diff options
-rw-r--r-- | scenarios/os-odl-sfc/role/os-odl-sfc/README | 39 | ||||
-rw-r--r-- | sfc/tests/functest/README.sfc-test-2 | 11 | ||||
-rw-r--r-- | sfc/tests/functest/README.sfc-test-3 | 24 | ||||
-rw-r--r-- | sfc/tests/functest/README.tests | 48 | ||||
-rw-r--r-- | sfc/tests/functest/config.yaml | 16 | ||||
-rw-r--r-- | sfc/tests/functest/sfc_tacker_test2.bash | 29 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test-one-chain-vnfd1.yaml (renamed from sfc/tests/functest/vnfd-templates/test-vnfd1.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test-one-chain-vnfd2.yaml (renamed from sfc/tests/functest/vnfd-templates/test-vnfd2.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml (renamed from sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test-two-chains-vnfd1.yaml (renamed from sfc/tests/functest/vnfd-templates/test2-vnfd1.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test-two-chains-vnfd2.yaml (renamed from sfc/tests/functest/vnfd-templates/test2-vnfd2.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnffgd-templates/test-one-chain-vnffgd.yaml (renamed from sfc/tests/functest/vnffgd-templates/test-vnffgd.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd1.yaml (renamed from sfc/tests/functest/vnffgd-templates/test2-vnffgd1.yaml) | 0 | ||||
-rw-r--r-- | sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd2.yaml (renamed from sfc/tests/functest/vnffgd-templates/test2-vnffgd2.yaml) | 0 |
14 files changed, 79 insertions, 88 deletions
diff --git a/scenarios/os-odl-sfc/role/os-odl-sfc/README b/scenarios/os-odl-sfc/role/os-odl-sfc/README index 6d3147ba..3cb8cb29 100644 --- a/scenarios/os-odl-sfc/role/os-odl-sfc/README +++ b/scenarios/os-odl-sfc/role/os-odl-sfc/README @@ -2,11 +2,27 @@ This is the role which deploys the os-odl-sfc scenarios in xci. This role currently works with: -- OpenStack stable/ocata +- OpenStack stable/pike - ODL Nitrogen RC1 - OVS+NSH patch +- OpenSUSE 42.3 or Ubuntu 16.04 -# SCENARIOS # +# PREPARATIONS # + +1 - If you don’t have a key already, generate an SSH key in $HOME/.ssh +ssh-keygen -t rsa + +2 - Clone OPNFV releng-xci repository +git clone https://gerrit.opnfv.org/gerrit/releng-xci.git + +3 - Change into directory where the sandbox script is located: +cd releng-xci/xci + +4 - Use a version of releng-xci which we know works + +git checkout cf2cd4e4b87a5e392bc4ba49749a349925ba2f86 + +Then, depending on the scenario which will be run: ## os-odl-sfc-noha ## @@ -16,10 +32,9 @@ your releng-xci code is: export XCI_FLAVOR=noha export OPNFV_SCENARIO=os-odl-sfc -export OPENSTACK_OSA_VERSION=stable/ocata +export OPENSTACK_OSA_VERSION=stable/pike export VM_MEMORY_SIZE=16384 -export OPNFV_RELENG_DEV_PATH=/xxxxx/releng-xci - +export OPENSTACK_BIFROST_VERSION=bd7e99bf7a00e4c9ad7d03d752d7251e3caf8509 ## os-odl-sfc-ha ## @@ -28,10 +43,9 @@ running xci-deploy.sh: export XCI_FLAVOR=ha export OPNFV_SCENARIO=os-odl-sfc -export OPENSTACK_OSA_VERSION=stable/ocata +export OPENSTACK_OSA_VERSION=stable/pike export VM_MEMORY_SIZE=20480 -export OPNFV_RELENG_DEV_PATH=/xxxxx/releng-xci - +export OPENSTACK_BIFROST_VERSION=bd7e99bf7a00e4c9ad7d03d752d7251e3caf8509 # LIMITATIONS # @@ -40,16 +54,9 @@ export OPNFV_RELENG_DEV_PATH=/xxxxx/releng-xci there are several patches pending to be upstreamed. This is the branch we are using: -https://github.com/mardim91/openstack-ansible-os_neutron/tree/ocata-backport-automated-twentyfourth-august +https://github.com/manuelbuil/openstack-ansible-os_neutron/tree/testing-ovs-nsh2 We will stop doing this as soon as the patches are merged upstream 2 - It is using a private branch for tacker code because a bug does not allow SSL. We will stop doing this as soon as the bug is fixed - - -# IN PROGRESS/FUTURE # - -1 - Supporting stable/Pike - -2 - Support openSUSE diff --git a/sfc/tests/functest/README.sfc-test-2 b/sfc/tests/functest/README.sfc-test-2 deleted file mode 100644 index 5a9f2ebe..00000000 --- a/sfc/tests/functest/README.sfc-test-2 +++ /dev/null @@ -1,11 +0,0 @@ -### ODL-SFC TEST2 DESCRIPTION ### - -This is a simple description of the test case - -We create one client and one server using nova. Then, 2 SFs are created using -tacker. The SFs are deployed in two different compute nodes. A chain is created -where both SFs are included. - -vxlan_tool