From 4fe8991147ee3aefa5d43d1831a1d307bcffe4fa Mon Sep 17 00:00:00 2001 From: Jaime Caamaño Ruiz Date: Tue, 6 Mar 2018 19:43:20 +0100 Subject: Update symmetric chain test case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the symmetric chain test case aligning it with updates available from ODL Oxygen: - ODL networking-sfc implementation now supports symmetric paths. It is no longer needed to configure the ACL or chain directly through the ODL rest api. It can now be fully relied on tacker for this. - ODL networking-sfc implementation now supports different ingress and egress ports for port pairs. The test case exercises this by setting up a VNF with two distinct ports. Note that this requires an updated VNF image that supports two nics and bundles a vxlan_tool capable of using them. Change-Id: Ie711abb93109943dcbf699ece7b2b570500a3711 Signed-off-by: Jaime Caamaño Ruiz (cherry picked from commit 8e85daee26c523cd181f5884858646b7589c50af) --- sfc/lib/config.py | 2 +- sfc/lib/openstack_utils.py | 125 +++++++++---- sfc/lib/test_utils.py | 9 +- sfc/tests/functest/config.yaml | 4 +- sfc/tests/functest/sfc_symmetric_chain.py | 201 +++++++++++++++------ .../vnfd-templates/test-symmetric-vnfd.yaml | 21 ++- .../vnffgd-templates/test-symmetric-vnffgd.yaml | 46 +++++ .../test-symmetric-vnffgd.yaml-queens | 46 +++++ 8 files changed, 360 insertions(+), 94 deletions(-) create mode 100644 sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml create mode 100644 sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens diff --git a/sfc/lib/config.py b/sfc/lib/config.py index 5ee3077a..8cc1efb4 100644 --- a/sfc/lib/config.py +++ b/sfc/lib/config.py @@ -30,7 +30,7 @@ class CommonConfig(object): """ def __init__(self): - self.line_length = 30 + self.line_length = 35 self.functest_repo_path = os.path.dirname(functest.__file__) self.functest_logging_api = os.path.join(self.functest_repo_path, "ci", "logging.ini") diff --git a/sfc/lib/openstack_utils.py b/sfc/lib/openstack_utils.py index 4a1c634d..b7254bf1 100644 --- a/sfc/lib/openstack_utils.py +++ b/sfc/lib/openstack_utils.py @@ -157,18 +157,30 @@ class OpenStackSFC: ''' Return the compute where the client sits ''' + return self.get_vm_compute('client') + + def get_compute_server(self): + ''' + Return the compute where the server sits + ''' + return self.get_vm_compute('server') + + def get_vm_compute(self, vm_name): + ''' + Return the compute where the vm sits + ''' for creator in self.creators: # We want to filter the vm creators if hasattr(creator, 'get_vm_inst'): - # We want to fetch only the client - if creator.get_vm_inst().name == 'client': + # We want to fetch by vm_name + if creator.get_vm_inst().name == vm_name: return creator.get_vm_inst().compute_host - raise Exception("There is no client VM!!") + raise Exception("There is no VM with name '{}'!!".format(vm_name)) def assign_floating_ip(self, router, vm, vm_creator): ''' - Assign a floating ips to all the VMs + Assign floating ips to all the VMs ''' name = vm.name + "-float" port_name = vm.ports[0].name @@ -180,9 +192,11 @@ class OpenStackSFC: return ip.ip # We need this function because tacker VMs cannot be created through SNAPs - def assign_floating_ip_vnfs(self, router): + def assign_floating_ip_vnfs(self, router, ips=None): ''' - Assign a floating ips to all the SFs + Assign floating ips to all the SFs. Optionally specify the + subnet IPs that a floating IP should be assigned to, assuming that the + SF is connected to a single subnet globally and per port. ''' stacks = self.heat.stacks.list() fips = [] @@ -198,8 +212,25 @@ class OpenStackSFC: servers[0], self.image_settings, project_name) - port_name = servers[0].ports[0].name + name = servers[0].name + "-float" + if ips is None: + port_name = servers[0].ports[0].name + else: + port_name = None + for port in servers[0].ports: + if port.ips[0]['ip_address'] in ips: + port_name = port.name + break + + if port_name is None: + err_msg = "The VNF {} does not have any suitable port {} " \ + "for floating IP assignment".format( + name, + 'with ip any of ' + str(ips) if ips else '') + logger.error(err_msg) + raise Exception(err_msg) + float_ip = FloatingIpConfig(name=name, port_name=port_name, router_name=router.name) @@ -298,7 +329,7 @@ def list_vnfds(tacker_client, verbose=False): if not verbose: vnfds = [vnfd['id'] for vnfd in vnfds['vnfds']] return vnfds - except Exception, e: + except Exception as e: logger.error("Error [list_vnfds(tacker_client)]: %s" % e) return None @@ -313,7 +344,7 @@ def create_vnfd(tacker_client, tosca_file=None, vnfd_name=None): return tacker_client.create_vnfd( body={"vnfd": {"attributes": {"vnfd": vnfd_body}, "name": vnfd_name}}) - except Exception, e: + except Exception as e: logger.error("Error [create_vnfd(tacker_client, '%s')]: %s" % (tosca_file, e)) return None @@ -327,7 +358,7 @@ def delete_vnfd(tacker_client, vnfd_id=None, vnfd_name=None): raise Exception('You need to provide VNFD id or VNFD name') vnfd = get_vnfd_id(tacker_client, vnfd_name) return tacker_client.delete_vnfd(vnfd) - except Exception, e: + except Exception as e: logger.error("Error [delete_vnfd(tacker_client, '%s', '%s')]: %s" % (vnfd_id, vnfd_name, e)) return None @@ -339,7 +370,7 @@ def list_vnfs(tacker_client, verbose=False): if not verbose: vnfs = [vnf['id'] for vnf in vnfs['vnfs']] return vnfs - except Exception, e: + except Exception as e: logger.error("Error [list_vnfs(tacker_client)]: %s" % e) return None @@ -374,7 +405,7 @@ def create_vnf(tacker_client, vnf_name, vnfd_id=None, vnf_body['vnf']['vim_id'] = get_vim_id(tacker_client, vim_name) return tacker_client.create_vnf(body=vnf_body) - except Exception, e: + except Exception as e: logger.error("error [create_vnf(tacker_client," " '%s', '%s', '%s')]: %s" % (vnf_name, vnfd_id, vnfd_name, e)) @@ -394,12 +425,28 @@ def get_vnf(tacker_client, vnf_id=None, vnf_name=None): else: raise Exception('Could not retrieve ID from name [%s]' % vnf_name) - except Exception, e: + except Exception as e: logger.error("Could not retrieve VNF [vnf_id=%s, vnf_name=%s] - %s" % (vnf_id, vnf_name, e)) return None +def get_vnf_ip(tacker_client, vnf_id=None, vnf_name=None): + """ + Get the management ip of the first VNF component as obtained from the + tacker REST API: + + { + "vnf": { + ... + "mgmt_url": "{\"VDU1\": \"192.168.120.3\"}", + ... + } + """ + vnf = get_vnf(tacker_client, vnf_id, vnf_name) + return json.loads(vnf['mgmt_url']).values()[0] + + def wait_for_vnf(tacker_client, vnf_id=None, vnf_name=None, timeout=100): try: vnf = get_vnf(tacker_client, vnf_id, vnf_name) @@ -419,7 +466,7 @@ def wait_for_vnf(tacker_client, vnf_id=None, vnf_name=None, timeout=100): raise Exception('Timeout when booting vnf %s' % vnf['id']) return vnf['id'] - except Exception, e: + except Exception as e: logger.error("error [wait_for_vnf(tacker_client, '%s', '%s')]: %s" % (vnf_id, vnf_name, e)) return None @@ -433,7 +480,7 @@ def delete_vnf(tacker_client, vnf_id=None, vnf_name=None): raise Exception('You need to provide a VNF id or name') vnf = get_vnf_id(tacker_client, vnf_name) return tacker_client.delete_vnf(vnf) - except Exception, e: + except Exception as e: logger.error("Error [delete_vnf(tacker_client, '%s', '%s')]: %s" % (vnf_id, vnf_name, e)) return None @@ -447,7 +494,7 @@ def create_vim(tacker_client, vim_file=None): vim_body = json.load(vim_fd) logger.info('VIM