diff options
-rw-r--r-- | sfc/lib/utils.py | 32 | ||||
-rw-r--r-- | sfc/tests/functest/README.sfc-test-3 | 22 | ||||
-rw-r--r-- | sfc/tests/functest/config.yaml | 14 | ||||
-rw-r--r-- | sfc/tests/functest/sfc_symmetric_chain.py | 201 | ||||
-rw-r--r-- | sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml | 23 |
5 files changed, 292 insertions, 0 deletions
diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py index b1576803..2b01113c 100644 --- a/sfc/lib/utils.py +++ b/sfc/lib/utils.py @@ -237,6 +237,38 @@ def get_floating_ips(nova_client, neutron_client): return server_ip, client_ip, ips[1], ips[0] +# TODO (jvidal): This is pure scaffolding, it needs to be merged with +# get_floating_ips in the future +def get_floating_ips_2(nova_client, neutron_client): + sf_ip = None + client_ip = None + server_ip = None + instances = nova_client.servers.list() + for instance in instances: + floatip_dic = os_utils.create_floating_ip(neutron_client) + floatip = floatip_dic['fip_addr'] + instance.add_floating_ip(floatip) + logger.info("Instance name and ip %s:%s " % (instance.name, floatip)) + logger.info("Waiting for instance %s:%s to come up" % + (instance.name, floatip)) + if not ping(floatip): + logger.info("Instance %s:%s didn't come up" % + (instance.name, floatip)) + return None + + if instance.name == "server": + logger.info("Server:%s is reachable" % floatip) + server_ip = floatip + elif instance.name == "client": + logger.info("Client:%s is reachable" % floatip) + client_ip = floatip + else: + logger.info("SF:%s is reachable" % floatip) + sf_ip = floatip + + return server_ip, client_ip, sf_ip + + def start_http_server(ip): """Start http server on a given machine, Can be VM""" cmd = "\'python -m SimpleHTTPServer 80" diff --git a/sfc/tests/functest/README.sfc-test-3 b/sfc/tests/functest/README.sfc-test-3 new file mode 100644 index 00000000..865a7cc8 --- /dev/null +++ b/sfc/tests/functest/README.sfc-test-3 @@ -0,0 +1,22 @@ +### ODL-SFC TEST3 DESCRIPTION ### + +One client and one server are created using nova. The server will be running +a web server on port 80. + +Then one Service Function (SF) is created using Tacker. This service function +will be running a firewall that blocks the traffic in a specific port (e.g. +33333). A symmetric service chain routing the traffic throught this SF will be +created as well. + +1st check: The client is able to reach the server using a source port different +from the one that the firewall blocks (e.g 22222), and the response gets back +to the client. + +2nd check: The client is able to reach the server using the source port that +the firewall blocks, but responses back from the server are blocked, as the +symmetric service chain makes them go through the firewall that blocks on the +destination port initially used as source port by the client (e.g. 33333). + +If the client is able to receive the response, it would be a symptom of the +symmetric chain not working, as traffic would be flowing from server to client +directly without traversing the SF. diff --git a/sfc/tests/functest/config.yaml b/sfc/tests/functest/config.yaml index 9cc4c5f4..618d69e1 100644 --- a/sfc/tests/functest/config.yaml +++ b/sfc/tests/functest/config.yaml @@ -42,3 +42,17 @@ testcases: secgroup_descr: "Example Security group" test_vnfd_red: "test2-vnfd1.yaml" test_vnfd_blue: "test2-vnfd2.yaml" + + sfc_symmetric_chain: + enabled: true + description: "Verify the behavior of a symmetric service chain" + testname_db: "sfc_symmetric_chain" + net_name: example-net + subnet_name: example-subnet + router_name: example-router + subnet_cidr: "11.0.0.0/24" + secgroup_name: "example-sg" + secgroup_descr: "Example Security group" + test_vnfd: "test3-vnfd1.yaml" + allowed_source_port: 22222 + blocked_source_port: 33333 diff --git a/sfc/tests/functest/sfc_symmetric_chain.py b/sfc/tests/functest/sfc_symmetric_chain.py new file mode 100644 index 00000000..87e6f594 --- /dev/null +++ b/sfc/tests/functest/sfc_symmetric_chain.py @@ -0,0 +1,201 @@ +#!/bin/python +# +# Copyright (c) 2017 Ericsson AB and others. All rights reserved +# +# This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +import os +import sys +import threading + +import functest.utils.functest_logger as ft_logger +import functest.utils.openstack_tacker as os_tacker +import functest.utils.openstack_utils as os_utils +import opnfv.utils.ovs_logger as ovs_log +from opnfv.deployment.factory import Factory as DeploymentFactory + +import sfc.lib.config as sfc_config +import sfc.lib.utils as test_utils +from sfc.lib.results import Results + + +logger = ft_logger.Logger("ODL_SFC").getLogger() + +CLIENT = "client" +SERVER = "server" +COMMON_CONFIG = sfc_config.CommonConfig() +TESTCASE_CONFIG = sfc_config.TestcaseConfig('sfc_symmetric_chain') + + +def main(): + deploymentHandler = DeploymentFactory.get_handler( + COMMON_CONFIG.installer_type, + COMMON_CONFIG.installer_ip, + COMMON_CONFIG.installer_user, + installer_pwd=COMMON_CONFIG.installer_password) + + cluster = COMMON_CONFIG.installer_cluster + all_nodes = (deploymentHandler.get_nodes({'cluster': cluster}) + if cluster is not None + else deploymentHandler.get_nodes()) + + controller_nodes = [node for node in all_nodes if