# - availability_zone
# - hypervisor_hostname
# - vlans
+# WARNING: Not used if clouds_detail is sets
openrc_file:
+# The OpenStack clouds configuration from clouds.yaml file to use.
+# clouds.yaml file must be in one of the following paths:
+# - ~/.config/openstack
+# - /etc/openstack
+# Note: If running in a container, this path must be valid in the container.
+# The only case where this field can be empty is when measuring a system that does not run
+# OpenStack or when OpenStack APIs are not accessible or OpenStack APis use is not
+# desirable. In that case the EXT service chain must be used.
+#
+# If user is not admin some parameters are mandatory and must be filled with valid values in config file such as :
+# - availability_zone
+# - hypervisor_hostname
+# - vlans
+# If a value is sets, this parameter disable the use of openrc file
+clouds_detail:
+
# Forwarder to use in nfvbenchvm image. Available options: ['vpp', 'testpmd']
vm_forwarder: testpmd
"""Cleaner for all NFVbench resources."""
def __init__(self, config):
- cred = credentials.Credentials(config.openrc_file, None, False)
+ cred = credentials.Credentials(config.openrc_file, config.clouds_detail, None, False)
session = cred.get_session()
self.neutron_client = nclient.Client('2.0', session=session)
self.nova_client = Client(2, session=session)
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneauth1 import session
+import openstack
+from keystoneclient.exceptions import HTTPClientError
+
from .log import LOG
class Credentials(object):
def get_session(self):
- dct = {
- 'username': self.rc_username,
- 'password': self.rc_password,
- 'auth_url': self.rc_auth_url
- }
- auth = None
-
- if self.rc_identity_api_version == 3:
- dct.update({
- 'project_name': self.rc_project_name,
- 'project_domain_name': self.rc_project_domain_name,
- 'user_domain_name': self.rc_user_domain_name
- })
- auth = v3.Password(**dct)
+
+ if self.clouds_detail:
+ connection = openstack.connect(cloud=self.clouds_detail)
+ cred_session = connection.session
else:
- dct.update({
- 'tenant_name': self.rc_tenant_name
- })
- auth = v2.Password(**dct)
- return session.Session(auth=auth, verify=self.rc_cacert)
+ dct = {
+ 'username': self.rc_username,
+ 'password': self.rc_password,
+ 'auth_url': self.rc_auth_url
+ }
+
+ if self.rc_identity_api_version == 3:
+ dct.update({
+ 'project_name': self.rc_project_name,
+ 'project_domain_name': self.rc_project_domain_name,
+ 'user_domain_name': self.rc_user_domain_name
+ })
+ auth = v3.Password(**dct)
+ else:
+ dct.update({
+ 'tenant_name': self.rc_tenant_name
+ })
+ auth = v2.Password(**dct)
+ cred_session = session.Session(auth=auth, verify=self.rc_cacert)
+ return cred_session
def __parse_openrc(self, file):
export_re = re.compile('export OS_([A-Z_]*)="?(.*)')
elif name == "PROJECT_DOMAIN_NAME":
self.rc_project_domain_name = value
+ # /users URL returns exception (HTTP 403) if user is not admin.
