Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GCU test for Monitor Config #5116

Merged
merged 6 commits into from
Mar 21, 2022
Merged

GCU test for Monitor Config #5116

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2043a7f
monitor config test
wen587 Feb 10, 2022
1425558
1. resolve comment 2. remove yang ignored flag
wen587 Feb 14, 2022
7b905c1
Merge branch 'master' into monitor_config
wen587 Feb 15, 2022
fb2f482
Add comment for valid acl ports
wen587 Feb 16, 2022
c0ed5f1
Merge branch 'monitor_config' of https://github.com/wen587/sonic-mgmt…
wen587 Feb 16, 2022
170da8b
Clean up monitor config before test
wen587 Feb 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion tests/generic_config_updater/gu_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@

CONTAINER_SERVICES_LIST = ["swss", "syncd", "radv", "lldp", "dhcp_relay", "teamd", "bgp", "pmon", "telemetry", "acms"]
DEFAULT_CHECKPOINT_NAME = "test"
YANG_IGNORED_OPTIONS = "-i /FEATURE -i /QUEUE -i /SCHEDULER -i /BUFFER_PORT_INGRESS_PROFILE_LIST -i /BUFFER_PORT_EGRESS_PROFILE_LIST"
YANG_IGNORED_OPTIONS = "-i /BUFFER_PORT_INGRESS_PROFILE_LIST -i /BUFFER_PORT_EGRESS_PROFILE_LIST"


def generate_tmpfile(duthost):
"""Generate temp file
Expand Down
214 changes: 214 additions & 0 deletions tests/generic_config_updater/test_monitor_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
import logging
import pytest

from tests.common.helpers.assertions import pytest_assert
from tests.generic_config_updater.gu_utils import apply_patch, expect_op_success, expect_res_success
from tests.generic_config_updater.gu_utils import generate_tmpfile, delete_tmpfile
from tests.generic_config_updater.gu_utils import create_checkpoint, delete_checkpoint, rollback, rollback_or_reload

logger = logging.getLogger(__name__)

MONITOR_CONFIG_TEST_CP = "monitor_config_test"
MONITOR_CONFIG_INITIAL_CP = "monitor_config_initial"
MONITOR_CONFIG_ACL_TABLE = "EVERFLOW_DSCP_TEST"
MONITOR_CONFIG_ACL_RULE = "RULE_1"
MONITOR_CONFIG_MIRROR_SESSION = "mirror_session_dscp_test"
MONITOR_CONFIG_POLICER = "everflow_policer_test"

@pytest.fixture(scope='module')
def get_valid_acl_ports(cfg_facts):
""" Get valid acl ports that could be added to ACL table
"""
ports = set()
portchannel_members = set()

portchannel_member_dict = cfg_facts.get('PORTCHANNEL_MEMBER', {})
for po, po_members in portchannel_member_dict.items():
ports.add(po)
for po_member in po_members:
portchannel_members.add(po_member)

port_dict = cfg_facts.get('PORT', {})
for key in port_dict:
if key not in portchannel_members:
ports.add(key)

return list(ports)

@pytest.fixture(autouse=True)
def setup_env(duthosts, rand_one_dut_hostname):
"""
Setup/teardown fixture for syslog config

Args:
duthosts: list of DUTs.
rand_selected_dut: The fixture returns a randomly selected DuT.
"""
duthost = duthosts[rand_one_dut_hostname]
create_checkpoint(duthost)

yield

try:
logger.info("Rolled back to original checkpoint")
rollback_or_reload(duthost)

finally:
delete_checkpoint(duthost)

def verify_monitor_config(duthost):
"""
This config contains 4 parts: ACL_TABLE, ACL_RULE, POLICER, MIRROR_SESSION

admin@vlab-01:~$ show acl table EVERFLOW_DSCP_TEST
Name Type Binding Description Stage
------------------ ----------- --------- ------------------ -------
EVERFLOW_DSCP_TEST MIRROR_DSCP Ethernet0 EVERFLOW_DSCP_TEST ingress
...

