From c1339623708300caca621d6ed067d773d255815a Mon Sep 17 00:00:00 2001 From: Anandaraj Maharajan Date: Thu, 1 Mar 2018 07:34:09 +0530 Subject: [PATCH 1/3] Adding Save & Reload testcase for ACL This checkin adds changes to perform save and reload test case for ACL rules --- ansible/roles/test/tasks/acltb.yml | 234 ++++++++++++++++------------- 1 file changed, 131 insertions(+), 103 deletions(-) diff --git a/ansible/roles/test/tasks/acltb.yml b/ansible/roles/test/tasks/acltb.yml index 3ed9be7ed0f..d9f4d93dc3a 100644 --- a/ansible/roles/test/tasks/acltb.yml +++ b/ansible/roles/test/tasks/acltb.yml @@ -1,103 +1,131 @@ -# Set facts for the loganalizer -- set_fact: - out_dir: /tmp/ - testname: acl - run_dir: /tmp/ - -# Gather minigraph facts -- name: Gathering minigraph facts about the device - minigraph_facts: host={{ inventory_hostname }} - become: no - connection: local - -- name: Read port reverse alias mapping - set_fact: - alias_reverse_map: "{{ minigraph_map_ngs_to_sonic }}" - podset_number: 200 - -# Copy ACL config to the switch -- name: Copy ACL config file to the DUT - copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" - with_items: - - "acltb_test_rules.json" - - "acltb_test_rules_allow_all.json" - - "acltb_test_rules-del.json" - - "acltb_test_rules_part_1.json" - - "acltb_test_rules_part_2.json" - -# Generate file with switch information -- template: src=acltb.j2 dest=/tmp/acltb_switch_info.txt - connection: local - -- name: Copy switch info file to the PTF host - copy: src=/tmp/acltb_switch_info.txt dest=/tmp/acltb_switch_info.txt - delegate_to: "{{ ptf_host }}" - -- block: - - name: Apply allow all rule - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules_allow_all.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply test rules - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: copy acsbase files - copy: src=roles/test/files/acstests - dest=/root - delegate_to: "{{ ptf_host }}" - - - name: Run the test - include: ptf_runner.yml - vars: - ptf_test_name: ACL Test - ptf_test_dir: acstests - ptf_test_path: acltb_test.AclTest - ptf_platform: remote - ptf_test_params: - - verbose=True - - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" - - switch_info=\"/tmp/acltb_switch_info.txt\" - - testbed_type=\"{{ testbed_type }}\" - - - name: Clean up ACL rules. - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply part 1 of ACL rules. - vars: - command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_1.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply part 2 of ACL rules. - vars: - command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_2.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Run the test - include: ptf_runner.yml - vars: - ptf_test_name: ACL Test - ptf_test_dir: acstests - ptf_test_path: acltb_test.AclTest - ptf_platform: remote - ptf_test_params: - - verbose=True - - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" - - switch_info=\"/tmp/acltb_switch_info.txt\" - - testbed_type=\"{{ testbed_type }}\" - - always: - - name: Clean up ACL rules. - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml +# Set facts for the loganalizer +- set_fact: + out_dir: /tmp/ + testname: acl + run_dir: /tmp/ + +# Gather minigraph facts +- name: Gathering minigraph facts about the device + minigraph_facts: host={{ inventory_hostname }} + become: no + connection: local + +- name: Read port reverse alias mapping + set_fact: + alias_reverse_map: "{{ minigraph_map_ngs_to_sonic }}" + podset_number: 200 + +# Copy ACL config to the switch +- name: Copy ACL config file to the DUT + copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" + with_items: + - "acltb_test_rules.json" + - "acltb_test_rules_allow_all.json" + - "acltb_test_rules-del.json" + - "acltb_test_rules_part_1.json" + - "acltb_test_rules_part_2.json" + +# Generate file with switch information +- template: src=acltb.j2 dest=/tmp/acltb_switch_info.txt + connection: local + +- name: Copy switch info file to the PTF host + copy: src=/tmp/acltb_switch_info.txt dest=/tmp/acltb_switch_info.txt + delegate_to: "{{ ptf_host }}" + +- block: + - name: Apply allow all rule + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules_allow_all.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply test rules + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: copy acsbase files + copy: src=roles/test/files/acstests + dest=/root + delegate_to: "{{ ptf_host }}" + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + - name: Clean up ACL rules. + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply part 1 of ACL rules. + vars: + command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_1.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply part 2 of ACL rules. + vars: + command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_2.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + - name: Save the applied ACL in ConfigDB + command: config save -y + + - name: Reboot the switch + include: common_tasks/reboot_sonic.yml + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + always: + # Copy ACL config to the switch + - name: Copy ACL config file to the DUT + copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" + with_items: + - "acltb_test_rules-del.json" + + - name: Clean up ACL rules. + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Ensure ConfigDB is cleaned up + command: config save -y From fd06776f29eb82e7945b95e8a552f25395348fc7 Mon Sep 17 00:00:00 2001 From: Anandaraj Maharajan Date: Fri, 9 Mar 2018 11:18:43 +0530 Subject: [PATCH 2/3] modified cleanup section with acl-loader delete command --- ansible/roles/test/tasks/acltb.