aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sfc/lib/utils.py32
-rw-r--r--sfc/tests/functest/README.sfc-test-322
-rw-r--r--sfc/tests/functest/config.yaml14
-rw-r--r--sfc/tests/functest/sfc_symmetric_chain.py201
-rw-r--r--sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml23
5 files changed, 292 insertions, 0 deletions
diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py
index b1576803..2b01113c 100644
--- a/sfc/lib/utils.py
+++ b/sfc/lib/utils.py
@@ -237,6 +237,38 @@ def get_floating_ips(nova_client, neutron_client):
return server_ip, client_ip, ips[1], ips[0]
+# TODO (jvidal): This is pure scaffolding, it needs to be merged with
+# get_floating_ips in the future
+def get_floating_ips_2(nova_client, neutron_client):
+ sf_ip = None
+ client_ip = None
+ server_ip = None
+ instances = nova_client.servers.list()
+ for instance in instances:
+ floatip_dic = os_utils.create_floating_ip(neutron_client)
+ floatip = floatip_dic['fip_addr']
+ instance.add_floating_ip(floatip)
+ logger.info("Instance name and ip %s:%s " % (instance.name, floatip))
+ logger.info("Waiting for instance %s:%s to come up" %
+ (instance.name, floatip))
+ if not ping(floatip):
+ logger.info("Instance %s:%s didn't come up" %
+ (instance.name, floatip))
+ return None
+
+ if instance.name == "server":
+ logger.info("Server:%s is reachable" % floatip)
+ server_ip = floatip
+ elif instance.name == "client":
+ logger.info("Client:%s is reachable" % floatip)
+ client_ip = floatip
+ else:
+ logger.info("SF:%s is reachable" % floatip)
+ sf_ip = floatip
+
+ return server_ip, client_ip, sf_ip
+
+
def start_http_server(ip):
"""Start http server on a given machine, Can be VM"""
cmd = "\'python -m SimpleHTTPServer 80"
diff --git a/sfc/tests/functest/README.sfc-test-3 b/sfc/tests/functest/README.sfc-test-3
new file mode 100644
index 00000000..865a7cc8
--- /dev/null
+++ b/sfc/tests/functest/README.sfc-test-3
@@ -0,0 +1,22 @@
+### ODL-SFC TEST3 DESCRIPTION ###
+
+One client and one server are created using nova. The server will be running
+a web server on port 80.
+
+Then one Service Function (SF) is created using Tacker. This service function
+will be running a firewall that blocks the traffic in a specific port (e.g.
+33333). A symmetric service chain routing the traffic throught this SF will be
+created as well.
+
+1st check: The client is able to reach the server using a source port different
+from the one that the firewall blocks (e.g 22222), and the response gets back
+to the client.
+
+2nd check: The client is able to reach the server using the source port that
+the firewall blocks, but responses back from the server are blocked, as the
+symmetric service chain makes them go through the firewall that blocks on the
+destination port initially used as source port by the client (e.g. 33333).
+
+If the client is able to receive the response, it would be a symptom of the
+symmetric chain not working, as traffic would be flowing from server to client
+directly without traversing the SF.
