def disable_snat():
LOG.fixture_step("Disable SNAT on tenant router")
try:
network_helper.set_router_gateway(enable_snat=False)
finally:
LOG.fixture_step("Revert primary tenant to {}".format(primary_tenant['tenant']))
Tenant.set_primary(primary_tenant)
def router_info(request):
global result_
result_ = False
LOG.fixture_step(
"Disable SNAT and update router to DVR if not already done.")
router_id = network_helper.get_tenant_router()
network_helper.set_router_gateway(router_id, enable_snat=False)
is_dvr = network_helper.get_router_values(router_id,
fields='distributed',
auth_info=Tenant.get('admin'))[0]
def teardown():
post_dvr = network_helper.get_router_values(
router_id, fields='distributed', auth_info=Tenant.get('admin'))[0]
if post_dvr != is_dvr:
network_helper.set_router_mode(router_id, distributed=is_dvr)
request.addfinalizer(teardown)
if not is_dvr:
network_helper.set_router_mode(router_id,
distributed=True,
enable_on_failure=False)
result_ = True
return router_id
def test_snat_reset_router_ext_gateway(snat_setups):
"""
Test VM external access after evacuation.
Args:
snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip.
Test Setups:
- Find a tenant router that is dvr or non-dvr based on the parameter
- Enable SNAT on tenant router
- boot a vm and attach a floating ip
- Ping vm from NatBox
Test Steps:
- Ping outside from VM
- Clear router gateway
- Verify vm cannot be ping'd from NatBox
- Set router gateway
- Verify vm can be ping'd from NatBox
- Verify vm can ping outside
Test Teardown:
- Delete the created vm (module)
- Disable SNAT on router (module)
"""
vm_, fip = snat_setups
LOG.tc_step("Ping vm management net ip from NatBox")
vm_helper.ping_vms_from_natbox(vm_, use_fip=False)
# vm_helper.ping_vms_from_natbox(vm_, use_fip=True)
LOG.tc_step("Ping outside from VM".format(vm_))
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Disassociate floatingip from vm and verify it's successful.")
network_helper.unset_floating_ip(floating_ip=fip, port=True)
# assert not network_helper.get_floating_ip_info(fip=fip, field='fixed_ip_address'), \
# "Floating ip {} still attached to fixed ip".format(fip)
LOG.tc_step("Clear router gateway and verify vm cannot be ping'd from NatBox")
fixed_ip = network_helper.get_router_ext_gateway_info()['external_fixed_ips'][0]['ip_address']
network_helper.clear_router_gateway(check_first=False)
ping_res = vm_helper.ping_vms_from_natbox(vm_, fail_ok=True, use_fip=False)[0]
assert ping_res is False, "VM can still be ping'd from outside after clearing router gateway."
LOG.tc_step("Set router gateway with the same fixed ip")
network_helper.set_router_gateway(clear_first=False, fixed_ips=fixed_ip, enable_snat=True)
LOG.tc_step("Verify SNAT is enabled by default after setting router gateway.")
assert network_helper.get_router_ext_gateway_info()['enable_snat'], "SNAT is not enabled by default."
LOG.tc_step("Associate floating ip to vm")
network_helper.associate_floating_ip_to_vm(floating_ip=fip, vm_id=vm_)
LOG.tc_step("Verify vm can ping to and be ping'd from outside")
vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, fail_ok=False)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
def _set_external_gatewayway_info(router_id, ext_gateway_subnet, gateway_ip,
is_dvr):
LOG.info("External Gateway Subnet Id: {}".format(ext_gateway_subnet))
LOG.info("Router {} external subnet id {}".format(router_id,
ext_gateway_subnet))
network_helper.set_router_gateway(router_id=router_id,
clear_first=False,
fixed_ips=gateway_ip,
enable_snat=False)
network_helper.set_router_mode(router_id=router_id, distributed=is_dvr)
def router_info(request):
LOG.fixture_step("Enable snat on tenant router")
router_id = network_helper.get_tenant_router()
network_helper.set_router_gateway(router_id, enable_snat=True)
def teardown():
LOG.fixture_step("Disable snat on tenant router")
network_helper.set_router_gateway(router_id, enable_snat=False)
request.addfinalizer(teardown)
return router_id
def test_snat_evacuate_vm(snat_setups, snat):
"""
Test VM external access after evacuation.
