def _verify_l2domain(self, domain_json, vspk_domain,
vspk_backend_domain=None):
# The backend l2domain is only relevant when the l2 domain is linked
# to a backend domain in Shared Infrastructure.
vspk_backend_domain = vspk_backend_domain or vspk_domain
self.assertEqual(vspk_domain.id, domain_json.get('id'))
self.assertEqual(vspk_domain.name, domain_json.get('name'))
self.assertEqual('L2', domain_json.get('type'))
self.assertEqual(vspk_domain.parent_id,
domain_json.get('net_partition_id'))
if Topology.has_full_dhcp_control_in_vsd():
self.assertEqual(vspk_backend_domain.dhcp_managed,
domain_json.get('dhcp_managed'))
self.assertEqual(vspk_backend_domain.ip_type,
domain_json.get('ip_version'))
l2dom_address = IPNetwork(
vspk_backend_domain.address + '/' +
vspk_backend_domain.netmask)
self.assertEqual(str(l2dom_address), domain_json.get('cidr'))
self.assertEqual(vspk_backend_domain.ipv6_address,
domain_json.get('ipv6_cidr'))
self.assertEqual(vspk_backend_domain.ipv6_gateway,
domain_json.get('ipv6_gateway'))
dhcp_option = vspk_backend_domain.dhcp_options.get_first()
if dhcp_option:
self.assertEqual(dhcp_option.actual_values[0],
domain_json['gateway'])
else:
self.assertIsNone(domain_json.get('gateway'))
def _given_vsd_l2_dhcp_disabled_domain(self,
gateway=None,
IPv6Gateway=None):
if self.vsd_dhcp_managed:
if not Topology.has_full_dhcp_control_in_vsd():
self.skipTest(
'DHCP cannot be disabled on mgd l2 domain in this release')
return self._given_vsd_l2domain(dhcp_managed=True,
cidr4=self.cidr4,
enable_dhcpv4=False,
cidr6=self.cidr6,
enable_dhcpv6=False,
return_template=True,
gateway=gateway,
IPv6Gateway=IPv6Gateway)
else:
return self._given_vsd_l2domain(dhcp_managed=False,
cidr4=self.cidr4,
cidr6=self.cidr6,
return_template=True)
def _validate_dhcp_flag(self, l2_dom, enable_dhcp):
if Topology.has_full_dhcp_control_in_vsd():
if self._ip_version == 4:
self.assertEqual(l2_dom.enable_dhcpv4, enable_dhcp)
else:
self.assertEqual(l2_dom.enable_dhcpv6, enable_dhcp)
class Ipv4OsMgdL3ConnectivityTest(SingleStackOsMgdConnectivityTestBase):
@decorators.attr(type='smoke')
def test_icmp_connectivity_l3_os_managed(self):
self._icmp_connectivity_l3_os_managed_by_name('test-server')
@testtools.skipUnless(sys.version_info >= (3, 0),
reason='Skip with python 2')
def test_icmp_connectivity_l3_os_managed_russian(self):
# Let's serve some Russian horseradish...
name = (u'\u0445\u0440\u0435\u043d-\u0441-' +
u'\u0440\u0443\u0447\u043a\u043e\u0439')
self._icmp_connectivity_l3_os_managed_by_name(name)
@testtools.skipUnless(sys.version_info >= (3, 0),
reason='Skip with python 2')
def test_icmp_connectivity_l3_os_managed_line_tab(self):
line_tab = u'\u000b'
name = 'test' + line_tab + 'server'
self._icmp_connectivity_l3_os_managed_by_name(name, 'test-server')
def test_icmp_connectivity_l3_os_managed_neg(self):
network, _ = self._create_resources(is_l3=True)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network
server2 = self.create_tenant_server(
[network], # in default sg - so not accessible!
