif %}
+ {% endif %}
diff --git a/yardstick/benchmark/contexts/heat.py b/yardstick/benchmark/contexts/heat.py
index ac85b6ffe..1be746bf3 100644
--- a/yardstick/benchmark/contexts/heat.py
+++ b/yardstick/benchmark/contexts/heat.py
@@ -58,6 +58,7 @@ class HeatContext(Context):
self.server_groups = []
self.keypair_name = None
self.secgroup_name = None
+ self.security_group = None
self._server_map = {}
self.attrs = {}
self._image = None
@@ -117,8 +118,11 @@ class HeatContext(Context):
return
self.keypair_name = h_join(self.name, "key")
+
self.secgroup_name = h_join(self.name, "secgroup")
+ self.security_group = attrs.get("security_group")
+
self._image = attrs.get("image")
self._flavor = attrs.get("flavor")
@@ -184,7 +188,7 @@ class HeatContext(Context):
self.flavors.add(flavor)
template.add_keypair(self.keypair_name, self.name)
- template.add_security_group(self.secgroup_name)
+ template.add_security_group(self.secgroup_name, self.security_group)
for network in self.networks.values():
# Using existing network
diff --git a/yardstick/orchestrator/heat.py b/yardstick/orchestrator/heat.py
index bfc1f7061..d2d13aaeb 100644
--- a/yardstick/orchestrator/heat.py
+++ b/yardstick/orchestrator/heat.py
@@ -479,68 +479,77 @@ name (i.e. %s).
'value': {'get_resource': name}
}
- def add_security_group(self, name):
+ def add_security_group(self, name, security_group=None):
"""add to the template a Neutron SecurityGroup"""
log.debug("adding Neutron::SecurityGroup '%s'", name)
+ description = ("Group allowing IPv4 and IPv6 for icmp and upd/tcp on"
+ "all ports")
+ rules = [
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'icmp'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'ipv6-icmp'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'icmp'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'ipv6-icmp'},
+ ]
+ if security_group:
+ description = "Custom security group rules defined by the user"
+ rules = security_group.get('rules')
+
+ log.debug("The security group rules is %s", rules)
+
self.resources[name] = {
'type': 'OS::Neutron::SecurityGroup',
'properties': {
'name': name,
- 'description': "Group allowing IPv4 and IPv6 for icmp and upd/tcp on all ports",
- 'rules': [
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'icmp'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'ipv6-icmp'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'icmp'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'ipv6-icmp'},
- ]
+ 'description': description,
+ 'rules': rules
}
}
diff --git a/yardstick/tests/unit/benchmark/contexts/test_heat.py b/yardstick/tests/unit/benchmark/contexts/test_heat.py
index df57ca4b3..c72844bbe 100644
--- a/yardstick/tests/unit/benchmark/contexts/test_heat.py
+++ b/yardstick/tests/unit/benchmark/contexts/test_heat.py
@@ -72,6 +72,7 @@ class HeatContextTestCase(unittest.TestCase):
self.assertEqual(self.test_context.server_groups, [])
self.assertIsNone(self.test_context.keypair_name)
self.assertIsNone(self.test_context.secgroup_name)
+ self.assertIsNone(self.test_context.security_group)
self.assertEqual(self.test_context._server_map, {})
self.assertIsNone(self.test_context._image)
self.assertIsNone(self.test_context._flavor)
@@ -190,7 +191,7 @@ class HeatContextTestCase(unittest.TestCase):
mock_template.add_keypair.assert_called_with(
"ctx-key",
"ctx-12345678")
- mock_template.add_security_group.assert_called_with("ctx-secgroup")
+ mock_template.add_security_group.assert_called_with("ctx-secgroup", None)
mock_template.add_network.assert_called_with(
"ctx-12345678-mynet", 'physnet1', None, None, None, None)
mock_template.add_router.assert_called_with(
diff --git a/yardstick/tests/unit/orchestrator/test_heat.py b/yardstick/tests/unit/orchestrator/test_heat.py
index 3ec59a3c2..2e60a72cb 100644
--- a/yardstick/tests/unit/orchestrator/test_heat.py
+++ b/yardstick/tests/unit/orchestrator/test_heat.py
@@ -256,6 +256,25 @@ class HeatTemplateTestCase(unittest.TestCase):
self.assertEqual(self.template.resources['some-server-group'][
'properties']['policies'], ['anti-affinity'])
+ def test_add_security_group(self):
+ security_group = {
+ 'rules': [
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'port_range_max': 65535,
+ 'port_range_min': 1,
+ 'protocol': 'custom'},
+ ]
+ }
+ self.template.add_security_group('some-security-group', security_group)
+
+ secgroup_rsc = self.template.resources['some-security-group']
+
+ self.assertEqual(secgroup_rsc['type'], "OS::Neutron::SecurityGroup")
+ self.assertEqual(secgroup_rsc['properties']['description'],
+ "Custom security group rules defined by the user")
+ self.assertEqual(secgroup_rsc['properties']['rules'][0]['protocol'],
+ 'custom')
+
def test__add_resources_to_template_raw(self):
test_context = node.NodeContext()
self.addCleanup(test_context._delete_context)