Args:
snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip.
snat (bool): whether or not to enable SNAT on router
Test Setups (module):
- Find a tenant router that is dvr or non-dvr based on the parameter
- Enable SNAT on tenant router
- boot a vm and attach a floating ip
- Ping vm from NatBox
Test Steps:
- Ping VM from NatBox
- Reboot vm host
- Verify vm is evacuated to other host
- Verify vm can still ping outside
Test Teardown:
- Delete the created vm (module)
- Disable snat (module)
"""
vm_ = snat_setups[0]
snat = True if snat == 'snat_enabled' else False
LOG.tc_step("Update tenant router external gateway to set SNAT to {}".format(snat))
network_helper.set_router_gateway(enable_snat=snat)
time.sleep(30)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=True)
host = vm_helper.get_vm_host(vm_)
LOG.tc_step("Ping VM from NatBox".format(vm_))
vm_helper.ping_vms_from_natbox(vm_, use_fip=False)
# vm_helper.ping_vms_from_natbox(vm_, use_fip=True)
LOG.tc_step("Evacuate vm")
vm_helper.evacuate_vms(host=host, vms_to_check=vm_)
LOG.tc_step("Verify vm can still ping outside")
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat, timeout=VMTimeout.DHCP_RETRY)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
host_helper.wait_for_hosts_ready(hosts=host)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=False)
if snat:
vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=True)
def snat_setups(request):
find_dvr = 'True' if request.param == 'distributed' else 'False'
primary_tenant = Tenant.get_primary()
other_tenant = Tenant.get_secondary()
for auth_info in [primary_tenant, other_tenant]:
tenant_router = network_helper.get_tenant_router(auth_info=auth_info)
is_dvr_router = network_helper.get_router_values(router_id=tenant_router,
fields='distributed')[0]
if find_dvr == str(is_dvr_router):
LOG.fixture_step("Setting primary tenant to {}".format(common.get_tenant_name(auth_info)))
Tenant.set_primary(auth_info)
break
else:
skip("No {} router found on system.".format(request.param))
LOG.fixture_step("Update router to enable SNAT")
network_helper.set_router_gateway(enable_snat=True) # Check snat is handled by the keyword
def disable_snat():
LOG.fixture_step("Disable SNAT on tenant router")
try:
network_helper.set_router_gateway(enable_snat=False)
finally:
LOG.fixture_step("Revert primary tenant to {}".format(primary_tenant['tenant']))
Tenant.set_primary(primary_tenant)
request.addfinalizer(disable_snat)
LOG.fixture_step("Boot a VM from volume")
vm_id = vm_helper.boot_vm(name='snat', reuse_vol=False, cleanup='module')[1]
if system_helper.is_avs():
LOG.fixture_step("Attempt to ping from NatBox and ensure if fails")
ping_res = vm_helper.wait_for_vm_pingable_from_natbox(vm_id, timeout=60, fail_ok=True, use_fip=False)
assert ping_res is False, "VM can still be ping'd from outside after SNAT enabled without floating ip."
LOG.fixture_step("Create a floating ip and associate it to VM")
floatingip = network_helper.create_floating_ip(cleanup='module')[1]
network_helper.associate_floating_ip_to_vm(floatingip, vm_id)
LOG.fixture_step("Ping vm's floating ip from NatBox and ensure it's reachable")
vm_helper.wait_for_vm_pingable_from_natbox(vm_id, timeout=60, use_fip=True)
return vm_id, floatingip
def teardown():
LOG.fixture_step("Disable snat on tenant router")
network_helper.set_router_gateway(router_id, enable_snat=False)
def test_snat_vm_actions(snat_setups, snat):
"""
Test VM external access over VM launch, live-migration, cold-migration, pause/unpause, etc
Args:
snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip.
Test Setups (module):
- Find a tenant router that is dvr or non-dvr based on the parameter
- Enable SNAT on tenant router
- boot a vm and attach a floating ip
- Ping vm from NatBox
Test Steps:
- Enable/Disable SNAT based on snat param
- Ping from VM to 8.8.8.8
- wget <lab_fip> to VM
- scp from NatBox to VM
- Live-migrate the VM and verify ping from VM
- Cold-migrate the VM and verify ping from VM
- Pause and un-pause the VM and verify ping from VM
- Suspend and resume the VM and verify ping from VM
- Stop and start the VM and verify ping from VM
- Reboot the VM and verify ping from VM
Test Teardown:
- Enable snat for next test in the same module (function)
- Delete the created vm (module)
- Disable snat (module)
"""
vm_ = snat_setups[0]
snat = True if snat == 'snat_enabled' else False
LOG.tc_step("Update tenant router external gateway to set SNAT to {}".format(snat))
network_helper.set_router_gateway(enable_snat=snat)
# Allow router update to complete, since we've seen cases where ping vm pass but ssh fail
time.sleep(30)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=snat)
LOG.tc_step("Ping from VM {} to 8.8.8.8".format(vm_))
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("wget to VM {}".format(vm_))
with vm_helper.ssh_to_vm_from_natbox(vm_id=vm_, use_fip=True) as vm_ssh:
vm_ssh.exec_cmd('wget google.ca', fail_ok=False)
LOG.tc_step("scp from NatBox to VM {}".format(vm_))
