Beispiel #1
0
 def create_only_project(cls, project_name=None, **kwargs):
     project_name = project_name or get_random_name('project')
     connections = kwargs.pop('connections', None) or cls.connections
     project_fixture = ProjectFixture(connections=connections,
                       project_name=project_name, **kwargs)
     project_fixture.setUp()
     return project_fixture
Beispiel #2
0
 def create_only_project(cls, project_name=None, **kwargs):
     project_name = project_name or get_random_name('project')
     connections = kwargs.pop('connections', None) or cls.connections
     project_fixture = ProjectFixture(connections=connections,
                       project_name=project_name, **kwargs)
     project_fixture.setUp()
     return project_fixture
Beispiel #3
0
    def allow_default_sg_to_allow_all_on_project(self, project_name):

        self.project_fixture = ProjectFixture(
                project_name=self.inputs.project_name,
                connections=self.connections)
        self.project_fixture.read()
        self.logger.info(
            'Default SG to be edited for allow all on project: %s' %
            project_name)
        self.project_fixture.set_sec_group_for_allow_all(
            project_name, 'default')
Beispiel #4
0
 def setUpClass(cls):
     super(BaseRbac, cls).setUpClass()
     if os.getenv('RBAC_USER1') and os.getenv('RBAC_PASS1'):
         cls.user1 = os.getenv('RBAC_USER1')
         cls.pass1 = os.getenv('RBAC_PASS1')
     else:
         cls.pass1 = cls.user1 = get_random_name(cls.__name__)
         cls.admin_connections.auth.create_user(cls.user1, cls.pass1)
     if os.getenv('RBAC_USER2') and os.getenv('RBAC_PASS2'):
         cls.user2 = os.getenv('RBAC_USER2')
         cls.pass2 = os.getenv('RBAC_PASS2')
     else:
         cls.pass2 = cls.user2 = get_random_name(cls.__name__)
         cls.admin_connections.auth.create_user(cls.user2, cls.pass2)
     if os.getenv('RBAC_ROLE1'):
         cls.role1 = os.getenv('RBAC_ROLE1')
     else:
         cls.role1 = get_random_name(cls.__name__)
         cls.admin_connections.auth.create_role(cls.role1)
     if os.getenv('RBAC_ROLE2'):
         cls.role2 = os.getenv('RBAC_ROLE2')
     else:
         cls.role2 = get_random_name(cls.__name__)
         cls.admin_connections.auth.create_role(cls.role2)
     cls.project_fixture = ProjectFixture(connections=cls.admin_connections,
                                          project_name=cls.inputs.project_name,
                                          domain_name=cls.inputs.domain_name)
     cls.populate_default_rules_in_global_acl()
Beispiel #5
0
 def setUpClass(cls):
     super(BaseRbac, cls).setUpClass()
     cls.rbac_for_analytics = False
     if cls.inputs.get_analytics_aaa_mode() == 'rbac':
         cls.rbac_for_analytics = True
     try:
         if os.getenv('RBAC_USER1') and os.getenv('RBAC_PASS1'):
             cls.user1 = os.getenv('RBAC_USER1')
             cls.pass1 = os.getenv('RBAC_PASS1')
         else:
             cls.pass1 = cls.user1 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_user(cls.user1, cls.pass1)
         if os.getenv('RBAC_USER2') and os.getenv('RBAC_PASS2'):
             cls.user2 = os.getenv('RBAC_USER2')
             cls.pass2 = os.getenv('RBAC_PASS2')
         else:
             cls.pass2 = cls.user2 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_user(cls.user2, cls.pass2)
         if os.getenv('RBAC_USER3') and os.getenv('RBAC_PASS3'):
             cls.user3 = os.getenv('RBAC_USER3')
             cls.pass3 = os.getenv('RBAC_PASS3')
         else:
             cls.pass3 = cls.user3 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_user(cls.user3, cls.pass3)
         if os.getenv('RBAC_ROLE1'):
             cls.role1 = os.getenv('RBAC_ROLE1')
         else:
             cls.role1 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_role(cls.role1)
         if os.getenv('RBAC_ROLE2'):
             cls.role2 = os.getenv('RBAC_ROLE2')
         else:
             cls.role2 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_role(cls.role2)
         if os.getenv('RBAC_ROLE3'):
             cls.role3 = os.getenv('RBAC_ROLE3')
         else:
             cls.role3 = get_random_name(cls.__name__)
             cls.admin_connections.auth.create_role(cls.role3)
         cls.project_fixture = ProjectFixture(
             connections=cls.admin_connections,
             project_name=cls.inputs.project_name,
             domain_name=cls.inputs.domain_name)
         cls.populate_default_rules_in_global_acl()
         cls.get_api_server_inspects()
     except:
         cls.tearDownClass()
         raise
Beispiel #6
0
class BaseNeutronTest(GenericTestBase):

    @classmethod
    def setUpClass(cls):
        cls.public_vn_obj = None
        super(BaseNeutronTest, cls).setUpClass()
        cls.vnc_h = ContrailVncApi(cls.vnc_lib, cls.logger) 
        if cls.inputs.admin_username:
            public_creds = cls.admin_isolated_creds
        else:
            public_creds = cls.isolated_creds
        cls.public_vn_obj = create_public_vn.PublicVn(
            connections=cls.connections,
            isolated_creds_obj=public_creds,
            logger=cls.logger)
    # end setUpClass

