You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by we...@apache.org on 2013/06/26 11:30:13 UTC
[03/25] git commit: updated refs/heads/advancedsg-leaseweb to c5383c8
Merge branch '4-2-advanced-zone-security-group'
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/adf31aba
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/adf31aba
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/adf31aba
Branch: refs/heads/advancedsg-leaseweb
Commit: adf31aba37cffccdf5ad151a3ee407c6130476b0
Parents: a810a2f
Author: Wei Zhou <w....@leaseweb.com>
Authored: Tue Jun 11 10:45:36 2013 +0200
Committer: Wei Zhou <w....@leaseweb.com>
Committed: Tue Jun 11 10:45:36 2013 +0200
----------------------------------------------------------------------
.../configuration/ConfigurationManagerImpl.java | 10 +-
.../consoleproxy/ConsoleProxyManagerImpl.java | 29 +-
.../com/cloud/resource/ResourceManagerImpl.java | 6 +
.../secondary/SecondaryStorageManagerImpl.java | 32 +-
setup/db/db/schema-40to410.sql | 3 +
setup/dev/advancedsg.cfg | 185 +++++
.../component/test_advancedsg_networks.py | 753 +++++++++++++++++++
test/integration/component/test_egress_rules.py | 20 +-
.../component/test_security_groups.py | 22 +-
tools/devcloud/devcloud-advancedsg.cfg | 119 +++
tools/marvin/marvin/configGenerator.py | 123 +++
tools/marvin/marvin/deployDataCenter.py | 32 +-
.../marvin/sandbox/advancedsg/__init__.py | 18 +
.../marvin/sandbox/advancedsg/advancedsg_env.py | 150 ++++
.../marvin/sandbox/advancedsg/setup.properties | 61 ++
tools/marvin/setup.py | 2 +-
ui/scripts/zoneWizard.js | 1 -
17 files changed, 1513 insertions(+), 53 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 64ea54b..38c005c 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1538,13 +1538,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
// check if zone has necessary trafficTypes before enabling
try {
PhysicalNetwork mgmtPhyNetwork;
- if (NetworkType.Advanced == zone.getNetworkType()) {
- // zone should have a physical network with public and management traffiType
+ // zone should have a physical network with management traffiType
+ mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
+ if (NetworkType.Advanced == zone.getNetworkType() && ! zone.isSecurityGroupEnabled() ) {
+ // advanced zone without SG should have a physical network with public Thpe
_networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public);
- mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
- } else {
- // zone should have a physical network with management traffiType
- mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
}
try {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index 831c812..664def9 100755
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -758,19 +758,28 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
- TrafficType defaultTrafficType = TrafficType.Public;
- if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
- defaultTrafficType = TrafficType.Guest;
- }
-
- List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
+ NetworkVO defaultNetwork = null;
+ if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
+ List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
+ if (networks == null || networks.size() == 0) {
+ throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
+ }
+ defaultNetwork = networks.get(0);
+ } else {
+ TrafficType defaultTrafficType = TrafficType.Public;
+ if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
+ defaultTrafficType = TrafficType.Guest;
+ }
+ List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
- if (defaultNetworks.size() != 1) {
- throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
+ // api should never allow this situation to happen
+ if (defaultNetworks.size() != 1) {
+ throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ + defaultTrafficType + " when expect to find 1");
+ }
+ defaultNetwork = defaultNetworks.get(0);
}
- NetworkVO defaultNetwork = defaultNetworks.get(0);
-
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);
NicProfile defaultNic = new NicProfile();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/server/src/com/cloud/resource/ResourceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resource/ResourceManagerImpl.java b/server/src/com/cloud/resource/ResourceManagerImpl.java
index bd454cb..169e735 100755
--- a/server/src/com/cloud/resource/ResourceManagerImpl.java
+++ b/server/src/com/cloud/resource/ResourceManagerImpl.java
@@ -437,6 +437,12 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
+ cmd.getHypervisor() + " to a supported ");
}
+ if (zone.isSecurityGroupEnabled()) {
+ if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) {
+ throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone");
+ }
+ }
+
Cluster.ClusterType clusterType = null;
if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) {
clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index fca89dc..bb17ae0 100755
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -540,19 +540,27 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
DataCenter dc = _dcDao.findById(plan.getDataCenterId());
- TrafficType defaultTrafficType = TrafficType.Public;
- if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
- defaultTrafficType = TrafficType.Guest;
- }
-
- List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
-
- //api should never allow this situation to happen
- if (defaultNetworks.size() != 1) {
- throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
+ NetworkVO defaultNetwork = null;
+ if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
+ List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
+ if (networks == null || networks.size() == 0) {
+ throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
+ }
+ defaultNetwork = networks.get(0);
+ } else {
+ TrafficType defaultTrafficType = TrafficType.Public;
+
+ if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
+ defaultTrafficType = TrafficType.Guest;
+ }
+ List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
+ // api should never allow this situation to happen
+ if (defaultNetworks.size() != 1) {
+ throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ + defaultTrafficType + " when expect to find 1");
+ }
+ defaultNetwork = defaultNetworks.get(0);
}
-
- NetworkVO defaultNetwork = defaultNetworks.get(0);
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/setup/db/db/schema-40to410.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-40to410.sql b/setup/db/db/schema-40to410.sql
