diff --git a/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb b/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb index f0a0c170a9..959dd3d7b2 100644 --- a/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb +++ b/src/vnm_mad/spec/OpenNebulaVLAN_spec.rb @@ -16,12 +16,13 @@ end include SystemMock RSpec.configure do |config| - config.before(:all) do + config.before(:each) do $capture_commands = Hash.new $collector = Hash.new end end + describe 'networking' do it "get all nics in kvm" do $capture_commands = { @@ -78,11 +79,34 @@ describe 'openvswitch' do onevlan = OpenvSwitchVLAN.new(OUTPUT[:onevm_show],"kvm") onevlan.activate openvswitch_tags = [ - "sudo /usr/local/bin/ovs-vsctl set Port vnet0 tap=2", - "sudo /usr/local/bin/ovs-vsctl set Port vnet1 tap=3", - "sudo /usr/local/bin/ovs-vsctl set Port vnet2 tap=4" + "sudo /usr/local/bin/ovs-vsctl set Port vnet0 tag=2", + "sudo /usr/local/bin/ovs-vsctl set Port vnet1 tag=3", + "sudo /usr/local/bin/ovs-vsctl set Port vnet2 tag=4" ] $collector[:system].should == openvswitch_tags end end + +describe 'firewall' do + it "should activate FW rules in xen" do + $capture_commands = { + /uname/ => OUTPUT[:xen_uname_a], + /lsmod/ => OUTPUT[:xen_lsmod], + /network-list/ => OUTPUT[:xm_network_list], + /domid/ => OUTPUT[:xm_domid] + } + fw = OpenNebulaFirewall.new(OUTPUT[:onevm_show_xen]) + fw.activate + + fw_activate_rules = ["sudo /sbin/iptables -N one-36-3", + "sudo /sbin/iptables -A FORWARD -m physdev --physdev-out vif4.0 -j one-36-3", + "sudo /sbin/iptables -A one-36-3 -p tcp -m state --state ESTABLISHED -j ACCEPT", + "sudo /sbin/iptables -A one-36-3 -p tcp -m multiport --dports 22,80 -j ACCEPT", + "sudo /sbin/iptables -A one-36-3 -p tcp -j DROP", + "sudo /sbin/iptables -A one-36-3 -p icmp -m state --state ESTABLISHED -j ACCEPT", + "sudo /sbin/iptables -A one-36-3 -p icmp -j DROP"] + + $collector[:system].should == fw_activate_rules + end +end diff --git a/src/vnm_mad/spec/output/xen_lsmod b/src/vnm_mad/spec/output/xen_lsmod new file mode 100644 index 0000000000..6650752a87 --- /dev/null +++ b/src/vnm_mad/spec/output/xen_lsmod @@ -0,0 +1,103 @@ +Module Size Used by +xt_multiport 36417 0 +ebtable_filter 35649 0 +xt_physdev 36049 4 +ip6_tables 50177 0 +ebtable_nat 35649 0 +ebtables 53441 2 ebtable_filter,ebtable_nat +ipt_MASQUERADE 36801 3 +iptable_nat 40517 1 +ip_nat 52973 2 ipt_MASQUERADE,iptable_nat +xt_state 35265 1 +ip_conntrack 91621 4 ipt_MASQUERADE,iptable_nat,ip_nat,xt_state +nfnetlink 40457 2 ip_nat,ip_conntrack +ipt_REJECT 38849 2 +xt_tcpudp 36289 6 +netloop 40001 0 +netbk 130305 0 [permanent] +blktap 151909 4 [permanent] +iptable_filter 36161 1 +blkbk 55289 0 [permanent] +ip_tables 55329 2 iptable_nat,iptable_filter +x_tables 50377 9 xt_multiport,xt_physdev,ip6_tables,ipt_MASQUERADE,iptable_nat,xt_state,ipt_REJECT,xt_tcpudp,ip_tables +bridge 92017 1 xt_physdev +autofs4 63049 3 +hidp 83649 2 +rfcomm 104937 0 +l2cap 89409 10 hidp,rfcomm +bluetooth 118725 5 hidp,rfcomm,l2cap +lockd 101425 0 +sunrpc 199689 2 lockd +be2iscsi 94045 0 +ib_iser 68417 0 +rdma_cm 68817 1 ib_iser +ib_cm 73449 1 rdma_cm +iw_cm 43465 1 rdma_cm +ib_sa 75209 2 rdma_cm,ib_cm +ib_mad 70757 2 ib_cm,ib_sa +ib_core 105157 6 ib_iser,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad +ib_addr 41801 1 rdma_cm +iscsi_tcp 50509 0 +bnx2i 76385 0 +cnic 79577 1 bnx2i +ipv6 435873 1 cnic +xfrm_nalgo 43333 1 ipv6 +crypto_api 42945 1 xfrm_nalgo +uio 45649 1 cnic +cxgb3i 77873 0 +cxgb3 215985 1 cxgb3i +8021q 57937 1 cxgb3 +libiscsi_tcp 53189 2 iscsi_tcp,cxgb3i +libiscsi2 77765 6 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi_tcp +scsi_transport_iscsi2 73945 8 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi2 +scsi_transport_iscsi 35017 1 scsi_transport_iscsi2 +dm_mirror 54993 0 +dm_multipath 58457 0 +scsi_dh 42177 1 dm_multipath +video 53197 0 +backlight 39873 1 video +sbs 49921 0 +power_meter 47053 0 +hwmon 36553 1 power_meter +i2c_ec 38593 1 sbs +dell_wmi 37601 0 +wmi 41985 1 dell_wmi +button 40545 0 +battery 43849 0 +asus_acpi 50917 0 +ac 38729 0 +parport_pc 62313 0 +lp 47121 0 +parport 73293 2 parport_pc,lp +floppy 92905 0 +i2c_piix4 43725 0 +sg 70521 0 +i2c_core 57537 2 i2c_ec,i2c_piix4 +8139too 61633 0 +8139cp 58561 0 +mii 38849 2 8139too,8139cp +serio_raw 40517 0 +pcspkr 36289 0 +pata_acpi 39489 0 +ata_generic 40645 0 +tpm_tis 48077 0 +tpm 50401 1 tpm_tis +tpm_bios 40897 1 tpm +dm_raid45 99529 0 +dm_message 36289 1 dm_raid45 +dm_region_hash 46273 1 dm_raid45 +dm_log 44993 3 dm_mirror,dm_raid45,dm_region_hash +dm_mod 101521 4 dm_mirror,dm_multipath,dm_raid45,dm_log +dm_mem_cache 39489 1 dm_raid45 +ata_piix 57285 0 +libata 208849 3 pata_acpi,ata_generic,ata_piix +sym53c8xx 109673 1 +scsi_transport_spi 59841 1 sym53c8xx +sd_mod 56513 2 +scsi_mod 199257 13 be2iscsi,ib_iser,iscsi_tcp,bnx2i,cxgb3i,libiscsi2,scsi_transport_iscsi2,scsi_dh,sg,libata,sym53c8xx,scsi_transport_spi,sd_mod +ext3 168657 1 +jbd 94513 1 ext3 +uhci_hcd 57561 0 +ohci_hcd 56309 0 +ehci_hcd 66125 0 + diff --git a/src/vnm_mad/spec/output/xen_uname_a b/src/vnm_mad/spec/output/xen_uname_a new file mode 100644 index 0000000000..46564f095a --- /dev/null +++ b/src/vnm_mad/spec/output/xen_uname_a @@ -0,0 +1 @@ +Linux centos 2.6.18-238.12.1.el5.centos.plusxen #1 SMP Wed Jun 1 11:57:54 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux diff --git a/src/vnm_mad/spec/output/xm_domid b/src/vnm_mad/spec/output/xm_domid new file mode 100644 index 0000000000..b8626c4cff --- /dev/null +++ b/src/vnm_mad/spec/output/xm_domid @@ -0,0 +1 @@ +4 diff --git a/src/vnm_mad/spec/output/xm_network_list b/src/vnm_mad/spec/output/xm_network_list new file mode 100644 index 0000000000..3826849e38 --- /dev/null +++ b/src/vnm_mad/spec/output/xm_network_list @@ -0,0 +1,3 @@ +Idx BE MAC Addr. handle state evt-ch tx-/rx-ring-ref BE-path +0 0 02:00:ac:10:00:cb 0 1 -1 -1 /-1 /local/domain/0/backend/vif/4/0 +1 0 02:00:c0:a8:00:65 1 1 -1 -1 /-1 /local/domain/0/backend/vif/4/1