template:\n{0}'.format(vim_body)) return tacker_client.create_vim(body=vim_body) - except Exception, e: + except Exception as e: logger.error("Error [create_vim(tacker_client, '%s')]: %s" % (vim_file, e)) return None @@ -463,14 +510,14 @@ def create_vnffgd(tacker_client, tosca_file=None, vnffgd_name=None): return tacker_client.create_vnffgd( body={'vnffgd': {'name': vnffgd_name, 'template': {'vnffgd': vnffgd_body}}}) - except Exception, e: + except Exception as e: logger.error("Error [create_vnffgd(tacker_client, '%s')]: %s" % (tosca_file, e)) return None def create_vnffg(tacker_client, vnffg_name=None, vnffgd_id=None, - vnffgd_name=None, param_file=None): + vnffgd_name=None, param_file=None, symmetrical=False): ''' Creates the vnffg which will provide the RSP and the classifier ''' @@ -478,7 +525,8 @@ def create_vnffg(tacker_client, vnffg_name=None, vnffgd_id=None, vnffg_body = { 'vnffg': { 'attributes': {}, - 'name': vnffg_name + 'name': vnffg_name, + 'symmetrical': symmetrical } } if param_file is not None: @@ -495,7 +543,7 @@ def create_vnffg(tacker_client, vnffg_name=None, vnffgd_id=None, vnffg_body['vnffg']['vnffgd_id'] = get_vnffgd_id(tacker_client, vnffgd_name) return tacker_client.create_vnffg(body=vnffg_body) - except Exception, e: + except Exception as e: logger.error("error [create_vnffg(tacker_client," " '%s', '%s', '%s')]: %s" % (vnffg_name, vnffgd_id, vnffgd_name, e)) @@ -508,7 +556,7 @@ def list_vnffgds(tacker_client, verbose=False): if not verbose: vnffgds = [vnffgd['id'] for vnffgd in vnffgds['vnffgds']] return vnffgds - except Exception, e: + except Exception as e: logger.error("Error [list_vnffgds(tacker_client)]: %s" % e) return None @@ -519,7 +567,7 @@ def list_vnffgs(tacker_client, verbose=False): if not verbose: vnffgs = [vnffg['id'] for vnffg in vnffgs['vnffgs']] return vnffgs - except Exception, e: + except Exception as e: logger.error("Error [list_vnffgs(tacker_client)]: %s" % e) return None @@ -532,7 +580,7 @@ def delete_vnffg(tacker_client, vnffg_id=None, vnffg_name=None): raise Exception('You need to provide a VNFFG id or name') vnffg = get_vnffg_id(tacker_client, vnffg_name) return tacker_client.delete_vnffg(vnffg) - except Exception, e: + except Exception as e: logger.error("Error [delete_vnffg(tacker_client, '%s', '%s')]: %s" % (vnffg_id, vnffg_name, e)) return None @@ -546,7 +594,7 @@ def delete_vnffgd(tacker_client, vnffgd_id=None, vnffgd_name=None): raise Exception('You need to provide VNFFGD id or VNFFGD name') vnffgd = get_vnffgd_id(tacker_client, vnffgd_name) return tacker_client.delete_vnffgd(vnffgd) - except Exception, e: + except Exception as e: logger.error("Error [delete_vnffgd(tacker_client, '%s', '%s')]: %s" % (vnffgd_id, vnffgd_name, e)) return None @@ -558,7 +606,7 @@ def list_vims(tacker_client, verbose=False): if not verbose: vims = [vim['id'] for vim in vims['vims']] return vims - except Exception, e: + except Exception as e: logger.error("Error [list_vims(tacker_client)]: %s" % e) return None @@ -571,7 +619,7 @@ def delete_vim(tacker_client, vim_id=None, vim_name=None): raise Exception('You need to provide VIM id or VIM name') vim = get_vim_id(tacker_client, vim_name) return tacker_client.delete_vim(vim) - except Exception, e: + except Exception as e: logger.error("Error [delete_vim(tacker_client, '%s', '%s')]: %s" % (vim_id, vim_name, e)) return None @@ -626,19 +674,28 @@ def create_vnf_in_av_zone( def create_vnffg_with_param_file(tacker_client, vnffgd_name, vnffg_name, - default_param_file, neutron_port): + default_param_file, client_port, + server_port=None, server_ip=None): param_file = default_param_file - - if neutron_port is not None: + data = {} + if client_port: + data['net_src_port_id'] = client_port + if server_port: + data['net_dst_port_id'] = server_port + if server_ip: + data['ip_dst_prefix'] = server_ip + + if client_port is not None or server_port is not None: param_file = os.path.join( '/tmp', - 'param_{0}.json'.format(neutron_port)) - data = { - 'net_src_port_id': neutron_port - } + 'param_{0}.json'.format(vnffg_name)) with open(param_file, 'w+') as f: json.dump(data, f) + + symmetrical = True if client_port and server_port else False + create_vnffg(tacker_client, vnffgd_name=vnffgd_name, vnffg_name=vnffg_name, - param_file=param_file) + param_file=param_file, + symmetrical=symmetrical) diff --git a/sfc/lib/test_utils.py b/sfc/lib/test_utils.py index c495aa11..18c55dc1 100644 --- a/sfc/lib/test_utils.py +++ b/sfc/lib/test_utils.py @@ -124,17 +124,20 @@ def start_http_server(ip, iterations_check=10): return False -def start_vxlan_tool(remote_ip, interface="eth0", block=None): +def start_vxlan_tool(remote_ip, interface="eth0", output=None, block=None): """ Starts vxlan_tool on a remote host. vxlan_tool.py converts a regular Service Function into a NSH-aware SF when the "--do forward" option is used, it decrements the NSI appropiately. - 'block' parameters allows to specify a port where packets will be dropped. + 'output' allows to specify an interface through which to forward if + different than the input interface. + 'block' parameter allows to specify a port where packets will be dropped. """ command = "nohup python /root/vxlan_tool.py" - options = "{do} {interface} {block_option}".format( + options = "{do} {interface} {output_option} {block_option}".format( do="--do forward", interface="--interface {}".format(interface), + output_option="--output {}".format(output) if output else "", block_option="--block {}".format(block) if block is not None else "") output_redirection = "> /dev/null 2>&1" diff --git a/sfc/tests/functest/config.yaml b/sfc/tests/functest/config.yaml index 3cd1883a..cad3cf72 100644 --- a/sfc/tests/functest/config.yaml +++ b/sfc/tests/functest/config.yaml @@ -67,8 +67,8 @@ testcases: secgroup_name: "example-sg" secgroup_descr: "Example Security group" test_vnfd: "test-symmetric-vnfd.yaml" - allowed_source_port: 22222 - blocked_source_port: 33333 + test_vnffgd: "test-symmetric-vnffgd.yaml" + source_port: 22222 sfc_chain_deletion: enabled: false diff --git a/sfc/tests/functest/sfc_symmetric_chain.py b/sfc/tests/functest/sfc_symmetric_chain.py index e3b1d57e..43599d62 100644 --- a/sfc/tests/functest/sfc_symmetric_chain.py +++ b/sfc/tests/functest/sfc_symmetric_chain.py @@ -20,7 +20,7 @@ import opnfv.utils.ovs_logger as ovs_log from opnfv.deployment.factory import Factory as DeploymentFactory import sfc.lib.config as sfc_config -import sfc.lib.utils as test_utils +import sfc.lib.test_utils as test_utils from sfc.lib.results import Results import sfc.lib.topology_shuffler as topo_shuffler @@ -60,7 +60,7 @@ def main(): tacker_client = os_sfc_utils.get_tacker_client() - _, custom_flavor = openstack_sfc.get_or_create_flavor( + custom_flavor = openstack_sfc.create_flavor( COMMON_CONFIG.flavor, COMMON_CONFIG.ram_size_in_mb, COMMON_CONFIG.disk_size_in_gb, @@ -91,8 +91,9 @@ def main(): sg = openstack_sfc.create_security_group(TESTCASE_CONFIG.secgroup_name) vnf_name = 'testVNF1' - # Using seed=0 uses the baseline topology: everything in the same host - testTopology = topo_shuffler.topology([vnf_name], openstack_sfc, seed=0) + topo_seed = topo_shuffler.get_seed() + testTopology = topo_shuffler.topology([vnf_name], openstack_sfc, + seed=topo_seed) logger.info('This test is run with the topology {0}' .format(testTopology['id'])) logger.info('Topology description: {0}' @@ -100,15 +101,17 @@ def main(): client_instance, client_creator = openstack_sfc.create_instance( CLIENT, COMMON_CONFIG.flavor, image_creator, network, sg, - av_zone=testTopology['client']) + av_zone=testTopology[CLIENT]) server_instance, server_creator = openstack_sfc.create_instance( SERVER, COMMON_CONFIG.flavor, image_creator, network, sg, - av_zone=testTopology['server']) + av_zone=testTopology[SERVER]) server_ip = server_instance.ports[0].ips[0]['ip_address'] logger.info("Server instance received private ip [{}]".format(server_ip)) + os_sfc_utils.register_vim(tacker_client, vim_file=COMMON_CONFIG.vim_file) + tosca_file = os.path.join( COMMON_CONFIG.sfc_test_dir, COMMON_CONFIG.vnfd_dir, @@ -119,11 +122,15 @@ def main(): COMMON_CONFIG.vnfd_dir, COMMON_CONFIG.vnfd_default_params_file) - os_sfc_utils.create_vnfd(tacker_client, tosca_file=tosca_file) - test_utils.create_vnf_in_av_zone( + os_sfc_utils.create_vnfd( + tacker_client, + tosca_file=tosca_file, + vnfd_name='test-vnfd1') + os_sfc_utils.create_vnf_in_av_zone( tacker_client, vnf_name, 'test-vnfd1', + 'test-vim', default_param_file, testTopology[vnf_name]) @@ -132,37 +139,40 @@ def main(): logger.error('ERROR while booting VNF') sys.exit(1) - os_sfc_utils.create_sfc( + tosca_file = os.path.join( + COMMON_CONFIG.sfc_test_dir, + COMMON_CONFIG.vnffgd_dir, + TESTCASE_CONFIG.test_vnffgd) + os_sfc_utils.create_vnffgd( + tacker_client, + tosca_file=tosca_file, + vnffgd_name='test-vnffgd') + + client_port = openstack_sfc.get_client_port( + client_instance, + client_creator) + server_port = openstack_sfc.get_client_port( + server_instance, + server_creator) + + server_ip_prefix = server_ip + '/32' + + os_sfc_utils.create_vnffg_with_param_file( tacker_client, - sfc_name='red', - chain_vnf_names=[vnf_name], - symmetrical=True) - - os_sfc_utils.create_sfc_classifier( - tacker_client, 'red_http', sfc_name='red', - match={ - 'source_port': 0, - 'dest_port': 80, - 'protocol': 6 - }) - - # FIXME: JIRA SFC-86 - # Tacker does not allow to specify the direction of the chain to be used, - # only references the SFP (which for symmetric chains results in two RSPs) - os_sfc_utils.create_sfc_classifier( - tacker_client, 'red_http_reverse', sfc_name='red', - match={ - 'source_port': 80, - 'dest_port': 0, - 'protocol': 6 - }) - - logger.info(test_utils.run_cmd('tacker sfc-list')) - logger.info(test_utils.run_cmd('tacker sfc-classifier-list')) + 'test-vnffgd', + 'test-vnffg', + default_param_file, + client_port.id, + server_port.id, + server_ip_prefix) # Start measuring the time it takes to implement the classification rules - t1 = threading.Thread(target=odl_utils.wait_for_classification_rules, - args=(ovs_logger, compute_nodes, odl_ip, odl_port,)) + t1 = threading.Thread( + target=wait_for_classification_rules, + args=(ovs_logger, compute_nodes, + openstack_sfc.get_compute_server(), server_port, + openstack_sfc.get_compute_client(), client_port, + odl_ip, odl_port,)) try: t1.start() @@ -176,15 +186,19 @@ def main(): server_floating_ip = openstack_sfc.assign_floating_ip(router, server_instance, server_creator) - fips_sfs = openstack_sfc.assign_floating_ip_vnfs(router) + + vnf_ip = os_sfc_utils.get_vnf_ip(tacker_client, vnf_id=vnf_id) + fips_sfs = openstack_sfc.assign_floating_ip_vnfs(router, [vnf_ip]) sf_floating_ip = fips_sfs[0] - fips = [client_floating_ip, server_floating_ip, fips_sfs[0]] + fips = [client_floating_ip, server_floating_ip, sf_floating_ip] for ip in fips: logger.info("Checking connectivity towards floating IP [%s]" % ip) if not test_utils.ping(ip, retries=50, retry_timeout=3): logger.error("Cannot ping floating IP [%s]" % ip) + os_sfc_utils.get_tacker_items() + odl_utils.get_odl_items(odl_ip, odl_port) sys.exit(1) logger.info("Successful