index db05ab4..bb0537d 100644
--- a/setup/db/db/schema-40to410.sql
+++ b/setup/db/db/schema-40to410.sql
@@ -1656,3 +1656,6 @@ INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'manag
UPDATE `cloud`.`configuration` set category='Advanced' where category='Advanced ';
UPDATE `cloud`.`configuration` set category='Hidden' where category='Hidden ';
+#update shared sg enabled network with not null name in Advance Security Group enabled network
+UPDATE `cloud`.`networks` set name='Shared SG enabled network', display_text='Shared SG enabled network' WHERE name IS null AND traffic_type='Guest' AND data_center_id IN (select id from data_center where networktype='Advanced' and is_~
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/setup/dev/advancedsg.cfg
----------------------------------------------------------------------
diff --git a/setup/dev/advancedsg.cfg b/setup/dev/advancedsg.cfg
new file mode 100644
index 0000000..e6922b6
--- /dev/null
+++ b/setup/dev/advancedsg.cfg
@@ -0,0 +1,185 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+{
+ "zones": [
+ {
+ "name": "Sandbox-Simulator",
+ "dns1": "10.147.28.6",
+ "physical_networks": [
+ {
+ "name": "Sandbox-pnet",
+ "tags": [
+ "cloud-simulator-pnet"
+ ],
+ "broadcastdomainrange": "Zone",
+ "providers": [
+ {
+ "broadcastdomainrange": "ZONE",
+ "name": "VirtualRouter"
+ },
+ {
+ "broadcastdomainrange": "ZONE",
+ "name": "SecurityGroupProvider"
+ }
+ ],
+ "traffictypes": [
+ {
+ "typ": "Guest"
+ },
+ {
+ "typ": "Management",
+ "simulator": "cloud-simulator-mgmt"
+ }
+ ],
+ "isolationmethods": [
+ "VLAN"
+ ]
+ }
+ ],
+ "securitygroupenabled": "true",
+ "ipranges": [
+ {
+ "startip": "10.147.31.150",
+ "endip": "10.147.31.159",
+ "netmask": "255.255.255.0",
+ "vlan": "31",
+ "gateway": "10.147.31.1"
+ }
+ ],
+ "networktype": "Advanced",
+ "pods": [
+ {
+ "endip": "10.147.29.159",
+ "name": "POD0",
+ "startip": "10.147.29.150",
+ "netmask": "255.255.255.0",
+ "clusters": [
+ {
+ "clustername": "C0",
+ "hypervisor": "Simulator",
+ "hosts": [
+ {
+ "username": "root",
+ "url": "http://simulator0",
+ "password": "password"
+ }
+ ],
+ "clustertype": "CloudManaged",
+ "primaryStorages": [
+ {
+ "url": "nfs://10.147.28.6:/export/home/sandbox/primary",
+ "name": "PS0"
+ }
+ ]
+ }
+ ],
+ "gateway": "10.147.29.1"
+ }
+ ],
+ "internaldns1": "10.147.28.6",
+ "secondaryStorages": [
+ {
+ "url": "nfs://10.147.28.6:/export/home/sandbox/sstor"
+ }
+ ]
+ }
+ ],
+ "dbSvr": {
+ "dbSvr": "localhost",
+ "passwd": "cloud",
+ "db": "cloud",
+ "port": 3306,
+ "user": "cloud"
+ },
+ "logger": [
+ {
+ "name": "TestClient",
+ "file": "testclient.log"
+ },
+ {
+ "name": "TestCase",
+ "file": "testcase.log"
+ }
+ ],
+ "globalConfig": [
+ {
+ "name": "storage.cleanup.interval",
+ "value": "300"
+ },
+ {
+ "name": "direct.agent.load.size",
+ "value": "1000"
+ },
+ {
+ "name": "default.page.size",
+ "value": "10000"
+ },
+ {
+ "name": "instance.name",
+ "value": "QA"
+ },
+ {
+ "name": "workers",
+ "value": "10"
+ },
+ {
+ "name": "vm.op.wait.interval",
+ "value": "5"
+ },
+ {
+ "name": "account.cleanup.interval",
+ "value": "600"
+ },
+ {
+ "name": "guest.domain.suffix",
+ "value": "sandbox.simulator"
+ },
+ {
+ "name": "expunge.delay",
+ "value": "60"
+ },
+ {
+ "name": "vm.allocation.algorithm",
+ "value": "random"
+ },
+ {
+ "name": "expunge.interval",
+ "value": "60"
+ },
+ {
+ "name": "expunge.workers",
+ "value": "3"
+ },
+ {
+ "name": "secstorage.allowed.internal.sites",
+ "value": "10.147.28.0/24"
+ },
+ {
+ "name": "check.pod.cidrs",
+ "value": "true"
+ }
+ ],
+ "mgtSvr": [
+ {
+ "mgtSvrIp": "localhost",
+ "passwd": "password",
+ "user": "root",
+ "port": 8096
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/test/integration/component/test_advancedsg_networks.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_advancedsg_networks.py b/test/integration/component/test_advancedsg_networks.py
new file mode 100644
index 0000000..e24254d
--- /dev/null
+++ b/test/integration/component/test_advancedsg_networks.py
@@ -0,0 +1,753 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+""" P1 tests for networks in advanced zone with security groups
+"""
+#Import Local Modules
+import marvin
+from marvin.cloudstackTestCase import *
+from marvin.cloudstackAPI import *
+from marvin.integration.lib.utils import *
+from marvin.integration.lib.base import *
+from marvin.integration.lib.common import *
+from marvin.remoteSSHClient import remoteSSHClient
+import datetime
+import netaddr
+
+class Services:
+ """ Test networks in advanced zone with security groups"""
+
+ def __init__(self):
+ self.services = {
+ "domain": {
+ "name": "DOM",
+ },
+ "project": {
+ "name": "Project",
+ "displaytext": "Test project",
+ },
+ "account": {
+ "email": "admin-XABU1@test.com",
+ "firstname": "admin-XABU1",
+ "lastname": "admin-XABU1",
+ "username": "admin-XABU1",
+ # Random characters are appended for unique
+ # username
+ "password": "fr3sca",
+ },
+ "service_offering": {
+ "name": "Tiny Instance",
+ "displaytext": "Tiny Instance",
+ "cpunumber": 1,
+ "cpuspeed": 100, # in MHz
+ "memory": 128, # In MBs
+ },
+ "shared_network_offering_sg": {
+ "name": 'MySharedOffering-sg',
+ "displaytext": 'MySharedOffering-sg',
+ "guestiptype": 'Shared',
+ "supportedservices": 'Dhcp,Dns,UserData,SecurityGroup',
+ "specifyVlan" : "False",
+ "specifyIpRanges" : "False",
+ "traffictype": 'GUEST',
+ "serviceProviderList" : {
+ "Dhcp": 'VirtualRouter',
+ "Dns": 'VirtualRouter',
+ "UserData": 'VirtualRouter',
+ "SecurityGroup": 'SecurityGroupProvider'
+ },
+ },
+ "shared_network_offering": {
+ "name": 'MySharedOffering',
+ "displaytext": 'MySharedOffering',
+ "guestiptype": 'Shared',
+ "supportedservices": 'Dhcp,Dns,UserData',
+ "specifyVlan" : "False",
+ "specifyIpRanges" : "False",
+ "traffictype": 'GUEST',
+ "serviceProviderList" : {
+ "Dhcp": 'VirtualRouter',
+ "Dns": 'VirtualRouter',
+ "UserData": 'VirtualRouter'
+ },
+ },
+ "shared_network_sg": {
+ "name": "MyIsolatedNetwork - Test",
+ "displaytext": "MyIsolatedNetwork",
+ "networkofferingid":"1",
+ "vlan" :1200,
+ "gateway" :"172.16.15.1",
+ "netmask" :"255.255.255.0",
+ "startip" :"172.16.15.2",
+ "endip" :"172.16.15.20",
+ "acltype" : "Domain",
+ "scope":"all",
+ },
+ "shared_network": {
+ "name": "MySharedNetwork - Test",
+ "displaytext": "MySharedNetwork",
+ "vlan" :1201,
+ "gateway" :"172.16.15.1",
+ "netmask" :"255.255.255.0",
+ "startip" :"172.16.15.21",
+ "endip" :"172.16.15.41",
+ "acltype" : "Domain",
