Fix security group tests
Change-Id: I13e05c0b73fe8faef2bf5dd5d54eadfac416dfe2
This commit is contained in:
parent
68dc1ebb45
commit
933873f36f
|
@ -40,7 +40,7 @@ def contrail_2_networks(create_network, create_subnet):
|
|||
def contrail_2_servers_different_networks(
|
||||
request,
|
||||
flavor,
|
||||
security_group,
|
||||
neutron_security_group,
|
||||
sorted_hypervisors,
|
||||
contrail_2_networks,
|
||||
server_steps):
|
||||
|
@ -91,7 +91,7 @@ def contrail_2_servers_different_networks(
|
|||
networks=[network],
|
||||
keypair=keypair,
|
||||
availability_zone='nova:{}'.format(hypervisor.service['host']),
|
||||
security_groups=[security_group],
|
||||
security_groups=[neutron_security_group],
|
||||
username=username,
|
||||
password=password,
|
||||
check=False)[0]
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
import contextlib
|
||||
import time
|
||||
|
||||
from hamcrest import is_
|
||||
from hamcrest import assert_that, is_, greater_than, has_value
|
||||
from stepler.third_party import ping
|
||||
from stepler.third_party import tcpdump
|
||||
from stepler.third_party import waiter
|
||||
|
@ -108,13 +108,14 @@ def start_port_listener(server_ssh,
|
|||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def calc_packets_count(os_faults_steps, nodes, iface, filters):
|
||||
def calc_packets_count(os_faults_steps, nodes, iface, filters,
|
||||
max_packets=10000):
|
||||
"""CM to calc packages count on nodes' iface.
|
||||
|
||||
Returns dict: fqdn -> captured packets count.
|
||||
"""
|
||||
tcpdump_base_path = os_faults_steps.start_tcpdump(
|
||||
nodes, '-i {0} {1}'.format(iface, filters))
|
||||
nodes, '-i {0} {1} -c {2}'.format(iface, filters, max_packets))
|
||||
result = {node.fqdn: 0 for node in nodes}
|
||||
yield result
|
||||
os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path)
|
||||
|
@ -138,8 +139,20 @@ def start_iperf_pair(client_ssh, server_ssh, ip, port, udp=False, timeout=10):
|
|||
|
||||
server_ssh.background_call(server_cmd.format(proto=proto, port=port))
|
||||
|
||||
if not udp:
|
||||
time.sleep(10)
|
||||
# if not udp:
|
||||
time.sleep(10)
|
||||
|
||||
client_ssh.background_call(
|
||||
client_cmd.format(proto=proto, ip=ip, port=port, time=timeout))
|
||||
|
||||
|
||||
def check_packets_on_iface(os_faults_steps, node, iface, filters,
|
||||
should_be=True):
|
||||
with calc_packets_count(os_faults_steps, node, iface,
|
||||
filters) as tcp_counts:
|
||||
time.sleep(1)
|
||||
if should_be:
|
||||
matcher = greater_than(0)
|
||||
else:
|
||||
matcher = is_(0)
|
||||
assert_that(tcp_counts, has_value(matcher), 'Wrong packets count')
|
||||
|
|
|
@ -310,7 +310,7 @@ def test_security_group_rules_uuid_in_contrail_and_neutron(contrail_api_client,
|
|||
ids=['ubuntu'])
|
||||
def test_add_remove_security_group_with_active_flow(
|
||||
contrail_2_servers_diff_nets_with_floating,
|
||||
security_group,
|
||||
neutron_security_group,
|
||||
contrail_api_client,
|
||||
contrail_network_policy,
|
||||
set_network_policy,
|
||||
|
@ -345,7 +345,8 @@ def test_add_remove_security_group_with_active_flow(
|
|||
set_network_policy(network, contrail_network_policy)
|
||||
|
||||
# Add rule to group
|
||||
contrail_sg = contrail_api_client.security_group_read(id=security_group.id)
