You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by re...@apache.org on 2015/12/03 19:56:43 UTC
[1/5] git commit: updated refs/heads/4.6 to 519ce86
Repository: cloudstack
Updated Branches:
refs/heads/4.6 5b7d935ab -> 519ce868a
CLOUDSTACK-9075 - Add method to get list of Physical Networks per zone
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4ea4e7e6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4ea4e7e6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4ea4e7e6
Branch: refs/heads/4.6
Commit: 4ea4e7e687527cc8c06489d4deaedf4ed1c3c91c
Parents: cb50eb8
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Thu Nov 19 12:03:32 2015 +0100
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Wed Dec 2 10:36:51 2015 +0100
----------------------------------------------------------------------
tools/marvin/marvin/lib/common.py | 11 +++++++++++
1 file changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/4ea4e7e6/tools/marvin/marvin/lib/common.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/lib/common.py b/tools/marvin/marvin/lib/common.py
index fb21073..fa45299 100644
--- a/tools/marvin/marvin/lib/common.py
+++ b/tools/marvin/marvin/lib/common.py
@@ -259,6 +259,17 @@ def get_zone(apiclient, zone_name=None, zone_id=None):
'''
return cmd_out[0]
+def get_physical_networks(apiclient, zoneid):
+ '''
+ @name : get_physical_networks
+ @Desc :Returns A list of the Physical Networks in the given Zone
+ @Input : zoneid: The Zone ID
+ @Output : 1. A list containing the Physical Networks
+ '''
+ cmd = listPhysicalNetworks.listPhysicalNetworksCmd()
+ cmd.zoneid = zoneid
+ physical_networks = apiclient.listPhysicalNetworks(cmd)
+ return physical_networks
def get_pod(apiclient, zone_id=None, pod_id=None, pod_name=None):
'''
[2/5] git commit: updated refs/heads/4.6 to 519ce86
Posted by re...@apache.org.
CLOUDSTACK-9075 - Adds VPC static routes test
- Adds redundant VPC tests
- Adds support to Static Routes on VPC private gatways
- Removes the route configuration in case static route is deleted.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a17fa48d
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a17fa48d
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a17fa48d
Branch: refs/heads/4.6
Commit: a17fa48de1cfa4f0f4425f90b0f435d6cf8e6540
Parents: 3e02b89
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Thu Nov 19 12:28:32 2015 +0100
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Wed Dec 2 10:36:52 2015 +0100
----------------------------------------------------------------------
.../VirtualNetworkApplianceManagerImpl.java | 7 +-
.../debian/config/opt/cloud/bin/configure.py | 27 +-
.../config/opt/cloud/bin/cs_staticroutes.py | 30 ++
.../debian/config/opt/cloud/bin/merge.py | 6 +
test/integration/smoke/test_privategw_acl.py | 352 +++++++++++++++----
5 files changed, 344 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a17fa48d/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index ca1f67d..4f3a2b8 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2417,10 +2417,9 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
for (final Nic routerNic : routerNics) {
final Network network = _networkModel.getNetwork(routerNic.getNetworkId());
// Send network usage command for public nic in VPC VR
- // Send network usage command for isolated guest nic of non VPC
- // VR
- if (forVpc && network.getTrafficType() == TrafficType.Public || !forVpc && network.getTrafficType() == TrafficType.Guest
- && network.getGuestType() == Network.GuestType.Isolated) {
+ // Send network usage command for isolated guest nic of non VPC VR
+ if (network != null && (forVpc && network.getTrafficType() == TrafficType.Public || !forVpc && network.getTrafficType() == TrafficType.Guest
+ && network.getGuestType() == Network.GuestType.Isolated)) {
final NetworkUsageCommand usageCmd = new NetworkUsageCommand(privateIP, router.getHostName(), forVpc, routerNic.getIPv4Address());
final String routerType = router.getType().toString();
final UserStatisticsVO previousStats = _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), network.getId(),
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a17fa48d/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index ad3705a..0a19607 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -74,6 +74,27 @@ class CsPassword(CsDataBag):
logging.debug("Update password server result ==> %s" % result)
+class CsStaticRoutes(CsDataBag):
+
+ def process(self):
+ logging.debug("Processing CsStaticRoutes file ==> %s" % self.dbag)
+ for item in self.dbag:
+ if item == "id":
+ continue
+ self.__update(self.dbag[item])
+
+ def __update(self, route):
+ if route['revoke']:
+ command = "route del -net %s gw %s" % (route['network'], route['gateway'])
+ result = CsHelper.execute(command)
+ else:
+ command = "ip route show | grep %s | awk '{print $1, $3}'" % route['network']
+ result = CsHelper.execute(command)
+ if not result:
+ route_command = "route add -net %s gw %s" % (route['network'], route['gateway'])
+ result = CsHelper.execute(route_command)
+
+
class CsAcl(CsDataBag):
"""
Deal with Network acls
@@ -932,13 +953,17 @@ def main(argv):
mon = CsMonitor("monitorservice", config)
mon.process()
- logging.debug("Configuring iptables rules .....")
+ logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
red = CsRedundant(config)
red.set()
+ logging.debug("Configuring static routes")
+ static_routes = CsStaticRoutes("staticroutes", config)
+ static_routes.process()
+
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a17fa48d/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py
new file mode 100755
index 0000000..98244db
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py
@@ -0,0 +1,30 @@
+# -- coding: utf-8 --
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from pprint import pprint
+
+
+def merge(dbag, staticroutes):
+ for route in staticroutes['routes']:
+ key = route['ip_address']
+ revoke = route['revoke']
+ if revoke:
+ del dbag[key]
+ else:
+ dbag[key] = route
+
+ return dbag
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a17fa48d/systemvm/patches/debian/config/opt/cloud/bin/merge.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/merge.py b/systemvm/patches/debian/config/opt/cloud/bin/merge.py
index cc14d6a..374cf2c 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/merge.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/merge.py
@@ -34,6 +34,7 @@ import cs_forwardingrules
import cs_site2sitevpn
import cs_remoteaccessvpn
import cs_vpnusers
+import cs_staticroutes
from pprint import pprint
@@ -126,6 +127,8 @@ class updateDataBag:
dbag = self.process_remoteaccessvpn(self.db.getDataBag())
elif self.qFile.type == 'vpnuserlist':
dbag = self.process_vpnusers(self.db.getDataBag())
+ elif self.qFile.type == 'staticroutes':
+ dbag = self.process_staticroutes(self.db.getDataBag())
else:
logging.error("Error I do not know what to do with file of type %s", self.qFile.type)
return
@@ -172,6 +175,9 @@ class updateDataBag:
def process_monitorservice(self, dbag):
return cs_monitorservice.merge(dbag, self.qFile.data)
+ def process_staticroutes(self, dbag):
+ return cs_staticroutes.merge(dbag, self.qFile.data)
+
def processVMpassword(self, dbag):
return cs_vmp.merge(dbag, self.qFile.data)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a17fa48d/test/integration/smoke/test_privategw_acl.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py
index 9f2b91d..22b3fa7 100644
--- a/test/integration/smoke/test_privategw_acl.py
+++ b/test/integration/smoke/test_privategw_acl.py
@@ -14,6 +14,7 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+from marvin.cloudstackAPI.createStaticRoute import createStaticRouteCmd
""" Tests for Network ACLs in VPC
"""
#Import Local Modules
@@ -87,7 +88,7 @@ class Services:
"NetworkACL": 'VpcVirtualRouter'
},
},
- "redundsnt_vpc_offering": {
+ "redundant_vpc_offering": {
"name": 'Redundant VPC off',
"displaytext": 'Redundant VPC off',
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
@@ -133,11 +134,19 @@ class Services:
"publicport": 22,
"protocol": 'TCP',
},
+ "natrule": {
+ "privateport": 22,
+ "publicport": 22,
+ "startport": 22,
+ "endport": 22,
+ "protocol": "TCP",
+ "cidrlist": '0.0.0.0/0',
+ },
"ostype": 'CentOS 5.3 (64-bit)',
"timeout": 10,
}
-class TestPrivateGWACL(cloudstackTestCase):
+class TestPrivateGwACL(cloudstackTestCase):
@classmethod
def setUpClass(cls):
@@ -163,7 +172,7 @@ class TestPrivateGWACL(cloudstackTestCase):
cls.services["service_offering"])
cls._cleanup = [cls.service_offering]
- cls.logger = logging.getLogger('TestPrivateGWACL')
+ cls.logger = logging.getLogger('TestPrivateGwACL')
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
@@ -179,13 +188,14 @@ class TestPrivateGWACL(cloudstackTestCase):
def setUp(self):
self.apiclient = self.testClient.getApiClient()
- self.logger.debug("Creating Admin Account for Domain ID ==> %s" %self.domain.id)
+ self.logger.debug("Creating Admin Account for Domain ID ==> %s" % self.domain.id)
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id)
+ self.cleanup = []
return
def tearDown(self):
@@ -195,89 +205,203 @@ class TestPrivateGWACL(cloudstackTestCase):
raise Exception("Warning: Exception during cleanup : %s" % e)
return
+ def _replaceAcl(self, command):
+ try:
+ successResponse = self.apiclient.replaceNetworkACLList(command);
+ except Exception as e:
+ self.fail("Failed to replace ACL list due to %s" % e)
+
+ self.assertTrue(successResponse.success, "Failed to replace ACL list.")
+
@attr(tags=["advanced"], required_hardware="true")
def test_01_vpc_privategw_acl(self):
self.logger.debug("Creating a VPC offering..")