+ "scope":"all",
+ },
+ "isolated_network_offering": {
+ "name": 'Network offering-DA services',
+ "displaytext": 'Network offering-DA services',
+ "guestiptype": 'Isolated',
+ "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Firewall,Lb,UserData,StaticNat',
+ "traffictype": 'GUEST',
+ "availability": 'Optional',
+ "serviceProviderList": {
+ "Dhcp": 'VirtualRouter',
+ "Dns": 'VirtualRouter',
+ "SourceNat": 'VirtualRouter',
+ "PortForwarding": 'VirtualRouter',
+ "Vpn": 'VirtualRouter',
+ "Firewall": 'VirtualRouter',
+ "Lb": 'VirtualRouter',
+ "UserData": 'VirtualRouter',
+ "StaticNat": 'VirtualRouter',
+ },
+ },
+ "isolated_network": {
+ "name": "Isolated Network",
+ "displaytext": "Isolated Network",
+ },
+ "virtual_machine": {
+ "displayname": "Test VM",
+ "username": "root",
+ "password": "password",
+ "ssh_port": 22,
+ "hypervisor": 'XenServer',
+ # Hypervisor type should be same as
+ # hypervisor type of cluster
+ "privateport": 22,
+ "publicport": 22,
+ "protocol": 'TCP',
+ },
+ "ostype": 'CentOS 5.3 (64-bit)',
+ # Cent OS 5.3 (64 bit)
+ "sleep": 90,
+ "timeout": 10,
+ "mode": 'advanced',
+ "securitygroupenabled": 'true'
+ }
+
+class TestNetworksInAdvancedSG(cloudstackTestCase):
+
+ @classmethod
+ def setUpClass(cls):
+ cls.api_client = super(
+ TestSharedNetworks,
+ cls
+ ).getClsTestClient().getApiClient()
+
+ cls.services = Services().services
+
+ # Get Zone, Domain and templates
+ cls.domain = get_domain(cls.api_client, cls.services)
+ cls.zone = get_zone(cls.api_client, cls.services)
+ cls.template = get_template(
+ cls.api_client,
+ cls.zone.id,
+ cls.services["ostype"]
+ )
+
+ cls.services["virtual_machine"]["zoneid"] = cls.zone.id
+ cls.services["virtual_machine"]["template"] = cls.template.id
+
+ cls.service_offering = ServiceOffering.create(
+ cls.api_client,
+ cls.services["service_offering"]
+ )
+
+ cls._cleanup = [
+ cls.service_offering,
+ ]
+ return
+
+ @classmethod
+ def tearDownClass(cls):
+ try:
+ #Cleanup resources used
+ cleanup_resources(cls.api_client, cls._cleanup)
+ except Exception as e:
+ raise Exception("Warning: Exception during cleanup : %s" % e)
+ return
+
+ def setUp(self):
+ self.api_client = self.testClient.getApiClient()
+ self.dbclient = self.testClient.getDbConnection()
+ self.cleanup = []
+ self.cleanup_networks = []
+ self.cleanup_accounts = []
+ self.cleanup_domains = []
+ self.cleanup_projects = []
+ self.cleanup_vms = []
+ return
+
+ def tearDown(self):
+ try:
+ #Clean up, terminate the created network offerings
+ cleanup_resources(self.api_client, self.cleanup)
+ except Exception as e:
+ raise Exception("Warning: Exception during cleanup : %s" % e)
+
+ #below components is not a part of cleanup because to mandate the order and to cleanup network
+ try:
+ for vm in self.cleanup_vms:
+ vm.delete(self.api_client)
+ except Exception as e:
+ raise Exception("Warning: Exception during virtual machines cleanup : %s" % e)
+
+ try:
+ for project in self.cleanup_projects:
+ project.delete(self.api_client)
+ except Exception as e:
+ raise Exception("Warning: Exception during project cleanup : %s" % e)
+
+ try:
+ for account in self.cleanup_accounts:
+ account.delete(self.api_client)
+ except Exception as e:
+ raise Exception("Warning: Exception during account cleanup : %s" % e)
+
+ try:
+ for domain in self.cleanup_domains:
+ domain.delete(self.api_client)
+ except Exception as e:
+ raise Exception("Warning: Exception during domain cleanup : %s" % e)
+
+ #Wait till all resources created are cleaned up completely and then attempt to delete Network
+ time.sleep(self.services["sleep"])
+
+ try:
+ for network in self.cleanup_networks:
+ network.delete(self.api_client)
+ except Exception as e:
+ raise Exception("Warning: Exception during network cleanup : %s" % e)
+ return
+
+ def test_createIsolatedNetwork(self):
+ """ Test Isolated Network """
+
+ # Steps,
+ # 1. create an Admin Account - admin-XABU1
+ # 2. listPhysicalNetworks in available zone
+ # 3. createNetworkOffering:
+ # 4. Enable network offering - updateNetworkOffering - state=Enabled
+ # 5. createNetwork
+ # Validations,
+ # 1. listAccounts name=admin-XABU1, state=enabled returns your account
+ # 2. listPhysicalNetworks should return at least one active physical network
+ # 4. listNetworkOfferings - name=myisolatedoffering, should list enabled offering
+ # 5. network creation should FAIL since isolated network is not supported in advanced zone with security groups.
+
+ #Create admin account
+ self.admin_account = Account.create(
+ self.api_client,
+ self.services["account"],
+ admin=True,
+ domainid=self.domain.id
+ )
+
+ self.cleanup_accounts.append(self.admin_account)
+
+ #verify that the account got created with state enabled
+ list_accounts_response = Account.list(
+ self.api_client,
+ id=self.admin_account.account.id,
+ listall=True
+ )
+ self.assertEqual(
+ isinstance(list_accounts_response, list),
+ True,
+ "listAccounts returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_accounts_response),
+ 0,
+ "listAccounts returned empty list."
+ )
+ self.assertEqual(
+ list_accounts_response[0].state,
+ "enabled",
+ "The admin account created is not enabled."
+ )
+
+ self.debug("Admin type account created: %s" % self.admin_account.name)
+
+ #Create an user account
+ self.user_account = Account.create(
+ self.api_client,
+ self.services["account"],
+ admin=False,
+ domainid=self.domain.id
+ )
+
+ self.cleanup_accounts.append(self.user_account)
+
+ #verify that the account got created with state enabled
+ list_accounts_response = Account.list(
+ self.api_client,
+ id=self.user_account.account.id,
+ listall=True
+ )
+ self.assertEqual(
+ isinstance(list_accounts_response, list),
+ True,
+ "listAccounts returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_accounts_response),
+ 0,
+ "listAccounts returned empty list."
+ )
+ self.assertEqual(
+ list_accounts_response[0].state,
+ "enabled",
+ "The user account created is not enabled."
+ )
+
+ self.debug("User type account created: %s" % self.user_account.name)
+
+ #Verify that there should be at least one physical network present in zone.
+ list_physical_networks_response = PhysicalNetwork.list(
+ self.api_client,
+ zoneid=self.zone.id
+ )
+ self.assertEqual(
+ isinstance(list_physical_networks_response, list),
+ True,
+ "listPhysicalNetworks returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_physical_networks_response),
+ 0,
+ "listPhysicalNetworks should return at least one physical network."
