diff options
author | Manuel Buil <mbuil@suse.com> | 2018-04-09 08:14:09 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2018-04-09 08:14:09 +0000 |
commit | 435685b3384b3bd7741324368b6912dfd4b84ef5 (patch) | |
tree | 5b2d21ac54d9a470cde4ce329c9098b936b91200 /sfc/tests | |
parent | 8e7a0e837da1f278c46e398ad53e7e77ed90e81a (diff) | |
parent | 4fe8991147ee3aefa5d43d1831a1d307bcffe4fa (diff) |
Merge "Update symmetric chain test case" into stable/fraser
Diffstat (limited to 'sfc/tests')
5 files changed, 262 insertions, 56 deletions
diff --git a/sfc/tests/functest/config.yaml b/sfc/tests/functest/config.yaml index 3cd1883a..cad3cf72 100644 --- a/sfc/tests/functest/config.yaml +++ b/sfc/tests/functest/config.yaml @@ -67,8 +67,8 @@ testcases: secgroup_name: "example-sg" secgroup_descr: "Example Security group" test_vnfd: "test-symmetric-vnfd.yaml" - allowed_source_port: 22222 - blocked_source_port: 33333 + test_vnffgd: "test-symmetric-vnffgd.yaml" + source_port: 22222 sfc_chain_deletion: enabled: false diff --git a/sfc/tests/functest/sfc_symmetric_chain.py b/sfc/tests/functest/sfc_symmetric_chain.py index e3b1d57e..43599d62 100644 --- a/sfc/tests/functest/sfc_symmetric_chain.py +++ b/sfc/tests/functest/sfc_symmetric_chain.py @@ -20,7 +20,7 @@ import opnfv.utils.ovs_logger as ovs_log from opnfv.deployment.factory import Factory as DeploymentFactory import sfc.lib.config as sfc_config -import sfc.lib.utils as test_utils +import sfc.lib.test_utils as test_utils from sfc.lib.results import Results import sfc.lib.topology_shuffler as topo_shuffler @@ -60,7 +60,7 @@ def main(): tacker_client = os_sfc_utils.get_tacker_client() - _, custom_flavor = openstack_sfc.get_or_create_flavor( + custom_flavor = openstack_sfc.create_flavor( COMMON_CONFIG.flavor, COMMON_CONFIG.ram_size_in_mb, COMMON_CONFIG.disk_size_in_gb, @@ -91,8 +91,9 @@ def main(): sg = openstack_sfc.create_security_group(TESTCASE_CONFIG.secgroup_name) vnf_name = 'testVNF1' - # Using seed=0 uses the baseline topology: everything in the same host - testTopology = topo_shuffler.topology([vnf_name], openstack_sfc, seed=0) + topo_seed = topo_shuffler.get_seed() + testTopology = topo_shuffler.topology([vnf_name], openstack_sfc, + seed=topo_seed) logger.info('This test is run with the topology {0}' .format(testTopology['id'])) logger.info('Topology description: {0}' @@ -100,15 +101,17 @@ def main(): client_instance, client_creator = openstack_sfc.create_instance( CLIENT, COMMON_CONFIG.flavor, image_creator, network, sg, - av_zone=testTopology['client']) + av_zone=testTopology[CLIENT]) server_instance, server_creator = openstack_sfc.create_instance( SERVER, COMMON_CONFIG.flavor, image_creator, network, sg, - av_zone=testTopology['server']) + av_zone=testTopology[SERVER]) server_ip = server_instance.ports[0].ips[0]['ip_address'] logger.info("Server instance received private ip [{}]".format(server_ip)) + os_sfc_utils.register_vim(tacker_client, vim_file=COMMON_CONFIG.vim_file) + tosca_file = os.path.join( COMMON_CONFIG.sfc_test_dir, COMMON_CONFIG.vnfd_dir, @@ -119,11 +122,15 @@ def main(): COMMON_CONFIG.vnfd_dir, COMMON_CONFIG.vnfd_default_params_file) - os_sfc_utils.create_vnfd(tacker_client, tosca_file=tosca_file) - test_utils.create_vnf_in_av_zone( + os_sfc_utils.create_vnfd( + tacker_client, + tosca_file=tosca_file, + vnfd_name='test-vnfd1') + os_sfc_utils.create_vnf_in_av_zone( tacker_client, vnf_name, 'test-vnfd1', + 'test-vim', default_param_file, testTopology[vnf_name]) @@ -132,37 +139,40 @@ def main(): logger.error('ERROR while booting VNF') sys.exit(1) - os_sfc_utils.create_sfc( + tosca_file = os.path.join( + COMMON_CONFIG.sfc_test_dir, + COMMON_CONFIG.vnffgd_dir, + TESTCASE_CONFIG.test_vnffgd) + os_sfc_utils.create_vnffgd( + tacker_client, + tosca_file=tosca_file, + vnffgd_name='test-vnffgd') + + client_port = openstack_sfc.get_client_port( + client_instance, + client_creator) + server_port = openstack_sfc.get_client_port( + server_instance, + server_creator) + + server_ip_prefix = server_ip + '/32' + + os_sfc_utils.create_vnffg_with_param_file( tacker_client, - sfc_name='red', - chain_vnf_names=[vnf_name], - symmetrical=True) - - os_sfc_utils.create_sfc_classifier( - tacker_client, 'red_http', sfc_name='red', - match={ - 'source_port': 0, - 'dest_port': 80, - 'protocol': 6 - }) - - # FIXME: JIRA SFC-86 - # Tacker