- self.vpc_off = VpcOffering.create(
+ vpc_off = VpcOffering.create(
self.apiclient,
self.services["vpc_offering"])
self.logger.debug("Enabling the VPC offering created")
- self.vpc_off.update(self.apiclient, state='Enabled')
+ vpc_off.update(self.apiclient, state='Enabled')
- self.logger.debug("Creating a VPC network in the account: %s" % self.account.name)
- self.services["vpc"]["cidr"] = '10.1.1.1/16'
- self.vpc = VPC.create(
- self.apiclient,
- self.services["vpc"],
- vpcofferingid=self.vpc_off.id,
- zoneid=self.zone.id,
- account=self.account.name,
- domainid=self.account.domainid)
+ vpc = self.createVPC(vpc_off)
- self.cleanup = [self.vpc, self.vpc_off, self.account]
+ self.cleanup = [vpc, vpc_off, self.account]
- self.createACL(self.vpc)
- self.createACLItem()
- self.createNetwork(self.vpc)
- self.createPvtGw(self.vpc)
- self.replaceacl()
+ physical_networks = get_physical_networks(self.apiclient, self.zone.id)
+ if not physical_networks:
+ self.fail("No Physical Networks found!")
+
+ vlans = physical_networks[0].vlan.split('-')
+ vlan_1 = int(vlans[0])
+
+ acl = self.createACL(vpc)
+ self.createACLItem(acl.id)
+ self.createNetwork(vpc)
+ privateGw = self.createPvtGw(vpc, "10.0.3.99", acl.id, vlan_1)
+ self.replacePvtGwACL(acl.id, privateGw.id)
@attr(tags=["advanced"], required_hardware="true")
- def test_02_rvpc_privategw_acl(self):
+ def test_02_vpc_privategw_static_routes(self):
+
+ self.logger.debug("Creating a VPC offering..")
+ vpc_off = VpcOffering.create(
+ self.apiclient,
+ self.services["vpc_offering"])
+
+ self.logger.debug("Enabling the VPC offering created")
+ vpc_off.update(self.apiclient, state='Enabled')
+
+ self.performVPCTests(vpc_off)
+
+ @attr(tags=["advanced"], required_hardware="true")
+ def test_03_rvpc_privategw_static_routes(self):
+ self.skipTest("Redundant VPC Routers have to be fixed. Private Gateway not working yet.")
+
self.logger.debug("Creating a Redundant VPC offering..")
- self.rvpc_off = VpcOffering.create(
+ vpc_off = VpcOffering.create(
self.apiclient,
self.services["redundant_vpc_offering"])
self.logger.debug("Enabling the Redundant VPC offering created")
- self.rvpc_off.update(self.apiclient, state='Enabled')
+ vpc_off.update(self.apiclient, state='Enabled')
- self.logger.debug("Creating a VPC network in the account: %s" % self.account.name)
- self.services["vpc"]["cidr"] = '10.1.1.1/16'
- self.rvpc = VPC.create(
- self.apiclient,
- self.services["vpc"],
- vpcofferingid=self.rvpc_off.id,
- zoneid=self.zone.id,
- account=self.account.name,
- domainid=self.account.domainid)
-
- self.cleanup = [self.rvpc, self.rvpc_off, self.account]
+ self.performVPCTests(vpc_off)
+
+ def performVPCTests(self, vpc_off):
+
+ self.logger.debug("Creating VPCs with offering ID %s" % vpc_off.id)
+ vpc_1 = self.createVPC(vpc_off, cidr = '10.0.1.0/24')
+ vpc_2 = self.createVPC(vpc_off, cidr = '10.0.2.0/24')
+
+ self.cleanup = [vpc_1, vpc_2, vpc_off, self.account]
+
+ physical_networks = get_physical_networks(self.apiclient, self.zone.id)
+ if not physical_networks:
+ self.fail("No Physical Networks found!")
+
+ vlans = physical_networks[0].vlan.split('-')
+ vlan_1 = int(vlans[0]) + 1
+
+ network_1 = self.createNetwork(vpc_1, gateway = '10.0.1.1')
+ network_2 = self.createNetwork(vpc_2, gateway = '10.0.2.1')
+
+ vm1 = self.createVM(network_1)
+ vm2 = self.createVM(network_2)
+
+ self.cleanup.insert(0, vm1)
+ self.cleanup.insert(0, vm2)
- self.createACL(self.rvpc)
- self.createACLItem()
- self.createNetwork(self.rvpc)
- self.createPvtGw(self.rvpc)
- self.replaceacl()
+ acl1 = self.createACL(vpc_1)
+ self.createACLItem(acl1.id, cidr = "0.0.0.0/0")
+ privateGw_1 = self.createPvtGw(vpc_1, "10.0.3.100", "10.0.3.101", acl1.id, vlan_1)
+ self.replacePvtGwACL(acl1.id, privateGw_1.id)
+
+ acl2 = self.createACL(vpc_2)