+ )
+
+ physical_network = list_physical_networks_response[0]
+
+ self.debug("Physical network found: %s" % physical_network.id)
+
+ #Create Network Offering
+ self.isolated_network_offering = NetworkOffering.create(
+ self.api_client,
+ self.services["isolated_network_offering"],
+ conservemode=False
+ )
+
+ self.cleanup.append(self.isolated_network_offering)
+
+ #Verify that the network offering got created
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.isolated_network_offering.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Disabled",
+ "The network offering created should be bydefault disabled."
+ )
+
+ self.debug("Isolated Network offering created: %s" % self.isolated_network_offering.id)
+
+ #Update network offering state from disabled to enabled.
+ network_offering_update_response = NetworkOffering.update(
+ self.isolated_network_offering,
+ self.api_client,
+ id=self.isolated_network_offering.id,
+ state="enabled"
+ )
+
+ #Verify that the state of the network offering is updated
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.isolated_network_offering.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Enabled",
+ "The network offering state should get updated to Enabled."
+ )
+
+ #create network using the isolated network offering created
+ try:
+ self.isolated_network = Network.create(
+ self.api_client,
+ self.services["isolated_network"],
+ networkofferingid=self.isolated_network_offering.id,
+ zoneid=self.zone.id,
+ )
+ self.cleanup_networks.append(self.isolated_network)
+ self.fail("Create isolated network is invalid in advanced zone with security groups.")
+ except Exception as e:
+ self.debug("Network creation failed because create isolated network is invalid in advanced zone with security groups.")
+
+ def test_createSharedNetwork_withoutSG(self):
+ """ Test Shared Network with used vlan 01 """
+
+ # Steps,
+ # 1. create an Admin account
+ # 2. create a shared NetworkOffering
+ # 3. enable the network offering
+ # 4. listPhysicalNetworks
+ # 5. createNetwork
+ # Validations,
+ # 1. listAccounts state=enabled returns your account
+ # 2. listNetworkOfferings - name=mysharedoffering , should list offering in disabled state
+ # 3. listNetworkOfferings - name=mysharedoffering, should list enabled offering
+ # 4. listPhysicalNetworks should return at least one active physical network
+ # 5. network creation should FAIL since there is no SecurityProvide in the network offering
+
+ #Create admin account
+ self.admin_account = Account.create(
+ self.api_client,
+ self.services["account"],
+ admin=True,
+ domainid=self.domain.id
+ )
+
+ self.cleanup_accounts.append(self.admin_account)
+
+ #verify that the account got created with state enabled
+ list_accounts_response = Account.list(
+ self.api_client,
+ id=self.admin_account.account.id,
+ listall=True
+ )
+ self.assertEqual(
+ isinstance(list_accounts_response, list),
+ True,
+ "listAccounts returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_accounts_response),
+ 0,
+ "listAccounts returned empty list."
+ )
+ self.assertEqual(
+ list_accounts_response[0].state,
+ "enabled",
+ "The admin account created is not enabled."
+ )
+
+ self.debug("Domain admin account created: %s" % self.admin_account.account.id)
+
+ #Verify that there should be at least one physical network present in zone.
+ list_physical_networks_response = PhysicalNetwork.list(
+ self.api_client,
+ zoneid=self.zone.id
+ )
+ self.assertEqual(
+ isinstance(list_physical_networks_response, list),
+ True,
+ "listPhysicalNetworks returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_physical_networks_response),
+ 0,
+ "listPhysicalNetworks should return at least one physical network."
+ )
+
+ physical_network = list_physical_networks_response[0]
+
+ self.debug("Physical Network found: %s" % physical_network.id)
+
+ self.services["shared_network_offering"]["specifyVlan"] = "True"
+ self.services["shared_network_offering"]["specifyIpRanges"] = "True"
+
+ #Create Network Offering
+ self.shared_network_offering = NetworkOffering.create(
+ self.api_client,
+ self.services["shared_network_offering"],
+ conservemode=False
+ )
+
+ self.cleanup.append(self.shared_network_offering)
+
+ #Verify that the network offering got created
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.shared_network_offering.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Disabled",
+ "The network offering created should be bydefault disabled."
+ )
+
+ self.debug("Shared Network Offering created: %s" % self.shared_network_offering.id)
+
+ #Update network offering state from disabled to enabled.
+ network_offering_update_response = NetworkOffering.update(
+ self.shared_network_offering,
+ self.api_client,
+ id=self.shared_network_offering.id,
+ state="enabled"
+ )
+
+ #Verify that the state of the network offering is updated
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.shared_network_offering.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Enabled",
+ "The network offering state should get updated to Enabled."
+ )
+
+ #create network using the shared network offering created
+ self.services["shared_network"]["acltype"] = "domain"
+ self.services["shared_network"]["networkofferingid"] = self.shared_network_offering.id
+ self.services["shared_network"]["physicalnetworkid"] = physical_network.id
+
+ try:
+ self.shared_network = Network.create(
+ self.api_client,
+ self.services["shared_network"],
+ networkofferingid=self.shared_network_offering.id,
+ zoneid=self.zone.id
+ )
+ self.cleanup_networks.append(self.shared_network)
+ self.fail("Network created without SecurityProvider , which is invalid")
+ except Exception as e:
+ self.debug("Network creation failed because there is no SecurityProvider in the network offering.")
+
+ def test_deployVM_SharedwithSG(self):
+ """ Test VM deployment in shared networks with SecurityProvider """
+
+ # Steps,
+ # 0. create a user account
+ # 1. Create one shared Network (scope=ALL, different IP ranges)
+ # 2. deployVirtualMachine in the above networkid within the user account
+ # 3. delete the user account
+ # Validations,
+ # 1. shared network should be created successfully
+ # 2. VM should deploy successfully
+
+ #Create admin account
+ self.admin_account = Account.create(
+ self.api_client,
+ self.services["account"],
+ admin=True,
+ domainid=self.domain.id
+ )
+
+ self.cleanup_accounts.append(self.admin_account)
+
+ #verify that the account got created with state enabled
+ list_accounts_response = Account.list(
+ self.api_client,
+ id=self.admin_account.account.id,
+ liistall=True
+ )
+ self.assertEqual(
+ isinstance(list_accounts_response, list),
+ True,
+ "listAccounts returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_accounts_response),
+ 0,
+ "listAccounts returned empty list."
+ )
+ self.assertEqual(
+ list_accounts_response[0].state,
+ "enabled",
+ "The admin account created is not enabled."
+ )
+
+ self.debug("Admin type account created: %s" % self.admin_account.name)
+
+ self.services["shared_network_offering_sg"]["specifyVlan"] = "True"
+ self.services["shared_network_offering_sg"]["specifyIpRanges"] = "True"
+
+ #Create Network Offering
+ self.shared_network_offering_sg = NetworkOffering.create(
+ self.api_client,
+ self.services["shared_network_offering_sg"],
+ conservemode=False
+ )
+
+ self.cleanup.append(self.shared_network_offering_sg)
+
+ #Verify that the network offering got created
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.shared_network_offering_sg.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Disabled",
+ "The network offering created should be bydefault disabled."