+ # try first without the version in case session already has it in
+ # Return HTTP 200 if user is admin
+ def __user_is_admin(self, url):
+ is_admin = False
+ try:
+ # check if user has admin role in OpenStack project
+ filter = {'service_type': 'identity',
+ 'interface': 'public'}
+ self.get_session().get(url, endpoint_filter=filter)
+ is_admin = True
+ except HTTPClientError as exc:
+ if exc.http_status == 403:
+ LOG.warning(
+ "User is not admin, no permission to list user roles. Exception: %s", exc)
+ return is_admin
+
#
# Read a openrc file and take care of the password
# The 2 args are passed from the command line and can be None
#
- def __init__(self, openrc_file, pwd=None, no_env=False):
+ def __init__(self, openrc_file, clouds_detail, pwd=None, no_env=False):
self.rc_password = None
self.rc_username = None
self.rc_tenant_name = None
self.rc_user_domain_name = None
self.rc_project_domain_name = None
self.rc_project_name = None
- self.rc_identity_api_version = 2
+ self.rc_identity_api_version = 3
self.is_admin = False
+ self.clouds_detail = clouds_detail
success = True
if openrc_file:
success = False
else:
self.__parse_openrc(openrc_file)
- elif not no_env:
+ elif not clouds_detail and not no_env:
# no openrc file passed - we assume the variables have been
# sourced by the calling shell
# just check that they are present
# always override with CLI argument if provided
- if pwd:
- self.rc_password = pwd
- # if password not know, check from env variable
- elif self.rc_auth_url and not self.rc_password and success:
- if 'OS_PASSWORD' in os.environ and not no_env:
- self.rc_password = os.environ['OS_PASSWORD']
- else:
- # interactively ask for password
- self.rc_password = getpass.getpass(
- 'Please enter your OpenStack Password: ')
- if not self.rc_password:
- self.rc_password = ""
-
- # check if user has admin role in OpenStack project
- filter = {'service_type': 'identity',
- 'interface': 'public',
- 'region_name': self.rc_region_name}
+ if not clouds_detail:
+ if pwd:
+ self.rc_password = pwd
+ # if password not know, check from env variable
+ elif self.rc_auth_url and not self.rc_password and success:
+ if 'OS_PASSWORD' in os.environ and not no_env:
+ self.rc_password = os.environ['OS_PASSWORD']
+ else:
+ # interactively ask for password
+ self.rc_password = getpass.getpass(
+ 'Please enter your OpenStack Password: ')
+ if not self.rc_password:
+ self.rc_password = ""
+
+
try:
# /users URL returns exception (HTTP 403) if user is not admin.
# try first without the version in case session already has it in
# Return HTTP 200 if user is admin
- self.get_session().get('/users', endpoint_filter=filter)
- self.is_admin = True
- except Exception:
- try:
- # vX/users URL returns exception (HTTP 403) if user is not admin.
- self.get_session().get('/v' + str(self.rc_identity_api_version) + '/users',
- endpoint_filter=filter)
- self.is_admin = True
- except Exception as e:
- LOG.warning("User is not admin, no permission to list user roles. Exception: %s", e)
+ self.is_admin = self.__user_is_admin('/users') or self.__user_is_admin(
+ '/v2/users') or self.__user_is_admin('/v3/users')
+ except Exception as e:
+ LOG.warning("Error occurred during Openstack API access. "
+ "Unable to check user is admin. Exception: %s", e)
self.config_plugin = config_plugin
self.factory = factory
self.notifier = notifier
- self.cred = credentials.Credentials(config.openrc_file, None, False) \
- if config.openrc_file else None
+ self.cred = credentials.Credentials(config.openrc_file, config.clouds_detail, None, False) \
+ if config.openrc_file or config.clouds_detail else None
self.chain_runner = None
self.specs = Specs()
self.specs.set_openstack_spec(openstack_spec)
# check that an empty openrc file (no OpenStack) is only allowed
# with EXT chain
- if not self.config.openrc_file and self.config.service_chain != ChainType.EXT:
- raise Exception("openrc_file in the configuration is required for PVP/PVVP chains")
+ if (not self.config.openrc_file and not self.config.clouds_detail) and \
+ self.config.service_chain != ChainType.EXT:
+ raise Exception("openrc_file or clouds_detail in the configuration is required"
+ " for PVP/PVVP chains")
self.specs.set_run_spec(self.config_plugin.get_run_spec(self.config,
self.specs.openstack))
GENERATOR IMAGE INSTANCE AND CONFIG
===================================
+Pre-requisites
+--------------
+To use openstack APIs, NFVbench generator VM will use `clouds.yaml` file as openstack configuration.
+The OpenStack clouds configuration from clouds.yaml file to use.
+clouds.yaml file must be in one of the following paths:
+- ~/.config/openstack
+- /etc/openstack
+
+Example of `clouds.yaml`:
+
+.. code-block:: yaml
+
+ clouds:
+ devstack:
+ auth:
+ auth_url: http://192.168.122.10:35357/
+ project_name: demo
+ username: demo
+ password: 0penstack
+ region_name: RegionOne
+
+.. note:: Add `CLOUD_DETAIL` property with the accurate value for your openstack configuration (`devstack` in the above example) in ``/etc/nfvbenchvm.conf``
+
Interface Requirements
----------------------
The instance must be launched using OpenStack with 2 network interfaces for dataplane traffic (using SR-IOV function) and 1 management interface to control nfvbench.
pci: "{{PCI_ADDRESS_2}}"
switch:
intf_speed:
+
.. note:: `CORE_THREADS` value is determined automatically based on the cores available on the VM starting from 2 to last worker core available.
