You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2015/12/09 16:12:33 UTC
[3/4] git commit: updated refs/heads/master to 7043958
CLOUDSTACK-9120 - Moves tests to the smoke directory
- Those tests are doing a lot more than component tests would do. They require hardware and a lot of resources from real hypervisors.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fb92de52
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fb92de52
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fb92de52
Branch: refs/heads/master
Commit: fb92de52623f5a5a354cf78f5e91dafa3ee6f337
Parents: 738b788
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Tue Dec 8 20:28:07 2015 +0100
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Tue Dec 8 20:28:07 2015 +0100
----------------------------------------------------------------------
.../component/test_router_dhcphosts.py | 381 -------
.../test_routers_iptables_default_policy.py | 678 ------------
.../component/test_routers_network_ops.py | 1020 ------------------
.../integration/component/test_vpc_redundant.py | 669 ------------
.../component/test_vpc_router_nics.py | 514 ---------
test/integration/smoke/test_router_dhcphosts.py | 381 +++++++
.../test_routers_iptables_default_policy.py | 678 ++++++++++++
.../smoke/test_routers_network_ops.py | 1020 ++++++++++++++++++
test/integration/smoke/test_vpc_redundant.py | 669 ++++++++++++
test/integration/smoke/test_vpc_router_nics.py | 514 +++++++++
10 files changed, 3262 insertions(+), 3262 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fb92de52/test/integration/component/test_router_dhcphosts.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_router_dhcphosts.py b/test/integration/component/test_router_dhcphosts.py
deleted file mode 100644
index 4c2ec4c..0000000
--- a/test/integration/component/test_router_dhcphosts.py
+++ /dev/null
@@ -1,381 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Import Local Modules
-from nose.plugins.attrib import attr
-from marvin.cloudstackTestCase import cloudstackTestCase
-from marvin.cloudstackAPI import (stopVirtualMachine,
- stopRouter,
- startRouter)
-from marvin.lib.utils import (cleanup_resources,
- get_process_status)
-from marvin.lib.base import (ServiceOffering,
- VirtualMachine,
- Account,
- ServiceOffering,
- NATRule,
- NetworkACL,
- FireWallRule,
- PublicIPAddress,
- NetworkOffering,
- Network,
- Router)
-from marvin.lib.common import (get_zone,
- get_template,
- get_domain,
- list_virtual_machines,
- list_networks,
- list_configurations,
- list_routers,
- list_nat_rules,
- list_publicIP,
- list_firewall_rules,
- list_hosts)
-
-# Import System modules
-import time
-import logging
-
-
-class TestRouterDHCPHosts(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
-
- cls.logger = logging.getLogger('TestRouterDHCPHosts')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- cls.testClient = super(TestRouterDHCPHosts, cls).getClsTestClient()
- cls.api_client = cls.testClient.getApiClient()
-
- cls.services = cls.testClient.getParsedTestDataConfig()
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.api_client)
- cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
- cls.services['mode'] = cls.zone.networktype
- cls.template = get_template(
- cls.api_client,
- cls.zone.id,
- cls.services["ostype"]
- )
-
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
-
- cls.logger.debug("Creating Admin Account for domain %s on zone %s" % (cls.domain.id, cls.zone.id))
- # Create an account, network, VM and IP addresses
- cls.account = Account.create(
- cls.api_client,
- cls.services["account"],
- admin=True,
- domainid=cls.domain.id
- )
-
- cls.logger.debug("Creating Service Offering on zone %s" % (cls.zone.id))
- cls.service_offering = ServiceOffering.create(
- cls.api_client,
- cls.services["service_offering"]
- )
-
- cls.services["isolated_network_offering"]["egress_policy"] = "true"
-
- cls.logger.debug("Creating Network Offering on zone %s" % (cls.zone.id))
- cls.network_offering = NetworkOffering.create(cls.api_client,
- cls.services["isolated_network_offering"],
- conservemode=True)
-
- cls.network_offering.update(cls.api_client, state='Enabled')
-
- cls.logger.debug("Creating Network for Account %s using offering %s" % (cls.account.name, cls.network_offering.id))
- cls.network = Network.create(cls.api_client,
- cls.services["network"],
- accountid=cls.account.name,
- domainid=cls.account.domainid,
- networkofferingid=cls.network_offering.id,
- zoneid=cls.zone.id)
-
- cls.logger.debug("Creating VM1 for Account %s using offering %s with IP 10.1.1.50" % (cls.account.name, cls.service_offering.id))
- cls.vm_1 = VirtualMachine.create(cls.api_client,
- cls.services["virtual_machine"],
- templateid=cls.template.id,
- accountid=cls.account.name,
- domainid=cls.domain.id,
- serviceofferingid=cls.service_offering.id,
- networkids=[str(cls.network.id)],
- ipaddress="10.1.1.50")
-
- cls.logger.debug("Creating VM2 for Account %s using offering %s with IP 10.1.1.51" % (cls.account.name, cls.service_offering.id))
- cls.vm_2 = VirtualMachine.create(cls.api_client,
- cls.services["virtual_machine"],
- templateid=cls.template.id,
- accountid=cls.account.name,
- domainid=cls.domain.id,
- serviceofferingid=cls.service_offering.id,
- networkids=[str(cls.network.id)],
- ipaddress="10.1.1.51")
-
- cls.services["natrule1"] = {
- "privateport": 22,
- "publicport": 222,
- "protocol": "TCP"
- }
-
- cls.services["natrule2"] = {
- "privateport": 22,
- "publicport": 223,
- "protocol": "TCP"
- }
-
- cls.services["configurableData"] = {
- "host": {
- "password": "password",
- "username": "root",
- "port": 22
- },
- "input": "INPUT",
- "forward": "FORWARD"
- }
-
- cls._cleanup = [
- cls.vm_2,
- cls.network,
- cls.network_offering,
- cls.service_offering,
- cls.account
- ]
-
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cleanup_resources(cls.api_client, cls._cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.apiclient = self.testClient.getApiClient()
- self.cleanup = []
- return
-
- def tearDown(self):
- try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def test_ssh_command(self, vm, nat_rule, rule_label):
- result = 'failed'
- try:
- ssh_command = "ping -c 3 8.8.8.8"
- self.logger.debug("SSH into VM with IP: %s" % nat_rule.ipaddress)
-
- ssh = vm.get_ssh_client(ipaddress=nat_rule.ipaddress, port=self.services[rule_label]["publicport"], retries=5)
- result = str(ssh.execute(ssh_command))
-
- self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
- except:
- self.fail("Failed to SSH into VM - %s" % (nat_rule.ipaddress))
-
- self.assertEqual(
- result.count("3 packets received"),
- 1,
- "Ping to outside world from VM should be successful"
- )
-
- def test_dhcphosts(self, vm, router):
- hosts = list_hosts(
- self.apiclient,
- id=router.hostid)
-
- self.assertEqual(
- isinstance(hosts, list),
- True,
- "Check for list hosts response return valid data")
-
- host = hosts[0]
- host.user = self.services["configurableData"]["host"]["username"]
- host.passwd = self.services["configurableData"]["host"]["password"]
- host.port = self.services["configurableData"]["host"]["port"]
- #mac1,10.7.32.101,infinite
- try:
- result = get_process_status(
- host.ipaddress,
- host.port,
- host.user,
- host.passwd,
- router.linklocalip,
- "cat /etc/dhcphosts.txt | grep %s | sed 's/\,/ /g' | awk '{print $2}'" % (vm.nic[0].ipaddress))
- except KeyError:
- self.skipTest(
- "Provide a marvin config file with host\
- credentials to run %s" %
- self._testMethodName)
-
- self.logger.debug("cat /etc/dhcphosts.txt | grep %s | sed 's/\,/ /g' | awk '{print $2}' RESULT IS ==> %s" % (vm.nic[0].ipaddress, result))
- res = str(result)
-
- self.assertEqual(
- res.count(vm.nic[0].ipaddress),
- 1,
- "DHCP hosts file contains duplicate IPs ==> %s!" % res)
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_router_dhcphosts(self):
- """Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs"""
-
- self.logger.debug("Starting test_router_dhcphosts...")