+ )
+
+ self.debug("Shared Network offering created: %s" % self.shared_network_offering_sg.id)
+
+ #Update network offering state from disabled to enabled.
+ network_offering_update_response = NetworkOffering.update(
+ self.shared_network_offering_sg,
+ self.api_client,
+ id=self.shared_network_offering_sg.id,
+ state="enabled"
+ )
+
+ #Verify that the state of the network offering is updated
+ list_network_offerings_response = NetworkOffering.list(
+ self.api_client,
+ id=self.shared_network_offering_sg.id
+ )
+ self.assertEqual(
+ isinstance(list_network_offerings_response, list),
+ True,
+ "listNetworkOfferings returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_network_offerings_response),
+ 0,
+ "listNetworkOfferings returned empty list."
+ )
+ self.assertEqual(
+ list_network_offerings_response[0].state,
+ "Enabled",
+ "The network offering state should get updated to Enabled."
+ )
+
+ physical_network = list_physical_networks_response[0]
+
+ #create network using the shared network offering created
+ self.services["shared_network_sg"]["acltype"] = "domain"
+ self.services["shared_network_sg"]["networkofferingid"] = self.shared_network_offering_sg.id
+ self.services["shared_network_sg"]["physicalnetworkid"] = physical_network.id
+ self.shared_network_sg = Network.create(
+ self.api_client,
+ self.services["shared_network_sg"],
+ domainid=self.admin_account.account.domainid,
+ networkofferingid=self.shared_network_offering_sg.id,
+ zoneid=self.zone.id
+ )
+
+ self.cleanup_networks.append(self.shared_network_sg)
+
+ list_networks_response = Network.list(
+ self.api_client,
+ id=self.shared_network_sg.id
+ )
+ self.assertEqual(
+ isinstance(list_networks_response, list),
+ True,
+ "listNetworks returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(list_networks_response),
+ 0,
+ "listNetworks returned empty list."
+ )
+ self.assertEqual(
+ list_networks_response[0].specifyipranges,
+ True,
+ "The network is created with ip range but the flag is set to False."
+ )
+
+ self.debug("Shared Network created: %s" % self.shared_network_sg.id)
+
+ self.shared_network_admin_account_virtual_machine = VirtualMachine.create(
+ self.api_client,
+ self.services["virtual_machine"],
+ accountid=self.admin_account.name,
+ domainid=self.admin_account.account.domainid,
+ networkids=self.shared_network_sg.id,
+ serviceofferingid=self.service_offering.id
+ )
+ vms = VirtualMachine.list(
+ self.api_client,
+ id=self.shared_network_admin_account_virtual_machine.id,
+ listall=True
+ )
+ self.assertEqual(
+ isinstance(vms, list),
+ True,
+ "listVirtualMachines returned invalid object in response."
+ )
+ self.assertNotEqual(
+ len(vms),
+ 0,
+ "listVirtualMachines returned empty list."
+ )
+ self.debug("Virtual Machine created: %s" % self.shared_network_admin_account_virtual_machine.id)
+
+ ip_range = list(netaddr.iter_iprange(unicode(self.services["shared_network_sg"]["startip"]), unicode(self.services["shared_network_sg"]["endip"])))
+ if netaddr.IPAddress(unicode(vms[0].nic[0].ipaddress)) not in ip_range:
+ self.fail("Virtual machine ip should be from the ip range assigned to network created.")
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/test/integration/component/test_egress_rules.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_egress_rules.py b/test/integration/component/test_egress_rules.py
index 73a91f4..8340391 100644
--- a/test/integration/component/test_egress_rules.py
+++ b/test/integration/component/test_egress_rules.py
@@ -195,7 +195,7 @@ class TestDefaultSecurityGroupEgress(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_deployVM_InDefaultSecurityGroup(self):
"""Test deploy VM in default security group with no egress rules
"""
@@ -351,7 +351,7 @@ class TestAuthorizeIngressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_authorizeIngressRule(self):
"""Test authorize ingress rule
"""
@@ -508,7 +508,7 @@ class TestDefaultGroupEgress(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_default_group_with_egress(self):
"""Test default group with egress rule before VM deploy and ping, ssh
"""
@@ -708,7 +708,7 @@ class TestDefaultGroupEgressAfterDeploy(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_default_group_with_egress(self):
""" Test default group with egress rule added after vm deploy and ping,
ssh test
@@ -890,7 +890,7 @@ class TestRevokeEgressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_revoke_egress_rule(self):
"""Test revoke security group egress rule
"""
@@ -1151,7 +1151,7 @@ class TestInvalidAccountAuthroize(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_invalid_account_authroize(self):
"""Test invalid account authroize
"""
@@ -1278,7 +1278,7 @@ class TestMultipleAccountsEgressRuleNeg(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_multiple_account_egress_rule_negative(self):
"""Test multiple account egress rules negative case
"""
@@ -1525,7 +1525,7 @@ class TestMultipleAccountsEgressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_multiple_account_egress_rule_positive(self):
"""Test multiple account egress rules positive case
"""
@@ -1815,7 +1815,7 @@ class TestStartStopVMWithEgressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_start_stop_vm_egress(self):
""" Test stop start Vm with egress rules
"""
@@ -2026,7 +2026,7 @@ class TestInvalidParametersForEgress(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_invalid_parameters(self):
""" Test invalid parameters for egress rules
"""
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/test/integration/component/test_security_groups.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py
index 13a87b6..279924a 100644
--- a/test/integration/component/test_security_groups.py
+++ b/test/integration/component/test_security_groups.py
@@ -165,7 +165,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_deployVM_InDefaultSecurityGroup(self):
"""Test deploy VM in default security group
"""
@@ -244,7 +244,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
)
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_listSecurityGroups(self):
"""Test list security groups for admin account
"""
@@ -279,7 +279,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
)
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_03_accessInDefaultSecurityGroup(self):
"""Test access in default security group
"""
@@ -435,7 +435,7 @@ class TestAuthorizeIngressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_authorizeIngressRule(self):
"""Test authorize ingress rule
"""
@@ -570,7 +570,7 @@ class TestRevokeIngressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_revokeIngressRule(self):
"""Test revoke ingress rule
"""
@@ -865,7 +865,7 @@ class TestdeployVMWithUserData(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_deployVMWithUserData(self):
"""Test Deploy VM with User data"""
@@ -1040,7 +1040,7 @@ class TestDeleteSecurityGroup(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_delete_security_grp_running_vm(self):
"""Test delete security group with running VM"""
@@ -1124,7 +1124,7 @@ class TestDeleteSecurityGroup(cloudstackTestCase):
)
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_delete_security_grp_withoout_running_vm(self):
"""Test delete security group without running VM"""
@@ -1285,7 +1285,7 @@ class TestIngressRule(cloudstackTestCase):
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_authorizeIngressRule_AfterDeployVM(self):
"""Test delete security group with running VM"""
@@ -1397,7 +1397,7 @@ class TestIngressRule(cloudstackTestCase):
% (ingress_rule_2["id"], e))
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_revokeIngressRule_AfterDeployVM(self):
"""Test Revoke ingress rule after deploy VM"""
@@ -1551,7 +1551,7 @@ class TestIngressRule(cloudstackTestCase):
% (icmp_rule["ruleid"], e))
return
- @attr(tags = ["sg", "eip"])
+ @attr(tags = ["sg", "eip", "advancedsg"])
def test_03_stopStartVM_verifyIngressAccess(self):
"""Test Start/Stop VM and Verify ingress rule"""
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/devcloud/devcloud-advancedsg.cfg
----------------------------------------------------------------------
diff --git a/tools/devcloud/devcloud-advancedsg.cfg b/tools/devcloud/devcloud-advancedsg.cfg
new file mode 100644
index 0000000..6c26b15
--- /dev/null
+++ b/tools/devcloud/devcloud-advancedsg.cfg
@@ -0,0 +1,119 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# This configuration is meant for running advanced networking with security groups, with management server on the laptop.