    @classmethod
    def tearDownClass(cls):
        super(BaseNeutronTest, cls).tearDownClass()
    # end tearDownClass

    def update_default_quota_list(
            self,
            subnet=-1,
            virtual_network=-1,
            floating_ip=-1,
            logical_router=-1,
            security_group_rule=-1,
            virtual_machine_interface=-1,
            security_group=-1):
        contrail_api_file_list = []

        # Copy the contrail-api.conf to /tmp/ and restore it later

        for cfgm_ip in self.inputs.cfgm_ips:
            api_file_name = get_random_name('contrail-api')
            contrail_api_file_list.append(api_file_name)
            issue_cmd = "cp " + contrail_api_conf + " /tmp/" + \
                api_file_name
            output = self.inputs.run_cmd_on_server(
                cfgm_ip,
                issue_cmd,
                self.inputs.host_data[cfgm_ip]['username'],
                self.inputs.host_data[cfgm_ip]['password'],
                container='api-server')

        self.addCleanup(
            self.restore_default_quota_list,
            contrail_api_file_list)

        # Fetch the contrail-api.conf from all config nodes to active cfgm's
        # /tmp/

        api_file_list = []
        api_file_list.append(contrail_api_conf)
        for cfgm_ip in self.inputs.cfgm_ips[1:]:
            with settings(
                    host_string='%s@%s' % (
                        self.inputs.host_data[cfgm_ip]['username'], cfgm_ip)):
                api_conf_file = get_random_name('contrail-api-remote')
                api_file_list.append('/tmp/' + api_conf_file)
                get(contrail_api_conf, '/tmp/' + api_conf_file)

        # Edit the contrail-api.conf files adding quota sections

        for api_conf in api_file_list:
            api_conf_h = open(api_conf, 'a')
            config = configparser.ConfigParser()
            config.add_section('QUOTA')
            config.set('QUOTA', 'subnet', subnet)
            config.set('QUOTA', 'virtual_network', virtual_network)
            config.set('QUOTA', 'floating_ip', floating_ip)
            config.set('QUOTA', 'logical_router', logical_router)
            config.set('QUOTA', 'security_group', security_group)
            config.set('QUOTA', 'security_group_rule', security_group_rule)
            config.set(
                'QUOTA',
                'virtual_machine_interface',
                virtual_machine_interface)
            config.write(api_conf_h)
            api_conf_h.close()

        # Put back updated contrail-api.conf file to respective cfgm's remove
        # temp files

        count = 1
        for cfgm_ip in self.inputs.cfgm_ips[1:]:
            with settings(
                    host_string='%s@%s' % (
                        self.inputs.host_data[cfgm_ip]['username'], cfgm_ip)):
                put(api_file_list[count], contrail_api_conf)
                issue_cmd = "rm -rf " + api_file_list[count]
                output = self.inputs.run_cmd_on_server(
                    cfgm_ip,
                    issue_cmd,
                    self.inputs.host_data[cfgm_ip]['username'],
                    self.inputs.host_data[cfgm_ip]['password'],
                    container='api-server')
                count = count + 1

        # Restart contrail-api service on all cfgm nodes

        for cfgm_ip in self.inputs.cfgm_ips:
            self.inputs.restart_service('contrail-api', [cfgm_ip],
                                        container='api-server')

        cs_obj = ContrailStatusChecker(self.inputs)
        clusterstatus, error_nodes = cs_obj.wait_till_contrail_cluster_stable()
        assert clusterstatus, (
            'Hash of error nodes and services : %s' % (error_nodes))

    # end update_default_quota_list

    def restore_default_quota_list(self, file_list=[]):
        # Restore default contrail-api.conf on respective cfgm nodes remove
        # temp files

        file_itr = iter(file_list)
        for cfgm_ip in self.inputs.cfgm_ips:
            api_conf_backup = next(file_itr)
            issue_cmd = "cp /tmp/" + api_conf_backup + \
                " " + contrail_api_conf + "; rm -rf /tmp/" + api_conf_backup
            output = self.inputs.run_cmd_on_server(
                cfgm_ip,
                issue_cmd,
                self.inputs.host_data[cfgm_ip]['username'],
                self.inputs.host_data[cfgm_ip]['password'],
                container='api-server')

        for cfgm_ip in self.inputs.cfgm_ips:
            self.inputs.restart_service('contrail-api', [cfgm_ip],
                container='api-server')

        cs_obj = ContrailStatusChecker(self.inputs)
        clusterstatus, error_nodes = cs_obj.wait_till_contrail_cluster_stable()
        assert clusterstatus, (
            'Hash of error nodes and services : %s' % (error_nodes))

    # end restore_default_quota_list

    def create_external_network(self, connections, inputs):
        ext_vn_name = get_random_name('ext_vn')
        ext_subnets = [self.inputs.fip_pool]
        mx_rt = self.inputs.mx_rt
        ext_vn_fixture = self.useFixture(
            VNFixture(
                project_name=inputs.project_name,
                connections=connections,
                vn_name=ext_vn_name,
                inputs=inputs,
                subnets=ext_subnets,
                router_asn=self.inputs.router_asn,
                rt_number=mx_rt,
                router_external=True))
        assert ext_vn_fixture.verify_on_setup()
        return ext_vn_fixture

