From 28b1e600c00512ae313f339c5542d372c5498e2d Mon Sep 17 00:00:00 2001 From: Artem Panchenko Date: Tue, 15 Nov 2016 18:23:23 +0200 Subject: [PATCH] Support new version of Calico (2.0) With new Golang version of `calicoctl` (v.1.0.0-beta and older), command line interface was changed. Modified tests, so both old and new versions are supported. Change-Id: Id33089d3b184a04624b99a160467e860fa1e0556 --- fuel_ccp_tests/helpers/netchecker.py | 67 +++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 7 deletions(-) diff --git a/fuel_ccp_tests/helpers/netchecker.py b/fuel_ccp_tests/helpers/netchecker.py index 4b841e0..d575071 100644 --- a/fuel_ccp_tests/helpers/netchecker.py +++ b/fuel_ccp_tests/helpers/netchecker.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from distutils import version import requests from devops.helpers import helpers @@ -183,6 +184,30 @@ NETCHECKER_DS_CFG = [ } ] +NETCHECKER_BLOCK_POLICY = { + "kind": "policy", + "spec": { + "ingress": [ + { + "action": "allow" + }, + { + "action": "deny", + "destination": { + "ports": [ + NETCHECKER_SERVICE_PORT + ] + }, + "protocol": "tcp" + } + ] + }, + "apiVersion": "v1", + "metadata": { + "name": "deny-netchecker" + } +} + def start_server(k8s, namespace=None, pod_spec=NETCHECKER_POD_CFG, @@ -270,17 +295,45 @@ def wait_check_network(kube_host_ip, works=True, timeout=120, interval=5): def calico_block_traffic_on_node(underlay, target_node): + if is_calico_version_new(calico_get_version(underlay, target_node)): + cmd = "echo '{0}' | calicoctl create -f -".format( + NETCHECKER_BLOCK_POLICY) + else: + cmd = ('calicoctl profile calico-k8s-network rule add --at=1 outbound ' + 'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT)) + underlay.sudo_check_call(cmd, node_name=target_node) LOG.info('Blocked traffic to the network checker service from ' 'containers on node "{}".'.format(target_node)) - underlay.sudo_check_call( - 'calicoctl profile calico-k8s-network rule add --at=1 outbound ' - 'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT), - node_name=target_node) def calico_unblock_traffic_on_node(underlay, target_node): + if is_calico_version_new(calico_get_version(underlay, target_node)): + cmd = "echo '{0}' | calicoctl delete -f -".format( + NETCHECKER_BLOCK_POLICY) + else: + cmd = ('calicoctl profile calico-k8s-network ' + 'rule remove outbound --at=1') + underlay.sudo_check_call(cmd, node_name=target_node) LOG.info('Unblocked traffic to the network checker service from ' 'containers on node "{}".'.format(target_node)) - underlay.sudo_check_call( - 'calicoctl profile calico-k8s-network rule remove outbound --at=1', - node_name=target_node) + + +def calico_get_version(underlay, target_node): + raw_version = underlay.sudo_check_call('calicoctl version', + node_name=target_node) + + assert raw_version['exit_code'] == 0 and len(raw_version['stdout']) > 0, \ + "Unable to get calico version!" + + if len(raw_version['stdout']) > 1: + ctl_version = raw_version['stdout'][0].split()[1].strip() + else: + ctl_version = raw_version['stdout'][0].strip() + + LOG.debug("Calico (calicoctl) version on '{0}': '{1}'".format(target_node, + ctl_version)) + return ctl_version + + +def is_calico_version_new(calico_version): + return version.LooseVersion(calico_version) >= version.LooseVersion('v1')