+# It requires that the user run a DNS resolver within devcloud via 'apt-get install dnsmasq'
+
+{
+ "zones": [
+ {
+ "localstorageenabled": "true",
+ "name": "testzone",
+ "dns1": "8.8.8.8",
+ "physical_networks": [
+ {
+ "broadcastdomainrange": "Zone",
+ "name": "shared",
+ "traffictypes": [
+ {
+ "typ": "Management"
+ },
+ {
+ "typ": "Guest"
+ }
+ ],
+ "providers": [
+ {
+ "broadcastdomainrange": "ZONE",
+ "name": "VirtualRouter"
+ },
+ {
+ "broadcastdomainrange": "ZONE",
+ "name": "SecurityGroupProvider"
+ }
+ ],
+ "isolationmethods": [
+ "VLAN"
+ ]
+ }
+ ],
+ "securitygroupenabled": "true",
+ "ipranges": [
+ {
+ "startip": "10.0.3.100",
+ "endip": "10.0.3.199",
+ "netmask": "255.255.255.0",
+ "vlan": "1003",
+ "gateway": "10.0.3.2"
+ }
+ ],
+ "networktype": "Advanced",
+ "pods": [
+ {
+ "endip": "192.168.56.249",
+ "name": "testpod",
+ "startip": "192.168.56.200",
+ "netmask": "255.255.255.0",
+ "clusters": [
+ {
+ "clustername": "testcluster",
+ "hypervisor": "XenServer",
+ "hosts": [
+ {
+ "username": "root",
+ "url": "http://192.168.56.10/",
+ "password": "password"
+ }
+ ],
+ "clustertype": "CloudManaged"
+ }
+ ],
+ "gateway": "192.168.56.1"
+ }
+ ],
+ "internaldns1": "192.168.56.10",
+ "secondaryStorages": [
+ {
+ "url": "nfs://192.168.56.10/opt/storage/secondary"
+ }
+ ]
+ }
+ ],
+ "dbSvr": {
+ "dbSvr": "localhost",
+ "passwd": "cloud",
+ "db": "cloud",
+ "port": 3306,
+ "user": "cloud"
+ },
+ "logger": [
+ {
+ "name": "TestClient",
+ "file": "/var/log/testclient.log"
+ },
+ {
+ "name": "TestCase",
+ "file": "/var/log/testcase.log"
+ }
+ ],
+ "mgtSvr": [
+ {
+ "mgtSvrIp": "127.0.0.1",
+ "port": 8096
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/marvin/configGenerator.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/configGenerator.py b/tools/marvin/marvin/configGenerator.py
index e2a6a24..4cd6cec 100644
--- a/tools/marvin/marvin/configGenerator.py
+++ b/tools/marvin/marvin/configGenerator.py
@@ -637,6 +637,126 @@ def describe_setup_in_advanced_mode():
return zs
+'''sample code to generate setup configuration file'''
+def describe_setup_in_advancedsg_mode():
+ zs = cloudstackConfiguration()
+
+ for l in range(1):
+ z = zone()
+ z.dns1 = "8.8.8.8"
+ z.dns2 = "4.4.4.4"
+ z.internaldns1 = "192.168.110.254"
+ z.internaldns2 = "192.168.110.253"
+ z.name = "test"+str(l)
+ z.networktype = 'Advanced'
+ z.vlan = "100-2000"
+ z.securitygroupenabled = "true"
+
+ pn = physical_network()
+ pn.name = "test-network"
+ pn.traffictypes = [traffictype("Guest"), traffictype("Management")]
+
+ #If security groups are reqd
+ sgprovider = provider()
+ sgprovider.broadcastdomainrange = 'ZONE'
+ sgprovider.name = 'SecurityGroupProvider'
+
+ pn.providers.append(sgprovider)
+ z.physical_networks.append(pn)
+
+ '''create 10 pods'''
+ for i in range(2):
+ p = pod()
+ p.name = "test" +str(l) + str(i)
+ p.gateway = "192.168.%d.1"%i
+ p.netmask = "255.255.255.0"
+ p.startip = "192.168.%d.200"%i
+ p.endip = "192.168.%d.220"%i
+
+ '''add 10 clusters'''
+ for j in range(2):
+ c = cluster()
+ c.clustername = "test"+str(l)+str(i) + str(j)
+ c.clustertype = "CloudManaged"
+ c.hypervisor = "Simulator"
+
+ '''add 10 hosts'''
+ for k in range(2):
+ h = host()
+ h.username = "root"
+ h.password = "password"
+ memory = 8*1024*1024*1024
+ localstorage=1*1024*1024*1024*1024
+ #h.url = "http://sim/%d%d%d%d/cpucore=1&cpuspeed=8000&memory=%d&localstorage=%d"%(l,i,j,k,memory,localstorage)
+ h.url = "http://sim/%d%d%d%d"%(l,i,j,k)
+ c.hosts.append(h)
+
+ '''add 2 primary storages'''
+ for m in range(2):
+ primary = primaryStorage()
+ primary.name = "primary"+str(l) + str(i) + str(j) + str(m)
+ #primary.url = "nfs://localhost/path%s/size=%d"%(str(l) + str(i) + str(j) + str(m), size)
+ primary.url = "nfs://localhost/path%s"%(str(l) + str(i) + str(j) + str(m))
+ c.primaryStorages.append(primary)
+
+ p.clusters.append(c)
+
+ z.pods.append(p)
+
+ '''add two secondary'''
+ for i in range(5):
+ secondary = secondaryStorage()
+ secondary.url = "nfs://localhost/path"+str(l) + str(i)
+ z.secondaryStorages.append(secondary)
+
+ '''add default guest network'''
+ ips = iprange()
+ ips.vlan = "26"
+ ips.startip = "172.16.26.2"
+ ips.endip = "172.16.26.100"
+ ips.gateway = "172.16.26.1"
+ ips.netmask = "255.255.255.0"
+ z.ipranges.append(ips)
+
+
+ zs.zones.append(z)
+
+ '''Add one mgt server'''
+ mgt = managementServer()
+ mgt.mgtSvrIp = "localhost"
+ zs.mgtSvr.append(mgt)
+
+ '''Add a database'''
+ db = dbServer()
+ db.dbSvr = "localhost"
+
+ zs.dbSvr = db
+
+ '''add global configuration'''
+ global_settings = {'expunge.delay': '60',
+ 'expunge.interval': '60',
+ 'expunge.workers': '3',
+ }
+ for k,v in global_settings.iteritems():
+ cfg = configuration()
+ cfg.name = k
+ cfg.value = v
+ zs.globalConfig.append(cfg)
+
+ ''''add loggers'''
+ testClientLogger = logger()
+ testClientLogger.name = "TestClient"
+ testClientLogger.file = "/tmp/testclient.log"
+
+ testCaseLogger = logger()
+ testCaseLogger.name = "TestCase"
+ testCaseLogger.file = "/tmp/testcase.log"
+
+ zs.logger.append(testClientLogger)
+ zs.logger.append(testCaseLogger)
+
+ return zs
+
def generate_setup_config(config, file=None):
describe = config
if file is None:
@@ -665,6 +785,7 @@ if __name__ == "__main__":
parser.add_option("-i", "--input", action="store", default=None , dest="inputfile", help="input file")