+ self.createACLItem(acl2.id, cidr = "0.0.0.0/0")
+ privateGw_2 = self.createPvtGw(vpc_2, "10.0.3.101", "10.0.3.100", acl2.id, vlan_1)
+ self.replacePvtGwACL(acl2.id, privateGw_2.id)
+
+ self.replaceNetworkAcl(acl1.id, network_1)
+ self.replaceNetworkAcl(acl2.id, network_2)
+
+ staticRoute_1 = self.createStaticRoute(privateGw_1.id, cidr = '10.0.2.0/24')
+ staticRoute_2 = self.createStaticRoute(privateGw_2.id, cidr = '10.0.1.0/24')
+
+ public_ip_1 = self.acquire_publicip(vpc_1, network_1)
+ public_ip_2 = self.acquire_publicip(vpc_2, network_2)
+
+ nat_rule_1 = self.create_natrule(vpc_1, vm1, public_ip_1, network_1)
+ nat_rule_2 = self.create_natrule(vpc_2, vm2, public_ip_2, network_2)
+
+ self.check_pvt_gw_connectivity(vm1, public_ip_1, vm2.nic[0].ipaddress)
+ self.check_pvt_gw_connectivity(vm2, public_ip_2, vm1.nic[0].ipaddress)
+
+ def createVPC(self, vpc_offering, cidr = '10.1.1.1/16'):
+ try:
+ self.logger.debug("Creating a VPC network in the account: %s" % self.account.name)
+ self.services["vpc"]["cidr"] = cidr
+
+ vpc = VPC.create(
+ self.apiclient,
+ self.services["vpc"],
+ vpcofferingid=vpc_offering.id,
+ zoneid=self.zone.id,
+ account=self.account.name,
+ domainid=self.account.domainid)
+
+ self.logger.debug("Created VPC with ID: %s" % vpc.id)
+ except Exception, e:
+ self.fail('Unable to create VPC due to %s ' % e)
+
+ return vpc
+
+ def createVM(self, network):
+ try:
+ self.logger.debug('Creating VM in network=%s' % network.name)
+ vm = VirtualMachine.create(
+ self.apiclient,
+ self.services["virtual_machine"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ serviceofferingid=self.service_offering.id,
+ networkids=[str(network.id)]
+ )
+ self.logger.debug("Created VM with ID: %s" % vm.id)
+ except Exception, e:
+ self.fail('Unable to create virtual machine due to %s ' % e)
+
+ return vm
+
+ def createStaticRoute(self, privateGwId, cidr = '10.0.0.0/16'):
+ staticRouteCmd = createStaticRoute.createStaticRouteCmd()
+ staticRouteCmd.cidr = cidr
+ staticRouteCmd.gatewayid = privateGwId
+
+ try:
+ staticRoute = self.apiclient.createStaticRoute(staticRouteCmd)
+ self.assertIsNotNone(staticRoute.id, "Failed to create static route.")
+
+ self.logger.debug("Created staticRoute with ID: %s" % staticRoute.id)
+ except Exception, e:
+ self.fail('Unable to create static route due to %s ' % e)
+
+ return staticRoute
def createACL(self, vpc):
createAclCmd = createNetworkACLList.createNetworkACLListCmd()
- createAclCmd.name = "acl1"
- createAclCmd.description = "new acl"
+ createAclCmd.name = "ACL-Test-%s" % vpc.id
+ createAclCmd.description = createAclCmd.name
createAclCmd.vpcid = vpc.id
- createAclResponse = self.apiclient.createNetworkACLList(createAclCmd)
+ try:
+ acl = self.apiclient.createNetworkACLList(createAclCmd)
+ self.assertIsNotNone(acl.id, "Failed to create ACL.")
- self.aclId = createAclResponse.id
+ self.logger.debug("Created ACL with ID: %s" % acl.id)
+ except Exception, e:
+ self.fail('Unable to create ACL due to %s ' % e)
- self.assertIsNotNone(self.aclId, "Failed to create ACL.")
+ return acl
- def createACLItem(self):
+ def createACLItem(self, aclId, cidr = "0.0.0.0/0"):
createAclItemCmd = createNetworkACL.createNetworkACLCmd()
- createAclItemCmd.cidr = "0.0.0.0/0"
- createAclItemCmd.protocol = "TCP"
+ createAclItemCmd.cidr = cidr
+ createAclItemCmd.protocol = "All"
createAclItemCmd.number = "1"
- createAclItemCmd.action = "Deny"
- createAclItemCmd.aclid = self.aclId
- createAclItemResponse = self.apiclient.createNetworkACL(createAclItemCmd)
+ createAclItemCmd.action = "Allow"
+ createAclItemCmd.aclid = aclId
+ try:
+ aclItem = self.apiclient.createNetworkACL(createAclItemCmd)
+ self.assertIsNotNone(aclItem.id, "Failed to create ACL item.")
- self.assertIsNotNone(createAclItemResponse.id, "Failed to create ACL item.")
