[lxc-devel] [lxc-ci/master] OVN: Project restriction tests
tomponline on Github
lxc-bot at linuxcontainers.org
Fri Oct 2 11:26:46 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 303 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201002/9b37407e/attachment.bin>
-------------- next part --------------
From 44db93c7f29602301ce006afd06aaa15152ed32e Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Fri, 2 Oct 2020 11:17:26 +0100
Subject: [PATCH 1/2] bin/test-lxd-ovn: Use 127.0.0.1 for geneve encapsulation
For single node test no need to depend on external IP.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
bin/test-lxd-ovn | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index 612a50e..294c306 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -36,11 +36,10 @@ apt install ovn-host ovn-central --yes
# Configure OVN
set -x
-IP=$(ip -4 route get 8.8.8.8 | grep src | cut -d' ' -f7)
ovs-vsctl set open_vswitch . \
external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock \
external_ids:ovn-encap-type=geneve \
- external_ids:ovn-encap-ip=${IP}
+ external_ids:ovn-encap-ip=127.0.0.1
# Configure LXD
lxc storage create default zfs
From 3289890cac42041c9ad52520eaa2fc3ba38a846d Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Fri, 2 Oct 2020 12:25:41 +0100
Subject: [PATCH 2/2] bin/test-lxd-ovn: Adds tests for project restrictions and
more thorough clean up steps
Allows the test to be re-run multiple times if needed.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
bin/test-lxd-ovn | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index 294c306..e8261ea 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -52,14 +52,17 @@ lxc network create lxdbr0 \
ipv6.address=fd42:4242:4242:1010::1/64 ipv6.nat=true \
ipv6.ovn.ranges=fd42:4242:4242:1010::200-fd42:4242:4242:1010::254
-lxc network create ovn-virtual-network network=lxdbr0 --type=ovn
+# Create OVN network without specifying uplink parent network (check default selection works).
+lxc network create ovn-virtual-network --type=ovn
# Test
set +x
lxc network list
+lxc project switch default
echo "==> Launching a test container on lxdbr0"
lxc init images:ubuntu/20.04 u1
+FINGERPRINT="$(lxc image ls -cf --format=csv)"
lxc config device add u1 eth0 nic network=lxdbr0 name=eth0
lxc start u1
@@ -109,6 +112,26 @@ echo "==> DNS resolution on OVN"
lxc exec u3 -- ping -c1 -4 u2.lxd
lxc exec u3 -- ping -c1 -6 u2.lxd
+echo "===> Testing project restrictions"
+lxc project create testovn -c features.networks=true -c restricted=true
+
+# Test we cannot create network in restricted project with no defined uplinks.
+! lxc network create ovn-virtual-network --project testovn
+
+# Test we can create network with a single restricted uplink network defined without specfiying it (or type).
+lxc project set testovn restricted.networks.uplinks=lxdbr0
+lxc network create ovn-virtual-network --project testovn
+lxc network delete ovn-virtual-network --project testovn
+
+# Test we have to specify uplink network if multiple are allowed.
+lxc network create lxdbr1 --project default
+lxc project set testovn restricted.networks.uplinks=lxdbr0,lxdbr1
+! lxc network create ovn-virtual-network --project testovn
+lxc network create ovn-virtual-network network=lxdbr0 --project testovn
+lxc network delete ovn-virtual-network --project testovn
+lxc project delete testovn
+lxc network delete lxdbr1 --project default
+
echo "===> Testing projects"
lxc project create testovn -c features.networks=true -c limits.networks=1
lxc project switch testovn
@@ -184,4 +207,12 @@ lxc delete -f u2 u3
lxc network delete ovn-virtual-network
lxc network delete lxdbr0 --project default
+lxc image delete "${FINGERPRINT}" --project testovn
+lxc image delete "${FINGERPRINT}" --project default
+lxc profile device remove default root --project testovn
+lxc profile device remove default root --project default
+lxc storage delete default
+lxc project switch default
+lxc project delete testovn
+
FAIL=0
More information about the lxc-devel
mailing list