Skip to main content

Library for testing network virtual appliances using Docker

Project description

Test network virtual appliance using Docker containers

General information

Description

This project is a Python library for testing network virtual appliances.

Author

Alexey Bogdanenko

License

Alpy is licensed under SPDX-License-Identifier: GPL-3.0-or-later. See COPYING for more details.

Features

The simplest docker to QEMU networking connection

Nothing in the middle. No bridges, no veth pairs, no NAT etc.

Each layer 2 frame emitted is delivered unmodified, reliably.

Reliable packet capture

Each frame is captured reliably thanks to the QEMU filter-dump feature.

First-class Docker container support

Alpy follows and encourages single process per container design.

Logging

Test logs are easy to configure and customize. Alpy consistently uses Python logging module.

Alpy collects serial console log in binary as well as text (escaped) form.

No trash left behind

Alpy cleans up after itself:

  • processes stopped with error codes and logs collected,

  • files, directories unmounted,

  • temporary files removed,

  • sockets closed,

  • interfaces removed…

… reliably.

No root required

Run as a regular user.

Documentation

General

Alpy manages containers via Docker Python API.

Alpy interacts with QEMU using Python API of the QEMU Monitor Protocol (QMP). QMP is a JSON-based protocol that allows applications to communicate with a QEMU instance. For information about QMP, see qmp package page on PyPI.

Alpy gives user Pexpect object to interact with a serial console. The Pexpect object is configured to log console input and output via the standard logging module.

API documentation

The documentation is published on GitLab Pages of your GitLab project (if GitLab Pages is enabled on your GitLab instance). For example, upstream project documentation lives at https://abogdanenko.gitlab.io/alpy.

Alpy API documentation is generated using Sphinx. To generate HTML API documentation locally, install Sphinx package and run the following command:

PYTHONPATH=. sphinx-build docs public

To view the generated documentation, open public/index.html in a browser.

FAQ

How do I watch serial console?

Use tail:

tail --follow name --retry console.log

The same command, but shorter:

tail -F console.log

How do I watch traffic on an interface?

Use tcpdump:

tail --bytes +0 --follow name --retry link0.pcap | tcpdump -n -r -

The same command, but shorter:

tail -Fc +0 link0.pcap | tcpdump -nr-

Can I use Wireshark to watch traffic on an interface?

Yes, you can:

tail --bytes +0 --follow name --retry link0.pcap | wireshark -k -i -

The same command, but shorter:

tail -Fc +0 link0.pcap | wireshark -ki-

How do I debug my program?

Use The Python Debugger.

How do I enter node network namespace?

  1. Get node pid:

    docker inspect --format '{{.State.Pid}}' node0
  2. Jump into node namespace using that pid:

    nsenter --net --target "$pid"

One-liner:

nsenter --net --target "$(docker inspect --format '{{.State.Pid}}' node0)"

Network design

The appliance being tested is referred to as a device under test or DUT.

The DUT communicates with containers attached to each of its network links.

Guest network adapters are connected to the host via tap devices (Figure 1):

+-----QEMU hypervisor------+
|                          |   +-------------+
| +-----Guest OS-----+     |   |             |
| |                  |     |   |  docker     |
| | +--------------+ |     |   |  container  |
| | |              | |     |   |  network    |
| | |  NIC driver  | |     |   |  namespace  |
| | |              | |     |   |             |
| +------------------+     |   |   +-----+   |
|   |              |       |   |   |     |   |
|   | NIC hardware +---+-----------+ tap |   |
|   |              |   |   |   |   |     |   |
|   +--------------+   |   |   |   +-----+   |
|                      |   |   |             |
+--------------------------+   +-------------+
                       |
                       |
                       v
                 +-----------+
                 |           |
                 | pcap file |
                 |           |
                 +-----------+

Figure 1. Network link between QEMU guest and a docker container.

Each tap device lives in its network namespace. This namespace belongs to a dedicated container - a node. The node’s purpose is to keep the namespace alive during the lifetime of a test.