|
||||
contrail_sg = contrail_api_client.security_group_read(
|
||||
id=neutron_security_group['id'])
|
||||
sg_entries = contrail_sg.security_group_entries
|
||||
rules = [
|
||||
types.PolicyRuleType(
|
||||
|
@ -401,6 +402,12 @@ def test_add_remove_security_group_with_active_flow(
|
|||
server2_ssh = enter(server_steps.get_server_ssh(server2))
|
||||
|
||||
# Start TCP and UDP traffic
|
||||
connectivity.start_iperf_pair(
|
||||
client_ssh=server2_ssh,
|
||||
server_ssh=server1_ssh,
|
||||
ip=ip1,
|
||||
port=TCP_PORT,
|
||||
timeout=60 * 1000)
|
||||
connectivity.start_iperf_pair(
|
||||
client_ssh=server1_ssh,
|
||||
server_ssh=server2_ssh,
|
||||
|
@ -408,46 +415,35 @@ def test_add_remove_security_group_with_active_flow(
|
|||
port=UDP_PORT,
|
||||
udp=True,
|
||||
timeout=60 * 1000)
|
||||
connectivity.start_iperf_pair(
|
||||
client_ssh=server2_ssh,
|
||||
server_ssh=server1_ssh,
|
||||
ip=ip1,
|
||||
port=TCP_PORT,
|
||||
timeout=60 * 1000)
|
||||
|
||||
# Check that some packets are captured
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
||||
ifaces[0],
|
||||
tcp_filter) as tcp_counts:
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
||||
ifaces[1],
|
||||
udp_filter) as udp_counts:
|
||||
time.sleep(1)
|
||||
assert_that(next(iter(tcp_counts.values())), greater_than(0))
|
||||
assert_that(next(iter(udp_counts.values())), greater_than(0))
|
||||
connectivity.check_packets_on_iface(os_faults_steps, computes[0],
|
||||
ifaces[0], tcp_filter)
|
||||
connectivity.check_packets_on_iface(os_faults_steps, computes[1],
|
||||
ifaces[1], udp_filter)
|
||||
|
||||
# Remove security group from server1
|
||||
server1.remove_security_group(security_group.id)
|
||||
server1.remove_security_group(neutron_security_group['id'])
|
||||
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
||||
ifaces[0],
|
||||
tcp_filter) as tcp_counts:
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
||||
ifaces[1],
|
||||
udp_filter) as udp_counts:
|
||||
time.sleep(1)
|
||||
assert_that(next(iter(tcp_counts.values())), equal_to(0))
|
||||
assert_that(next(iter(udp_counts.values())), equal_to(0))
|
||||
connectivity.check_packets_on_iface(
|
||||
os_faults_steps,
|
||||
computes[0],
|
||||
ifaces[0],
|
||||
tcp_filter,
|
||||
should_be=False)
|
||||
connectivity.check_packets_on_iface(
|
||||
os_faults_steps,
|
||||
computes[1],
|
||||
ifaces[1],
|
||||
udp_filter,
|
||||
should_be=False)
|
||||
|
||||
# Add security group from server1
|
||||
server1.add_security_group(security_group.id)
|
||||
server1.add_security_group(neutron_security_group['id'])
|
||||
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[0],
|
||||
ifaces[0],
|
||||
tcp_filter) as tcp_counts:
|
||||
with connectivity.calc_packets_count(os_faults_steps, computes[1],
|
||||
ifaces[1],
|
||||
udp_filter) as udp_counts:
|
||||
time.sleep(1)
|
||||
assert_that(next(iter(tcp_counts.values())), greater_than(0))
|
||||
assert_that(next(iter(udp_counts.values())), greater_than(0))
|
||||
time.sleep(10)
|
||||
|
||||
connectivity.check_packets_on_iface(os_faults_steps, computes[0],
|
||||
ifaces[0], tcp_filter)
|
||||
connectivity.check_packets_on_iface(os_faults_steps, computes[1],
|
||||
ifaces[1], udp_filter)
|
||||
|
|
Loading…
Reference in New Issue