admin@vlab-01:~$ show acl rule EVERFLOW_DSCP_TEST RULE_1
Table Rule Priority Action Match
------------------ ------ ---------- ---------------------------------------- -------
EVERFLOW_DSCP_TEST RULE_1 9999 MIRROR INGRESS: mirror_session_dscp_test DSCP: 5

admin@vlab-01:~/everflow$ show policer everflow_static_policer
Name Type Mode CIR CBS
----------------------- ------ ------ -------- --------
everflow_policer_test bytes sr_tcm 12500000 12500000

admin@vlab-01:~$ show mirror_session mirror_session_dscp_test
ERSPAN Sessions
Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction
------------------------ -------- -------- -------- ----- ------ ----- ------- ----------------------- -------------- ---------- -----------
mirror_session_dscp_test active 1.1.1.1 2.2.2.2 5 32 everflow_policer_test
...
"""
table = duthost.shell("show acl table {}".format(MONITOR_CONFIG_ACL_TABLE))
expect_res_success(duthost, table, [MONITOR_CONFIG_ACL_TABLE], [])

rule = duthost.shell("show acl rule {} {}".format(MONITOR_CONFIG_ACL_TABLE, MONITOR_CONFIG_ACL_RULE))
expect_res_success(duthost, rule, [
MONITOR_CONFIG_ACL_TABLE, MONITOR_CONFIG_ACL_RULE, MONITOR_CONFIG_MIRROR_SESSION], [])

policer = duthost.shell("show policer {}".format(MONITOR_CONFIG_POLICER))
expect_res_success(duthost, policer, [MONITOR_CONFIG_POLICER], [])

mirror_session = duthost.shell("show mirror_session {}".format(MONITOR_CONFIG_MIRROR_SESSION))
expect_res_success(duthost, mirror_session, [
MONITOR_CONFIG_MIRROR_SESSION, MONITOR_CONFIG_POLICER], [])
Copy link
Collaborator

@bingwang-ms bingwang-ms Feb 14, 2022
edited by wen587
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking are we able to do more check besides CLI level checking, such as check syslog to ensure that ACL_RULE is created successfully. #plan for future

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding validation, there are multiple things we can check:

  1. final status, like check policers, acls are there,
  2. check the right order of applying (Log analyzer is useful here)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mark the extra level checking as plan for future.


def verify_no_monitor_config(duthost):
"""
Clean up monitor config in ACL_TABLE, ACL_RULE, POLICER, MIRROR_SESSION
"""
table = duthost.shell("show acl table {}".format(MONITOR_CONFIG_ACL_TABLE))
expect_res_success(duthost, table, [], [MONITOR_CONFIG_ACL_TABLE])

rule = duthost.shell("show acl rule {} {}".format(MONITOR_CONFIG_ACL_TABLE, MONITOR_CONFIG_ACL_RULE))
expect_res_success(duthost, rule, [], [
MONITOR_CONFIG_ACL_TABLE, MONITOR_CONFIG_ACL_RULE, MONITOR_CONFIG_MIRROR_SESSION])

policer = duthost.shell("show policer {}".format(MONITOR_CONFIG_POLICER))
expect_res_success(duthost, policer, [], [MONITOR_CONFIG_POLICER])

mirror_session = duthost.shell("show mirror_session {}".format(MONITOR_CONFIG_MIRROR_SESSION))
expect_res_success(duthost, mirror_session, [], [
MONITOR_CONFIG_MIRROR_SESSION, MONITOR_CONFIG_POLICER])

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same above. It would be better if we are able to do more check besides CLI level.