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/ansible/roles/test/tasks/acltb.yml b/ansible/roles/test/tasks/acltb.yml index d9f4d93dc3a..b90d421c2db 100644 --- a/ansible/roles/test/tasks/acltb.yml +++ b/ansible/roles/test/tasks/acltb.yml @@ -115,17 +115,8 @@ - testbed_type=\"{{ testbed_type }}\" always: - # Copy ACL config to the switch - - name: Copy ACL config file to the DUT - copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" - with_items: - - "acltb_test_rules-del.json" - - name: Clean up ACL rules. - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml + command: acl-loader delete - name: Ensure ConfigDB is cleaned up command: config save -y From c221258c725f3470dd4a6b2b0c4000a952261170 Mon Sep 17 00:00:00 2001 From: Anandaraj Date: Fri, 27 Apr 2018 12:01:43 -0700 Subject: [PATCH 3/3] Change acl-loader delete to old command Using 'acl-loader delete' deleted all the ACLs including snmp/vty/data/erspan etc. However using 'acl-loader update deletes only the dataacl. So reverting back to old change in always section. --- ansible/roles/test/tasks/acltb.yml | 247 +++++++++++++++-------------- 1 file changed, 125 insertions(+), 122 deletions(-) diff --git a/ansible/roles/test/tasks/acltb.yml b/ansible/roles/test/tasks/acltb.yml index b90d421c2db..d2b7b26b3c5 100644 --- a/ansible/roles/test/tasks/acltb.yml +++ b/ansible/roles/test/tasks/acltb.yml @@ -1,122 +1,125 @@ -# Set facts for the loganalizer -- set_fact: - out_dir: /tmp/ - testname: acl - run_dir: /tmp/ - -# Gather minigraph facts -- name: Gathering minigraph facts about the device - minigraph_facts: host={{ inventory_hostname }} - become: no - connection: local - -- name: Read port reverse alias mapping - set_fact: - alias_reverse_map: "{{ minigraph_map_ngs_to_sonic }}" - podset_number: 200 - -# Copy ACL config to the switch -- name: Copy ACL config file to the DUT - copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" - with_items: - - "acltb_test_rules.json" - - "acltb_test_rules_allow_all.json" - - "acltb_test_rules-del.json" - - "acltb_test_rules_part_1.json" - - "acltb_test_rules_part_2.json" - -# Generate file with switch information -- template: src=acltb.j2 dest=/tmp/acltb_switch_info.txt - connection: local - -- name: Copy switch info file to the PTF host - copy: src=/tmp/acltb_switch_info.txt dest=/tmp/acltb_switch_info.txt - delegate_to: "{{ ptf_host }}" - -- block: - - name: Apply allow all rule - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules_allow_all.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply test rules - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: copy acsbase files - copy: src=roles/test/files/acstests - dest=/root - delegate_to: "{{ ptf_host }}" - - - name: Run the test - include: ptf_runner.yml - vars: - ptf_test_name: ACL Test - ptf_test_dir: acstests - ptf_test_path: acltb_test.AclTest - ptf_platform: remote - ptf_test_params: - - verbose=True - - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" - - switch_info=\"/tmp/acltb_switch_info.txt\" - - testbed_type=\"{{ testbed_type }}\" - - - name: Clean up ACL rules. - vars: - command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply part 1 of ACL rules. - vars: - command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_1.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Apply part 2 of ACL rules. - vars: - command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_2.json" - errors_expected: false - include: roles/test/tasks/run_command_with_log_analyzer.yml - - - name: Run the test - include: ptf_runner.yml - vars: - ptf_test_name: ACL Test - ptf_test_dir: acstests - ptf_test_path: acltb_test.AclTest - ptf_platform: remote - ptf_test_params: - - verbose=True - - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" - - switch_info=\"/tmp/acltb_switch_info.txt\" - - testbed_type=\"{{ testbed_type }}\" - - - name: Save the applied ACL in ConfigDB - command: config save -y - - - name: Reboot the switch - include: common_tasks/reboot_sonic.yml - - - name: Run the test - include: ptf_runner.yml - vars: - ptf_test_name: ACL Test - ptf_test_dir: acstests - ptf_test_path: acltb_test.AclTest - ptf_platform: remote - ptf_test_params: - - verbose=True - - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" - - switch_info=\"/tmp/acltb_switch_info.txt\" - - testbed_type=\"{{ testbed_type }}\" - - always: - - name: Clean up ACL rules. - command: acl-loader delete - - - name: Ensure ConfigDB is cleaned up - command: config save -y +# Set facts for the loganalizer +- set_fact: + out_dir: /tmp/ + testname: acl + run_dir: /tmp/ + +# Gather minigraph facts +- name: Gathering minigraph facts about the device + minigraph_facts: host={{ inventory_hostname }} + become: no + connection: local + +- name: Read port reverse alias mapping + set_fact: + alias_reverse_map: "{{ minigraph_map_ngs_to_sonic }}" + podset_number: 200 + +# Copy ACL config to the switch +- name: Copy ACL config file to the DUT + copy: src="roles/test/tasks/acl/{{ item }}" dest="/tmp/" + with_items: + - "acltb_test_rules.json" + - "acltb_test_rules_allow_all.json" + - "acltb_test_rules-del.json" + - "acltb_test_rules_part_1.json" + - "acltb_test_rules_part_2.json" + +# Generate file with switch information +- template: src=acltb.j2 dest=/tmp/acltb_switch_info.txt + connection: local + +- name: Copy switch info file to the PTF host + copy: src=/tmp/acltb_switch_info.txt dest=/tmp/acltb_switch_info.txt + delegate_to: "{{ ptf_host }}" + +- block: + - name: Apply allow all rule + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules_allow_all.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply test rules + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: copy acsbase files + copy: src=roles/test/files/acstests + dest=/root + delegate_to: "{{ ptf_host }}" + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + - name: Clean up ACL rules. + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply part 1 of ACL rules. + vars: + command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_1.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply part 2 of ACL rules. + vars: + command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_part_2.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + - name: Save the applied ACL in ConfigDB + command: config save -y + + - name: Reboot the switch + include: common_tasks/reboot_sonic.yml + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + + always: + - name: Clean up ACL rules. + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Ensure ConfigDB is cleaned up + command: config save -y