+ self.logger.debug("Created ACL Item ID: %s" % aclItem.id)
+ except Exception, e:
+ self.fail('Unable to create ACL Item due to %s ' % e)
- def createNetwork(self, vpc):
+ def createNetwork(self, vpc, gateway = '10.1.1.1'):
try:
self.logger.debug('Create NetworkOffering')
net_offerring = self.services["network_offering"]
- net_offerring["name"] = "NET_OFF-10.1.1.1"
+ net_offerring["name"] = "NET_OFF-%s" % gateway
nw_off = NetworkOffering.create(
self.apiclient,
net_offerring,
@@ -287,7 +411,7 @@ class TestPrivateGWACL(cloudstackTestCase):
self.logger.debug('Created and Enabled NetworkOffering')
- self.services["network"]["name"] = "NETWORK-10.1.1.1"
+ self.services["network"]["name"] = "NETWORK-%s" % gateway
self.logger.debug('Adding Network=%s' % self.services["network"])
obj_network = Network.create(
@@ -297,7 +421,7 @@ class TestPrivateGWACL(cloudstackTestCase):
domainid=self.account.domainid,
networkofferingid=nw_off.id,
zoneid=self.zone.id,
- gateway="10.1.1.1",
+ gateway=gateway,
vpcid=vpc.id
)
@@ -305,35 +429,117 @@ class TestPrivateGWACL(cloudstackTestCase):
except Exception, e:
self.fail('Unable to create a Network with offering=%s because of %s ' % (net_offerring, e))
- self.network = obj_network
-
self.cleanup.insert(0, nw_off)
self.cleanup.insert(0, obj_network)
- def createPvtGw(self, vpc):
+ return obj_network
+
+ def createPvtGw(self, vpc, ip_address, gateway, aclId, vlan):
+ physical_networks = get_physical_networks(self.apiclient, self.zone.id)
+ if not physical_networks:
+ self.fail("No Physical Networks found!")
+
+ self.logger.debug('::: Physical Networks ::: ==> %s' % physical_networks)
+
createPrivateGatewayCmd = createPrivateGateway.createPrivateGatewayCmd()
- createPrivateGatewayCmd.physicalnetworkid = get_physical_networks(self.apiclient, self.zone.id)
- createPrivateGatewayCmd.gateway = "10.147.30.1"
+ createPrivateGatewayCmd.physicalnetworkid = physical_networks[0].id
+ createPrivateGatewayCmd.gateway = gateway
createPrivateGatewayCmd.netmask = "255.255.255.0"
- createPrivateGatewayCmd.ipaddress = "10.147.30.200"
- createPrivateGatewayCmd.vlan = "30"
+ createPrivateGatewayCmd.ipaddress = ip_address
+ createPrivateGatewayCmd.vlan = vlan
createPrivateGatewayCmd.vpcid = vpc.id
- createPrivateGatewayCmd.sourcenatsupported = "true"
- createPrivateGatewayCmd.aclid = self.aclId
+ createPrivateGatewayCmd.sourcenatsupported = "false"
+ createPrivateGatewayCmd.aclid = aclId
try:
- privateGatewayResponse = self.apiclient.createPrivateGateway(createPrivateGatewayCmd)
+ privateGw = self.apiclient.createPrivateGateway(createPrivateGatewayCmd)
except Exception as e:
self.fail("Failed to create Private Gateway ==> %s" % e)
- self.privateGwId = privateGatewayResponse.id
+ self.assertIsNotNone(privateGw.id, "Failed to create ACL.")
+
+ return privateGw
- self.assertIsNotNone(self.privateGwId, "Failed to create ACL.")
+ def replaceNetworkAcl(self, aclId, network):
+ self.logger.debug("Replacing Network ACL with ACL ID ==> %s" % aclId)
- def replaceacl(self):
replaceNetworkACLListCmd = replaceNetworkACLList.replaceNetworkACLListCmd()
- replaceNetworkACLListCmd.aclid = self.aclId
- replaceNetworkACLListCmd.gatewayid = self.privateGwId
- successResponse = self.apiclient.replaceNetworkACLList(replaceNetworkACLListCmd);
+ replaceNetworkACLListCmd.aclid = aclId
+ replaceNetworkACLListCmd.networkid = network.id
- self.assertTrue(successResponse.success, "Failed to replace ACL list.")
+ self._replaceAcl(replaceNetworkACLListCmd)
+
+ def replacePvtGwACL(self, aclId, privateGwId):
+ self.logger.debug("Replacing Private GW ACL with ACL ID ==> %s" % aclId)
+
+ replaceNetworkACLListCmd = replaceNetworkACLList.replaceNetworkACLListCmd()
+ replaceNetworkACLListCmd.aclid = aclId
+ replaceNetworkACLListCmd.gatewayid = privateGwId
+
+ self._replaceAcl(replaceNetworkACLListCmd)
+
+ def acquire_publicip(self, vpc, network):
+ self.logger.debug("Associating public IP for network: %s" % network.name)
+ public_ip = PublicIPAddress.create(
+ self.apiclient,
+ accountid=self.account.name,
+ zoneid=self.zone.id,
+ domainid=self.account.domainid,
+ networkid=network.id,
+ vpcid=vpc.id
+ )
+ self.logger.debug("Associated %s with network %s" % (
+ public_ip.ipaddress.ipaddress,
+ network.id
+ ))
+
+ return public_ip
+
+ def create_natrule(self, vpc, virtual_machine, public_ip, network):
+ self.logger.debug("Creating NAT rule in network for vm with public IP")
+
+ nat_service = self.services["natrule"]
+ nat_rule = NATRule.create(
+ self.apiclient,
+ virtual_machine,
+ nat_service,
+ ipaddressid=public_ip.ipaddress.id,
+ openfirewall=False,
+ networkid=network.id,
+ vpcid=vpc.id)
+
+ self.logger.debug("Adding NetworkACL rules to make NAT rule accessible")
+ nwacl_nat = NetworkACL.create(
+ self.apiclient,
+ networkid=network.id,
+ services=nat_service,
+ traffictype='Ingress'
+ )
+ self.logger.debug('nwacl_nat=%s' % nwacl_nat.__dict__)
+
+ return nat_rule
+
+ def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vm_ip):
+ ssh_command = "ping -c 3 %s" % vm_ip
+
+ # Should be able to SSH VM
+ result = 'failed'
+ try:
+ self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress)
+
+ ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress)
+
+ self.logger.debug("Ping to VM inside another VPC")
+ result = str(ssh.execute(ssh_command))
+
+ self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
+ except Exception as e:
+ self.fail("SSH Access failed for %s: %s" % \
+ (vmObj.get_ip(), e)
+ )
+
+ self.assertEqual(
+ result.count("3 packets received"),
+ 1,
+ "Ping to outside world from VM should be successful"
+ )
[3/5] git commit: updated refs/heads/4.6 to 519ce86
Posted by re...@apache.org.
