diff options
-rw-r--r-- | sfc/lib/utils.py | 41 | ||||
-rw-r--r-- | sfc/tests/functest/sfc_one_chain_two_service_functions.py | 12 | ||||
-rw-r--r-- | sfc/tests/functest/sfc_symmetric_chain.py | 5 | ||||
-rw-r--r-- | sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py | 6 |
4 files changed, 38 insertions, 26 deletions
diff --git a/sfc/lib/utils.py b/sfc/lib/utils.py index ba29a8a6..fb14ff60 100644 --- a/sfc/lib/utils.py +++ b/sfc/lib/utils.py @@ -240,8 +240,8 @@ def create_instance(nova_client, name, flavor, image_id, network_id, sg_id, def ping(remote, retries=100, retry_timeout=1): cmd = 'ping -c1 -w{timeout} {remote}'.format( - timeout=retry_timeout, - remote=remote) + timeout=retry_timeout, + remote=remote) while retries > 0: rc, _, _ = run_cmd(cmd) @@ -305,20 +305,32 @@ def start_http_server(ip): return True -def vxlan_firewall(sf, iface="eth0", port="22", block=True): - """Set firewall using vxlan_tool.py on a given machine, Can be VM""" - cmd = "python vxlan_tool.py -i %s -d forward -v off" % iface - if block: - cmd = "python vxlan_tool.py -i eth0 -d forward -v off -b %s" % port +def start_vxlan_tool(remote_ip, interface="eth0", block=None): + """ + Starts vxlan_tool on a remote host. + vxlan_tool.py converts a regular Service Function into a NSH-aware SF + when the "--do forward" option is used, it decrements the NSI appropiately. + 'block' parameters allows to specify a port where packets will be dropped. + """ + command = "nohup python /root/vxlan_tool.py" + options = "{do} {interface} {block_option}".format( + do="--do forward", + interface="--interface {}".format(interface), + block_option="--block {}".format(block) if block is not None else "") + output_redirection = "> /dev/null 2>&1" + + full_command = "{command} {options} {output_redirection} &".format( + command=command, + options=options, + output_redirection=output_redirection) - cmd = "sh -c 'cd /root;nohup " + cmd + " > /dev/null 2>&1 &'" - run_cmd_remote(sf, cmd) - time.sleep(7) + return run_cmd_remote(remote_ip, full_command) -def vxlan_tool_stop(sf): - cmd = "pkill -f vxlan_tool.py" - run_cmd_remote(sf, cmd) +def stop_vxlan_tool(remote_ip): + """ Stops vxlan_tool on a remote host""" + command = "pkill -f vxlan_tool.py" + return run_cmd_remote(remote_ip, command) def netcat(source_ip, destination_ip, destination_port, source_port=None, @@ -540,8 +552,7 @@ def wait_for_classification_rules(ovs_logger, compute_nodes, odl_ip, odl_port, time.sleep(1) if timeout <= 0: - logger.error( - "Timeout but classification rules are not updated") + logger.error("Timeout but classification rules are not updated") except Exception, e: logger.error('Error when waiting for classification rules: %s' % e) diff --git a/sfc/tests/functest/sfc_one_chain_two_service_functions.py b/sfc/tests/functest/sfc_one_chain_two_service_functions.py index bdf6f1b4..d28c6178 100644 --- a/sfc/tests/functest/sfc_one_chain_two_service_functions.py +++ b/sfc/tests/functest/sfc_one_chain_two_service_functions.py @@ -198,10 +198,9 @@ def main(): '\033[91mFailed to start HTTP server on %s\033[0m' % server_ip) sys.exit(1) - logger.info("Starting vxlan_tool on %s" % sf2) - test_utils.vxlan_firewall(sf2, block=False) - logger.info("Starting vxlan_tool on %s" % sf1) - test_utils.vxlan_firewall(sf1, block=False) + for sf in (sf1, sf2): + logger.info("Starting vxlan_tool on %s" % sf) + test_utils.start_vxlan_tool(sf) logger.info("Wait for ODL to update the classification rules in OVS") t1.join() @@ -219,8 +218,9 @@ def main(): logger.info("Changing the vxlan_tool to block HTTP traffic") # Make SF1 block now http traffic - test_utils.vxlan_tool_stop(sf1) - test_utils.vxlan_firewall(sf1, port="80") + test_utils.stop_vxlan_tool(sf1) + logger.info("Starting HTTP firewall on %s" % sf1) + test_utils.start_vxlan_tool(sf1, block="80") logger.info("Test HTTP again") if test_utils.is_http_blocked(client_ip, srv_prv_ip): diff --git a/sfc/tests/functest/sfc_symmetric_chain.py b/sfc/tests/functest/sfc_symmetric_chain.py index 7f58f770..1a699ca3 100644 --- a/sfc/tests/functest/sfc_symmetric_chain.py +++ b/sfc/tests/functest/sfc_symmetric_chain.py @@ -216,7 +216,7 @@ def main(): blocked_port = TESTCASE_CONFIG.blocked_source_port logger.info("Firewall started, blocking traffic port %d" % blocked_port) - test_utils.vxlan_firewall(sf_floating_ip, port=blocked_port) + test_utils.start_vxlan_tool(sf_floating_ip, block=blocked_port) logger.info("Wait for ODL to update the classification rules in OVS") t1.join() @@ -234,7 +234,8 @@ def main(): results.add_to_summary(2, "FAIL", "HTTP works") logger.info("Test if HTTP from port %s is blocked" % blocked_port) - if test_utils.is_http_blocked(client_floating_ip, server_ip, blocked_port): + if test_utils.is_http_blocked( + client_floating_ip, server_ip, blocked_port): results.add_to_summary(2, "PASS", "HTTP Blocked") else: error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') diff --git a/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py b/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py index 2c688412..a774672d 100644 --- a/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py +++ b/sfc/tests/functest/sfc_two_chains_SSH_and_HTTP.py @@ -213,10 +213,10 @@ def main(): '\033[91mFailed to start HTTP server on %s\033[0m' % server_ip) sys.exit(1) - logger.info("Starting HTTP firewall on %s" % sf2) - test_utils.vxlan_firewall(sf2, port="80") logger.info("Starting SSH firewall on %s" % sf1) - test_utils.vxlan_firewall(sf1, port="22") + test_utils.start_vxlan_tool(sf1, block="22") + logger.info("Starting HTTP firewall on %s" % sf2) + test_utils.start_vxlan_tool(sf2, block="80") logger.info("Wait for ODL to update the classification rules in OVS") t1.join() |