    # end create_external_network

    @classmethod
    def allow_default_sg_to_allow_all_on_project(self, project_name):

        self.project_fixture = ProjectFixture(
                project_name=self.inputs.project_name,
                connections=self.connections)
        self.project_fixture.read()
        self.logger.info(
            'Default SG to be edited for allow all on project: %s' %
            project_name)
        self.project_fixture.set_sec_group_for_allow_all(
            project_name, 'default')
    # end allow_default_sg_to_allow_all_on_project

    def verify_snat(self, vm_fixture, expectation=True, timeout=200):
        result = True
        self.logger.info("Ping to 8.8.8.8 from vm %s" % (vm_fixture.vm_name))
        if not vm_fixture.ping_with_certainty('8.8.8.8',
                                              expectation=expectation):
            self.logger.error("Ping to 8.8.8.8 from vm %s Failed" %
                              (vm_fixture.vm_name))
            result = result and False
        self.logger.info('Testing FTP...Copying VIM files to VM via FTP')
        run_cmd = "wget http://ftp.vim.org/pub/vim/unix/vim-7.3.tar.bz2"
        vm_fixture.run_cmd_on_vm(cmds=[run_cmd], timeout=timeout)
        output = vm_fixture.return_output_values_list[0]
        if not output or 'saved' not in output:
            self.logger.error("FTP failed from VM %s" %
                              (vm_fixture.vm_name))
            result = result and False
        else:
            self.logger.info("FTP successful from VM %s via FIP" %
                             (vm_fixture.vm_name))
        return result
    # end verify_snat

    def get_active_snat_node(self, vm_fixture, vn_fixture):
        (domain, project, vn) = vn_fixture.vn_fq_name.split(':')
        inspect_h = self.agent_inspect[vm_fixture.vm_node_ip]
        agent_vrf_objs = inspect_h.get_vna_vrf_objs(domain, project, vn)
        agent_vrf_obj = vm_fixture.get_matching_vrf(
            agent_vrf_objs['vrf_list'], vn_fixture.vrf_name)
        vn_vrf_id9 = agent_vrf_obj['ucindex']
        next_hops = inspect_h.get_vna_active_route(
            vrf_id=vn_vrf_id9, ip=vm_fixture.vm_ip, prefix='32')['path_list'][0]['nh']
        if next_hops['type'] == 'interface':
            return vm_fixture.vm_node_ip
        else:
            return next_hops['itf']
    # end get_active_snat_node

    def create_fip_pool(self, vn_id, name=None, **kwargs):
        connections = kwargs.get('connections') or self.connections
        name = name or get_random_name('fip-pool')
        return self.useFixture(FloatingIPFixture(
               connections=connections, pool_name=name, vn_id=vn_id))

    def create_fip(self, fip_fixture, **kwargs):
        connections = kwargs.get('connections') or self.connections
        vnc_h = connections.orch.vnc_h
        self.logger.info('Creating FIP from %s' % fip_fixture.pool_name)
        return vnc_h.create_floating_ip(fip_fixture.fip_pool_obj, fip_fixture.project_obj)

    def assoc_fip(self, fip_id, vm_id, vmi_id=None, **kwargs):
        connections = kwargs.get('connections') or self.connections
        vnc_h = connections.orch.vnc_h
        if vmi_id:
            return vnc_h.assoc_floating_ip(fip_id, vm_id, vmi_id=vmi_id)
        else:
            return vnc_h.assoc_floating_ip(fip_id, vm_id)

    def assoc_fixed_ip_to_fip(self, fip_id, fixed_ip, **kwargs):
        connections = kwargs.get('connections') or self.connections
        vnc_h = connections.orch.vnc_h
        return vnc_h.assoc_fixed_ip_to_floating_ip(fip_id, fixed_ip)

    def disassoc_fip(self, fip_id, **kwargs):
        connections = kwargs.get('connections') or self.connections
        vnc_h = connections.orch.vnc_h
        vnc_h.disassoc_floating_ip(fip_id)

    def del_fip(self, fip_id, **kwargs):
        connections = kwargs.get('connections') or self.connections
        vnc_h = connections.orch.vnc_h
        vnc_h.delete_floating_ip(fip_id)

    def create_and_assoc_fip(self, fip_fixture, vm_fixture,
                             vmi_id=None, fixed_ip=None, **kwargs):
        (fip_ip, fip_id) = self.create_fip(fip_fixture, **kwargs)
        self.addCleanup(self.del_fip, fip_id, **kwargs)
        vm_id = vm_fixture.uuid if vm_fixture else None
        self.assoc_fip(fip_id, vm_id, vmi_id=vmi_id, **kwargs)
        self.addCleanup(self.disassoc_fip, fip_id, **kwargs)
        if fixed_ip:
            self.assoc_fixed_ip_to_fip(fip_id, fixed_ip, **kwargs)
        return (fip_ip, fip_id)

