summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArtem Panchenko <apanchenko@mirantis.com>2016-11-15 18:23:23 +0200
committerArtem Panchenko <apanchenko@mirantis.com>2016-11-15 19:24:46 +0200
commit28b1e600c00512ae313f339c5542d372c5498e2d (patch)
tree66987a99c1f18732bf3ca5e0ed079ab7bc7c20da
parent39dbbf5f56719f44b1a13b96ffa825955eab5132 (diff)
Support new version of Calico (2.0)
With new Golang version of `calicoctl` (v.1.0.0-beta and older), command line interface was changed. Modified tests, so both old and new versions are supported. Change-Id: Id33089d3b184a04624b99a160467e860fa1e0556
Notes
Notes (review): Verified+1: Mirantis CCP CI <mirantis-fuel-ccp-ci@mirantis.com> Code-Review+2: Volodymyr Shypyguzov <vshypyguzov@mirantis.com> Code-Review+1: Artem Grechanichenko <agrechanichenko@mirantis.com> Workflow+1: Artem Panchenko <apanchenko@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 16 Nov 2016 13:02:20 +0000 Reviewed-on: https://review.openstack.org/397813 Project: openstack/fuel-ccp-tests Branch: refs/heads/master
-rw-r--r--fuel_ccp_tests/helpers/netchecker.py67
1 files changed, 60 insertions, 7 deletions
diff --git a/fuel_ccp_tests/helpers/netchecker.py b/fuel_ccp_tests/helpers/netchecker.py
index 4b841e0..d575071 100644
--- a/fuel_ccp_tests/helpers/netchecker.py
+++ b/fuel_ccp_tests/helpers/netchecker.py
@@ -12,6 +12,7 @@
12# License for the specific language governing permissions and limitations 12# License for the specific language governing permissions and limitations
13# under the License. 13# under the License.
14 14
15from distutils import version
15import requests 16import requests
16 17
17from devops.helpers import helpers 18from devops.helpers import helpers
@@ -183,6 +184,30 @@ NETCHECKER_DS_CFG = [
183 } 184 }
184] 185]
185 186
187NETCHECKER_BLOCK_POLICY = {
188 "kind": "policy",
189 "spec": {
190 "ingress": [
191 {
192 "action": "allow"
193 },
194 {
195 "action": "deny",
196 "destination": {
197 "ports": [
198 NETCHECKER_SERVICE_PORT
199 ]
200 },
201 "protocol": "tcp"
202 }
203 ]
204 },
205 "apiVersion": "v1",
206 "metadata": {
207 "name": "deny-netchecker"
208 }
209}
210
186 211
187def start_server(k8s, namespace=None, 212def start_server(k8s, namespace=None,
188 pod_spec=NETCHECKER_POD_CFG, 213 pod_spec=NETCHECKER_POD_CFG,
@@ -270,17 +295,45 @@ def wait_check_network(kube_host_ip, works=True, timeout=120, interval=5):
270 295
271 296
272def calico_block_traffic_on_node(underlay, target_node): 297def calico_block_traffic_on_node(underlay, target_node):
298 if is_calico_version_new(calico_get_version(underlay, target_node)):
299 cmd = "echo '{0}' | calicoctl create -f -".format(
300 NETCHECKER_BLOCK_POLICY)
301 else:
302 cmd = ('calicoctl profile calico-k8s-network rule add --at=1 outbound '
303 'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT))
304 underlay.sudo_check_call(cmd, node_name=target_node)
273 LOG.info('Blocked traffic to the network checker service from ' 305 LOG.info('Blocked traffic to the network checker service from '
274 'containers on node "{}".'.format(target_node)) 306 'containers on node "{}".'.format(target_node))
275 underlay.sudo_check_call(
276 'calicoctl profile calico-k8s-network rule add --at=1 outbound '
277 'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT),
278 node_name=target_node)
279 307
280 308
281def calico_unblock_traffic_on_node(underlay, target_node): 309def calico_unblock_traffic_on_node(underlay, target_node):
310 if is_calico_version_new(calico_get_version(underlay, target_node)):
311 cmd = "echo '{0}' | calicoctl delete -f -".format(
312 NETCHECKER_BLOCK_POLICY)
313 else:
314 cmd = ('calicoctl profile calico-k8s-network '
315 'rule remove outbound --at=1')
316 underlay.sudo_check_call(cmd, node_name=target_node)
282 LOG.info('Unblocked traffic to the network checker service from ' 317 LOG.info('Unblocked traffic to the network checker service from '
283 'containers on node "{}".'.format(target_node)) 318 'containers on node "{}".'.format(target_node))
284 underlay.sudo_check_call( 319
285 'calicoctl profile calico-k8s-network rule remove outbound --at=1', 320
286 node_name=target_node) 321def calico_get_version(underlay, target_node):
322 raw_version = underlay.sudo_check_call('calicoctl version',
323 node_name=target_node)
324
325 assert raw_version['exit_code'] == 0 and len(raw_version['stdout']) > 0, \
326 "Unable to get calico version!"
327
328 if len(raw_version['stdout']) > 1:
329 ctl_version = raw_version['stdout'][0].split()[1].strip()
330 else:
331 ctl_version = raw_version['stdout'][0].strip()
332
333 LOG.debug("Calico (calicoctl) version on '{0}': '{1}'".format(target_node,
334 ctl_version))
335 return ctl_version
336
337
338def is_calico_version_new(calico_version):
339 return version.LooseVersion(calico_version) >= version.LooseVersion('v1')