# -- hence also can't set prepare_for_connectivity
prepare_for_connectivity=False)
server1 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
# Test connectivity between peer servers
self.assert_ping(server1, server2, network, should_pass=False)
def test_icmp_connectivity_l3_os_managed_dual_nic(self):
network1, _ = self._create_resources(is_l3=True, cidr=self._cidr1)
network2, _ = self._create_resources(cidr=self._cidr2)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network
server1 = self.create_tenant_server(
[network1],
security_groups=[ssh_security_group])
server2 = self.create_tenant_server(
[network2],
security_groups=[ssh_security_group])
# create server12 ports
p1 = self.create_port(
network=network1,
security_groups=[ssh_security_group['id']])
p2 = self.create_port(
network=network2,
security_groups=[ssh_security_group['id']],
extra_dhcp_opts=[{'opt_name': 'router', 'opt_value': '0'}])
server12 = self.create_tenant_server(
ports=[p1, p2],
prepare_for_connectivity=True)
# Test connectivity between peer servers
self.assert_ping(server12, server1, network1)
self.assert_ping(server12, server2, network2)
@testtools.skipIf(not Topology.has_full_dhcp_control_in_vsd(),
'L3 with no DHCP is supported from 6.0 onwards only')
@testtools.skipIf(not CONF.scenario.dhcp_client,
reason='IP statically configured through cloud-init')
def test_icmp_connectivity_l3_os_managed_no_dhcp(self):
# Provision OpenStack network resources
network, _ = self._create_resources(is_l3=True, enable_dhcp=False)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network
server2 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group])
# to make it reachable via FIP, gateway also must be configured.
server1 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
# Test connectivity between peer servers
self.assert_ping(server1, server2, network)
@testtools.skipIf(not Topology.has_full_dhcp_control_in_vsd(),
'L3 with no DHCP is supported from 6.0 onwards only')
@testtools.skipIf(not CONF.scenario.dhcp_client,
reason='IP statically configured through cloud-init')
def test_icmp_connectivity_l3_os_managed_no_dhcp_neg(self):
# Provision OpenStack network resources
network, _ = self._create_resources(is_l3=True, enable_dhcp=False)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack networks
# Force DHCP config even though subnet has no
# DHCP enabled (won't work)
server2 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
force_dhcp_config=True)
server1 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
# Test connectivity between peer servers
self.assert_ping(server1, server2, network, should_pass=False)
def test_icmp_connectivity_stateful_acl_os_managed_l3(self):
self._test_icmp_connectivity_stateful_acl_os_managed(is_l3=True)
def test_icmp_connectivity_stateless_acl_os_managed_l3_neg(self):
self._test_icmp_connectivity_stateful_acl_os_managed(
is_l3=True, stateful=False)
@testtools.skipUnless(CONF.compute.min_compute_nodes > 1,
'Less than 2 compute nodes, skipping multinode '
'tests.')
def test_multi_compute_icmp_connectivity_l3_os_managed(self):
self._test_multi_compute_icmp_connectivity_os_managed(is_l3=True)
def test_tcp_stateful_connectivity_l3_os_managed(self):
# Provision OpenStack network resources
router = self.create_public_router()
network = self.create_network()
subnet = self.create_subnet(network)
self.router_attach(router, subnet)
self.validate_tcp_stateful_traffic(network)
def test_icmp_connectivity_multiple_subnets_in_shared_network(self):
"""test_icmp_connectivity_multiple_subnets_in_shared_network
Check that there is connectivity between VM's with floatingip's
in different subnets of the same network. These subnets have
underlay=False so they end up in a new L3 domain on VSD instead of the
existing shared FIP to underlay domain.
"""
# Provision OpenStack network resources
kwargs = {
"router:external": True
}
ext_network = self.create_network(manager=self.admin_manager, **kwargs)
ext_s1 = self.create_subnet(ext_network, manager=self.admin_manager,
cidr=data_utils.gimme_a_cidr(),
underlay=False)
ext_s2 = self.create_subnet(ext_network, manager=self.admin_manager,
cidr=data_utils.gimme_a_cidr(),
underlay=False)
r1 = self.create_router(external_network_id=ext_network['id'])
r2 = self.create_router(external_network_id=ext_network['id'])
r_access = self.create_router(external_network_id=self.ext_net_id)
n1 = self.create_network()
s1 = self.create_subnet(n1, cidr=IPNetwork('52.0.0.0/24'))
self.router_attach(r1, s1)
n2 = self.create_network()