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
-
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
-
- self.assertNotEqual(
- len(routers),
- 0,
- "Check list router response"
- )
-
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
-
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- public_ip = public_ips[0]
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule1"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule1"]["publicport"],
- endport=self.services["natrule1"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
- # Create NAT rule
- nat_rule1 = NATRule.create(
- self.apiclient,
- self.vm_1,
- self.services["natrule1"],
- public_ip.id
- )
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule2"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule2"]["publicport"],
- endport=self.services["natrule2"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
- # Create NAT rule
- nat_rule2 = NATRule.create(
- self.apiclient,
- self.vm_2,
- self.services["natrule2"],
- public_ip.id
- )
-
- nat_rules = list_nat_rules(
- self.apiclient,
- id=nat_rule1.id
- )
- self.assertEqual(
- isinstance(nat_rules, list),
- True,
- "Check for list NAT rules response return valid data"
- )
- self.assertEqual(
- nat_rules[0].state,
- 'Active',
- "Check list port forwarding rules"
- )
-
- nat_rules = list_nat_rules(
- self.apiclient,
- id=nat_rule2.id
- )
- self.assertEqual(
- isinstance(nat_rules, list),
- True,
- "Check for list NAT rules response return valid data"
- )
- self.assertEqual(
- nat_rules[0].state,
- 'Active',
- "Check list port forwarding rules"
- )
-
- self.logger.debug("Testing SSH to VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
- self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
- self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
-
- self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
- self.test_dhcphosts(self.vm_1, router)
- self.test_dhcphosts(self.vm_2, router)
-
- self.logger.debug("Deleting and Expunging VM %s with ip %s" % (self.vm_1.id, self.vm_1.nic[0].ipaddress))
- self.vm_1.delete(self.apiclient)
-
- self.logger.debug("Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50")
- self.vm_1 = VirtualMachine.create(self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.domain.id,
- serviceofferingid=self.service_offering.id,
- networkids=[str(self.network.id)],
- ipaddress="10.1.1.50")
-
- self.cleanup.append(self.vm_1)
-
- self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
- self.test_dhcphosts(self.vm_1, router)
- self.test_dhcphosts(self.vm_2, router)
-
- return
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fb92de52/test/integration/component/test_routers_iptables_default_policy.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_routers_iptables_default_policy.py b/test/integration/component/test_routers_iptables_default_policy.py
deleted file mode 100644
index a1bec4c..0000000
--- a/test/integration/component/test_routers_iptables_default_policy.py
+++ /dev/null
@@ -1,678 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-""" Test VPC nics after router is destroyed """
-
-from nose.plugins.attrib import attr
-from marvin.cloudstackTestCase import cloudstackTestCase
-from marvin.lib.base import (stopRouter,
- startRouter,
- destroyRouter,
- Account,
- VpcOffering,
- VPC,
- ServiceOffering,
- NATRule,
- NetworkACL,
- PublicIPAddress,
- NetworkOffering,
- Network,
- VirtualMachine,
- LoadBalancerRule)
-from marvin.lib.common import (get_domain,
- get_zone,
- get_template,
- list_routers,
- list_hosts)
-from marvin.lib.utils import (cleanup_resources,
- get_process_status)
-import socket
-import time
-import inspect
-import logging
-
-
-class Services:
- """Test VPC network services - Port Forwarding Rules Test Data Class.