    def config_aap(self, port, prefix, prefix_len=32, mac='', aap_mode='active-standby', contrail_api=False):
        self.logger.info('Configuring AAP on port %s' % port)
        if is_v6(prefix):
            prefix_len = 128
        if contrail_api:
            self.vnc_h.add_allowed_address_pair(
                port, prefix, prefix_len, mac, aap_mode)
        else:
            port_dict = {'allowed_address_pairs': [
                {"ip_address": prefix + '/' + str(prefix_len), "mac_address": mac}]}
            port_rsp = self.update_port(port, port_dict)
        return True
    # end config_aap

    def config_vrrp_on_vsrx(self, src_vm=None, dst_vm=None, vip=None, priority='100', interface='ge-0/0/1'):
        cmdList = []
        cmdList.append('deactivate security nat source rule-set TestNat')
        cmdList.append(
            'deactivate interfaces ge-0/0/1 unit 0 family inet filter')
        cmdList.append('deactivate interfaces ' +
                       interface + ' unit 0 family inet dhcp')
        cmdList.append('deactivate security policies')
        vm_ip = dst_vm.vm_ips[int(interface[-1])]
        vsrx_vrrp_config = ['set interfaces ' + interface + ' unit 0 family inet address ' + vm_ip
                            + '/' + '24 vrrp-group 1 priority ' + priority + ' virtual-address ' + vip + ' accept-data']
        cmdList = cmdList + vsrx_vrrp_config
        cmd_string = (';').join(cmdList)
        assert self.set_config_via_netconf(src_vm, dst_vm,
                                             cmd_string, timeout=10, device='junos', hostkey_verify="False", reboot_required=False), 'Could not configure VRRP thru Netconf'
    # end config_vrrp_on_vsrx

    @retry(delay=5, tries=20)
    def set_config_via_netconf(self, src_vm, dst_vm, cmd_string, timeout=10, device='junos', hostkey_verify="False", reboot_required=False):
        python_code = Template('''
from ncclient import manager
conn = manager.connect(host='$ip', username='******', password='******',timeout=$timeout, device_params=$device_params, hostkey_verify=$hostkey_verify)
conn.lock()
send_config = conn.load_configuration(action='set', config=$cmdList)
check_config = conn.validate()
compare_config = conn.compare_configuration()
conn.commit()
'$reboot_cmd'
conn.unlock()
conn.close_session()
    	''')
        if hostkey_verify == 'False':
            hostkey_verify = bool(False)
        timeout = int(timeout)
        if device == 'junos':
            device_params = {'name': 'junos'}
        cmdList = cmd_string.split(';')
	if reboot_required:
	    reboot_cmd='conn.reboot()'
	else:
	    reboot_cmd=' '
        python_code = python_code.substitute(ip=str(dst_vm.vm_ip), username=str(dst_vm.vm_username), password=str(
            dst_vm.vm_password), device_params=device_params, cmdList=cmdList, timeout=timeout, hostkey_verify=hostkey_verify, reboot_cmd=reboot_cmd)
        assert dst_vm.wait_for_ssh_on_vm(port='830')
        op = src_vm.run_python_code(python_code)
	if op != None:
	    return False
	else:
	    return True
    # end set_config_via_netconf

    def get_config_via_netconf(self, src_vm, dst_vm, cmd_string, timeout=10, device='junos', hostkey_verify="False", format='text'):
        python_code = Template('''
from ncclient import manager
conn = manager.connect(host='$ip', username='******', password='******',timeout=$timeout, device_params=$device_params, hostkey_verify=$hostkey_verify)
get_config=conn.command(command='$cmd', format='$format')
print get_config.tostring
    	''')
        if hostkey_verify == 'False':
            hostkey_verify = bool(False)
        if device == 'junos':
            device_params = {'name': 'junos'}
        cmdList = cmd_string.split(';')
        python_code = python_code.substitute(ip=str(dst_vm.vm_ip), username=str(dst_vm.vm_username), password=str(
            dst_vm.vm_password), device_params=device_params, cmd=cmd_string, timeout=timeout, hostkey_verify=hostkey_verify, format=format)
        assert dst_vm.wait_for_ssh_on_vm(port='830')
        op = src_vm.run_python_code(python_code)
        return op

    @retry(delay=5, tries=10)
    def config_vrrp(self, vm_fix, vip, priority):
        self.logger.info('Configuring VRRP on %s ' % vm_fix.vm_name)
        vrrp_cmd = 'nohup vrrpd -n -D -i eth0 -v 1 -a none -p %s -d 3 %s' % (
            priority, vip)
        vm_fix.run_cmd_on_vm(cmds=[vrrp_cmd], as_sudo=True)
        result = self.vrrp_chk(vm_fix)
        return result
    # end config_vrrp

    def vrrp_chk(self, vm):
        vrrp_chk_cmd = 'netstat -anp | grep vrrpd'
        vm.run_cmd_on_vm(cmds=[vrrp_chk_cmd], as_sudo=True)
        vrrp_op = vm.return_output_cmd_dict[vrrp_chk_cmd]
        if '/vrrpd' in vrrp_op:
            result = True
            self.logger.info('vrrpd running in %s' % vm.vm_name)
        else:
            result = False
            self.logger.error('vrrpd not running in %s' % vm.vm_name)
        return result
    # end vrrp_chk