CLOUDSTACK-9075 - Covers Private GW ACL with Redundant VPCs
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3e02b899
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3e02b899
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3e02b899
Branch: refs/heads/4.6
Commit: 3e02b8999bb7f1f79d99b32955c842fbda4d29a9
Parents: 4ea4e7e
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Thu Nov 19 12:04:01 2015 +0100
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Wed Dec 2 10:36:52 2015 +0100
----------------------------------------------------------------------
test/integration/smoke/test_privategw_acl.py | 94 ++++++++++++++++++-----
1 file changed, 73 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3e02b899/test/integration/smoke/test_privategw_acl.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py
index e1dabc4..9f2b91d 100644
--- a/test/integration/smoke/test_privategw_acl.py
+++ b/test/integration/smoke/test_privategw_acl.py
@@ -87,6 +87,27 @@ class Services:
"NetworkACL": 'VpcVirtualRouter'
},
},
+ "redundsnt_vpc_offering": {
+ "name": 'Redundant VPC off',
+ "displaytext": 'Redundant VPC off',
+ "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
+ "serviceProviderList": {
+ "Vpn": 'VpcVirtualRouter',
+ "Dhcp": 'VpcVirtualRouter',
+ "Dns": 'VpcVirtualRouter',
+ "SourceNat": 'VpcVirtualRouter',
+ "PortForwarding": 'VpcVirtualRouter',
+ "Lb": 'VpcVirtualRouter',
+ "UserData": 'VpcVirtualRouter',
+ "StaticNat": 'VpcVirtualRouter',
+ "NetworkACL": 'VpcVirtualRouter'
+ },
+ "serviceCapabilityList": {
+ "SourceNat": {
+ "RedundantRouter": 'true'
+ }
+ },
+ },
"vpc_offering": {
"name": "VPC off",
"displaytext": "VPC off",
@@ -116,7 +137,7 @@ class Services:
"timeout": 10,
}
-class TestPrivateGwACL(cloudstackTestCase):
+class TestPrivateGWACL(cloudstackTestCase):
@classmethod
def setUpClass(cls):
@@ -128,10 +149,12 @@ class TestPrivateGwACL(cloudstackTestCase):
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
+ cls.services['mode'] = cls.zone.networktype
cls.template = get_template(
cls.api_client,
cls.zone.id,
cls.services["ostype"])
+
cls.services["virtual_machine"]["zoneid"] = cls.zone.id
cls.services["virtual_machine"]["template"] = cls.template.id
@@ -140,7 +163,7 @@ class TestPrivateGwACL(cloudstackTestCase):
cls.services["service_offering"])
cls._cleanup = [cls.service_offering]
- cls.logger = logging.getLogger('TestPrivateGwACL')
+ cls.logger = logging.getLogger('TestPrivateGWACL')
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
@@ -163,6 +186,17 @@ class TestPrivateGwACL(cloudstackTestCase):
admin=True,
domainid=self.domain.id)
+ return
+
+ def tearDown(self):
+ try:
+ cleanup_resources(self.apiclient, self.cleanup)
+ except Exception as e:
+ raise Exception("Warning: Exception during cleanup : %s" % e)
+ return
+
+ @attr(tags=["advanced"], required_hardware="true")
+ def test_01_vpc_privategw_acl(self):
self.logger.debug("Creating a VPC offering..")
self.vpc_off = VpcOffering.create(
self.apiclient,
@@ -182,28 +216,46 @@ class TestPrivateGwACL(cloudstackTestCase):
domainid=self.account.domainid)
self.cleanup = [self.vpc, self.vpc_off, self.account]
- return
+
+ self.createACL(self.vpc)
+ self.createACLItem()
+ self.createNetwork(self.vpc)
+ self.createPvtGw(self.vpc)
+ self.replaceacl()
- def tearDown(self):
- try:
- cleanup_resources(self.apiclient, self.cleanup)
- except Exception as e:
- raise Exception("Warning: Exception during cleanup : %s" % e)
- return
+ @attr(tags=["advanced"], required_hardware="true")
+ def test_02_rvpc_privategw_acl(self):
+ self.logger.debug("Creating a Redundant VPC offering..")