- """
-
- def __init__(self):
- self.services = {
- "configurableData": {
- "host": {
- "password": "password",
- "username": "root",
- "port": 22
- },
- "input": "INPUT",
- "forward": "FORWARD"
- },
- "account": {
- "email": "test@test.com",
- "firstname": "Test",
- "lastname": "User",
- "username": "test",
- # Random characters are appended for unique
- # username
- "password": "password",
- },
- "service_offering": {
- "name": "Tiny Instance",
- "displaytext": "Tiny Instance",
- "cpunumber": 1,
- "cpuspeed": 100,
- "memory": 128,
- },
- "shared_network_offering_sg": {
- "name": "MySharedOffering-sg",
- "displaytext": "MySharedOffering-sg",
- "guestiptype": "Shared",
- "supportedservices": "Dhcp,Dns,UserData,SecurityGroup",
- "specifyVlan": "False",
- "specifyIpRanges": "False",
- "traffictype": "GUEST",
- "serviceProviderList": {
- "Dhcp": "VirtualRouter",
- "Dns": "VirtualRouter",
- "UserData": "VirtualRouter",
- "SecurityGroup": "SecurityGroupProvider"
- }
- },
- "network_offering": {
- "name": 'Test Network offering',
- "displaytext": 'Test Network offering',
- "guestiptype": 'Isolated',
- "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding',
- "traffictype": 'GUEST',
- "availability": 'Optional',
- "serviceProviderList": {
- "Dhcp": 'VirtualRouter',
- "Dns": 'VirtualRouter',
- "SourceNat": 'VirtualRouter',
- "PortForwarding": 'VirtualRouter',
- },
- },
- "vpc_network_offering": {
- "name": 'VPC Network offering',
- "displaytext": 'VPC Network off',
- "guestiptype": 'Isolated',
- "supportedservices": 'Vpn,Dhcp,Dns,SourceNat,PortForwarding,Lb,UserData,StaticNat,NetworkACL',
- "traffictype": 'GUEST',
- "availability": 'Optional',
- "useVpc": 'on',
- "serviceProviderList": {
- "Vpn": 'VpcVirtualRouter',
- "Dhcp": 'VpcVirtualRouter',
- "Dns": 'VpcVirtualRouter',
- "SourceNat": 'VpcVirtualRouter',
- "PortForwarding": 'VpcVirtualRouter',
- "Lb": 'VpcVirtualRouter',
- "UserData": 'VpcVirtualRouter',
- "StaticNat": 'VpcVirtualRouter',
- "NetworkACL": 'VpcVirtualRouter'
- },
- },
- "vpc_network_offering_no_lb": {
- "name": 'VPC Network offering',
- "displaytext": 'VPC Network off',
- "guestiptype": 'Isolated',
- "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,UserData,StaticNat,NetworkACL',
- "traffictype": 'GUEST',
- "availability": 'Optional',
- "useVpc": 'on',
- "serviceProviderList": {
- "Dhcp": 'VpcVirtualRouter',
- "Dns": 'VpcVirtualRouter',
- "SourceNat": 'VpcVirtualRouter',
- "PortForwarding": 'VpcVirtualRouter',
- "UserData": 'VpcVirtualRouter',
- "StaticNat": 'VpcVirtualRouter',
- "NetworkACL": 'VpcVirtualRouter'
- },
- },
- "vpc_offering": {
- "name": 'VPC off',
- "displaytext": 'VPC off',
- "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
- },
- "redundant_vpc_offering": {
- "name": 'Redundant VPC off',
- "displaytext": 'Redundant VPC off',
- "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
- "serviceProviderList": {
- "Vpn": 'VpcVirtualRouter',
- "Dhcp": 'VpcVirtualRouter',
- "Dns": 'VpcVirtualRouter',
- "SourceNat": 'VpcVirtualRouter',
- "PortForwarding": 'VpcVirtualRouter',
- "Lb": 'VpcVirtualRouter',
- "UserData": 'VpcVirtualRouter',
- "StaticNat": 'VpcVirtualRouter',
- "NetworkACL": 'VpcVirtualRouter'
- },
- "serviceCapabilityList": {
- "SourceNat": {
- "RedundantRouter": 'true'
- }
- },
- },
- "vpc": {
- "name": "TestVPC",
- "displaytext": "TestVPC",
- "cidr": '10.1.1.1/16'
- },
- "network": {
- "name": "Test Network",
- "displaytext": "Test Network",
- "netmask": '255.255.255.0'
- },
- "natrule": {
- "privateport": 22,
- "publicport": 22,
- "startport": 22,
- "endport": 22,
- "protocol": "TCP",
- "cidrlist": '0.0.0.0/0',
- },
- "virtual_machine": {
- "displayname": "Test VM",
- "username": "root",
- "password": "password",
- "ssh_port": 22,
- "privateport": 22,
- "publicport": 22,
- "protocol": 'TCP',
- },
- "ostype": 'CentOS 5.3 (64-bit)',
- "timeout": 10,
- }
-
-
-class TestVPCIpTablesPolicies(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
- # We want to fail quicker if it's failure
- socket.setdefaulttimeout(60)
-
- cls.testClient = super(TestVPCIpTablesPolicies, cls).getClsTestClient()
- cls.apiclient = cls.testClient.getApiClient()
-
- cls.services = Services().services
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.apiclient)
- cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests())
- cls.template = get_template(
- cls.apiclient,
- cls.zone.id,
- cls.services["ostype"])
-
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
- cls.services["virtual_machine"]["template"] = cls.template.id
-
- cls.account = Account.create(
- cls.apiclient,
- cls.services["account"],
- admin=True,
- domainid=cls.domain.id)
-
- cls.service_offering = ServiceOffering.create(
- cls.apiclient,
- cls.services["service_offering"])
-
-
- cls.logger = logging.getLogger('TestVPCIpTablesPolicies')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- cls.entity_manager = EntityManager(cls.apiclient, cls.services, cls.service_offering, cls.account, cls.zone, cls.logger)
-
- cls._cleanup = [cls.service_offering, cls.account]
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cleanup_resources(cls.apiclient, cls._cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.logger.debug("Creating a VPC offering.")
