-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathha-egressip.sh
304 lines (286 loc) · 10.5 KB
/
ha-egressip.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
#!/bin/bash
source ./color.sh
function check_ip() {
#check ip
for ip in $EGRESS_IP $EGRESS_IP2 $EGRESS_IP3 $EGRESS_IP4
do
echo -e "$BBlue Check if the IP is in-use. $NC"
ssh root@$MASTER_IP "ping -c1 $ip"
if [ $? -ne 1 ]
then
echo -e "$BRed EGRESS IP is being used $NC"
exit 1
fi
done
}
function prepare_user() {
#copy admin kubeconfig
scp root@$MASTER_IP:/etc/origin/master/admin.kubeconfig ./
if [ $? -ne 0 ]
then
echo -e "${BRed}Failed to copy admin kubeconfig${NC}"
exit 1
fi
# login to server
oc login https://$MASTER_IP:8443 -u bmeng -p redhat --insecure-skip-tls-verify=true
if [ $? -ne 0 ]
then
echo -e "${BRed}Failed to login${NC}"
exit 1
fi
oc delete project $PROJECT
echo -e "$BBlue Delete the project if already existed. $NC"
until [ `oc get project | grep $PROJECT | wc -l` -eq 0 ]
do
echo -e "Waiting for project to be deleted on server"
sleep 5
done
oc delete project $NEWPROJECT
echo -e "$BBlue Delete the $NEWPROJECT if already existed. $NC"
until [ `oc get project | grep $NEWPROJECT | wc -l` -eq 0 ]
do
echo -e "Waiting for project2 to be deleted on server"
sleep 5
done
sleep 10
# create project
create_project $PROJECT
create_project $NEWPROJECT
}
function clean_node_egressIP() {
nodes=(`oc get node --config admin.kubeconfig -o jsonpath='{.items[*].metadata.name}'`)
for n in ${nodes[@]}
do
oc patch hostsubnet $n -p "{\"egressCIDRs\":[]}" --config admin.kubeconfig
oc patch hostsubnet $n -p "{\"egressIPs\":[]}" --config admin.kubeconfig
done
}
function create_project(){
local project=$1
oc new-project $project
if [ $? -ne 0 ]
then
echo -e "${BRed}Failed to create $project $NC"
exit 1
fi
}
function wait_for_pod_running() {
local POD=$1
local NUM=$2
local project=$3
TRY=20
COUNT=0
while [ $COUNT -lt $TRY ]; do
if [ `oc get po -n ${project:-$PROJECT} | grep $POD | grep Running | wc -l` -eq $NUM ]; then
break
fi
sleep 10
let COUNT=$COUNT+1
done
if [ $COUNT -eq 20 ]
then
echo -e "Pod creation failed"
exit 1
fi
}
function access_external_network(){
echo -e "$BBlue Access external network $NC"
local pod=$1
local project=$2
oc exec $pod -n $project -- curl -sS --connect-timeout 5 $external_service
}
function step_pass(){
if [ $? -ne 0 ]
then
echo -e "$BRed FAILED! $NC"
else
echo -e "$BGreen PASS! $NC"
fi
}
function step_fail(){
if [ $? -ne 0 ]
then
echo -e "$BGreen PASS! $NC"
else
echo -e "$BRed FAILED! $NC"
fi
}
function elect_egress_node(){
EGRESS_NODE=`oc get node -l node-role.kubernetes.io/master!=true --config admin.kubeconfig -o jsonpath='{.items[*].metadata.name}' | xargs shuf -n1 -e`
OTHER_NODE=`oc get node -l node-role.kubernetes.io/master!=true --config admin.kubeconfig -o jsonpath='{.items[*].metadata.name}' | sed "s/$EGRESS_NODE//" | cut -d " " -f1 | tr -d " "`
echo "EGRESS_NODE=$EGRESS_NODE"
echo "OTHER_NODE=$OTHER_NODE"
}
function clean_up_egressIPs(){
echo -e "$BBlue Clean up the egressIP on both hostnetwork and netns $NC"
oc patch hostsubnet $EGRESS_NODE -p "{\"egressCIDRs\":[]}" --config admin.kubeconfig
oc patch hostsubnet $OTHER_NODE -p "{\"egressCIDRs\":[]}" --config admin.kubeconfig
oc patch hostsubnet $EGRESS_NODE -p "{\"egressIPs\":[]}" --config admin.kubeconfig
oc patch hostsubnet $OTHER_NODE -p "{\"egressIPs\":[]}" --config admin.kubeconfig
oc patch netnamespaces $PROJECT -p "{\"egressIPs\":[]}" --config admin.kubeconfig
}
function test_first_available_item() {
echo -e "$BBlue Test OCP-19961 The first egressIP in the netnamespace list which is claimed by node will take effect. $NC"
oc project $PROJECT
oc create -f http://fedorabmeng.usersys.redhat.com/testing/list_for_pods.json -n $PROJECT
wait_for_pod_running test-rc 2
elect_egress_node
# Add multiple egressIP to project and the 2nd one will be claimed by node
oc patch netnamespace $PROJECT -p "{\"egressIPs\":[\"$EGRESS_IP\",\"$EGRESS_IP2\"]}" --config admin.kubeconfig
# Add multiple egressIP to node
oc patch hostsubnet $EGRESS_NODE -p "{\"egressIPs\":[\"$EGRESS_IP3\",\"$EGRESS_IP2\"]}" --config admin.kubeconfig
# sleep sometime to make sure the egressIP ready
sleep 15
# Try to access outside with the source IP on the 2nd place
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP2
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP2
step_pass
done