    @retry(delay=5, tries=20)
    def vrrp_mas_chk(self, src_vm=None, dst_vm=None, vn=None, ip=None, vsrx=False):
        self.logger.info(
            'Will verify who the VRRP master is and the corresponding route entries in the Agent')
        if is_v4(ip):
            prefix = '32'
            vrrp_mas_chk_cmd = 'ip -4 addr ls'
        elif is_v6(ip):
            prefix = '128'
            vrrp_mas_chk_cmd = 'ip -6 addr ls'

        if vsrx:
            vrrp_mas_chk_cmd = 'show vrrp'
            result = self.get_config_via_netconf(
                src_vm, dst_vm, vrrp_mas_chk_cmd, timeout=10, device='junos', hostkey_verify="False", format='text')
            if result == False:
                return result
            if 'master' in result:
                self.logger.info(
                    '%s is selected as the VRRP Master' % dst_vm.vm_name)
                result = True
            else:
                result = False
                self.logger.error('VRRP Master not selected')
        else:
            dst_vm.run_cmd_on_vm(cmds=[vrrp_mas_chk_cmd], as_sudo=True)
            output = dst_vm.return_output_cmd_dict[vrrp_mas_chk_cmd]
            result = False
            if ip in output:
                self.logger.info(
                    '%s is selected as the VRRP Master' % dst_vm.vm_name)
                result = True
            else:
                result = False
                self.logger.error('VRRP Master not selected')
        result = result and self.check_master_in_agent(dst_vm, vn, ip,
                                                       prefix_len=prefix)
        return result
    # end vrrp_mas_chk

    @retry(delay=3, tries=5)
    def check_master_in_agent(self, vm, vn, ip, prefix_len='32', ecmp=False):
        inspect_h = self.agent_inspect[vm.vm_node_ip]
        (domain, project, vnw) = vn.vn_fq_name.split(':')
        agent_vrf_objs = inspect_h.get_vna_vrf_objs(domain, project, vnw)
        agent_vrf_obj = vm.get_matching_vrf(
            agent_vrf_objs['vrf_list'], vn.vrf_name)
        vn1_vrf_id = agent_vrf_obj['ucindex']
        result = False
        paths = []
        try:
            paths = inspect_h.get_vna_active_route(
                vrf_id=vn1_vrf_id, ip=ip, prefix=prefix_len)['path_list']
        except TypeError:
            self.logger.info('Unable to retreive path info')
        for path in paths:
            if path['peer'] == 'LocalVmPort' and path['path_preference_data']['wait_for_traffic'] == 'false':
                result = True
                if ecmp:
                    if path['path_preference_data']['ecmp'] == 'true':
                        result = True
                        break
                    else:
                        result = False
                        return result
                else:
                    break
            else:
                result = False
                self.logger.error(
                    'Path to %s not found in %s' % (ip, vm.vm_node_ip))
        return result
    # end vrrp_mas_chk

    @retry(delay=5, tries=10)
    def verify_vrrp_action(self, src_vm, dst_vm, ip, vsrx=False):
        result = False
        self.logger.info('Will ping %s from %s and check if %s responds' % (
            ip, src_vm.vm_name, dst_vm.vm_name))
        compute_ip = dst_vm.vm_node_ip
        compute_user = self.inputs.host_data[compute_ip]['username']
        compute_password = self.inputs.host_data[compute_ip]['password']
        session = ssh(compute_ip, compute_user, compute_password)
        if vsrx:
            vm_tapintf = dst_vm.tap_intf[dst_vm.vn_fq_names[1]]['name']
        else:
            vm_tapintf = dst_vm.tap_intf[dst_vm.vn_fq_name]['name']
        cmd = 'sudo tcpdump -nni %s -c 2 icmp > /tmp/%s_out.log' % (
            vm_tapintf, vm_tapintf)
        execute_cmd(session, cmd, self.logger)
        assert src_vm.ping_with_certainty(ip)
        output_cmd = 'cat /tmp/%s_out.log' % vm_tapintf
        output, err = execute_cmd_out(session, output_cmd, self.logger)
        if src_vm.vm_ip in output:
            result = True
            self.logger.info(
                '%s is seen responding to ICMP Requests' % dst_vm.vm_name)
        else:
            self.logger.error(
                'ICMP Requests to %s not seen on the VRRP Master' % ip)
            result = False
        return result
    # end verify_vrrp_action

    def create_lb_pool(self, name, lb_method, protocol, subnet_id):
        lb_pool_resp = None
        lb_pool_resp = self.quantum_h.create_lb_pool(
            name, lb_method, protocol, subnet_id)
        if lb_pool_resp:
            self.addCleanup(self.verify_on_pool_delete, lb_pool_resp['id'])
            self.addCleanup(self.quantum_h.delete_lb_pool,
                            lb_pool_resp['id'])
        return lb_pool_resp
    # end create_lb_pool

    def verify_on_pool_delete(self, pool_id):
        result, msg = self.verify_pool_not_in_api_server(pool_id)
        assert result, msg