- self.vpc_off = VpcOffering.create(
- self.apiclient,
- self.services["vpc_offering"])
-
- self.logger.debug("Enabling the VPC offering created")
- self.vpc_off.update(self.apiclient, state='Enabled')
-
- self.logger.debug("Creating a VPC network in the account: %s" % self.account.name)
-
- self.vpc = VPC.create(
- self.apiclient,
- self.services["vpc"],
- vpcofferingid=self.vpc_off.id,
- zoneid=self.zone.id,
- account=self.account.name,
- domainid=self.account.domainid)
-
- self.cleanup = [self.vpc, self.vpc_off]
- self.entity_manager.set_cleanup(self.cleanup)
- return
-
- def tearDown(self):
- try:
- self.entity_manager.destroy_routers()
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- @attr(tags=["advanced", "intervlan"], required_hardware="true")
- def test_01_single_VPC_iptables_policies(self):
- """ Test iptables default INPUT/FORWARD policies on VPC router """
- self.logger.debug("Starting test_01_single_VPC_iptables_policies")
-
- routers = self.entity_manager.query_routers()
-
- self.assertEqual(
- isinstance(routers, list), True,
- "Check for list routers response return valid data")
-
- self.entity_manager.create_network(self.services["vpc_network_offering"], self.vpc.id, "10.1.1.1")
- self.entity_manager.create_network(self.services["vpc_network_offering_no_lb"], self.vpc.id, "10.1.2.1")
-
- self.entity_manager.add_nat_rules(self.vpc.id)
- self.entity_manager.do_vpc_test()
-
- for router in routers:
- if not router.isredundantrouter and router.vpcid:
- hosts = list_hosts(
- self.apiclient,
- id=router.hostid)
- self.assertEqual(
- isinstance(hosts, list),
- True,
- "Check for list hosts response return valid data")
-
- host = hosts[0]
- host.user = self.services["configurableData"]["host"]["username"]
- host.passwd = self.services["configurableData"]["host"]["password"]
- host.port = self.services["configurableData"]["host"]["port"]
- tables = [self.services["configurableData"]["input"], self.services["configurableData"]["forward"]]
-
- for table in tables:
- try:
- result = get_process_status(
- host.ipaddress,
- host.port,
- host.user,
- host.passwd,
- router.linklocalip,
- 'iptables -L %s' % table)
- except KeyError:
- self.skipTest(
- "Provide a marvin config file with host\
- credentials to run %s" %
- self._testMethodName)
-
- self.logger.debug("iptables -L %s: %s" % (table, result))
- res = str(result)
-
- self.assertEqual(
- res.count("DROP"),
- 1,
- "%s Default Policy should be DROP" % table)
-
-
-class TestRouterIpTablesPolicies(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
- # We want to fail quicker if it's failure
- socket.setdefaulttimeout(60)
-
- cls.testClient = super(TestRouterIpTablesPolicies, cls).getClsTestClient()
- cls.apiclient = cls.testClient.getApiClient()
-
- cls.services = Services().services
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.apiclient)
- cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests())
- cls.template = get_template(
- cls.apiclient,
- cls.zone.id,
- cls.services["ostype"])
-
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
- cls.services["virtual_machine"]["template"] = cls.template.id
-
- cls.account = Account.create(
- cls.apiclient,
- cls.services["account"],
- admin=True,
- domainid=cls.domain.id)
-
- cls.service_offering = ServiceOffering.create(
- cls.apiclient,
- cls.services["service_offering"])
-
- cls.logger = logging.getLogger('TestRouterIpTablesPolicies')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- cls.entity_manager = EntityManager(cls.apiclient, cls.services, cls.service_offering, cls.account, cls.zone, cls.logger)
-
- cls._cleanup = [cls.service_offering, cls.account]
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cleanup_resources(cls.apiclient, cls._cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.cleanup = []
- self.entity_manager.set_cleanup(self.cleanup)
- return
-
- def tearDown(self):
- try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- @attr(tags=["advanced", "intervlan"], required_hardware="true")
- def test_02_routervm_iptables_policies(self):
- """ Test iptables default INPUT/FORWARD policy on RouterVM """
-
- self.logger.debug("Starting test_02_routervm_iptables_policies")
-
- vm1 = self.entity_manager.deployvm()
-
- routers = self.entity_manager.query_routers()
-
- self.assertEqual(
- isinstance(routers, list), True,
- "Check for list routers response return valid data")
-
- for router in routers:
- if not router.isredundantrouter and not router.vpcid:
- hosts = list_hosts(
- self.apiclient,
- id=router.hostid)
- self.assertEqual(
- isinstance(hosts, list),
- True,
- "Check for list hosts response return valid data")
-
- host = hosts[0]
- host.user = self.services["configurableData"]["host"]["username"]
- host.passwd = self.services["configurableData"]["host"]["password"]
- host.port = self.services["configurableData"]["host"]["port"]
- tables = [self.services["configurableData"]["input"], self.services["configurableData"]["forward"]]
-
- for table in tables:
- try:
- result = get_process_status(
- host.ipaddress,
- host.port,
- host.user,
- host.passwd,
- router.linklocalip,
- 'iptables -L %s' % table)
- except KeyError:
- self.skipTest(
- "Provide a marvin config file with host\
- credentials to run %s" %
- self._testMethodName)
-
- self.logger.debug("iptables -L %s: %s" % (table, result))
- res = str(result)
-
- self.assertEqual(
- res.count("DROP"),
- 1,
- "%s Default Policy should be DROP" % table)
-
-
-class EntityManager(object):
-
- def __init__(self, apiclient, services, service_offering, account, zone, logger):
- self.apiclient = apiclient
- self.services = services
- self.service_offering = service_offering
- self.account = account
- self.zone = zone
- self.logger = logger
-
- self.cleanup = []
- self.networks = []
- self.routers = []
- self.ips = []
-
- def set_cleanup(self, cleanup):
- self.cleanup = cleanup
-
- def add_nat_rules(self, vpc_id):
- for o in self.networks:
- for vm in o.get_vms():
- if vm.get_ip() is None:
- vm.set_ip(self.acquire_publicip(o.get_net(), vpc_id))
- if vm.get_nat() is None:
- vm.set_nat(self.create_natrule(vm.get_vm(), vm.get_ip(), o.get_net(), vpc_id))
- time.sleep(5)
-
- def do_vpc_test(self):
- for o in self.networks:
- for vm in o.get_vms():
- self.check_ssh_into_vm(vm.get_vm(), vm.get_ip())
-
- def create_natrule(self, vm, public_ip, network, vpc_id):
- self.logger.debug("Creating NAT rule in network for vm with public IP")
-
- nat_rule_services = self.services["natrule"]
-
- nat_rule = NATRule.create(
- self.apiclient,
- vm,
- nat_rule_services,
- ipaddressid=public_ip.ipaddress.id,
- openfirewall=False,
- networkid=network.id,
- vpcid=vpc_id)
-
- self.logger.debug("Adding NetworkACL rules to make NAT rule accessible")
- nwacl_nat = NetworkACL.create(
- self.apiclient,
- networkid=network.id,
- services=nat_rule_services,
- traffictype='Ingress'
- )
- self.logger.debug('nwacl_nat=%s' % nwacl_nat.__dict__)
- return nat_rule
-
- def check_ssh_into_vm(self, vm, public_ip):
- self.logger.debug("Checking if we can SSH into VM=%s on public_ip=%s" %
- (vm.name, public_ip.ipaddress.ipaddress))
- vm.ssh_client = None
- try:
- vm.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress)
- self.logger.debug("SSH into VM=%s on public_ip=%s is successful" %
- (vm.name, public_ip.ipaddress.ipaddress))
- except:
- raise Exception("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
-
- def create_network(self, net_offerring, vpc_id, gateway='10.1.1.1'):