+ self.rvpc_off = VpcOffering.create(
+ self.apiclient,
+ self.services["redundant_vpc_offering"])
+
+ self.logger.debug("Enabling the Redundant VPC offering created")
+ self.rvpc_off.update(self.apiclient, state='Enabled')
- @attr(tags=["advanced"], required_hardware="false")
- def test_privategw_acl(self):
- self.createACL()
+ self.logger.debug("Creating a VPC network in the account: %s" % self.account.name)
+ self.services["vpc"]["cidr"] = '10.1.1.1/16'
+ self.rvpc = VPC.create(
+ self.apiclient,
+ self.services["vpc"],
+ vpcofferingid=self.rvpc_off.id,
+ zoneid=self.zone.id,
+ account=self.account.name,
+ domainid=self.account.domainid)
+
+ self.cleanup = [self.rvpc, self.rvpc_off, self.account]
+
+ self.createACL(self.rvpc)
self.createACLItem()
- self.createNetwork()
- self.createPvtGw()
+ self.createNetwork(self.rvpc)
+ self.createPvtGw(self.rvpc)
self.replaceacl()
- def createACL(self):
+ def createACL(self, vpc):
createAclCmd = createNetworkACLList.createNetworkACLListCmd()
createAclCmd.name = "acl1"
createAclCmd.description = "new acl"
- createAclCmd.vpcid = self.vpc.id
+ createAclCmd.vpcid = vpc.id
createAclResponse = self.apiclient.createNetworkACLList(createAclCmd)
self.aclId = createAclResponse.id
@@ -221,7 +273,7 @@ class TestPrivateGwACL(cloudstackTestCase):
self.assertIsNotNone(createAclItemResponse.id, "Failed to create ACL item.")
- def createNetwork(self):
+ def createNetwork(self, vpc):
try:
self.logger.debug('Create NetworkOffering')
net_offerring = self.services["network_offering"]
@@ -246,7 +298,7 @@ class TestPrivateGwACL(cloudstackTestCase):
networkofferingid=nw_off.id,
zoneid=self.zone.id,
gateway="10.1.1.1",
- vpcid=self.vpc.id
+ vpcid=vpc.id
)
self.logger.debug("Created network with ID: %s" % obj_network.id)
@@ -258,14 +310,14 @@ class TestPrivateGwACL(cloudstackTestCase):
self.cleanup.insert(0, nw_off)
self.cleanup.insert(0, obj_network)
- def createPvtGw(self):
+ def createPvtGw(self, vpc):
createPrivateGatewayCmd = createPrivateGateway.createPrivateGatewayCmd()
- createPrivateGatewayCmd.physicalnetworkid = 200
+ createPrivateGatewayCmd.physicalnetworkid = get_physical_networks(self.apiclient, self.zone.id)
createPrivateGatewayCmd.gateway = "10.147.30.1"
createPrivateGatewayCmd.netmask = "255.255.255.0"
createPrivateGatewayCmd.ipaddress = "10.147.30.200"
createPrivateGatewayCmd.vlan = "30"
- createPrivateGatewayCmd.vpcid = self.vpc.id
+ createPrivateGatewayCmd.vpcid = vpc.id
createPrivateGatewayCmd.sourcenatsupported = "true"
createPrivateGatewayCmd.aclid = self.aclId
[4/5] git commit: updated refs/heads/4.6 to 519ce86
Posted by re...@apache.org.