Auto-configuration
LOOPBACK_INTF_MAC2=FA:16:3E:10:DA:10
E2E_INTF_MAC1=FA:16:3E:B0:E2:43
E2E_INTF_MAC2=FA:16:3E:D3:6A:FC
+
.. note:: `ACTION` parameter is not mandatory but will permit to start NFVbench with the accurate ports (loopback or e2e).
.. note:: Set of MAC parameters cannot be used in parallel as only one NFVbench/TRex process is running.
.. note:: Switching from `loopback` to `e2e` action can be done manually using `/nfvbench/start-nfvbench.sh <action>` with the accurate keyword for `action` parameter. This script will restart NFVbench with the good set of MAC.
INTF_MGMT_CIDR=172.20.56.228/2
INTF_MGMT_IP_GW=172.20.56.225
DNS_SERVERS=8.8.8.8,dns.server.com
+
.. note:: A management interface is required to automatically find the virtual interface to use according to the MAC address provided (see `INTF_MAC_MGMT` parameter).
.. note:: NFVbench VM will call openstack API through the management interface to retrieve mac address for these ports
.. note:: If openstack API required a host name resolution, add the parameter DNS_SERVERS to add IP or DNS server names (multiple servers can be added separated by a `,`)
# Waiting for cloud-init to generate $NFVBENCH_CONF, retry 60 seconds
NFVBENCH_CONF=/etc/nfvbenchvm.conf
-OPENRC=/etc/nfvbench/openrc
retry=30
until [ $retry -eq 0 ]; do
if [ -f $NFVBENCH_CONF ]; then break; fi
eval $(cat $NFVBENCH_CONF)
touch /nfvbench_configured.flag
-if [ -f $OPENRC ]; then
- source $OPENRC
-fi
-
# Add DNS entry
if [ $DNS_SERVERS ]; then
IFS="," read -a dns <<< $DNS_SERVERS
if [ $INTF_MGMT_CIDR ] && [ $INTF_MGMT_IP_GW ]; then
if [ $INTF_MAC_MGMT ]; then
ETH_PORT=$(get_eth_port $INTF_MAC_MGMT)
- elif [ -f $OPENRC ] && [ "$PORT_MGMT_NAME" ]; then
- $INTF_MAC_MGMT=$(openstack port list | grep $PORT_MGMT_NAME | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ elif [ "$CLOUD_DETAIL" ] && [ "$PORT_MGMT_NAME" ]; then
+ $INTF_MAC_MGMT=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $PORT_MGMT_NAME | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
ETH_PORT=$(get_eth_port $INTF_MAC_MGMT)
else
ETH_PORT=""
if [ $PCI_ADDRESS_1 ] && [ $PCI_ADDRESS_2 ]; then
logger "NFVBENCHVM: Using pci $PCI_ADDRESS_1 ($INTF_MAC1)"
logger "NFVBENCHVM: Using pci $PCI_ADDRESS_2 ($INTF_MAC2)"
+ # active uio_pci_generic driver
+ modprobe uio_pci_generic
# Configure the forwarder
if [ "$FORWARDER" == "testpmd" ]; then
echo "Configuring testpmd..."