diff --git a/sfc/tests/functest/config.yaml b/sfc/tests/functest/config.yaml
index 9cc4c5f4..618d69e1 100644
--- a/sfc/tests/functest/config.yaml
+++ b/sfc/tests/functest/config.yaml
@@ -42,3 +42,17 @@ testcases:
secgroup_descr: "Example Security group"
test_vnfd_red: "test2-vnfd1.yaml"
test_vnfd_blue: "test2-vnfd2.yaml"
+
+ sfc_symmetric_chain:
+ enabled: true
+ description: "Verify the behavior of a symmetric service chain"
+ testname_db: "sfc_symmetric_chain"
+ net_name: example-net
+ subnet_name: example-subnet
+ router_name: example-router
+ subnet_cidr: "11.0.0.0/24"
+ secgroup_name: "example-sg"
+ secgroup_descr: "Example Security group"
+ test_vnfd: "test3-vnfd1.yaml"
+ allowed_source_port: 22222
+ blocked_source_port: 33333
diff --git a/sfc/tests/functest/sfc_symmetric_chain.py b/sfc/tests/functest/sfc_symmetric_chain.py
new file mode 100644
index 00000000..87e6f594
--- /dev/null
+++ b/sfc/tests/functest/sfc_symmetric_chain.py
@@ -0,0 +1,201 @@
+#!/bin/python
+#
+# Copyright (c) 2017 Ericsson AB and others. All rights reserved
+#
+# This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+import os
+import sys
+import threading
+
+import functest.utils.functest_logger as ft_logger
+import functest.utils.openstack_tacker as os_tacker
+import functest.utils.openstack_utils as os_utils
+import opnfv.utils.ovs_logger as ovs_log
+from opnfv.deployment.factory import Factory as DeploymentFactory
+
+import sfc.lib.config as sfc_config
+import sfc.lib.utils as test_utils
+from sfc.lib.results import Results
+
+
+logger = ft_logger.Logger("ODL_SFC").getLogger()
+
+CLIENT = "client"
+SERVER = "server"
+COMMON_CONFIG = sfc_config.CommonConfig()
+TESTCASE_CONFIG = sfc_config.TestcaseConfig('sfc_symmetric_chain')
+
+
+def main():
+ deploymentHandler = DeploymentFactory.get_handler(
+ COMMON_CONFIG.installer_type,
+ COMMON_CONFIG.installer_ip,
+ COMMON_CONFIG.installer_user,
+ installer_pwd=COMMON_CONFIG.installer_password)
+
+ cluster = COMMON_CONFIG.installer_cluster
+ all_nodes = (deploymentHandler.get_nodes({'cluster': cluster})
+ if cluster is not None
+ else deploymentHandler.get_nodes())
+
+ controller_nodes = [node for node in all_nodes if node.is_controller()]
+ compute_nodes = [node for node in all_nodes if node.is_compute()]
+
+ results = Results(COMMON_CONFIG.line_length)
+ results.add_to_summary(0, "=")
+ results.add_to_summary(2, "STATUS", "SUBTEST")
+ results.add_to_summary(0, "=")
+
+ test_utils.setup_compute_node(TESTCASE_CONFIG.subnet_cidr, compute_nodes)
+ test_utils.configure_iptables(controller_nodes)
+ test_utils.download_image(COMMON_CONFIG.url, COMMON_CONFIG.image_path)
+
+ neutron_client = os_utils.get_neutron_client()
+ nova_client = os_utils.get_nova_client()
+ tacker_client = os_tacker.get_tacker_client()
+
+ _, custom_flavor_id = os_utils.get_or_create_flavor(
+ COMMON_CONFIG.flavor,
+ COMMON_CONFIG.ram_size_in_mb,
+ COMMON_CONFIG.disk_size_in_gb,
+ COMMON_CONFIG.vcpu_count,
+ public=True)
+ if custom_flavor_id is None:
+ logger.error("Failed to create custom flavor")
+ sys.exit(1)
+
+ controller_clients = test_utils.get_ssh_clients(controller_nodes)
+ compute_clients = test_utils.get_ssh_clients(compute_nodes)
+
+ ovs_logger = ovs_log.OVSLogger(
+ os.path.join(COMMON_CONFIG.sfc_test_dir, 'ovs-logs'),
+ COMMON_CONFIG.functest_results_dir)
+
+ image_id = os_utils.create_glance_image(
+ os_utils.get_glance_client(),
+ COMMON_CONFIG.image_name,
+ COMMON_CONFIG.image_path,
+ COMMON_CONFIG.image_format,
+ public='public')
+
+ network_id = test_utils.setup_neutron(
+ neutron_client,
+ TESTCASE_CONFIG.net_name,
+ TESTCASE_CONFIG.subnet_name,
+ TESTCASE_CONFIG.router_name,
+ TESTCASE_CONFIG.subnet_cidr)
+
+ sg_id = test_utils.create_security_groups(
+ neutron_client,