For an application to be able to communicate with the DUT the application is containerized. The application container must be created in a special way: it must share network namespace with one of the nodes.

Figure 2 shows an example where application containers app0 and app1 share network namespace with node container node0. Application container app2 shares another network namespace with node2.

This sharing is supported by Docker. All we have to do is to create the application container with the --network=container:NODE_NAME Docker option. For example, if we want to send traffic to the DUT via its first link, we create a traffic generator container with Docker option --network=container:node0.

+----QEMU---+   +------shared network namespace-----+
|           |   |                                   |
|           |   |    eth0                           |
|   +---+   |   |   +---+   +-----+ +----+ +----+   |
|   |NIC+-----------+tap|   |node0| |app0| |app1|   |
|   +---+   |   |   +---+   +-----+ +----+ +----+   |
|           |   |                                   |
|           |   +-----------------------------------+
|           |
|           |
|           |
|           |   +------shared network namespace-----+
|           |   |                                   |
|           |   |    eth0                           |
|   +---+   |   |   +---+   +-----+                 |
|   |NIC+-----------+tap|   |node1|                 |
|   +---+   |   |   +---+   +-----+                 |
|           |   |                                   |
|           |   +-----------------------------------+
|           |
|           |
|           |
|           |   +------shared network namespace-----+
|           |   |                                   |
|           |   |    eth0                           |
|   +---+   |   |   +---+   +-----+ +----+          |
|   |NIC+-----------+tap|   |node2| |app2|          |
|   +---+   |   |   +---+   +-----+ +----+          |
|           |   |                                   |
+-----------+   +-----------------------------------+

Figure 2. Application containers attached to the DUT links.

Rabbit

The alpy library repository includes scripts and modules to build a simple appliance called Rabbit. Rabbit is Alpine Linux with a few packages pre-installed. Having this simple DUT allows to demonstrate the library features.

The tests for the Rabbit device share a lot of code so the code is organized as a library. The library is called carrot.

Testing the alpy library

A note about GitLab Container Registry

Many CI jobs use one of the custom images built on the “build-docker-images” stage. The images are stored in the GitLab Container Registry.

The images are pulled from locations specified by GitLab variables. By default, the variables point to the registry of the current GitLab project.

If you forked this project and GitLab Container Registry is disabled in your project, override the variables on a project level so that the images are pulled from some other registry.

For example, set IMAGE_ALPINE=registry.gitlab.com/abogdanenko/alpy/alpine.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

alpy-0.23.0.tar.gz (13.9 kB view details)

Uploaded Source

Built Distribution

alpy-0.23.0-py3-none-any.whl (24.8 kB view details)

Uploaded Python 3

File details

Details for the file alpy-0.23.0.tar.gz.

File metadata

  • Download URL: alpy-0.23.0.tar.gz
  • Upload date:
  • Size: 13.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.8.0

File hashes

Hashes for alpy-0.23.0.tar.gz
Algorithm Hash digest
SHA256 11d535ca717f701d99527483acbf5660618d9165901e75d814611c95ea715e72
MD5 ebb9e2c02f19d9a26ce3fb7dc02f5289
BLAKE2b-256 0a025077b6a0e2eaa3f6b7135c8d6df2abf417cf17e753a3f1a5a713ed5f2bf6

See more details on using hashes here.

File details

Details for the file alpy-0.23.0-py3-none-any.whl.

File metadata

  • Download URL: alpy-0.23.0-py3-none-any.whl
  • Upload date:
  • Size: 24.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.8.0

File hashes

Hashes for alpy-0.23.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c34615775a218b1cd126ced3e5ee437238d8931047fe6ee408ea0542ae08c551
MD5 0d1472d14684589bb06cf6b1a17f22d1
BLAKE2b-256 f91408110e82844de1481700f1e1b1e6b398935950063e1035e985038e7ea4d2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page