    @retry(delay=10, tries=20)
    def verify_pool_not_in_api_server(self, pool_id):
        pool = self.api_s_inspect.get_lb_pool(pool_id, refresh=True)
        if pool:
            self.logger.warn("pool with pool id %s still present in API"
                             " server even after pool delete.retrying..." % (pool_id))
            errmsg = "API server verification failed for pool with pool id %s" % (
                pool_id)
            return False, errmsg
        self.logger.debug(
            "pool with pool id %s not present in API server" % (pool_id))
        return True, None

    def create_lb_member(self, ip_address, protocol_port, pool_id):
        lb_member_resp = None
        lb_member_resp = self.quantum_h.create_lb_member(
            ip_address, protocol_port, pool_id)
        if lb_member_resp:
            self.addCleanup(self.verify_on_member_delete, lb_member_resp['id'])
            self.addCleanup(self.quantum_h.delete_lb_member,
                            lb_member_resp['id'])
        return lb_member_resp
    # end create_lb_member

    def verify_on_member_delete(self, member_id):
        result, msg = self.verify_member_not_in_api_server(member_id)
        assert result, msg

    @retry(delay=10, tries=10)
    def verify_member_not_in_api_server(self, member_id):
        member = self.api_s_inspect.get_lb_member(member_id)
        if member:
            self.logger.warn("member with member id %s still present in API"
                             " server even after member delete" % (member_id))
            errmsg = "API server verification failed for member with member id %s" % (
                member_id)
            assert False, errmsg
        self.logger.debug(
            "member with member id %s not present in API server" % (member_id))
        return True, None

    def create_health_monitor(self, delay, max_retries, probe_type, timeout):
        hm_resp = None
        hm_resp = self.quantum_h.create_health_monitor(
            delay, max_retries, probe_type, timeout)
        if hm_resp:
            self.addCleanup(self.verify_on_healthmonitor_delete, hm_resp['id'])
            self.addCleanup(self.quantum_h.delete_health_monitor,
                            hm_resp['id'])
        return hm_resp
    # end create_health_monitor

    def verify_on_healthmonitor_delete(self, healthmonitor_id):
        result, msg = self.verify_healthmonitor_not_in_api_server(
            healthmonitor_id)
        assert result, msg

    @retry(delay=10, tries=10)
    def verify_healthmonitor_not_in_api_server(self, healthmonitor_id):
        healthmonitor = self.api_s_inspect.get_lb_healthmonitor(
            healthmonitor_id)
        if healthmonitor:
            self.logger.warn("healthmonitor with id %s still present in API"
                             " server even after healthmonitor delete" % (healthmonitor_id))
            errmsg = "API server verification failed for healthmonitor with id %s" % (
                healthmonitor_id)
            assert False, errmsg
        self.logger.debug(
            "healthmonitor with id %s not present in API server" % (healthmonitor_id))
        return True, None

    def create_vip(self, name, protocol, protocol_port, subnet_id, pool_id):
        vip_resp = None
        vip_resp = self.quantum_h.create_vip(
            name, protocol, protocol_port, pool_id, subnet_id)
        if vip_resp:
            self.addCleanup(self.verify_on_vip_delete, pool_id, vip_resp['id'])
            self.addCleanup(self.quantum_h.delete_vip,
                            vip_resp['id'])
        return vip_resp
    # end create_vip

    def verify_on_vip_delete(self, pool_id, vip_id):
        result = True
        result, msg = self.verify_vip_delete(vip_id)
        assert result, msg
        for compute_ip in self.inputs.compute_ips:
            result, msg = self.verify_netns_delete(compute_ip, pool_id)
            assert result, msg
        for compute_ip in self.inputs.compute_ips:
            result, msg = self.verify_haproxy_kill(compute_ip, pool_id)
            assert result, msg
        result, msg = self.verify_vip_not_in_api_server(vip_id)
        assert result, msg
    # end verify_on_vip_delete

    @retry(delay=10, tries=10)
    def verify_vip_delete(self, vip_id):
        vip = self.quantum_h.show_vip(vip_id)
        if vip:
            errmsg = "vip %s still exists after delete" % vip_id
            self.logger.error(errmsg)
            return (False, errmsg)
        self.logger.debug("vip %s deleted successfully" % vip_id)
        return (True, None)
    # end verify_vip_delete

    @retry(delay=10, tries=10)
    def verify_netns_delete(self, compute_ip, pool_id):
        cmd = 'ip netns list | grep %s' % pool_id
        pool_obj = self.quantum_h.get_lb_pool(pool_id)
        out = self.inputs.run_cmd_on_server(
            compute_ip, cmd,
            self.inputs.host_data[compute_ip]['username'],
            self.inputs.host_data[compute_ip]['password'],
            container='agent')
        if out:
            self.logger.warn("NET NS: %s still present for pool name: %s with UUID: %s"
                             " even after VIP delete in compute node %s"
                             % (out, pool_obj['name'], pool_id, compute_ip))
            errmsg = "NET NS still present after vip delete, failed in compute %s" % compute_ip
            return False, errmsg
        self.logger.debug("NET NS deleted successfully for pool name: %s with"
                          " UUID :%s in compute node %s" % (pool_obj['name'], pool_id, compute_ip))
        return True, None
    # end verify_netns_delete