ping to floating IP [%s]" % ip) @@ -197,39 +211,124 @@ def main(): logger.error('\033[91mFailed to start the HTTP server\033[0m') sys.exit(1) - blocked_port = TESTCASE_CONFIG.blocked_source_port - logger.info("Firewall started, blocking traffic port %d" % blocked_port) - test_utils.start_vxlan_tool(sf_floating_ip, block=blocked_port) + logger.info("Starting vxlan_tool on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') logger.info("Wait for ODL to update the classification rules in OVS") t1.join() - allowed_port = TESTCASE_CONFIG.allowed_source_port - logger.info("Test if HTTP from port %s works" % allowed_port) - if not test_utils.is_http_blocked( - client_floating_ip, server_ip, allowed_port): + logger.info("Test HTTP") + if not test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): results.add_to_summary(2, "PASS", "HTTP works") else: error = ('\033[91mTEST 1 [FAILED] ==> HTTP BLOCKED\033[0m') logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP blocked") + + logger.info("Changing the vxlan_tool to block HTTP request traffic") + + # Make SF1 block http request traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1', block="80") + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') + + logger.info("Test HTTP again blocking request on SF1") + if test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): + results.add_to_summary(2, "PASS", "HTTP uplink blocked") + else: + error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') + logger.error(error) test_utils.capture_ovs_logs( ovs_logger, controller_clients, compute_clients, error) results.add_to_summary(2, "FAIL", "HTTP works") - logger.info("Test if HTTP from port %s is blocked" % blocked_port) - if test_utils.is_http_blocked( - client_floating_ip, server_ip, blocked_port): - results.add_to_summary(2, "PASS", "HTTP Blocked") + logger.info("Changing the vxlan_tool to block HTTP response traffic") + + # Make SF1 block response http traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0', + block=TESTCASE_CONFIG.source_port) + + logger.info("Test HTTP again blocking response on SF1") + if test_utils.is_http_blocked(client_floating_ip, + server_ip, + TESTCASE_CONFIG.source_port): + results.add_to_summary(2, "PASS", "HTTP downlink blocked") else: - error = ('\033[91mTEST 2 [FAILED] ==> HTTP WORKS\033[0m') + error = ('\033[91mTEST 3 [FAILED] ==> HTTP WORKS\033[0m') logger.error(error) test_utils.capture_ovs_logs( ovs_logger, controller_clients, compute_clients, error) - results.add_to_summary(2, "FAIL", "HTTP Blocked") + results.add_to_summary(2, "FAIL", "HTTP works") + + logger.info("Changing the vxlan_tool to allow HTTP traffic") + + # Make SF1 allow http traffic + test_utils.stop_vxlan_tool(sf_floating_ip) + logger.info("Starting HTTP firewall on %s" % sf_floating_ip) + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth0', + output='eth1') + test_utils.start_vxlan_tool(sf_floating_ip, interface='eth1', + output='eth0') + + logger.info("Test HTTP") + if not test_utils.is_http_blocked(client_floating_ip, server_ip): + results.add_to_summary(2, "PASS", "HTTP restored") + else: + error = ('\033[91mTEST 4 [FAILED] ==> HTTP BLOCKED\033[0m') + logger.error(error) + test_utils.capture_ovs_logs( + ovs_logger, controller_clients, compute_clients, error) + results.add_to_summary(2, "FAIL", "HTTP blocked") return results.compile_summary(), openstack_sfc.creators +def wait_for_classification_rules(ovs_logger, compute_nodes, + server_compute, server_port, + client_compute, client_port, + odl_ip, odl_port): + if client_compute == server_compute: + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + client_compute, + [server_port, client_port]) + else: + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + server_compute, + server_port) + odl_utils.wait_for_classification_rules( + ovs_logger, + compute_nodes, + odl_ip, + odl_port, + client_compute, + client_port) + + if __name__ == '__main__': logging.config.fileConfig(COMMON_CONFIG.functest_logging_api) main() diff --git a/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml index 1f4c11f6..bf175ef7 100644 --- a/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml +++ b/sfc/tests/functest/vnfd-templates/test-symmetric-vnfd.yaml @@ -15,12 +15,15 @@ topology_template: nfv_compute: properties: num_cpus: 1 - mem_size: 2 GB - disk_size: 10 GB + mem_size: 500 MB + disk_size: 1 GB properties: - image: sfc_nsh_euphrates + image: sfc_nsh_fraser availability_zone: {get_input: zone} mgmt_driver: noop + config: | + param0: key1 + param1: key2 service_type: firewall monitoring_policy: name: ping @@ -46,6 +49,18 @@ topology_template: - virtualBinding: node: VDU1 + CP2: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: false + order: 1 + anti_spoofing_protection: false + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 + VL1: type: tosca.nodes.nfv.VL properties: diff --git a/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml new file mode 100644 index 00000000..6b14df1b --- /dev/null +++ b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml @@ -0,0 +1,46 @@ +--- +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 +description: test-case-symmetric + +topology_template: + description: topology-template-test1 + inputs: + net_src_port_id: + type: string + net_dst_port_id: + type: string + ip_dst_prefix: + type: string + + node_templates: + Forwarding_path1: + type: tosca.nodes.nfv.FP.Tacker + description: creates path + properties: + id: 1 + policy: + type: ACL + criteria: + - network_src_port_id: {get_input: net_src_port_id} + - network_dst_port_id: {get_input: net_dst_port_id} + - ip_dst_prefix: {get_input: ip_dst_prefix} + - destination_port_range: 80-80 + - ip_proto: 6 + path: + - forwarder: test-vnfd1 + capability: CP1 + - forwarder: test-vnfd1 + capability: CP2 + + groups: + VNFFG1: + type: tosca.groups.nfv.VNFFG + description: creates chain + properties: + vendor: tacker + version: 1.0 + number_of_endpoints: 2 + dependent_virtual_link: [VL1, VL1] + connection_point: [CP1, CP2] + constituent_vnfs: [test-vnfd1, test-vnfd1] + members: [Forwarding_path1] diff --git a/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens new file mode 100644 index 00000000..c40c447c --- /dev/null +++ b/sfc/tests/functest/vnffgd-templates/test-symmetric-vnffgd.yaml-queens @@ -0,0 +1,46 @@ +--- +tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 +description: test-case-symmetric + +topology_template: + description: topology-template-test1 + inputs: + net_src_port_id: + type: string + net_dst_port_id: + type: string + ip_dst_prefix: + type: string + + node_templates: + Forwarding_path1: + type: tosca.nodes.nfv.FP.Tacker + description: creates path + properties: + id: 1 + policy: + type: ACL + criteria: + - network_src_port_id: {get_input: net_src_port_id} + network_dst_port_id: {get_input: net_dst_port_id} + ip_dst_prefix: {get_input: ip_dst_prefix} + destination_port_range: 80-80 + ip_proto: 6 + path: + - forwarder: test-vnfd1 + capability: CP1 + - forwarder: test-vnfd1 + capability: CP2 + + groups: + VNFFG1: + type: tosca.groups.nfv.VNFFG + description: creates chain + properties: + vendor: tacker + version: 1.0 + number_of_endpoints: 2 + dependent_virtual_link: [VL1, VL1] + connection_point: [CP1, CP2] + constituent_vnfs: [test-vnfd1, test-vnfd1] + members: [Forwarding_path1] -- cgit 1.2.3-korg