- try:
- self.logger.debug('Create NetworkOffering')
- net_offerring["name"] = "NET_OFF-" + str(gateway)
- nw_off = NetworkOffering.create(
- self.apiclient,
- net_offerring,
- conservemode=False)
-
- nw_off.update(self.apiclient, state='Enabled')
- self.logger.debug('Created and Enabled NetworkOffering')
-
- self.services["network"]["name"] = "NETWORK-" + str(gateway)
- self.logger.debug('Adding Network=%s to VPC ID %s' % (self.services["network"], vpc_id))
- obj_network = Network.create(
- self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=nw_off.id,
- zoneid=self.zone.id,
- gateway=gateway,
- vpcid=vpc_id)
-
- self.logger.debug("Created network with ID: %s" % obj_network.id)
- except Exception, e:
- raise Exception('Unable to create a Network with offering=%s because of %s ' % (net_offerring, e))
-
- o = networkO(obj_network)
-
- vm1 = self.deployvm_in_network(obj_network)
- self.cleanup.insert(1, obj_network)
- self.cleanup.insert(2, nw_off)
-
- o.add_vm(vm1)
- self.networks.append(o)
- return o
-
- def deployvm_in_network(self, network):
- try:
- self.logger.debug('Creating VM in network=%s' % network.name)
- vm = VirtualMachine.create(
- self.apiclient,
- self.services["virtual_machine"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)])
-
- self.logger.debug('Created VM=%s in network=%s' % (vm.id, network.name))
- self.cleanup.insert(0, vm)
- return vm
- except:
- raise Exception('Unable to create VM in a Network=%s' % network.name)
-
- def deployvm(self):
- try:
- self.logger.debug('Creating VM')
- vm = VirtualMachine.create(
- self.apiclient,
- self.services["virtual_machine"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- serviceofferingid=self.service_offering.id)
-
- self.cleanup.insert(0, vm)
- self.logger.debug('Created VM=%s' % vm.id)
- return vm
- except:
- raise Exception('Unable to create VM')
-
- def acquire_publicip(self, network, vpc_id):
- self.logger.debug("Associating public IP for network: %s" % network.name)
- public_ip = PublicIPAddress.create(
- self.apiclient,
- accountid=self.account.name,
- zoneid=self.zone.id,
- domainid=self.account.domainid,
- networkid=network.id,
- vpcid=vpc_id)
- self.logger.debug("Associated %s with network %s" % (
- public_ip.ipaddress.ipaddress,
- network.id))
-
- self.ips.append(public_ip)
- return public_ip
-
- def query_routers(self):
- self.routers = list_routers(self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid)
-
- return self.routers
-
- def stop_router(self, router):
- self.logger.debug('Stopping router')
- cmd = stopRouter.stopRouterCmd()
- cmd.id = router.id
- self.apiclient.stopRouter(cmd)
-
- def destroy_routers(self):
- self.logger.debug('Destroying routers')
- for router in self.routers:
- self.stop_router(router)
- cmd = destroyRouter.destroyRouterCmd()
- cmd.id = router.id
- self.apiclient.destroyRouter(cmd)
- self.routers = []
-
- def start_routers(self):
- self.logger.debug('Starting routers')
- for router in self.routers:
- cmd = startRouter.startRouterCmd()
- cmd.id = router.id
- self.apiclient.startRouter(cmd)
-
-
-class networkO(object):
- def __init__(self, net):
- self.network = net
- self.vms = []
-
- def get_net(self):
- return self.network
-
- def add_vm(self, vm):
- self.vms.append(vmsO(vm))
-
- def get_vms(self):
- return self.vms
-
-
-class vmsO(object):
- def __init__(self, vm):
- self.vm = vm
- self.ip = None
- self.nat = None
-
- def get_vm(self):
- return self.vm
-
- def get_ip(self):
- return self.ip
-
- def get_nat(self):
- return self.nat
-
- def set_ip(self, ip):
- self.ip = ip
-
- def set_nat(self, nat):
- self.nat = nat
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fb92de52/test/integration/component/test_routers_network_ops.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_routers_network_ops.py b/test/integration/component/test_routers_network_ops.py
deleted file mode 100644
index 94c0774..0000000
--- a/test/integration/component/test_routers_network_ops.py
+++ /dev/null
@@ -1,1020 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Import Local Modules
-from nose.plugins.attrib import attr
-from marvin.cloudstackTestCase import cloudstackTestCase
-from marvin.cloudstackAPI import (stopVirtualMachine,
- stopRouter,
- startRouter)
-from marvin.lib.utils import (cleanup_resources,
- get_process_status,
- get_host_credentials)
-from marvin.lib.base import (ServiceOffering,
- VirtualMachine,
- Account,
- ServiceOffering,
- NATRule,
- NetworkACL,
- FireWallRule,
- PublicIPAddress,
- NetworkOffering,
- Network,
- Router,
- EgressFireWallRule)
-from marvin.lib.common import (get_zone,
- get_template,
- get_domain,
- list_virtual_machines,
- list_networks,
- list_configurations,
- list_routers,
- list_nat_rules,
- list_publicIP,
- list_firewall_rules,
- list_hosts)
-
-# Import System modules
-import time
-import logging
-
-def check_router_command(virtual_machine, public_ip, ssh_command, check_string, test_case, retries=5):
- result = 'failed'
- try:
- ssh = virtual_machine.get_ssh_client(ipaddress=public_ip, retries=retries)
- result = str(ssh.execute(ssh_command))
- except Exception as e:
- test_case.fail("Failed to SSH into the Virtual Machine: %s" % e)
-
- logging.debug("Result from SSH into the Virtual Machine: %s" % result)
- return result.count(check_string)
-
-class TestRedundantIsolateNetworks(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
-
- cls.logger = logging.getLogger('TestRedundantIsolateNetworks')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- cls.testClient = super(TestRedundantIsolateNetworks, cls).getClsTestClient()
- cls.api_client = cls.testClient.getApiClient()
-
- cls.services = cls.testClient.getParsedTestDataConfig()
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.api_client)
- cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
- cls.services['mode'] = cls.zone.networktype
- cls.template = get_template(
- cls.api_client,
- cls.zone.id,
- cls.services["ostype"]
- )
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
-
- # Create an account, network, VM and IP addresses
- cls.account = Account.create(
- cls.api_client,
- cls.services["account"],
- admin=True,
- domainid=cls.domain.id
- )
- cls.service_offering = ServiceOffering.create(
- cls.api_client,
- cls.services["service_offering"]
- )
-
- cls.services["nw_off_persistent_RVR_egress_true"] = cls.services["nw_off_persistent_RVR"].copy()
- cls.services["nw_off_persistent_RVR_egress_true"]["egress_policy"] = "true"
-
- cls.services["nw_off_persistent_RVR_egress_false"] = cls.services["nw_off_persistent_RVR"].copy()
- cls.services["nw_off_persistent_RVR_egress_false"]["egress_policy"] = "false"
-
- cls.services["egress_80"] = {
- "startport": 80,
- "endport": 80,
- "protocol": "TCP",
- "cidrlist": ["0.0.0.0/0"]
- }
-
- cls.services["egress_53"] = {
- "startport": 53,
- "endport": 53,
- "protocol": "UDP",
- "cidrlist": ["0.0.0.0/0"]
- }
-
- cls._cleanup = [
- cls.service_offering,
- cls.account
- ]
-
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cleanup_resources(cls.api_client, cls._cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.apiclient = self.testClient.getApiClient()
- self.cleanup = []
- return
-
- def tearDown(self):
- try:
- cleanup_resources(self.api_client, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true(self):
- """ Test redundant router internals """
- self.logger.debug("Starting test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true...")