node.is_controller()] + compute_nodes = [node for node in all_nodes if node.is_compute()] + + results = Results(COMMON_CONFIG.line_length) + results.add_to_summary(0, "=") + results.add_to_summary(2, "STATUS", "SUBTEST") + results.add_to_summary(0, "=") + + test_utils.setup_compute_node(TESTCASE_CONFIG.subnet_cidr, compute_nodes) + test_utils.configure_iptables(controller_nodes) + test_utils.download_image(COMMON_CONFIG.url, COMMON_CONFIG.image_path) + + neutron_client = os_utils.get_neutron_client() + nova_client = os_utils.get_nova_client() + tacker_client = os_tacker.get_tacker_client() + + _, custom_flavor_id = os_utils.get_or_create_flavor( + COMMON_CONFIG.flavor, + COMMON_CONFIG.ram_size_in_mb, + COMMON_CONFIG.disk_size_in_gb, + COMMON_CONFIG.vcpu_count, + public=True) + if custom_flavor_id is None: + logger.error("Failed to create custom flavor") + sys.exit(1) + + controller_clients = test_utils.get_ssh_clients(controller_nodes) + compute_clients = test_utils.get_ssh_clients(compute_nodes) + + ovs_logger = ovs_log.OVSLogger( + os.path.join(COMMON_CONFIG.sfc_test_dir, 'ovs-logs'), + COMMON_CONFIG.functest_results_dir) + + image_id = os_utils.create_glance_image( + os_utils.get_glance_client(), + COMMON_CONFIG.image_name, + COMMON_CONFIG.image_path, + COMMON_CONFIG.image_format, + public='public') + + network_id = test_utils.setup_neutron( + neutron_client, + TESTCASE_CONFIG.net_name, + TESTCASE_CONFIG.subnet_name, + TESTCASE_CONFIG.router_name, + TESTCASE_CONFIG.subnet_cidr) + + sg_id = test_utils.create_security_groups( + neutron_client, + TESTCASE_CONFIG.secgroup_name, + TESTCASE_CONFIG.secgroup_descr) + + test_utils.create_instance( + nova_client, + CLIENT, + COMMON_CONFIG.flavor, + image_id, + network_id, + sg_id) + + server_instance = test_utils.create_instance( + nova_client, + SERVER, + COMMON_CONFIG.flavor, + image_id, + network_id, + sg_id) + + server_ip = server_instance.networks.get(TESTCASE_CONFIG.net_name)[0] + + tosca = os.path.join( + COMMON_CONFIG.sfc_test_dir, + COMMON_CONFIG.vnfd_dir, + TESTCASE_CONFIG.test_vnfd) + + os_tacker.create_vnfd(tacker_client, tosca_file=tosca) + test_utils.create_vnf_in_av_zone(tacker_client, 'testVNF1', 'test-vnfd1') + + vnf_id = os_tacker.wait_for_vnf(tacker_client, vnf_name='testVNF1') + if vnf_id is None: + logger.error('ERROR while booting VNF') + sys.exit(1) + + os_tacker.create_sfc( + tacker_client, + sfc_name='red', + chain_vnf_names=['testVNF1'], + symmetrical=True) + + os_tacker.create_sfc_classifier( + tacker_client, 'red_http', sfc_name='red', + match={ + 'source_port': 0, + 'dest_port': 80, + 'protocol': 6 + }) + + logger.info(test_utils.run_cmd('tacker sfc-list')) + logger.info(test_utils.run_cmd('tacker sfc-classifier-list')) + + # Start measuring the time it takes to implement the classification rules + t1 = threading.Thread(target=test_utils.wait_for_classification_rules, + args=(ovs_logger, compute_clients,)) + try: + t1.start() + except Exception, e: + logger.error("Unable to start the thread that counts time %s" % e) + + # TODO: Find a replacement for get_floating_ips() + server_floating_ip, client_floating_ip, sf_floating_ip = \ + test_utils.get_floating_ips_2(nova_client, neutron_client) + + if not test_utils.check_ssh([sf_floating_ip]): + logger.error("Cannot establish SSH connection to the SFs") + sys.exit(1) + + logger.info("Starting HTTP server on %s" % server_floating_ip) + if not test_utils.start_http_server(server_floating_ip): + logger.error('\033[91mFailed to start the HTTP server\033[0m') + sys.exit(1) + + blocked_port = TESTCASE_CONFIG.blocked_source_port + logger.info("Firewall started, blocking traffic port %d" % blocked_port) + test_utils.vxlan_firewall(sf_floating_ip, port=blocked_port) + + logger.info("Wait for ODL to update the classification rules in OVS") + t1.join() + + allowed_port = TESTCASE_CONFIG.allowed_source_port + logger.info("Test HTTP") + if not test_utils.is_http_blocked( + client_floating_ip, server_ip, allowed_port): + results.add_to_summary(2, "PASS", "HTTP works") + else: + error = ('\033[91mTEST 1 [FAILED] ==> HTTP BLOCKED\033[0m') + logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP works") + + logger.info("Test HTTP") + if test_utils.is_http_blocked(client_floating_ip, server_ip, blocked_port): + results.add_to_summary(2, "PASS", "HTTP Blocked") + else: + error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') + logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP Blocked") + + return results.compile_summary() + + +if __name__ == '__main__': + main() diff --git a/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml b/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml new file mode 100644 index 00000000..92e616bd --- /dev/null +++ b/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml @@ -0,0 +1,23 @@ +template_name: test-vnfd1 +description: firewall1-example + +service_properties: + Id: firewall1-vnfd + vendor: tacker + version: 1 + type: + - firewall1 +vdus: + vdu1: + id: vdu1 + vm_image: sfc_nsh_danube + instance_type: custom + service_type: firewall1 + + network_interfaces: + management: + network: example-net + management: true + + placement_policy: + availability_zone: { get_input: zone } |