parser.add_option("-a", "--advanced", action="store_true", default=False, dest="advanced", help="use advanced networking")
+ parser.add_option("-s", "--advancedsg", action="store_true", default=False, dest="advancedsg", help="use advanced networking with security groups")
parser.add_option("-o", "--output", action="store", default="./datacenterCfg", dest="output", help="the path where the json config file generated, by default is ./datacenterCfg")
(options, args) = parser.parse_args()
@@ -673,6 +794,8 @@ if __name__ == "__main__":
config = get_setup_config(options.inputfile)
if options.advanced:
config = describe_setup_in_advanced_mode()
+ elif options.advancedsg:
+ config = describe_setup_in_advancedsg_mode()
else:
config = describe_setup_in_basic_mode()
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/marvin/deployDataCenter.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/deployDataCenter.py b/tools/marvin/marvin/deployDataCenter.py
index e4f7eac..b24ef37 100644
--- a/tools/marvin/marvin/deployDataCenter.py
+++ b/tools/marvin/marvin/deployDataCenter.py
@@ -281,7 +281,8 @@ class deployDataCenters():
createzone.securitygroupenabled = zone.securitygroupenabled
createzone.localstorageenabled = zone.localstorageenabled
createzone.networktype = zone.networktype
- createzone.guestcidraddress = zone.guestcidraddress
+ if zone.securitygroupenabled != "true":
+ createzone.guestcidraddress = zone.guestcidraddress
zoneresponse = self.apiClient.createZone(createzone)
zoneId = zoneresponse.id
@@ -314,10 +315,37 @@ class deployDataCenters():
self.createVlanIpRanges(zone.networktype, zone.ipranges, \
zoneId, forvirtualnetwork=True)
- if zone.networktype == "Advanced":
+ if zone.networktype == "Advanced" and zone.securitygroupenabled != "true":
self.createpods(zone.pods, zoneId)
self.createVlanIpRanges(zone.networktype, zone.ipranges, \
zoneId)
+ elif zone.networktype == "Advanced" and zone.securitygroupenabled == "true":
+ listnetworkoffering = listNetworkOfferings.listNetworkOfferingsCmd()
+ listnetworkoffering.name = "DefaultSharedNetworkOfferingWithSGService"
+ if zone.networkofferingname is not None:
+ listnetworkoffering.name = zone.networkofferingname
+
+ listnetworkofferingresponse = \
+ self.apiClient.listNetworkOfferings(listnetworkoffering)
+
+ networkcmd = createNetwork.createNetworkCmd()
+ networkcmd.displaytext = "Shared SG enabled network"
+ networkcmd.name = "Shared SG enabled network"
+ networkcmd.networkofferingid = listnetworkofferingresponse[0].id
+ networkcmd.zoneid = zoneId
+
+ ipranges = zone.ipranges
+ if ipranges:
+ iprange = ipranges.pop()
+ networkcmd.startip = iprange.startip
+ networkcmd.endip = iprange.endip
+ networkcmd.gateway = iprange.gateway
+ networkcmd.netmask = iprange.netmask
+ networkcmd.vlan = iprange.vlan
+
+ networkcmdresponse = self.apiClient.createNetwork(networkcmd)
+ networkId = networkcmdresponse.id
+ self.createpods(zone.pods, zoneId, networkId)
self.createSecondaryStorages(zone.secondaryStorages, zoneId)
self.enableZone(zoneId, "Enabled")
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/marvin/sandbox/advancedsg/__init__.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/sandbox/advancedsg/__init__.py b/tools/marvin/marvin/sandbox/advancedsg/__init__.py
new file mode 100644
index 0000000..57823fc
--- /dev/null
+++ b/tools/marvin/marvin/sandbox/advancedsg/__init__.py
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/marvin/sandbox/advancedsg/advancedsg_env.py
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/sandbox/advancedsg/advancedsg_env.py b/tools/marvin/marvin/sandbox/advancedsg/advancedsg_env.py
new file mode 100644
index 0000000..f9edf4d
--- /dev/null
+++ b/tools/marvin/marvin/sandbox/advancedsg/advancedsg_env.py
@@ -0,0 +1,150 @@
+#!/usr/bin/env python
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+'''
+############################################################
+# Experimental state of scripts
+# * Need to be reviewed
+# * Only a sandbox
+############################################################
+'''
+import random
+import marvin
+from ConfigParser import SafeConfigParser
+from optparse import OptionParser
+from marvin.configGenerator import *
+
+
+def getGlobalSettings(config):
+ for k, v in dict(config.items('globals')).iteritems():
+ cfg = configuration()
+ cfg.name = k
+ cfg.value = v
+ yield cfg
+
+
+def describeResources(config):
+ zs = cloudstackConfiguration()
+
+ z = zone()
+ z.dns1 = config.get('environment', 'dns')
+ z.internaldns1 = config.get('environment', 'dns')
+ z.name = 'Sandbox-%s'%(config.get('cloudstack', 'hypervisor'))
+ z.networktype = 'Advanced'
+ z.securitygroupenabled = 'true'
+
+ sgprovider = provider()
+ sgprovider.broadcastdomainrange = 'ZONE'
+ sgprovider.name = 'SecurityGroupProvider'
+
+ pn = physical_network()
+ pn.name = "Sandbox-pnet"
+ pn.tags = ["cloud-simulator-pnet"]
+ pn.traffictypes = [traffictype("Guest"),
+ traffictype("Management", {"simulator" : "cloud-simulator-mgmt"})]
+ pn.isolationmethods = ["VLAN"]
+ pn.providers.append(sgprovider)
+
+ z.physical_networks.append(pn)
+
+ p = pod()
+ p.name = 'POD0'
+ p.gateway = config.get('cloudstack', 'private.gateway')
+ p.startip = config.get('cloudstack', 'private.pod.startip')
+ p.endip = config.get('cloudstack', 'private.pod.endip')
+ p.netmask = config.get('cloudstack', 'private.netmask')
+
+ v = iprange()
+ v.gateway = config.get('cloudstack', 'guest.gateway')