CLOUDSTACK-9075 - Uses the same vlan since it should have been already released
- After the first test is done, the clean up will delete the whole VPC, also releasing the VLAN that was in use.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6d9a3d82
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6d9a3d82
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6d9a3d82
Branch: refs/heads/4.6
Commit: 6d9a3d82f9b617d40d0ee1472bef87cb630595d6
Parents: a17fa48
Author: Wilder Rodrigues <wr...@schubergphilis.com>
Authored: Wed Dec 2 07:30:06 2015 +0100
Committer: Wilder Rodrigues <wr...@schubergphilis.com>
Committed: Wed Dec 2 10:36:53 2015 +0100
----------------------------------------------------------------------
.../network/router/VirtualNetworkApplianceManagerImpl.java | 7 ++++---
systemvm/patches/debian/config/opt/cloud/bin/configure.py | 2 +-
test/integration/smoke/test_privategw_acl.py | 4 ++--
3 files changed, 7 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6d9a3d82/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index 4f3a2b8..ca1f67d 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -2417,9 +2417,10 @@ Configurable, StateListener<State, VirtualMachine.Event, VirtualMachine> {
for (final Nic routerNic : routerNics) {
final Network network = _networkModel.getNetwork(routerNic.getNetworkId());
// Send network usage command for public nic in VPC VR
- // Send network usage command for isolated guest nic of non VPC VR
- if (network != null && (forVpc && network.getTrafficType() == TrafficType.Public || !forVpc && network.getTrafficType() == TrafficType.Guest
- && network.getGuestType() == Network.GuestType.Isolated)) {
+ // Send network usage command for isolated guest nic of non VPC
+ // VR
+ if (forVpc && network.getTrafficType() == TrafficType.Public || !forVpc && network.getTrafficType() == TrafficType.Guest
+ && network.getGuestType() == Network.GuestType.Isolated) {
final NetworkUsageCommand usageCmd = new NetworkUsageCommand(privateIP, router.getHostName(), forVpc, routerNic.getIPv4Address());
final String routerType = router.getType().toString();
final UserStatisticsVO previousStats = _userStatsDao.findBy(router.getAccountId(), router.getDataCenterId(), network.getId(),
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6d9a3d82/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 0a19607..deb4a74 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -956,7 +956,7 @@ def main(argv):
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
-
+
red = CsRedundant(config)
red.set()
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6d9a3d82/test/integration/smoke/test_privategw_acl.py
----------------------------------------------------------------------
diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py
index 22b3fa7..9b85fe8 100644
--- a/test/integration/smoke/test_privategw_acl.py
+++ b/test/integration/smoke/test_privategw_acl.py
@@ -237,7 +237,7 @@ class TestPrivateGwACL(cloudstackTestCase):
acl = self.createACL(vpc)
self.createACLItem(acl.id)
self.createNetwork(vpc)
- privateGw = self.createPvtGw(vpc, "10.0.3.99", acl.id, vlan_1)
+ privateGw = self.createPvtGw(vpc, "10.0.3.99", "10.0.3.100", acl.id, vlan_1)
self.replacePvtGwACL(acl.id, privateGw.id)
@attr(tags=["advanced"], required_hardware="true")
@@ -280,7 +280,7 @@ class TestPrivateGwACL(cloudstackTestCase):
self.fail("No Physical Networks found!")
vlans = physical_networks[0].vlan.split('-')
- vlan_1 = int(vlans[0]) + 1
+ vlan_1 = int(vlans[0])
network_1 = self.createNetwork(vpc_1, gateway = '10.0.1.1')
network_2 = self.createNetwork(vpc_2, gateway = '10.0.2.1')
[5/5] git commit: updated refs/heads/4.6 to 519ce86
Posted by re...@apache.org.
Merge pull request #1151 from ekholabs/fix/private_gw_rVPC-CLOUDSTACK-9075
[4.6] CLOUDSTACK-9075 - As a Developer I want the Private GW feature fixed on single VPCsThis PR fixes the issue we faced with Private Gateways on single VPC when using ACS 4.6.0 and onwards.
The root cause: during the VR refactor, the static routes configuration was left unimplemented.
This PR also improves the existing Replace ACL test and adds a new test, that cover the Private Gateway in a more complete way.
The new test does the following:
1. Create 2 VPCs
2. Create 2 Tiers - 1 per VPC
3. Deploy 2 VMs - 1 per Tier
4. Acquire 2 pub IPs - 1 per VPC
5. Create 2 PF rules - 1 per pub IP
6. Create 2 ACLs + rules - 1 per VPC
7. Assign new ACLs to Tiers
8. Create 2 Private GWs - 1 per VPC
9. Replace the Pvt GWs ACLs
10. Create 2 Static routes - 1 per Pvt GW
11. SSH into VM1 (VPC1) and from there ping VM2 (VPC2)
There is also a test for Private Gateways on Redundant VPCs. But I found out that the feature is broken in when used with rVPCs. It will be addressed in a separate Issue/PR.
I'm running the tests. Will post results as soon as they are ready.
* pr/1151:
CLOUDSTACK-9075 - Uses the same vlan since it should have been already released
CLOUDSTACK-9075 - Adds VPC static routes test
CLOUDSTACK-9075 - Covers Private GW ACL with Redundant VPCs
CLOUDSTACK-9075 - Add method to get list of Physical Networks per zone
Signed-off-by: Remi Bergsma <gi...@remi.nl>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/519ce868
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/519ce868
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/519ce868
Branch: refs/heads/4.6
Commit: 519ce868af097d842e3b91472c8ce07b000b2e16
Parents: 5b7d935 6d9a3d8
Author: Remi Bergsma <gi...@remi.nl>
Authored: Thu Dec 3 19:56:08 2015 +0100
Committer: Remi Bergsma <gi...@remi.nl>
Committed: Thu Dec 3 19:56:09 2015 +0100
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/configure.py | 29 +-
.../config/opt/cloud/bin/cs_staticroutes.py | 30 ++
.../debian/config/opt/cloud/bin/merge.py | 6 +
test/integration/smoke/test_privategw_acl.py | 382 ++++++++++++++++---
tools/marvin/marvin/lib/common.py | 11 +
5 files changed, 394 insertions(+), 64 deletions(-)
----------------------------------------------------------------------