From 85b2f25678ccf7a34569a38924b53b3cae073140 Mon Sep 17 00:00:00 2001 From: Bryan Sullivan Date: Wed, 18 Jan 2017 07:33:01 -0800 Subject: First working version of network_bridging test. JIRA: COPPER-4 Add additional comment on Devstack use. Update comments in cleanup script. Update copyright year. Change-Id: I8d6523ed0d35558ef22c840a9d08a4a390c20cf4 Signed-off-by: Bryan Sullivan --- tests/network_bridging-clean.sh | 19 +++++++------ tests/network_bridging.sh | 60 +++++++++++++++++++++-------------------- 2 files changed, 40 insertions(+), 39 deletions(-) diff --git a/tests/network_bridging-clean.sh b/tests/network_bridging-clean.sh index 689eaa2..02db216 100644 --- a/tests/network_bridging-clean.sh +++ b/tests/network_bridging-clean.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2015-2016 AT&T Intellectual Property, Inc +# Copyright 2015-2017 AT&T Intellectual Property, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,16 +16,15 @@ # What this is: Cleanup script for the test network_bridging.sh # -# Status: this is a work in progress, under test. +# Status: this is a work in progress, under test. # -# Prequisite: OPFNV installed per JOID or Apex installer +# Prequisite: +# - OpenStack Congress installed as part of an OpenStack deployment, +# e.g. via Devstack, or OPFNV # - OpenStack CLI environment variables setup # How to use: -# Install Congress test server per https://wiki.opnfv.org/copper/academy -# # Create Congress policy and resources that exercise policy -# $ bash network_briding.sh -# # After test, cleanup -# $ bash network_briding-clean.sh +# $ bash network_bridging-clean.sh + if [ $# -eq 1 ]; then if [ $1 == "debug" ]; then @@ -68,10 +67,10 @@ echo "Delete test_dmz network" neutron net-delete test_dmz echo "Delete test_admin subnet" -neutron subnet-delete test_dmz +neutron subnet-delete test_admin echo "Delete test_admin network" -neutron net-delete test_dmz +neutron net-delete test_admin set +x #echo off diff --git a/tests/network_bridging.sh b/tests/network_bridging.sh index eae6b31..59138e4 100644 --- a/tests/network_bridging.sh +++ b/tests/network_bridging.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2015-2016 AT&T Intellectual Property, Inc +# Copyright 2015-2017 AT&T Intellectual Property, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,7 +27,9 @@ # # Status: this is a work in progress, under test. # -# Prequisite: OPFNV installed per JOID or Apex installer +# Prequisite: +# - OpenStack Congress installed as part of an OpenStack deployment, +# e.g. via Devstack, or OPFNV # - OpenStack CLI environment variables setup # How to use: # # Create Congress policy and resources that exercise policy @@ -66,29 +68,29 @@ echo "$0: $(date) Create Congress policy 'test'" if [ $(openstack congress policy show test | awk "/ id / { print \$4 }") ]; then unclean; fi openstack congress policy create test -echo "$0: $(date) Create sp_dmz_connected rule in policy 'test'" -openstack congress policy rule create test 'sp_dmz_connected(x) :- nova:servers(id=x), neutronv2:ports(device_owner=x), neutronv2:networks(id=z, tenant_id=w, name="test_dmz"), keystone:tenants(enabled, name="admin", id=w)' --name sp_dmz_connected +echo "$0: $(date) Create dmz_connected rule in policy 'test'" +openstack congress policy rule create test 'dmz_connected(x) :- neutronv2:ports(network_id=z, device_id=x), neutronv2:networks(id=z, tenant_id=w, name="test_dmz"), keystone:tenants(enabled, desc, name="admin", id=w)' --name dmz_connected -echo "$0: $(date) Create sp_admin_connected rule in policy 'test'" -openstack congress policy rule create test 