-
- self.logger.debug("Creating Network Offering with default egress TRUE")
- network_offering_egress_true = NetworkOffering.create(
- self.apiclient,
- self.services["nw_off_persistent_RVR_egress_true"],
- conservemode=True
- )
- network_offering_egress_true.update(self.api_client, state='Enabled')
-
- self.logger.debug("Creating network with network offering: %s" % network_offering_egress_true.id)
- network = Network.create(
- self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=network_offering_egress_true.id,
- zoneid=self.zone.id
- )
- self.logger.debug("Created network with ID: %s" % network.id)
-
- networks = Network.list(
- self.apiclient,
- id=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(networks, list),
- True,
- "List networks should return a valid response for created network"
- )
- nw_response = networks[0]
-
- self.logger.debug("Deploying VM in account: %s" % self.account.name)
- virtual_machine = VirtualMachine.create(
- self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.account.domainid,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)]
- )
-
- self.logger.debug("Deployed VM in network: %s" % network.id)
-
- self.cleanup.insert(0, network_offering_egress_true)
- self.cleanup.insert(0, network)
- self.cleanup.insert(0, virtual_machine)
-
- vms = VirtualMachine.list(
- self.apiclient,
- id=virtual_machine.id,
- listall=True
- )
- self.assertEqual(
- isinstance(vms, list),
- True,
- "List Vms should return a valid list"
- )
- vm = vms[0]
- self.assertEqual(
- vm.state,
- "Running",
- "VM should be in running state after deployment"
- )
-
- self.logger.debug("Listing routers for network: %s" % network.name)
- routers = Router.list(
- self.apiclient,
- networkid=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "list router should return Master and backup routers"
- )
- self.assertEqual(
- len(routers),
- 2,
- "Length of the list router should be 2 (Backup & master)"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
-
- public_ip = public_ips[0]
-
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule"]["publicport"],
- endport=self.services["natrule"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
- nat_rule = NATRule.create(
- self.apiclient,
- virtual_machine,
- self.services["natrule"],
- public_ip.id
- )
-
- # Test SSH after closing port 22
- expected = 1
- ssh_command = "ping -c 3 8.8.8.8"
- check_string = "3 packets received"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Ping to outside world from VM should be successful!"
- )
-
- expected = 1
- ssh_command = "wget -t 1 -T 5 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should be successful!"
- )
-
- EgressFireWallRule.create(
- self.apiclient,
- networkid=network.id,
- protocol=self.services["egress_80"]["protocol"],
- startport=self.services["egress_80"]["startport"],
- endport=self.services["egress_80"]["endport"],
- cidrlist=self.services["egress_80"]["cidrlist"]
- )
-
- expected = 0
- ssh_command = "wget -t 1 -T 1 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should NOT be successful once rule is added!"
- )
-
- return
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false(self):
- """ Test redundant router internals """
- self.logger.debug("Starting test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false...")
-
- self.logger.debug("Creating Network Offering with default egress FALSE")
- network_offering_egress_false = NetworkOffering.create(
- self.apiclient,
- self.services["nw_off_persistent_RVR_egress_false"],
- conservemode=True
- )
- network_offering_egress_false.update(self.api_client, state='Enabled')
-
- self.logger.debug("Creating network with network offering: %s" % network_offering_egress_false.id)
- network = Network.create(
- self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=network_offering_egress_false.id,
- zoneid=self.zone.id
- )
- self.logger.debug("Created network with ID: %s" % network.id)
-
- networks = Network.list(
- self.apiclient,
- id=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(networks, list),
- True,
- "List networks should return a valid response for created network"
- )
- nw_response = networks[0]
-
- self.logger.debug("Deploying VM in account: %s" % self.account.name)
- virtual_machine = VirtualMachine.create(
- self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.account.domainid,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)]
- )
-
- self.logger.debug("Deployed VM in network: %s" % network.id)
-
- self.cleanup.insert(0, network_offering_egress_false)
- self.cleanup.insert(0, network)
- self.cleanup.insert(0, virtual_machine)
-
- vms = VirtualMachine.list(
- self.apiclient,
- id=virtual_machine.id,
- listall=True
- )
- self.assertEqual(
- isinstance(vms, list),
- True,
- "List Vms should return a valid list"
- )
- vm = vms[0]
- self.assertEqual(
- vm.state,
- "Running",
- "VM should be in running state after deployment"
- )
-
- self.logger.debug("Listing routers for network: %s" % network.name)
- routers = Router.list(
- self.apiclient,
- networkid=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "list router should return Master and backup routers"
- )
- self.assertEqual(
- len(routers),
- 2,
- "Length of the list router should be 2 (Backup & master)"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
-
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- public_ip = public_ips[0]
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule"]["publicport"],
- endport=self.services["natrule"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
- nat_rule = NATRule.create(
- self.apiclient,
- virtual_machine,
- self.services["natrule"],
- public_ip.id
- )
-
- expected = 0
- ssh_command = "ping -c 3 8.8.8.8"
- check_string = "3 packets received"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Ping to outside world from VM should NOT be successful"
- )
-
- expected = 0
- ssh_command = "wget -t 1 -T 1 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should NOT be successful"
- )
-
- EgressFireWallRule.create(
- self.apiclient,
- networkid=network.id,
- protocol=self.services["egress_80"]["protocol"],
- startport=self.services["egress_80"]["startport"],
- endport=self.services["egress_80"]["endport"],
- cidrlist=self.services["egress_80"]["cidrlist"]
- )
-
- EgressFireWallRule.create(
- self.apiclient,
- networkid=network.id,
- protocol=self.services["egress_53"]["protocol"],
- startport=self.services["egress_53"]["startport"],
- endport=self.services["egress_53"]["endport"],
- cidrlist=self.services["egress_53"]["cidrlist"]
- )
-
- expected = 1
- ssh_command = "wget -t 1 -T 5 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should be successful once rule is added!"
