Blame - tcp_tests/tests/system/test_calico.py - mcp/tcp-qa

blob: 72f9ca95110bd7abf1ae07c8ccca38a1bb8cf9af [file] [log] [blame]

Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	1	# Copyright 2017 Mirantis, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
				15	import pytest
				16
				17	from devops.helpers import helpers
				18
				19	from tcp_tests import logger
				20	from tcp_tests.helpers import netchecker
				21
				22	LOG = logger.logger
				23
				24
				25	class TestMCPCalico(object):
				26	"""Test class for Calico network provider in k8s"""
				27
				28	@pytest.mark.fail_snapshot
Artem Panchenko	0872ec0	2017-06-29 17:14:12 +0300	[diff] [blame]	29	@pytest.mark.calico_ci
Tatyana Leontovich	071ce6a	2017-10-24 18:08:10 +0300	[diff] [blame]	30	@pytest.mark.cz8116
Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	31	def test_k8s_netchecker_calico(self, show_step, config, k8s_deployed):
				32	"""Test for deploying k8s environment with Calico plugin and check
				33	network connectivity between different pods by k8s-netchecker
				34
				35	Scenario:
				36	1. Install k8s with Calico network plugin.
				37	2. Run netchecker-server service.
				38	3. Run netchecker-agent daemon set.
				39	4. Get network verification status. Check status is 'OK'.
				40
				41	Duration: 3000 seconds
				42	"""
				43
				44	# STEP #1
				45	show_step(1)
				46	k8sclient = k8s_deployed.api
				47	assert k8sclient.nodes.list() is not None, "Can not get nodes list"
				48
				49	# STEP #2
				50	show_step(2)
				51	netchecker.start_server(k8s=k8s_deployed, config=config)
				52	netchecker.wait_check_network(k8sclient, works=True,
				53	timeout=300)
				54
				55	# STEP #3
				56	show_step(3)
				57	netchecker.start_agent(k8s=k8s_deployed, config=config)
				58
				59	# STEP #4
				60	show_step(4)
				61	netchecker.wait_check_network(k8sclient, works=True,
				62	timeout=300)
				63
				64	@pytest.mark.fail_snapshot
Artem Panchenko	0872ec0	2017-06-29 17:14:12 +0300	[diff] [blame]	65	@pytest.mark.calico_ci
Tatyana Leontovich	071ce6a	2017-10-24 18:08:10 +0300	[diff] [blame]	66	@pytest.mark.cz8116
Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	67	def test_calico_route_recovery(self, show_step, config, underlay,
				68	k8s_deployed):
				69	"""Test for deploying k8s environment with Calico plugin and check
				70	that local routes are recovered by felix after removal
				71
				72	Scenario:
				73	1. Install k8s with Calico network plugin.
				74	2. Run netchecker-server service.
				75	3. Run netchecker-agent daemon set.
				76	4. Get network verification status. Check status is 'OK'.
				77	5. Remove local route to netchecker-agent pod on the first node
				78	6. Check that the route is automatically recovered
				79	7. Get network verification status. Check status is 'OK'.
				80
				81	Duration: 3000 seconds
				82	"""
				83
				84	# STEP #1
				85	show_step(1)
				86	k8sclient = k8s_deployed.api
				87	assert k8sclient.nodes.list() is not None, "Can not get nodes list"
				88
				89	# STEP #2
				90	show_step(2)
				91	netchecker.start_server(k8s=k8s_deployed, config=config)
				92	LOG.info("Waiting for netchecker server is running")
				93	netchecker.wait_check_network(k8sclient, works=True,
				94	timeout=300)
				95
				96	# STEP #3
				97	show_step(3)
				98	netchecker.start_agent(k8s=k8s_deployed, config=config)
				99
				100	# STEP #4
				101	show_step(4)
				102	netchecker.wait_check_network(k8sclient, works=True,
				103	timeout=300)
				104
				105	# STEP #5
				106	show_step(5)
				107	first_node = k8sclient.nodes.list()[0]
				108	first_node_ips = [addr.address for addr in first_node.status.addresses
				109	if 'IP' in addr.type]
				110	assert len(first_node_ips) > 0, "Couldn't find first k8s node IP!"
				111	first_node_names = [name for name in underlay.node_names()
				112	if name.startswith(first_node.name)]
				113	assert len(first_node_names) == 1, "Couldn't find first k8s node " \
				114	"hostname in SSH config!"
				115	first_node_name = first_node_names.pop()
				116
				117	target_pod_ip = None
				118
				119	for pod in k8sclient.pods.list():
				120	if pod.status.host_ip not in first_node_ips:
				121	continue
				122	# TODO: get pods by daemonset with name 'netchecker-agent'
				123	if 'netchecker-agent-' in pod.name and 'hostnet' not in pod.name:
				124	target_pod_ip = pod.status.pod_ip
				125
				126	assert target_pod_ip is not None, "Could not find netchecker pod IP!"