+ v.startip = config.get('cloudstack', 'guest.vlan.startip')
+ v.endip = config.get('cloudstack', 'guest.vlan.endip')
+ v.netmask = config.get('cloudstack', 'guest.netmask')
+ v.vlan = config.get('cloudstack', 'guest.vlan')
+ z.ipranges.append(v)
+
+ c = cluster()
+ c.clustername = 'C0'
+ c.hypervisor = config.get('cloudstack', 'hypervisor')
+ c.clustertype = 'CloudManaged'
+
+ h = host()
+ h.username = 'root'
+ h.password = config.get('cloudstack', 'host.password')
+ h.url = 'http://%s'%(config.get('cloudstack', 'host'))
+ c.hosts.append(h)
+
+ ps = primaryStorage()
+ ps.name = 'PS0'
+ ps.url = config.get('cloudstack', 'primary.pool')
+ c.primaryStorages.append(ps)
+
+ p.clusters.append(c)
+ z.pods.append(p)
+
+ secondary = secondaryStorage()
+ secondary.url = config.get('cloudstack', 'secondary.pool')
+ z.secondaryStorages.append(secondary)
+
+ '''Add zone'''
+ zs.zones.append(z)
+
+ '''Add mgt server'''
+ mgt = managementServer()
+ mgt.mgtSvrIp = config.get('environment', 'mshost')
+ mgt.user = config.get('environment', 'mshost.user')
+ mgt.passwd = config.get('environment', 'mshost.passwd')
+ zs.mgtSvr.append(mgt)
+
+ '''Add a database'''
+ db = dbServer()
+ db.dbSvr = config.get('environment', 'mysql.host')
+ db.user = config.get('environment', 'mysql.cloud.user')
+ db.passwd = config.get('environment', 'mysql.cloud.passwd')
+ zs.dbSvr = db
+
+ '''Add some configuration'''
+ [zs.globalConfig.append(cfg) for cfg in getGlobalSettings(config)]
+
+ ''''add loggers'''
+ testClientLogger = logger()
+ testClientLogger.name = 'TestClient'
+ testClientLogger.file = 'testclient.log'
+
+ testCaseLogger = logger()
+ testCaseLogger.name = 'TestCase'
+ testCaseLogger.file = 'testcase.log'
+
+ zs.logger.append(testClientLogger)
+ zs.logger.append(testCaseLogger)
+ return zs
+
+
+if __name__ == '__main__':
+ parser = OptionParser()
+ parser.add_option('-i', '--input', action='store', default='setup.properties', \
+ dest='input', help='file containing environment setup information')
+ parser.add_option('-o', '--output', action='store', default='./sandbox.cfg', \
+ dest='output', help='path where environment json will be generated')
+
+
+ (opts, args) = parser.parse_args()
+
+ cfg_parser = SafeConfigParser()
+ cfg_parser.read(opts.input)
+
+ cfg = describeResources(cfg_parser)
+ generate_setup_config(cfg, opts.output)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/marvin/sandbox/advancedsg/setup.properties
----------------------------------------------------------------------
diff --git a/tools/marvin/marvin/sandbox/advancedsg/setup.properties b/tools/marvin/marvin/sandbox/advancedsg/setup.properties
new file mode 100644
index 0000000..ee07ce2
--- /dev/null
+++ b/tools/marvin/marvin/sandbox/advancedsg/setup.properties
@@ -0,0 +1,61 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+[globals]
+#global settings in cloudstack
+expunge.delay=60
+expunge.interval=60
+storage.cleanup.interval=300
+account.cleanup.interval=600
+expunge.workers=3
+workers=10
+vm.allocation.algorithm=random
+vm.op.wait.interval=5
+guest.domain.suffix=sandbox.simulator
+instance.name=QA
+direct.agent.load.size=1000
+default.page.size=10000
+check.pod.cidrs=true
+secstorage.allowed.internal.sites=10.147.28.0/24
+[environment]
+dns=10.147.28.6
+mshost=localhost
+mshost.user=root
+mshost.passwd=password
+mysql.host=localhost
+mysql.cloud.user=cloud
+mysql.cloud.passwd=cloud
+[cloudstack]
+#management network
+private.gateway=10.147.29.1
+private.pod.startip=10.147.29.150
+private.pod.endip=10.147.29.159
+private.netmask=255.255.255.0
+#guest network
+guest.gateway=10.147.31.1
+guest.vlan=31
+guest.vlan.startip=10.147.31.150
+guest.vlan.endip=10.147.31.159
+guest.netmask=255.255.255.0
+#hypervisor host information
+hypervisor=Simulator
+host=simulator0
+host.password=password
+#storage pools
+primary.pool=nfs://10.147.28.6:/export/home/sandbox/primary
+secondary.pool=nfs://10.147.28.6:/export/home/sandbox/sstor
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/tools/marvin/setup.py
----------------------------------------------------------------------
diff --git a/tools/marvin/setup.py b/tools/marvin/setup.py
index fea53d0..18b2f6a 100644
--- a/tools/marvin/setup.py
+++ b/tools/marvin/setup.py
@@ -32,7 +32,7 @@ setup(name="Marvin",
url="http://jenkins.cloudstack.org:8080/job/marvin",
packages=["marvin", "marvin.cloudstackAPI", "marvin.integration",
"marvin.integration.lib", "marvin.sandbox",
- "marvin.sandbox.advanced", "marvin.sandbox.basic"],
+ "marvin.sandbox.advanced", "marvin.sandbox.advancedsg", "marvin.sandbox.basic"],
license="LICENSE.txt",
install_requires=[
"mysql-connector-python",
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/adf31aba/ui/scripts/zoneWizard.js
----------------------------------------------------------------------
diff --git a/ui/scripts/zoneWizard.js b/ui/scripts/zoneWizard.js
index 8b5171b..06a10a2 100755
--- a/ui/scripts/zoneWizard.js
+++ b/ui/scripts/zoneWizard.js
@@ -376,7 +376,6 @@
var nonSupportedHypervisors = {};
if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") {
firstOption = "KVM";
- nonSupportedHypervisors["XenServer"] = 1; //to developers: comment this line if you need to test Advanced SG-enabled zone with XenServer hypervisor
nonSupportedHypervisors["VMware"] = 1;
nonSupportedHypervisors["BareMetal"] = 1;
nonSupportedHypervisors["Ovm"] = 1;