- modprobe uio_pci_generic
mkdir /dpdk
echo "set promisc all off" > /dpdk/testpmd_cmd.txt
# Binding ports to DPDK VFIO or UIO
E2E_CFG=/etc/nfvbench/e2e.cfg
LOOPBACK_CFG=/etc/nfvbench/loopback.cfg
NFVBENCH_CFG=/etc/nfvbench/nfvbench.cfg
-OPENRC=/etc/nfvbench/openrc
# Parse and obtain all configurations
eval $(cat $NFVBENCH_CONF)
-if [ -f $OPENRC ]; then
- source $OPENRC
-fi
-
# WE assume there are at least 2 cores available for the VM
CPU_CORES=$(grep -c ^processor /proc/cpuinfo)
# Set dynamically interfaces mac values, if VM is spawn with SRIOV PF ports
# and openstack API are accessible
if [ -z "$LOOPBACK_INTF_MAC1" ] && [ -z "$LOOPBACK_INTF_MAC2" ]; then
- if [ -f $OPENRC ] && [ "$LOOPBACK_PORT_NAME1" ] && [ "$LOOPBACK_PORT_NAME2" ]; then
- LOOPBACK_INTF_MAC1=$(openstack port list | grep $LOOPBACK_PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
- LOOPBACK_INTF_MAC2=$(openstack port list | grep $LOOPBACK_PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ if [ "$CLOUD_DETAIL" ] && [ "$LOOPBACK_PORT_NAME1" ] && [ "$LOOPBACK_PORT_NAME2" ]; then
+ LOOPBACK_INTF_MAC1=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $LOOPBACK_PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ LOOPBACK_INTF_MAC2=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $LOOPBACK_PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
fi
fi
if [ -z "$E2E_INTF_MAC1" ] && [ -z "$E2E_INTF_MAC2" ]; then
- if [ -f $OPENRC ] && [ "$E2E_PORT_NAME1" ] && [ "$E2E_PORT_NAME2" ]; then
- E2E_INTF_MAC1=$(openstack port list | grep $E2E_PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
- E2E_INTF_MAC2=$(openstack port list | grep $E2E_PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ if [ "$CLOUD_DETAIL" ] && [ "$E2E_PORT_NAME1" ] && [ "$E2E_PORT_NAME2" ]; then
+ E2E_INTF_MAC1=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $E2E_PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ E2E_INTF_MAC2=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $E2E_PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
fi
fi
if [ -z "$INTF_MAC1" ] && [ -z "$INTF_MAC2" ]; then
- if [ -f $OPENRC ] && [ "$PORT_NAME1" ] && [ "$PORT_NAME2" ]; then
- INTF_MAC1=$(openstack port list | grep $PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
- INTF_MAC2=$(openstack port list | grep $PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ if [ "$CLOUD_DETAIL" ] && [ "$PORT_NAME1" ] && [ "$PORT_NAME2" ]; then
+ INTF_MAC1=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $PORT_NAME1 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
+ INTF_MAC2=$(openstack --os-cloud $CLOUD_DETAIL port list | grep $PORT_NAME2 | grep -o -Ei '([a-fA-F0-9:]{17}|[a-fA-F0-9]{12}$)' | head -1)
fi
fi
}
socket-mem 1024
dev {{PCI_ADDRESS_1}}
dev {{PCI_ADDRESS_2}}
- uio-driver igb_uio
+ uio-driver uio_pci_generic
num-mbufs {{NUM_MBUFS}}
}
# License for the specific language governing permissions and limitations
# under the License.
#
+import openstack
+from keystoneauth1.exceptions import HTTPClientError
from mock import patch
import pytest
# =========================================================================
def test_no_credentials():
- cred = Credentials('/completely/wrong/path/openrc', None, False)
- if cred.rc_auth_url:
- # shouldn't get valid data unless user set environment variables
+ with patch.object(openstack, 'connect') as mock:
+ cred = Credentials('/completely/wrong/path/openrc', None, None, False)
+ if cred.rc_auth_url:
+ # shouldn't get valid data unless user set environment variables
+ assert False
+ else:
+ assert True
+ mock.assert_not_called()
+
+
+def test_clouds_file_credentials():
+ with patch.object(openstack, 'connect') as mock:
+ Credentials(None, 'openstack', None, False)
+ mock.assert_called_once()
+
+
+@patch('nfvbench.nfvbench.credentials')
+def test_is_not_admin(mock_session):
+ mock_session.Session.return_value.get.return_value.raiseError.side_effect = HTTPClientError
+ cred = Credentials(None, 'openstack', None, False)
+ if cred.is_admin:
assert False
else:
assert True
+
+def test_is_admin():
+ with patch.object(openstack, 'connect'):
+ cred = Credentials(None, 'openstack', None, False)
+ if cred.is_admin:
+ assert True
+ else:
+ assert False
+
+
def test_ip_block():
ipb = IpBlock('10.0.0.0', '0.0.0.1', 256)
assert ipb.get_ip() == '10.0.0.0'
Code Review / nfvbench.git / commitdiff