				127
				128	route_del_cmd = 'ip route delete {0}'.format(target_pod_ip)
				129	underlay.sudo_check_call(cmd=route_del_cmd, node_name=first_node_name)
				130	LOG.debug('Removed local route to pod IP {0} on node {1}'.format(
				131	target_pod_ip, first_node.name
				132	))
				133
				134	# STEP #6
				135	show_step(6)
				136	route_chk_cmd = 'ip route list \| grep -q "{0}"'.format(target_pod_ip)
				137	helpers.wait_pass(
				138	lambda: underlay.sudo_check_call(cmd=route_chk_cmd,
				139	node_name=first_node_name),
Valentyn Yakovlev	13a0fc2	2017-08-01 11:21:57 +0300	[diff] [blame]	140	timeout=120,
				141	interval=2
Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	142	)
				143	pod_ping_cmd = 'sleep 3 && ping -q -c 1 -w 3 {0}'.format(target_pod_ip)
				144	underlay.sudo_check_call(cmd=pod_ping_cmd, node_name=first_node_name)
				145	LOG.debug('Local route to pod IP {0} on node {1} is '
Dina Belova	e6fdffb	2017-09-19 13:58:34 -0700	[diff] [blame]	146	'recovered'.format(target_pod_ip, first_node.name))
Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	147
				148	# STEP #7
				149	show_step(7)
				150	netchecker.wait_check_network(k8sclient, works=True)
				151
				152	@pytest.mark.fail_snapshot
valentyn.yakovlev	361a679	2017-07-20 07:44:43 -0400	[diff] [blame]	153	# FIXME(apanchenko): uncomment as soon as the following bug is fixed
				154	# FIXME(apanchenko): https://mirantis.jira.com/browse/PROD-12532
Dina Belova	e6fdffb	2017-09-19 13:58:34 -0700	[diff] [blame]	155	# @pytest.mark.calico_ci
Artem Panchenko	501e67e	2017-06-14 14:59:18 +0300	[diff] [blame]	156	def test_calico_network_policies(self, show_step, config, underlay,
				157	k8s_deployed):
				158	"""Test for deploying k8s environment with Calico and check
				159	that network policies work as expected
				160
				161	Scenario:
				162	1. Install k8s.
				163	2. Create new namespace 'netchecker'
				164	3. Run netchecker-server service
				165	4. Check that netchecker-server returns '200 OK'
				166	5. Run netchecker-agent daemon set in default namespace
				167	6. Get network verification status. Check status is 'OK'
				168	7. Enable network isolation for 'netchecker' namespace
				169	8. Allow connections to netchecker-server from tests using
				170	Calico policy
				171	9. Get network verification status. Check status is 'FAIL' because
				172	no netcheker-agent pods can reach netchecker-service pod
				173	10. Add kubernetes network policies which allow connections
				174	from netchecker-agent pods (including ones with host network)
				175	11. Get network verification status. Check status is 'OK'
				176
				177	Duration: 3000 seconds
				178	"""
				179
				180	show_step(1)
				181	k8sclient = k8s_deployed.api
				182	assert k8sclient.nodes.list() is not None, "Can not get nodes list"
				183	kube_master_nodes = k8s_deployed.get_k8s_masters()
				184	assert kube_master_nodes, "No k8s masters found in pillars!"
				185
				186	show_step(2)
				187	k8s_deployed.check_namespace_create(name='netchecker')
				188
				189	show_step(3)
				190	netchecker.start_server(k8s=k8s_deployed, config=config,
				191	namespace='netchecker')
				192
				193	show_step(4)
				194	netchecker.wait_check_network(k8sclient, namespace='netchecker',
				195	works=True)
				196
				197	show_step(5)
				198	netchecker.start_agent(k8s=k8s_deployed, config=config,
				199	namespace='default',
				200	service_namespace='netchecker')
				201
				202	show_step(6)
				203	netchecker.wait_check_network(k8sclient, namespace='netchecker',
				204	works=True, timeout=300)
				205
				206	show_step(7)
				207	netchecker.kubernetes_block_traffic_namespace(underlay,
				208	kube_master_nodes[0],
				209	'netchecker')
				210
				211	show_step(8)
				212	netchecker.calico_allow_netchecker_connections(underlay,
				213	kube_master_nodes[0],
				214	config.k8s.kube_host,
				215	'netchecker')
				216
				217	show_step(9)
				218	netchecker.wait_check_network(k8sclient, namespace='netchecker',
				219	works=False, timeout=500)
				220
				221	show_step(10)
				222	netchecker.kubernetes_allow_traffic_from_agents(underlay,
				223	kube_master_nodes[0],
				224	'netchecker')
				225
				226	show_step(11)
				227	netchecker.wait_check_network(k8sclient, namespace='netchecker',
				228	works=True, timeout=300)