vm_fip = network_helper.get_external_ips_for_vms(vms=vm_)[0]
natbox_ssh = NATBoxClient.get_natbox_client()
natbox_ssh.scp_on_source(source_path='test', dest_user='******', dest_ip=vm_fip, dest_path='/tmp/',
dest_password='******', timeout=30)
LOG.tc_step("Live-migrate the VM and verify ping from VM")
vm_helper.live_migrate_vm(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Cold-migrate the VM and verify ping from VM")
vm_helper.cold_migrate_vm(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Pause and un-pause the VM and verify ping from VM")
vm_helper.pause_vm(vm_)
vm_helper.unpause_vm(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Suspend and resume the VM and verify ping from VM")
vm_helper.suspend_vm(vm_)
vm_helper.resume_vm(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Stop and start the VM and verify ping from VM")
vm_helper.stop_vms(vm_)
vm_helper.start_vms(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Reboot the VM and verify ping from VM")
vm_helper.reboot_vm(vm_)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
LOG.tc_step("Resize the vm to a flavor with 2 dedicated cpus and verify ping from VM")
new_flv = nova_helper.create_flavor(name='ded', vcpus=2)[1]
ResourceCleanup.add('flavor', new_flv, scope='module')
nova_helper.set_flavor(new_flv, **{FlavorSpec.CPU_POLICY: 'dedicated'})
vm_helper.resize_vm(vm_, new_flv)
vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat)
vm_helper.ping_ext_from_vm(vm_, use_fip=True)
def enable_snat_teardown():
network_helper.set_router_gateway(enable_snat=True)
def refstack_setup(refstack_pre_check, request):
LOG.fixture_step("Enable Swift if not already done")
storage_helper.modify_swift(enable=True)
LOG.fixture_step("Create tenants, users, and update quotas")
compliance_helper.create_tenants_and_update_quotas(add_swift_role=True)
LOG.fixture_step("Create test flavors")
flavors = []
for i in range(2):
flavor_id = nova_helper.create_flavor(name='refstack', vcpus=2, ram=2048, root_disk=2, cleanup='session')[1]
nova_helper.set_flavor(flavor_id, **{FlavorSpec.CPU_POLICY: 'dedicated',
FlavorSpec.MEM_PAGE_SIZE: 2048})
flavors.append(flavor_id)
LOG.fixture_step("Get/create test images")
images = [glance_helper.get_image_id_from_name()]
image_id = glance_helper.create_image()[1]
images.append(image_id)
ResourceCleanup.add('image', image_id, scope='session')
LOG.fixture_step("Setup public router if not already done.")
external_net_id = network_helper.get_networks(external=True)[0]
public_router = 'public-router0'
pub_routers = network_helper.get_routers(name=public_router, auth_info=Tenant.get('admin'))
if not pub_routers:
LOG.info("Create public router and add interfaces")
public_router_id = network_helper.create_router(name=public_router, project=Tenant.get('admin')['tenant'])[1]
network_helper.set_router_gateway(router_id=public_router_id, external_net=external_net_id)
internal_subnet = 'internal0-subnet0-1'
gateway = '10.1.1.1'
network_helper.set_subnet(subnet=internal_subnet, gateway=gateway)
network_helper.add_router_interface(router=public_router_id, subnet=internal_subnet,
auth_info=Tenant.get('admin'))
keystone_pub = keystone_helper.get_endpoints(field='URL', interface='public', service_name='keystone')[0]
keystone_pub_url = keystone_pub.split('/v')[0] + '/'
keystone_pub_url = keystone_pub_url.replace(':', '\:').replace('/', '\/')
params_dict = {
'image_ref': images[0],
'image_ref_alt': images[1],
'flavor_ref': flavors[0],
'flavor_ref_alt': flavors[1],
'public_network_id': external_net_id,
'uri': keystone_pub_url + 'v2.0',
'uri_v3': keystone_pub_url + 'v3',
'discoverable_apis': 'tempurl,container_quotas',
'container_sync': 'false',
'object_versioning': 'true',
'discoverability': 'false',
}
LOG.fixture_step("Update tempest.conf parameters on cumulus server: \n{}".format(params_dict))
with compliance_helper.ssh_to_compliance_server() as server_ssh:
for key, val in params_dict.items():
server_ssh.exec_cmd('sed -i "s/^{} =.*/{} = {}/g" {}'.format(key, key, val, RefStack.TEMPEST_CONF),
fail_ok=False)
server_ssh.exec_cmd('grep {} {}'.format(val, RefStack.TEMPEST_CONF), fail_ok=False)
compliance_helper.add_route_for_vm_access(server_ssh)
def scp_logs():
LOG.info("scp test results files from refstack test host to local automation dir")
dest_dir = os.path.join(ProjVar.get_var('LOG_DIR'), 'compliance')
os.makedirs(dest_dir, exist_ok=True)
localhost = LocalHostClient()
localhost.connect()
for item in RefStack.LOG_FILES:
source_path = '{}/{}'.format(RefStack.TEST_HISTORY_DIR, item)
localhost.scp_on_dest(source_ip=ComplianceCreds.get_host(), source_user=ComplianceCreds.get_user(),
source_pswd=ComplianceCreds.get_password(), source_path=source_path,
dest_path=dest_dir, timeout=300, cleanup=False)
origin_name = ComplianceVar.get_var('REFSTACK_SUITE').rsplit(r'/', maxsplit=1)[-1]
localhost.exec_cmd('mv {}/test-list.txt {}/{}'.format(dest_dir, dest_dir, origin_name))
request.addfinalizer(scp_logs)