def monitor_config_add_config(duthost, get_valid_acl_ports):
""" Test to add everflow always on config
"""
json_patch = [
{
"op": "add",
"path": "/ACL_TABLE/{}".format(MONITOR_CONFIG_ACL_TABLE),
"value": {
"policy_desc": "{}".format(MONITOR_CONFIG_ACL_TABLE),
"ports": get_valid_acl_ports,
"stage": "ingress",
"type": "MIRROR_DSCP"
}
},
{
"op": "add",
"path": "/ACL_RULE",
"value": {
"{}|{}".format(MONITOR_CONFIG_ACL_TABLE, MONITOR_CONFIG_ACL_RULE): {
"DSCP": "5",
"MIRROR_INGRESS_ACTION": "{}".format(MONITOR_CONFIG_MIRROR_SESSION),
"PRIORITY": "9999"
}
}
},
{
"op": "add",
"path": "/MIRROR_SESSION",
"value": {
"{}".format(MONITOR_CONFIG_MIRROR_SESSION): {
"dscp": "5",
"dst_ip": "2.2.2.2",
"policer": "{}".format(MONITOR_CONFIG_POLICER),
"src_ip": "1.1.1.1",
"ttl": "32",
"type": "ERSPAN"
}
}
},
{
"op": "add",
"path": "/POLICER",
"value": {
"{}".format(MONITOR_CONFIG_POLICER): {
"meter_type": "bytes",
"mode": "sr_tcm",
"cir": "12500000",
"cbs": "12500000",
"red_packet_action": "drop"
}
}
}
]

tmpfile = generate_tmpfile(duthost)
logger.info("tmpfile {}".format(tmpfile))

try:
output = apply_patch(duthost, json_data=json_patch, dest_file=tmpfile)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some dependency among ACL, mirror and policer. So, the order for applying different configs is required to respect the dependency. The correct order is supposed to be

Policer->mirror_session->ACL_TABLE->ACL_RULE

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Yang schema will make sure the configs are added with the correct order.

Copy link
Contributor

@qiluo-msft qiluo-msft Feb 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's assume the order for applying different configs is wrong. What happens to the orchagent/syncd? Will they tolerate or complain, or crash?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config has its dependency. For example, ACL_RULE is based on ACL_TABLE, which means ACL_TABLE has to be applied first before ACL_RULE. The dependency is defined in yang(leafref specificly).
So if order is wrong, the apply-patch operation will fail and no further impact on orchagent/syncd.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bingwang-ms Could you check my question above?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

orchagent will complain some ERROR or WARNING logs if the referenced object is not found. It will not crash.

expect_op_success(duthost, output)

verify_monitor_config(duthost)
finally:
delete_tmpfile(duthost, tmpfile)

def test_monitor_config_tc1_suite(duthost, get_valid_acl_ports):
""" Test enable/disable EverflowAlwaysOn config
"""
# Step 1: Create checkpoint at initial state
create_checkpoint(duthost, MONITOR_CONFIG_INITIAL_CP)

# Step 2: Add EverflowAlwaysOn config to duthost
monitor_config_add_config(duthost, get_valid_acl_ports)

# Step 3: Create checkpoint that containing desired EverflowAlwaysOn config
create_checkpoint(duthost, MONITOR_CONFIG_TEST_CP)

try:
# Step 4: Rollback to initial state disabling monitor config
output = rollback(duthost, MONITOR_CONFIG_INITIAL_CP)
pytest_assert(
not output['rc'] and "Config rolled back successfull" in output['stdout'],
"config rollback to {} failed.".format(MONITOR_CONFIG_INITIAL_CP)
)
verify_no_monitor_config(duthost)

# Step 5: Rollback to EverflowAlwaysOn config and verify
output = rollback(duthost, MONITOR_CONFIG_TEST_CP)
pytest_assert(
not output['rc'] and "Config rolled back successfull" in output['stdout'],
"config rollback to {} failed.".format(MONITOR_CONFIG_TEST_CP)
)
verify_monitor_config(duthost)

finally:
delete_checkpoint(duthost, MONITOR_CONFIG_INITIAL_CP)
delete_checkpoint(duthost, MONITOR_CONFIG_TEST_CP)