- )
-
- return
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_03_RVR_Network_check_router_state(self):
- """ Test redundant router internals """
- self.logger.debug("Starting test_03_RVR_Network_check_router_state...")
-
- hypervisor = self.testClient.getHypervisorInfo()
-
- self.logger.debug("Creating Network Offering with default egress FALSE")
- network_offering_egress_false = NetworkOffering.create(
- self.apiclient,
- self.services["nw_off_persistent_RVR_egress_false"],
- conservemode=True
- )
- network_offering_egress_false.update(self.apiclient, state='Enabled')
-
- self.logger.debug("Creating network with network offering: %s" % network_offering_egress_false.id)
- network = Network.create(
- self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=network_offering_egress_false.id,
- zoneid=self.zone.id
- )
- self.logger.debug("Created network with ID: %s" % network.id)
-
- networks = Network.list(
- self.apiclient,
- id=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(networks, list),
- True,
- "List networks should return a valid response for created network"
- )
- nw_response = networks[0]
-
- self.logger.debug("Deploying VM in account: %s" % self.account.name)
- virtual_machine = VirtualMachine.create(
- self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.account.domainid,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)]
- )
-
- self.logger.debug("Deployed VM in network: %s" % network.id)
-
- self.cleanup.insert(0, network_offering_egress_false)
- self.cleanup.insert(0, network)
- self.cleanup.insert(0, virtual_machine)
-
- vms = VirtualMachine.list(
- self.apiclient,
- id=virtual_machine.id,
- listall=True
- )
- self.assertEqual(
- isinstance(vms, list),
- True,
- "List Vms should return a valid list"
- )
- vm = vms[0]
- self.assertEqual(
- vm.state,
- "Running",
- "VM should be in running state after deployment"
- )
-
- self.logger.debug("Listing routers for network: %s" % network.name)
- routers = Router.list(
- self.apiclient,
- networkid=network.id,
- listall=True
- )
- self.assertEqual(
- isinstance(routers, list),
- True,
- "list router should return Master and backup routers"
- )
- self.assertEqual(
- len(routers),
- 2,
- "Length of the list router should be 2 (Backup & master)"
- )
-
- vals = ["MASTER", "BACKUP", "UNKNOWN"]
- cnts = [0, 0, 0]
-
- result = "UNKNOWN"
- for router in routers:
- if router.state == "Running":
- hosts = list_hosts(
- self.apiclient,
- zoneid=router.zoneid,
- type='Routing',
- state='Up',
- id=router.hostid
- )
- self.assertEqual(
- isinstance(hosts, list),
- True,
- "Check list host returns a valid list"
- )
- host = hosts[0]
-
- if hypervisor.lower() in ('vmware', 'hyperv'):
- result = str(get_process_status(
- self.apiclient.connection.mgtSvr,
- 22,
- self.apiclient.connection.user,
- self.apiclient.connection.passwd,
- router.linklocalip,
- "sh /opt/cloud/bin/checkrouter.sh ",
- hypervisor=hypervisor
- ))
- else:
- try:
- host.user, host.passwd = get_host_credentials(
- self.config, host.ipaddress)
- result = str(get_process_status(
- host.ipaddress,
- 22,
- host.user,
- host.passwd,
- router.linklocalip,
- "sh /opt/cloud/bin/checkrouter.sh "
- ))
-
- except KeyError:
- self.skipTest(
- "Marvin configuration has no host credentials to\
- check router services")
-
- if result.count(vals[0]) == 1:
- cnts[vals.index(vals[0])] += 1
-
- if cnts[vals.index('MASTER')] != 1:
- self.fail("No Master or too many master routers found %s" % cnts[vals.index('MASTER')])
-
- return
-
-
-class TestIsolatedNetworks(cloudstackTestCase):
-
- @classmethod
- def setUpClass(cls):
-
- cls.logger = logging.getLogger('TestIsolatedNetworks')
- cls.stream_handler = logging.StreamHandler()
- cls.logger.setLevel(logging.DEBUG)
- cls.logger.addHandler(cls.stream_handler)
-
- cls.testClient = super(TestIsolatedNetworks, cls).getClsTestClient()
- cls.api_client = cls.testClient.getApiClient()
-
- cls.services = cls.testClient.getParsedTestDataConfig()
- # Get Zone, Domain and templates
- cls.domain = get_domain(cls.api_client)
- cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
- cls.services['mode'] = cls.zone.networktype
- cls.template = get_template(
- cls.api_client,
- cls.zone.id,
- cls.services["ostype"]
- )
- cls.services["virtual_machine"]["zoneid"] = cls.zone.id
-
- # Create an account, network, VM and IP addresses
- cls.account = Account.create(
- cls.api_client,
- cls.services["account"],
- admin=True,
- domainid=cls.domain.id
- )
- cls.service_offering = ServiceOffering.create(
- cls.api_client,
- cls.services["service_offering"]
- )
-
- cls.services["network_offering_egress_true"] = cls.services["network_offering"].copy()
- cls.services["network_offering_egress_true"]["egress_policy"] = "true"
-
- cls.services["network_offering_egress_false"] = cls.services["network_offering"].copy()
- cls.services["network_offering_egress_false"]["egress_policy"] = "false"
-
- cls.services["egress_80"] = {
- "startport": 80,
- "endport": 80,
- "protocol": "TCP",
- "cidrlist": ["0.0.0.0/0"]
- }
-
- cls._cleanup = [
- cls.service_offering,
- cls.account
- ]
-
- return
-
- @classmethod
- def tearDownClass(cls):
- try:
- cleanup_resources(cls.api_client, cls._cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- def setUp(self):
- self.apiclient = self.testClient.getApiClient()
- self.cleanup = []
- return
-
- def tearDown(self):
- try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_01_isolate_network_FW_PF_default_routes_egress_true(self):
- """ Test redundant router internals """
- self.logger.debug("Starting test_01_isolate_network_FW_PF_default_routes_egress_true...")