    @retry(delay=10, tries=10)
    def verify_haproxy_kill(self, compute_ip, pool_id):
        cmd = 'ps -aux | grep loadbalancer | grep %s' % pool_id
        pool_obj = self.quantum_h.get_lb_pool(pool_id)
        pid = []
        out = self.inputs.run_cmd_on_server(
            compute_ip, cmd,
            self.inputs.host_data[compute_ip]['username'],
            self.inputs.host_data[compute_ip]['password'],
            container='agent')
        output = out.split('\n')
        for out in output:
            match = re.search("nobody\s+(\d+)\s+", out)
            if match:
                pid.append(match.group(1))
        if pid:
            self.logger.warn("haproxy still running even after VIP delete for pool name: %s,"
                            " with UUID: %s in compute node %s" % (pool_obj['name'], pool_id, compute_ip))
            errmsg = "HAPROXY still running after VIP delete failed in compute node %s" % (
                compute_ip)
            return False, errmsg
        self.logger.debug("haproxy process got killed successfully with vip delete for pool"
                          " name: %s UUID :%s on compute %s" % (pool_obj['name'], pool_id, compute_ip))
        return True, None
    # end verify_haproxy_kill

    @retry(delay=10, tries=10)
    def verify_vip_not_in_api_server(self, vip_id):
        vip = self.api_s_inspect.get_lb_vip(vip_id)
        if vip:
            self.logger.warn("vip with vip id %s still present in API"
                             " server even after vip delete" % (vip_id))
            errmsg = "API server verification failed for vip with id %s" % (
                vip_id)
            return False, errmsg
        self.logger.debug(
            "vip with vip id %s not present in API server" % (vip_id))
        #msg = "vip with vip id %s not present in API server" % (vip_id)
        return True, None

    def associate_health_monitor(self, pool_id, hm_id):
        hm_resp = self.quantum_h.associate_health_monitor(
            pool_id, hm_id)
        if hm_resp:
            self.addCleanup(self.verify_on_disassociate_health_monitor,
                            pool_id, hm_id)
            self.addCleanup(self.quantum_h.disassociate_health_monitor,
                            pool_id, hm_id)
    # end associate_health_monitor

    def verify_on_disassociate_health_monitor(self, pool_id, hm_id):
        result, msg = self.verify_disassociate_health_monitor(pool_id, hm_id)
        assert result, msg
    # end verify_on_disassociate_health_monitor

    @retry(delay=10, tries=10)
    def verify_disassociate_health_monitor(self, pool_id, hm_id):
        pool = self.api_s_inspect.get_lb_pool(pool_id)
        try:
            healthmonitor_refs = pool[
                'loadbalancer-pool']['loadbalancer_healthmonitor_refs']
            for href in healthmonitor_refs:
                if href['uuid'] == healthmonitor_id:
                    self.logger.warn("healthmonitor with id %s associated with pool"
                                     "  %s" % (healthmonitor_id, pool['loadbalancer-pool']['name']))
                    errmsg = ("API server verification failed, health monitor %s still associated"
                              " with pool %s" % (healthmonitor_id, ool['loadbalancer-pool']['name']))
                    return False, errmsg
                else:
                    self.logger.debug("healthmonitor with id %s successfully disassociated with pool"
                                      "  %s" % (healthmonitor_id, pool['loadbalancer-pool']['name']))
                    return True, None
        except KeyError:
            self.logger.debug("healthmonitor refs not found in API server for pool %s"
                              % (pool['loadbalancer-pool']['name']))
            return True, None
    # end verify_disassociate_health_monitor

    def extend_vn_to_physical_router(self, vn_fixture, phy_router_fixture):
        # Attach VN to router in Contrail API so that Device manager
        # can configure the device
        phy_router_fixture.add_virtual_network(vn_fixture.vn_id)
        self.addCleanup(self.delete_vn_from_physical_router, vn_fixture,
                        phy_router_fixture)
    # end extend_vn_to_physical_router

    def delete_vn_from_physical_router(self, vn_fixture, phy_router_fixture):
        # Disassociate VN from the physical router so that Device manager
        # can delete corresponding configs from the device
        phy_router_fixture.delete_virtual_network(vn_fixture.vn_id)
    # end delete_vn_from_physical_router

    def get_subnets_count(self, project_uuid):
        return  len(self.quantum_h.obj.list_subnets(
                    tenant_id=project_uuid)['subnets'])
    # end get_subnets_count

    def config_keepalive(self, vm_fix, vip, vid, priority):
        self.logger.info('Configuring Keepalive on %s ' % vm_fix.vm_name)
        cmdList = []
        cmd = '''cat > /etc/keepalived/keepalived.conf << EOS
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id %s
    priority %s
    advert_int 1
    virtual_ipaddress {
        %s
    }
}
EOS
'''%(vid, priority, vip)
        vm_fix.run_cmd_on_vm(cmds=[cmd], as_sudo=True)
        service_restart= "service keepalived restart"
        vm_fix.run_cmd_on_vm(cmds=[service_restart], as_sudo=True)
        result = self.keepalive_chk(vm_fix)
        return result
    # end config_keepalive