does not allow to specify the direction of the chain to be used, - # only references the SFP (which for symmetric chains results in two RSPs) - os_sfc_utils.create_sfc_classifier( - tacker_client, 'red_http_reverse', sfc_name='red', - match={ - 'source_port': 80, - 'dest_port': 0, - 'protocol': 6 - }) - - logger.info(test_utils.run_cmd('tacker sfc-list')) - logger.info(test_utils.run_cmd('tacker sfc-classifier-list')) + 'test-vnffgd', + 'test-vnffg', + default_param_file, + client_port.id, + server_port.id, + server_ip_prefix) # Start measuring the time it takes to implement the classification rules - t1 = threading.Thread(target=odl_utils.wait_for_classification_rules, - args=(ovs_logger, compute_nodes, odl_ip, odl_port,)) + t1 = threading.Thread( + target=wait_for_classification_rules, + args=(ovs_logger, compute_nodes, + openstack_sfc.get_compute_server(), server_port, + openstack_sfc.get_compute_client(), client_port, + odl_ip, odl_port,)) try: t1.start() @@ -176,15 +186,19 @@ def main(): server_floating_ip = openstack_sfc.assign_floating_ip(router, server_instance, server_creator) - fips_sfs = openstack_sfc.assign_floating_ip_vnfs(router) + + vnf_ip = os_sfc_utils.get_vnf_ip(tacker_client, vnf_id=vnf_id) + fips_sfs = openstack_sfc.assign_floating_ip_vnfs(router, [vnf_ip]) sf_floating_ip = fips_sfs[0] - fips = [client_floating_ip, server_floating_ip, fips_sfs[0]] + fips = [client_floating_ip, server_floating_ip, sf_floating_ip] for ip in fips: logger.info("Checking connectivity towards floating IP [%s]" % ip) if not test_utils.ping(ip, retries=50, retry_timeout=3): logger.error("Cannot ping floating IP [%s]" % ip) + os_sfc_utils.get_tacker_items() + odl_utils.get_odl_items(odl_ip, odl_port) sys.exit(1) logger.info("Successful ping to floating IP [%s]" % ip) @@ -197,39 +211,124 @@ def main(): logger.error('\033[91mFailed to start the HTTP server\033[0m') sys.exit(1) - blocked_port = TESTCASE_CONFIG.blocked_source_port - logger.info("Firewall started, blocking traffic port %d" % blocked_port) - test_utils.start_vxlan_tool(sf_floating_ip, block=blocked_port) + logger.info("Starting vxlan_tool on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') logger.info("Wait for ODL to update the classification rules in OVS") t1.join() - allowed_port = TESTCASE_CONFIG.allowed_source_port - logger.info("Test if HTTP from port %s works" % allowed_port) - if not test_utils.is_http_blocked( - client_floating_ip, server_ip, allowed_port): + logger.info("Test HTTP") + if not test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): results.add_to_summary(2, "PASS", "HTTP works") else: error = ('\033[91mTEST 1 [FAILED] ==> HTTP BLOCKED\033[0m') logger.error(error) test_utils.capture_ovs_logs( ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP blocked") + + logger.info("Changing the vxlan_tool to block HTTP request traffic") + + # Make SF1 block http request traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1', block="80") + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') + + logger.info("Test HTTP again blocking request on SF1") + if test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): + results.add_to_summary(2, "PASS", "HTTP uplink blocked") + else: + error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') + logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) results.add_to_summary(2, "FAIL", "HTTP works") - logger.info("Test if HTTP from port %s is blocked" % blocked_port) - if test_utils.is_http_blocked( - client_floating_ip, server_ip, blocked_port): - results.add_to_summary(2, "PASS", "HTTP Blocked") + logger.info("Changing the vxlan_tool to block HTTP response traffic") + + # Make SF1 block response http traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0', + block=TESTCASE_CONFIG.source_port) + + logger.info("Test HTTP again blocking response on SF1") + if test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): + results.add_to_summary(2, "PASS", "HTTP downlink blocked") else: - error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') + error = ('\033[91mTEST 3 [FAILED] ==> HTTP WORKS\033[0m') logger.error(error) test_utils.capture_ovs_logs( ovs_logger, controller_clients, compute_clients, error) - results.add_to_summary(2, "FAIL", "HTTP Blocked") + results.add_to_summary(2, "FAIL", "HTTP works") + + logger.info("Changing the