'sp_dmz_connected(x) :- nova:servers(id=x), neutronv2:ports(device_owner=x), neutronv2:networks(id=z, tenant_id=w, name="test_admin"), keystone:tenants(enabled, name="admin", id=w)' --name sp_admin_connected +echo "$0: $(date) Create admin_connected rule in policy 'test'" +openstack congress policy rule create test 'admin_connected(x) :- neutronv2:ports(network_id=z, device_id=x), neutronv2:networks(id=z, tenant_id=w, name="test_admin"), keystone:tenants(enabled, desc, name="admin", id=w)' --name admin_connected -echo "$0: $(date) Create dmz_admin_connnected rule in policy 'test'" -openstack congress policy rule create test 'dmz_admin_connnected(x) :- sp_dmz_connected(x), sp_admin_connected(x)' --name dmz_admin_connnected +echo "$0: $(date) Create dmz_admin_connected rule in policy 'test'" +openstack congress policy rule create test 'dmz_admin_connected(x) :- dmz_connected(x), admin_connected(x)' --name dmz_admin_connected echo "$0: $(date) Create dmz_admin_bridging_error rule in policy 'test'" -openstack congress policy rule create test 'dmz_admin_bridging_error(id) :- nova:servers(id,name,hostId,status,tenant_id=x), not keystone:tenants(enabled, name="SP", id=x)' --name dmz_admin_bridging_error +openstack congress policy rule create test 'dmz_admin_bridging_error(id) :- dmz_admin_connected(id), nova:servers(id,image_id=y), not glancev2:tags(y,"bridging-authorized")' --name dmz_admin_bridging_error -echo "$0: $(date) Create dmz_admin_bridging_error rule in policy 'test'" +echo "$0: $(date) Create paused_dmz_admin_bridging_error rule in policy 'test'" openstack congress policy rule create test 'execute[nova:servers.pause(id)] :- dmz_admin_bridging_error(id), nova:servers(id,status="ACTIVE")' --name paused_dmz_admin_bridging_error -echo "$0: $(date) Create image cirros1 as non-briding-authorized image" +echo "$0: $(date) Create image cirros1 as non-bridging-authorized image" image=$(openstack image list | awk "/ cirros-0.3.3-x86_64 / { print \$2 }") if [ -z $image ]; then glance --os-image-api-version 1 image-create --name cirros-0.3.3-x86_64 --disk-format qcow2 --location http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img --container-format bare fi -echo "$0: $(date) Create image cirros2 as briding-authorized image" -image=$(openstack image list | awk "/ cirros-0.3.3-x86_64 / { print \$2 }") -if [ -z $image ]; then glance --os-image-api-version 1 image-create --name cirros-0.3.3-x86_64-dmz --disk-format qcow2 --location http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img --container-format bare +echo "$0: $(date) Create image cirros2 as bridging-authorized image" +image=$(openstack image list | awk "/ cirros-0.3.3-x86_64-bridging / { print \$2 }") +if [ -z $image ]; then glance --os-image-api-version 1 image-create --name cirros-0.3.3-x86_64-bridging --disk-format qcow2 --location http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img --container-format bare fi echo "$0: $(date) Get image ID of cirros2 image" @@ -99,10 +101,10 @@ glance --os-image-api-version 2 image-tag-update $IMAGE_ID "bridging-authorized" echo "$0: $(date) Create admin network" if [ $(neutron net-list | awk "/ test_admin / { print \$2 }") ]; then unclean; fi -neutron net-create test_dmz +neutron net-create test_admin -echo "$0: $(date) Create dmz subnet" -neutron subnet-create test_dmz 10.0.0.0/24 --name test_dmz --gateway 10.0.0.1 --enable-dhcp --allocation-pool start=10.0.0.2,end=10.0.0.254 --dns-nameserver 8.8.8.8 +echo "$0: $(date) Create admin subnet" +neutron subnet-create test_admin 10.0.0.0/24 --name test_admin --gateway 10.0.0.1 --enable-dhcp --allocation-pool start=10.0.0.2,end=10.0.0.254 --dns-nameserver 8.8.8.8 echo "$0: $(date) Create dmz network" if [ $(neutron net-list | awk "/ test_dmz / { print \$2 }") ]; then unclean; fi @@ -112,42 +114,42 @@ echo "$0: $(date) Create dmz subnet" neutron subnet-create test_dmz 10.0.1.0/24 --name test_dmz --gateway 10.0.1.1 --enable-dhcp --allocation-pool start=10.0.1.2,end=10.0.1.254 --dns-nameserver 8.8.8.8 echo "$0: $(date) Boot cirros1" -nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64 --nic net-name="test_dmz" net-name="test_admin" cirros1 +nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64 --nic net-name="test_dmz" --nic net-name="test_admin" cirros1 test_cirros1_ID=$(nova list | awk "/ cirros1 / { print \$2 }") echo "$0: $(date) Boot cirros2" -nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-bridging --nic net-name="test_dmz" net-name="test_admin" cirros2 +nova boot --flavor m1.tiny --image cirros-0.3.3-x86_64-bridging --nic net-name="test_dmz" --nic net-name="test_admin" cirros2 test_cirros2_ID=$(nova list | awk "/ cirros2 / { print \$2 }") echo "$0: $(date) Wait 5 seconds for Congress polling to occur at least once" sleep 5 -echo "$0: $(date) Verify cirros1 and cirros2 IDs are in the Congress policy 'test' table 'sp_dmz_connected'" +echo "$0: $(date) Verify cirros1 and cirros2 IDs are in the Congress policy 'test' table 'dmz_connected'" COUNTER=5 RESULT="Test Failed!" until [[ $COUNTER -eq 0 || $RESULT == "Test Success!" ]]; do - openstack congress policy row list test sp_dmz_connected - dmz_cirros1=$(openstack congress policy row list test sp_dmz_connected | awk "/ $test_cirros1_ID / { print \$2 }") - dmz_cirros2=$(openstack congress policy row list test sp_dmz_connected | awk "/ $test_cirros2_ID / { print \$2 }") + openstack congress policy row list test dmz_connected + dmz_cirros1=$(openstack congress policy row list test dmz_connected | awk "/ $test_cirros1_ID / { print \$2 }") + dmz_cirros2=$(openstack congress policy row list test dmz_connected | awk "/ $test_cirros2_ID / { print \$2 }") if [[ "$dmz_cirros1" == "$test_cirros1_ID" && "$dmz_cirros2" == "$test_cirros2_ID" ]]; then RESULT="Test Success!"; fi let COUNTER-=1 sleep 5 done -echo "$0: $(date) sp_dmz_connected table entries present for cirros1, cirros2:" $RESULT +echo "$0: $(date) smz_connected table entries present for cirros1, cirros2:" $RESULT if [ "$RESULT" == "Test Failed!" ]; then fail; fi -echo "$0: $(date) Verify cirros1 and cirros2 IDs are in the Congress policy 'test' table 'sp_admin_connected'" +echo "$0: $(date) Verify cirros1 and cirros2 IDs are in the Congress policy 'test' table 'admin_connected'" COUNTER=5 RESULT="Test Failed!" until [[ $COUNTER -eq 0 || $RESULT == "Test Success!" ]]; do - openstack congress policy row list test sp_admin_connected - dmz_cirros1=$(openstack congress policy row list test sp_admin_connected | awk "/ $test_cirros1_ID / { print \$2 }") - dmz_cirros2=$(openstack congress policy row list test sp_admin_connected | awk "/ $test_cirros2_ID / { print \$2 }") + openstack congress policy row list test admin_connected + dmz_cirros1=$(openstack congress policy row list test admin_connected | awk "/ $test_cirros1_ID / { print \$2 }") + dmz_cirros2=$(openstack congress policy row list test admin_connected | awk "/ $test_cirros2_ID / { print \$2 }") if [[ "$dmz_cirros1" == "$test_cirros1_ID" && "$dmz_cirros2" == "$test_cirros2_ID" ]]; then RESULT="Test Success!"; fi let COUNTER-=1 sleep 5 done -echo "$0: $(date) sp_admin_connected table entries present for cirros1, cirros2:" $RESULT +echo "$0: $(date) admin_connected table entries present for cirros1, cirros2:" $RESULT if [ "$RESULT" == "Test Failed!" ]; then fail; fi echo "$0: $(date) Verify cirros1 and cirros2 IDs are in the Congress policy 'test' table 'dmz_admin_connected'" -- cgit 1.2.3-korg