s2 = self.create_subnet(n2, cidr=IPNetwork('53.0.0.0/24'))
self.router_attach(r2, s2)
# create resources in order to ssh into server 1
n_access = self.create_network()
s_access = self.create_subnet(n_access, cidr=data_utils.gimme_a_cidr())
self.router_attach(r_access, s_access)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network
p1 = self.create_port(
network=n1,
security_groups=[ssh_security_group['id']],
extra_dhcp_opts=[{'opt_name': 'router', 'opt_value': '0'}]
)
p2 = self.create_port(
network=n2,
security_groups=[ssh_security_group['id']])
p_access = self.create_port(
network=n_access,
security_groups=[ssh_security_group['id']])
self.create_floatingip(external_network_id=ext_network['id'],
subnet_id=ext_s1['id'], port_id=p1['id'])
fip2 = self.create_floatingip(external_network_id=ext_network['id'],
subnet_id=ext_s2['id'], port_id=p2['id'])
server2 = self.create_tenant_server(
ports=[p2], pre_prepared_fip=fip2,
prepare_for_connectivity=False)
server1 = self.create_tenant_server(
ports=[p_access, p1],
prepare_for_connectivity=True,
user_data='ip route add {} via {}'.format(ext_s2['cidr'],
s1['gateway_ip']))
# Test connectivity between peer servers
self.assert_ping(server1, server2, ext_network,
address=fip2['floating_ip_address'])
@decorators.attr(type='smoke')
def test_icmp_connectivity_l3_os_managed_cross_subnet(self):
# Provision OpenStack network resources
# A goal of this tests is also to use the small /30 subnet
network_1 = self.create_network(port_security_enabled=False)
subnet_1 = self.create_subnet(network_1)
network_2 = self.create_network(port_security_enabled=False)
subnet_2 = self.create_subnet(network_2,
cidr=IPNetwork('10.11.12.1/30'),
mask_bits=30)
# attach subnets to router
router = self.create_router(
external_network_id=self.ext_net_id)
self.router_attach(router, subnet_1)
self.router_attach(router, subnet_2)
# Launch tenant servers in OpenStack network
server2 = self.create_tenant_server(
[network_2],
security_groups=[],
prepare_for_connectivity=False)
# to make it reachable via FIP, gateway also must be configured.
server1 = self.create_tenant_server(
[network_1],
security_groups=[],
prepare_for_connectivity=True)
# Test connectivity between peer servers
self.assert_ping(server1, server2, network_2)
def _verify_vsd_l2domain_template(self,
l2domain_template,
ip_type="IPV4",
dhcp_managed=False,
cidr4=None,
cidr6=None,
**kwargs):
if dhcp_managed:
self.assertTrue(l2domain_template.dhcp_managed)
if ip_type == "IPV4":
self.assertEqual("IPV4", l2domain_template.ip_type)
self.assertIsNone(l2domain_template.ipv6_address)
self.assertIsNone(l2domain_template.ipv6_gateway)
elif ip_type == "IPV6":
self.assertEqual("IPV6", l2domain_template.ip_type)
self.assertIsNone(l2domain_template.address)
self.assertIsNone(l2domain_template.gateway)
self.assertIsNone(l2domain_template.netmask)
elif ip_type == "DUALSTACK":
self.assertEqual("DUALSTACK", l2domain_template.ip_type)
else:
self.assertEqual("IPV6", l2domain_template.ip_type)
self.assertIsNone(cidr4)
if cidr4:
self.assertEqual(str(cidr4.ip), l2domain_template.address)
if not kwargs.get('netmask'):
netmask = str(cidr4.netmask)
self.assertEqual(netmask, l2domain_template.netmask)
if not kwargs.get('gateway'):
gateway_ip = str(IPAddress(cidr4) + 1)
if not Topology.has_full_dhcp_control_in_vsd():
self.assertEqual(gateway_ip, l2domain_template.gateway)
kwargs.pop('gateway', None) # in case set to None
elif l2domain_template.enable_dhcpv4:
self.assertEqual(gateway_ip, l2domain_template.gateway)
else:
self.assertIsNone(l2domain_template.gateway)
if not Topology.has_full_dhcp_control_in_vsd():
kwargs.pop('enable_dhcpv4', None)
else:
self.assertIsNone(l2domain_template.address)
self.assertIsNone(l2domain_template.gateway)
self.assertIsNone(l2domain_template.netmask)
if cidr6:
self.assertEqual(str(cidr6), l2domain_template.ipv6_address)
if not Topology.has_full_dhcp_control_in_vsd():
kwargs.pop('enable_dhcpv6', None)
kwargs.pop('ipv6_gateway', None)
elif not kwargs.get('ipv6_gateway'):
if kwargs.get('enable_dhcpv6'):
gateway_ip = str(IPAddress(cidr6) + 1)
self.assertEqual(gateway_ip,
l2domain_template.ipv6_gateway)
else:
self.assertIsNone(l2domain_template.ipv6_gateway)
else:
self.assertFalse(l2domain_template.dhcp_managed)
# verify all other kwargs as attributes (key,value) pairs
for key, value in iteritems(kwargs):
self.assertEqual(value, getattr(l2domain_template, key),
'Unexpected value for {}'.format(key))
self.assertIsNone(l2domain_template.external_id)