vxlan_tool to allow HTTP traffic") + + # Make SF1 allow http traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') + + logger.info("Test HTTP") + if not test_utils.is_http_blocked(client_floating_ip, server_ip): + results.add_to_summary(2, "PASS", "HTTP restored") + else: + error = ('\033[91mTEST 4 [FAILED] ==> HTTP BLOCKED\033[0m') + logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP blocked") return results.compile_summary(), openstack_sfc.creators +def wait_for_classification_rules(ovs_logger, compute_nodes, + server_compute, server_port, + client_compute, client_port, + odl_ip, odl_port): + if client_compute == server_compute: + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + client_compute, + [server_port, client_port]) + else: + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + server_compute, + server_port) + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + client_compute, + client_port) + + if __name__ == '__main__': logging.config.fileConfig(COMMON_CONFIG.functest_logging_api) main() diff --git a/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml index 1f4c11f6..bf175ef7 100644 --- a/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml +++ b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml @@ -15,12 +15,15 @@ topology_template: nfv_compute: properties: num_cpus: 1 - mem_size: 2 GB - disk_size: 10 GB + mem_size: 500 MB + disk_size: 1 GB properties: - image: sfc_nsh_euphrates + image: sfc_nsh_fraser availability_zone: {get_input: zone} mgmt_driver: noop + config: | + param0: key1 + param1: key2 service_type: firewall monitoring_policy: name: ping @@ -46,6 +49,18 @@ topology_template: - virtualBinding: node: VDU1 + CP2: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: false + order: 1 + anti_spoofing_protection: false + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 + VL1: type: tosca.nodes.nfv.VL properties: diff --git a/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml new file mode 100644 index 00000000..6b14df1b --- /dev/null +++ b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml @@ -0,0 +1,46 @@ +--- +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 +description: test-case-symmetric + +topology_template: + description: topology-template-test1 + inputs: + net_src_port_id: + type: string + net_dst_port_id: + type: string + ip_dst_prefix: + type: string + + node_templates: + Forwarding_path1: + type: tosca.nodes.nfv.FP.Tacker + description: creates path + properties: + id: 1 + policy: + type: ACL + criteria: + - network_src_port_id: {get_input: net_src_port_id} + - network_dst_port_id: {get_input: net_dst_port_id} + - ip_dst_prefix: {get_input: ip_dst_prefix} + - destination_port_range: 80-80 + - ip_proto: 6 + path: + - forwarder: test-vnfd1 + capability: CP1 + - forwarder: test-vnfd1 + capability: CP2 + + groups: + VNFFG1: + type: tosca.groups.nfv.VNFFG + description: creates chain + properties: + vendor: tacker + version: 1.0 + number_of_endpoints: 2 + dependent_virtual_link: [VL1, VL1] + connection_point: [CP1, CP2] + constituent_vnfs: [test-vnfd1, test-vnfd1] + members: [Forwarding_path1] diff --git a/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens new file mode 100644 index 00000000..c40c447c --- /dev/null +++ b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens @@ -0,0 +1,46 @@ +--- +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 +description: test-case-symmetric + +topology_template: + description: topology-template-test1 + inputs: + net_src_port_id: + type: string + net_dst_port_id: + type: string + ip_dst_prefix: + type: string + + node_templates: + Forwarding_path1: + type: tosca.nodes.nfv.FP.Tacker + description: creates path + properties: + id: 1 + policy: + type: ACL + criteria: + - network_src_port_id: {get_input: net_src_port_id} + network_dst_port_id: {get_input: net_dst_port_id} + ip_dst_prefix: {get_input: ip_dst_prefix} + destination_port_range: 80-80 + ip_proto: 6 + path: + - forwarder: test-vnfd1 + capability: CP1 + - forwarder: test-vnfd1 + capability: CP2 + + groups: + VNFFG1: + type: tosca.groups.nfv.VNFFG + description: creates chain + properties: + vendor: tacker + version: 1.0 + number_of_endpoints: 2 + dependent_virtual_link: [VL1, VL1] + connection_point: [CP1, CP2] + constituent_vnfs: [test-vnfd1, test-vnfd1] + members: [Forwarding_path1] |