-
- self.logger.debug("Creating Network Offering with default egress TRUE")
- network_offering_egress_true = NetworkOffering.create(self.apiclient,
- self.services["network_offering_egress_true"],
- conservemode=True)
-
- network_offering_egress_true.update(self.apiclient, state='Enabled')
-
- self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_true.id)
- network = Network.create(self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=network_offering_egress_true.id,
- zoneid=self.zone.id)
-
- self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
- virtual_machine = VirtualMachine.create(self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.domain.id,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)])
-
- self.logger.debug("Deployed VM in network: %s" % network.id)
-
- self.cleanup.insert(0, network_offering_egress_true)
- self.cleanup.insert(0, network)
- self.cleanup.insert(0, virtual_machine)
-
- self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
-
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
-
- self.assertNotEqual(
- len(routers),
- 0,
- "Check list router response"
- )
-
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
-
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- public_ip = public_ips[0]
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule"]["publicport"],
- endport=self.services["natrule"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
- # Create NAT rule
- nat_rule = NATRule.create(
- self.apiclient,
- virtual_machine,
- self.services["natrule"],
- public_ip.id
- )
-
- nat_rules = list_nat_rules(
- self.apiclient,
- id=nat_rule.id
- )
- self.assertEqual(
- isinstance(nat_rules, list),
- True,
- "Check for list NAT rules response return valid data"
- )
- self.assertEqual(
- nat_rules[0].state,
- 'Active',
- "Check list port forwarding rules"
- )
-
- # Test SSH after closing port 22
- expected = 1
- ssh_command = "ping -c 3 8.8.8.8"
- check_string = "3 packets received"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Ping to outside world from VM should be successful!"
- )
-
- expected = 1
- ssh_command = "wget -t 1 -T 5 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should be successful!"
- )
-
- EgressFireWallRule.create(
- self.apiclient,
- networkid=network.id,
- protocol=self.services["egress_80"]["protocol"],
- startport=self.services["egress_80"]["startport"],
- endport=self.services["egress_80"]["endport"],
- cidrlist=self.services["egress_80"]["cidrlist"]
- )
-
- expected = 0
- ssh_command = "wget -t 1 -T 1 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should NOT be successful once rule is added!"
- )
-
- return
-
- @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
- def test_02_isolate_network_FW_PF_default_routes_egress_false(self):
- """ Test redundant router internals """
- self.logger.debug("Starting test_02_isolate_network_FW_PF_default_routes_egress_false...")
-
- self.logger.debug("Creating Network Offering with default egress FALSE")
- network_offering_egress_false = NetworkOffering.create(self.apiclient,
- self.services["network_offering_egress_false"],
- conservemode=True)
-
- network_offering_egress_false.update(self.apiclient, state='Enabled')
-
- self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_false.id)
- network = Network.create(self.apiclient,
- self.services["network"],
- accountid=self.account.name,
- domainid=self.account.domainid,
- networkofferingid=network_offering_egress_false.id,
- zoneid=self.zone.id)
-
- self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
- virtual_machine = VirtualMachine.create(self.apiclient,
- self.services["virtual_machine"],
- templateid=self.template.id,
- accountid=self.account.name,
- domainid=self.domain.id,
- serviceofferingid=self.service_offering.id,
- networkids=[str(network.id)])
-
- self.logger.debug("Deployed VM in network: %s" % network.id)
-
- self.cleanup.insert(0, network_offering_egress_false)
- self.cleanup.insert(0, network)
- self.cleanup.insert(0, virtual_machine)
-
- self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
- routers = list_routers(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid
- )
-
- self.assertEqual(
- isinstance(routers, list),
- True,
- "Check for list routers response return valid data"
- )
-
- self.assertNotEqual(
- len(routers),
- 0,
- "Check list router response"
- )
-
- router = routers[0]
-
- self.assertEqual(
- router.state,
- 'Running',
- "Check list router response for router state"
- )
-
- public_ips = list_publicIP(
- self.apiclient,
- account=self.account.name,
- domainid=self.account.domainid,
- zoneid=self.zone.id
- )
-
- self.assertEqual(
- isinstance(public_ips, list),
- True,
- "Check for list public IPs response return valid data"
- )
-
- public_ip = public_ips[0]
-
- self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
- FireWallRule.create(
- self.apiclient,
- ipaddressid=public_ip.id,
- protocol=self.services["natrule"]["protocol"],
- cidrlist=['0.0.0.0/0'],
- startport=self.services["natrule"]["publicport"],
- endport=self.services["natrule"]["publicport"]
- )
-
- self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
- # Create NAT rule
- nat_rule = NATRule.create(
- self.apiclient,
- virtual_machine,
- self.services["natrule"],
- public_ip.id
- )
-
- nat_rules = list_nat_rules(
- self.apiclient,
- id=nat_rule.id
- )
- self.assertEqual(
- isinstance(nat_rules, list),
- True,
- "Check for list NAT rules response return valid data"
- )
- self.assertEqual(
- nat_rules[0].state,
- 'Active',
- "Check list port forwarding rules"
- )
-
- expected = 0
- ssh_command = "ping -c 3 8.8.8.8"
- check_string = "3 packets received"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Ping to outside world from VM should NOT be successful"
- )
-
- expected = 0
- ssh_command = "wget -t 1 -T 1 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should NOT be successful"
- )
-
- EgressFireWallRule.create(
- self.apiclient,
- networkid=network.id,
- protocol=self.services["egress_80"]["protocol"],
- startport=self.services["egress_80"]["startport"],
- endport=self.services["egress_80"]["endport"],
- cidrlist=self.services["egress_80"]["cidrlist"]
- )
-
- expected = 1
- ssh_command = "wget -t 1 -T 5 www.google.com"
- check_string = "HTTP request sent, awaiting response... 200 OK"
- result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
-
- self.assertEqual(
- result,
- expected,
- "Attempt to retrieve google.com index page should be successful once rule is added!"
- )
-
- return