+ TESTCASE_CONFIG.secgroup_name,
+ TESTCASE_CONFIG.secgroup_descr)
+
+ test_utils.create_instance(
+ nova_client,
+ CLIENT,
+ COMMON_CONFIG.flavor,
+ image_id,
+ network_id,
+ sg_id)
+
+ server_instance = test_utils.create_instance(
+ nova_client,
+ SERVER,
+ COMMON_CONFIG.flavor,
+ image_id,
+ network_id,
+ sg_id)
+
+ server_ip = server_instance.networks.get(TESTCASE_CONFIG.net_name)[0]
+
+ tosca = os.path.join(
+ COMMON_CONFIG.sfc_test_dir,
+ COMMON_CONFIG.vnfd_dir,
+ TESTCASE_CONFIG.test_vnfd)
+
+ os_tacker.create_vnfd(tacker_client, tosca_file=tosca)
+ test_utils.create_vnf_in_av_zone(tacker_client, 'testVNF1', 'test-vnfd1')
+
+ vnf_id = os_tacker.wait_for_vnf(tacker_client, vnf_name='testVNF1')
+ if vnf_id is None:
+ logger.error('ERROR while booting VNF')
+ sys.exit(1)
+
+ os_tacker.create_sfc(
+ tacker_client,
+ sfc_name='red',
+ chain_vnf_names=['testVNF1'],
+ symmetrical=True)
+
+ os_tacker.create_sfc_classifier(
+ tacker_client, 'red_http', sfc_name='red',
+ match={
+ 'source_port': 0,
+ 'dest_port': 80,
+ 'protocol': 6
+ })
+
+ logger.info(test_utils.run_cmd('tacker sfc-list'))
+ logger.info(test_utils.run_cmd('tacker sfc-classifier-list'))
+
+ # Start measuring the time it takes to implement the classification rules
+ t1 = threading.Thread(target=test_utils.wait_for_classification_rules,
+ args=(ovs_logger, compute_clients,))
+ try:
+ t1.start()
+ except Exception, e:
+ logger.error("Unable to start the thread that counts time %s" % e)
+
+ # TODO: Find a replacement for get_floating_ips()
+ server_floating_ip, client_floating_ip, sf_floating_ip = \
+ test_utils.get_floating_ips_2(nova_client, neutron_client)
+
+ if not test_utils.check_ssh([sf_floating_ip]):
+ logger.error("Cannot establish SSH connection to the SFs")
+ sys.exit(1)
+
+ logger.info("Starting HTTP server on %s" % server_floating_ip)
+ if not test_utils.start_http_server(server_floating_ip):
+ logger.error('\033[91mFailed to start the HTTP server\033[0m')
+ sys.exit(1)
+
+ blocked_port = TESTCASE_CONFIG.blocked_source_port
+ logger.info("Firewall started, blocking traffic port %d" % blocked_port)
+ test_utils.vxlan_firewall(sf_floating_ip, port=blocked_port)
+
+ logger.info("Wait for ODL to update the classification rules in OVS")
+ t1.join()
+
+ allowed_port = TESTCASE_CONFIG.allowed_source_port
+ logger.info("Test HTTP")
+ if not test_utils.is_http_blocked(
+ client_floating_ip, server_ip, allowed_port):
+ results.add_to_summary(2, "PASS", "HTTP works")
+ else:
+ error = ('\033[91mTEST 1 [FAILED] ==> HTTP BLOCKED\033[0m')
+ logger.error(error)
+ test_utils.capture_ovs_logs(
+ ovs_logger, controller_clients, compute_clients, error)
+ results.add_to_summary(2, "FAIL", "HTTP works")
+
+ logger.info("Test HTTP")
+ if test_utils.is_http_blocked(client_floating_ip, server_ip, blocked_port):
+ results.add_to_summary(2, "PASS", "HTTP Blocked")
+ else:
+ error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m')
+ logger.error(error)
+ test_utils.capture_ovs_logs(
+ ovs_logger, controller_clients, compute_clients, error)
+ results.add_to_summary(2, "FAIL", "HTTP Blocked")
+
+ return results.compile_summary()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml b/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml
new file mode 100644
index 00000000..92e616bd
--- /dev/null
+++ b/sfc/tests/functest/vnfd-templates/test3-vnfd1.yaml
@@ -0,0 +1,23 @@
+template_name: test-vnfd1
+description: firewall1-example
+
+service_properties:
+ Id: firewall1-vnfd
+ vendor: tacker
+ version: 1
+ type:
+ - firewall1
+vdus:
+ vdu1:
+ id: vdu1
+ vm_image: sfc_nsh_danube
+ instance_type: custom
+ service_type: firewall1
+
+ network_interfaces:
+ management:
+ network: example-net
+ management: true
+
+ placement_policy:
+ availability_zone: { get_input: zone }