is started in both SFs and HTTP traffic is sent from the client to -the server. If it works, the vxlan_tool is modified to block HTTP traffic. -It is tried again and it should fail because packets are dropped diff --git a/sfc/tests/functest/README.sfc-test-3 b/sfc/tests/functest/README.sfc-test-3 deleted file mode 100644 index 1583f24e..00000000 --- a/sfc/tests/functest/README.sfc-test-3 +++ /dev/null @@ -1,24 +0,0 @@ -### ODL-SFC TEST3 DESCRIPTION ### - -*** This test is not working yet - see JIRA SFC-86 *** - -One client and one server are created using nova. The server will be running -a web server on port 80. - -Then one Service Function (SF) is created using Tacker. This service function -will be running a firewall that blocks the traffic in a specific port (e.g. -33333). A symmetric service chain routing the traffic throught this SF will be -created as well. - -1st check: The client is able to reach the server using a source port different -from the one that the firewall blocks (e.g 22222), and the response gets back -to the client. - -2nd check: The client is able to reach the server using the source port that -the firewall blocks, but responses back from the server are blocked, as the -symmetric service chain makes them go through the firewall that blocks on the -destination port initially used as source port by the client (e.g. 33333). - -If the client is able to receive the response, it would be a symptom of the -symmetric chain not working, as traffic would be flowing from server to client -directly without traversing the SF. diff --git a/sfc/tests/functest/README.tests b/sfc/tests/functest/README.tests new file mode 100644 index 00000000..d4e3df3e --- /dev/null +++ b/sfc/tests/functest/README.tests @@ -0,0 +1,48 @@ +## These are the current available test cases ## + +## TEST ONE CHAIN - sfc_one_chain_two_service_functions ## + +We create one client and one server using nova. Then, 2 SFs are created using +tacker. A chain is created where both SFs are included. + +vxlan_tool is started in both SFs and HTTP traffic is sent from the client to +the server. If it works, the vxlan_tool is modified to block HTTP traffic. +It is tried again and it should fail because packets are dropped. Then, that +SF stops blocking and the other SF starts blocking HTTP and the connection is +tried again. + + +## TEST TWO CHAINS - sfc_two_chains_SSH_and_HTTP ## + +We create one client and one server using nova. Then, 2 SFs are created using +tacker. Two chains are created, having one SF each. + +vxlan_tool is started in both SFs, one SF blocks SSH traffic and the other SF +block HTTP traffic. First, the client traffic is classified to chain1, where +HTTP should work but SSH sould not. This is tested and after that the +classification is changed to classified to chain2, where HTTP should not work +but SSH should work. This is tested again. + + +## TEST SYMMETRIC - sfc_symmetric_chain ## + +One client and one server are created using nova. The server will be running +a web server on port 80. + +Then one Service Function (SF) is created using Tacker. This service function +will be running a firewall that blocks the traffic in a specific port (e.g. +33333). A symmetric service chain routing the traffic throught this SF will be +created as well. + +1st check: The client is able to reach the server using a source port different +from the one that the firewall blocks (e.g 22222), and the response gets back +to the client. + +2nd check: The client is able to reach the server using the source port that +the firewall blocks, but responses back from the server are blocked, as the +symmetric service chain makes them go through the firewall that blocks on the +destination port initially used as source port by the client (e.g. 33333). + +If the client is able to receive the response, it would be a symptom of the +symmetric chain not working, as traffic would be flowing from server to client +directly without traversing the SF. diff --git a/sfc/tests/functest/config.yaml b/sfc/tests/functest/config.yaml index 4a4a806e..294ba7c7 100644 --- a/sfc/tests/functest/config.yaml +++ b/sfc/tests/functest/config.yaml @@ -35,9 +35,9 @@ testcases: subnet_cidr: "11.0.0.0/24" secgroup_name: "example-sg" secgroup_descr: "Example Security group" - test_vnfd_red: "test-vnfd1.yaml" - test_vnfd_blue: "test-vnfd2.yaml" - test_vnffgd_red: "test-vnffgd.yaml" + test_vnfd_red: "test-one-chain-vnfd1.yaml" + test_vnfd_blue: "test-one-chain-vnfd2.yaml" + test_vnffgd_red: "test-one-chain-vnffgd.yaml" sfc_two_chains_SSH_and_HTTP: enabled: false @@ -49,10 +49,10 @@ testcases: subnet_cidr: "11.0.0.0/24" secgroup_name: "example-sg" secgroup_descr: "Example Security group" - test_vnfd_red: "test2-vnfd1.yaml" - test_vnfd_blue: "test2-vnfd2.yaml" - test_vnffgd_red: "test2-vnffgd1.yaml" - test_vnffgd_blue: "test2-vnffgd2.yaml" + test_vnfd_red: "test-two-chains-vnfd1.yaml" + test_vnfd_blue: "test-two-chains-vnfd2.yaml" + test_vnffgd_red: "test-two-chains-vnffgd1.yaml" + test_vnffgd_blue: "test-two-chains-vnffgd2.yaml" sfc_symmetric_chain: enabled: false @@ -64,6 +64,6 @@ testcases: subnet_cidr: "11.0.0.0/24" secgroup_name: "example-sg" secgroup_descr: "Example Security group" - test_vnfd: "test3-vnfd1.yaml" + test_vnfd: "test-symmetric-vnfd.yaml" allowed_source_port: 22222 blocked_source_port: 33333 diff --git a/sfc/tests/functest/sfc_tacker_test2.bash b/sfc/tests/functest/sfc_tacker_test2.bash deleted file mode 100644 index 156b19cb..00000000 --- a/sfc/tests/functest/sfc_tacker_test2.bash +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -BASEDIR=`dirname $0` - -#import VNF descriptor -tacker vnfd-create --vnfd-file ${BASEDIR}/vnfd-templates/test2-vnfd1.yaml -tacker vnfd-create --vnfd-file ${BASEDIR}/vnfd-templates/test2-vnfd2.yaml - -#create instances of the imported VNF -tacker vnf-create --name testVNF1 --vnfd-name test-vnfd1 -tacker vnf-create --name testVNF2 --vnfd-name test-vnfd2 - -key=true -while $key;do - sleep 3 - active=`tacker vnf-list | grep -E 'PENDING|ERROR'` - echo -e "checking if SFs are up: $active" - if [ -z "$active" ]; then - key=false - fi -done - -#create service chain -tacker sfc-create --name red --chain testVNF1,testVNF2 - -#create classifier -tacker sfc-classifier-create --name red_http --chain red --match source_port=0,dest_port=80,protocol=6 - -tacker sfc-list -tacker sfc-classifier-list diff --git a/sfc/tests/functest/vnfd-templates/test-vnfd1.yaml b/sfc/tests/functest/vnfd-templates/test-one-chain-vnfd1.yaml index 4042222c..4042222c 100644 --- a/sfc/tests/functest/vnfd-templates/test-vnfd1.yaml +++ b/sfc/tests/functest/vnfd-templates/test-one-chain-vnfd1.yaml diff --git a/sfc/tests/functest/vnfd-templates/test-vnfd2.yaml b/sfc/tests/functest/vnfd-templates/test-one-chain-vnfd2.yaml index 42308c6c..42308c6c 100644 --- a/sfc/tests/functest/vnfd-templates/test-vnfd2.yaml +++ b/sfc/tests/functest/vnfd-templates/test-one-chain-vnfd2.yaml diff --git a/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml index 1f4c11f6..1f4c11f6 100644 --- a/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml +++ b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml diff --git a/sfc/tests/functest/vnfd-templates/test2-vnfd1.yaml b/sfc/tests/functest/vnfd-templates/test-two-chains-vnfd1.yaml index 4042222c..4042222c 100644 --- a/sfc/tests/functest/vnfd-templates/test2-vnfd1.yaml +++ b/sfc/tests/functest/vnfd-templates/test-two-chains-vnfd1.yaml diff --git a/sfc/tests/functest/vnfd-templates/test2-vnfd2.yaml b/sfc/tests/functest/vnfd-templates/test-two-chains-vnfd2.yaml index ac4f223d..ac4f223d 100644 --- a/sfc/tests/functest/vnfd-templates/test2-vnfd2.yaml +++ b/sfc/tests/functest/vnfd-templates/test-two-chains-vnfd2.yaml diff --git a/sfc/tests/functest/vnffgd-templates/test-vnffgd.yaml b/sfc/tests/functest/vnffgd-templates/test-one-chain-vnffgd.yaml index 27c7d545..27c7d545 100644 --- a/sfc/tests/functest/vnffgd-templates/test-vnffgd.yaml +++ b/sfc/tests/functest/vnffgd-templates/test-one-chain-vnffgd.yaml diff --git a/sfc/tests/functest/vnffgd-templates/test2-vnffgd1.yaml b/sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd1.yaml index f0615e4e..f0615e4e 100644 --- a/sfc/tests/functest/vnffgd-templates/test2-vnffgd1.yaml +++ b/sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd1.yaml diff --git a/sfc/tests/functest/vnffgd-templates/test2-vnffgd2.yaml b/sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd2.yaml index ec18c9d6..ec18c9d6 100644 --- a/sfc/tests/functest/vnffgd-templates/test2-vnffgd2.yaml +++ b/sfc/tests/functest/vnffgd-templates/test-two-chains-vnffgd2.yaml |