# Try to addnew egressIPs to new node, which claimed the 1st item in project egressIP array
oc patch hostsubnet ${OTHER_NODE} -p "{\"egressIPs\":[\"$EGRESS_IP4\",\"$EGRESS_IP\"]}" --config admin.kubeconfig
# Try to access outside and the 1st egressIP will take effect
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
done
oc delete all --all -n $PROJECT
clean_up_egressIPs
sleep 10
}
function test_egressip_not_in_first_place_being_used_by_other_project() {
echo -e "$BBlue Test OCP-19964 The traffic on the project will be dropped if any of the egressIPs is being used in another project. $NC"
oc project $PROJECT
oc create -f http://fedorabmeng.usersys.redhat.com/testing/list_for_pods.json -n $PROJECT
wait_for_pod_running test-rc 2
# Add multiple egressIP to project
oc patch netnamespace $PROJECT -p "{\"egressIPs\":[\"$EGRESS_IP\",\"$EGRESS_IP2\",\"$EGRESS_IP3\"]}" --config admin.kubeconfig
# Add the egress IP to host which claiming the 1st ip
elect_egress_node
oc patch hostsubnet $EGRESS_NODE -p "{\"egressIPs\":[\"$EGRESS_IP\"]}" --config admin.kubeconfig
sleep 15
# Try to access outside
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
done
# Add egress to another project which is the same as the one in project1's secondary egressIP
oc project $NEWPROJECT
oc create -f http://fedorabmeng.usersys.redhat.com/testing/list_for_pods.json -n $NEWPROJECT
wait_for_pod_running test-rc 2
oc patch netnamespace $NEWPROJECT -p "{\"egressIPs\":[\"$EGRESS_IP2\"]}" --config admin.kubeconfig
# Try to access outside with both project
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT
step_fail
access_external_network $p $PROJECT
step_fail
done
pod=$(oc get po -n $NEWPROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $NEWPROJECT
step_fail
access_external_network $p $NEWPROJECT
step_fail
done
# Update the 2nd project to use the 3rd egressIP of project 1
oc patch netnamespace $NEWPROJECT -p "{\"egressIPs\":[\"$EGRESS_IP3\"]}" --config admin.kubeconfig
# Try to access outside with both project
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT
step_fail
access_external_network $p $PROJECT
step_fail
done
pod=$(oc get po -n $NEWPROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $NEWPROJECT
step_fail
access_external_network $p $NEWPROJECT
step_fail
done
oc delete all --all -n $PROJECT
oc delete project $NEWPROJECT
clean_up_egressIPs
sleep 10
}
function test_egressip_change_node() {
echo -e "$BBlue Test OCP-19969 It will change to active node automatically if the netnamespace has multiple egressIPs which are holding by different nodes and the current working node is down. $NC"
oc project $PROJECT
oc create -f http://fedorabmeng.usersys.redhat.com/testing/list_for_pods.json -n $PROJECT
wait_for_pod_running test-rc 2
# Add multiple egressIP to project
oc patch netnamespace $PROJECT -p "{\"egressIPs\":[\"$EGRESS_IP\",\"$EGRESS_IP2\"]}" --config admin.kubeconfig
# Add the egress IP to host which claiming the 1st ip and 3rd
elect_egress_node
oc patch hostsubnet $EGRESS_NODE -p "{\"egressIPs\":[\"$EGRESS_IP\"]}" --config admin.kubeconfig
sleep 15
# Add the egress IP to the other host which claiming the 2nd ip
oc patch hostsubnet $OTHER_NODE -p "{\"egressIPs\":[\"$EGRESS_IP2\"]}" --config admin.kubeconfig
sleep 15
# Try to access outside
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
done
# make the 1st node down
ssh root@$EGRESS_NODE "systemctl stop docker"
sleep 45
# check the egress node is down
echo -e "$BBlue Check the network log about the egress node down. $NC"
ssh root@$OTHER_NODE "docker logs --tail 200 `docker ps | grep sdn_sdn | awk '{print $1}'` 2>&1 | grep 'egressip\|vxlan_monitor' || crictl logs --tail 200 `crictl ps | grep sdn | awk '{print $1}'` 2>&1 | grep 'egressip\|vxlan_monitor' "
# Try to access outside again
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP2
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP2
step_pass
done
# bring the 1st node back
ssh root@$EGRESS_NODE "systemctl restart docker"
sleep 30
# Try to access outside again
pod=$(oc get po -n $PROJECT | grep Running | cut -d' ' -f1)
for p in ${pod}
do
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
access_external_network $p $PROJECT | grep $EGRESS_IP
step_pass
done
oc delete all --all -n $PROJECT
clean_up_egressIPs
sleep 10
}
#function test_keep_using_same_egressip() {
#}
PROJECT=haegress
NEWPROJECT=newegress
prepare_user
clean_node_egressIP
check_ip
test_first_available_item
test_egressip_not_in_first_place_being_used_by_other_project
test_egressip_change_node