    @retry(delay=5, tries=10)
    def keepalive_chk(self, vm):
        keepalive_chk_cmd = 'netstat -anp | grep keepalived'
        vm.run_cmd_on_vm(cmds=[keepalive_chk_cmd], as_sudo=True)
        keepalive_op = vm.return_output_cmd_dict[keepalive_chk_cmd]
        if '/keepalived' in keepalive_op:
            result = True
            self.logger.info('keepalived running in %s' % vm.vm_name)
        else:
            result = False
            self.logger.error('keepalived not running in %s' % vm.vm_name)
        return result
    # end keepalive_chk
 
    def service_keepalived(self, vm, action):
        keepalive_chk_cmd = 'service keepalived %s' %(action)
        vm.run_cmd_on_vm(cmds=[keepalive_chk_cmd], as_sudo=True)
        return True
    def test_quota_update_of_specific_tenant(self):
        '''Quota update of one tenant should not affect
           quota for other tenant
        '''
        result = True
        quota_dict = {
            'subnet': 3,
            'router': 5,
            'network': 3,
            'floatingip': 4,
            'port': 5,
            'security_group': 4,
            'security_group_rule': 6
        }

        project_name = get_random_name('project1')
        user_fixture = self.useFixture(
            UserFixture(connections=self.connections,
                        username='******',
                        password='******'))
        project_fixture_obj = self.useFixture(
            ProjectFixture(username=self.inputs.stack_user,
                           password=self.inputs.stack_password,
                           project_name=project_name,
                           vnc_lib_h=self.vnc_lib,
                           connections=self.connections))
        user_fixture.add_user_to_tenant(project_name, 'test_usr', 'Member')
        assert project_fixture_obj.verify_on_setup()

        project_name1 = get_random_name('project2')
        user_fixture1 = self.useFixture(
            UserFixture(connections=self.connections,
                        username='******',
                        password='******'))
        project_fixture_obj1 = self.useFixture(
            ProjectFixture(username='******',
                           password='******',
                           project_name=project_name1,
                           vnc_lib_h=self.vnc_lib,
                           connections=self.connections))
        user_fixture1.add_user_to_tenant(project_name1, 'test_usr1', 'Member')
        assert project_fixture_obj1.verify_on_setup()

        quota_show_dict1 = self.admin_connections.quantum_h.show_quota(
            project_fixture_obj.uuid)

        self.logger.info(
            "Update quota for tenant %s to: \n %s by admin tenant " %
            (project_fixture_obj1.inputs.project_name, quota_dict))
        quota_rsp = self.admin_connections.quantum_h.update_quota(
            project_fixture_obj1.uuid, quota_dict)
        quota_show_dict = self.admin_connections.quantum_h.show_quota(
            project_fixture_obj1.uuid)

        for neutron_obj in quota_rsp['quota']:
            if quota_rsp['quota'][neutron_obj] != quota_show_dict['quota'][
                    neutron_obj]:
                self.logger.error(
                    "Quota update unsuccessful for %s for %s tenant " %
                    (neutron_obj, project_name1))
                result = False
        assert result, 'Quota update by admin tenant failed'

        quota_show_dict2 = self.admin_connections.quantum_h.show_quota(
            project_fixture_obj.uuid)

        self.logger.info(
            "Quota for tenant %s is updated to : \n %s " %
            (project_fixture_obj1.inputs.project_name, quota_show_dict))
        for neutron_obj in quota_show_dict2['quota']:
            if quota_show_dict2['quota'][neutron_obj] != quota_show_dict1[
                    'quota'][neutron_obj]:
                self.logger.error(
                    "Quota updated for %s for %s tenant not expected " %
                    (neutron_obj, project_name))
                result = False
        assert result, 'Quota update for %s by admin updated quota for %s also not expected' % (
            project_name1, project_name)
        self.logger.info(
            "Quota for tenant %s is still set to : \n %s as expected" %
            (project_fixture_obj.inputs.project_name, quota_show_dict1))
Beispiel #8
0
    def test_route_using_nat_instance(self):
        self.vpc1_vn1_cidr = '10.2.5.0/25'
        self.vpc1_vn2_cidr = '10.2.5.128/25'
        self.vpc2_cidr = '10.2.50.0/24'
        self.vpc2_vn1_cidr = '10.2.50.0/25'
        self.vpc1_cidr = '10.2.5.0/24'

        self.vpc1_fixture = self.useFixture(
            VPCFixture(self.vpc1_cidr, connections=self.connections))

        assert self.vpc1_fixture.verify_on_setup()
        vpc1_fixture = self.vpc1_fixture
        vpc1_id = vpc1_fixture.vpc_id
        public_vn_subnet = self.inputs.fip_pool
        public_ip_to_ping = '8.8.8.8'
        public_vn_rt = self.inputs.mx_rt
        self.vpc1_vn1_fixture = self.useFixture(
            VPCVNFixture(self.vpc1_fixture,
                         subnet_cidr=self.vpc1_vn1_cidr,
                         connections=self.connections))
        assert self.vpc1_vn1_fixture.verify_on_setup()
        vpc1_vn1_fixture = self.vpc1_vn1_fixture
        self.vpc1_vn1_vm1_fixture = self.useFixture(
            VPCVMFixture(self.vpc1_vn1_fixture,
                         image_name='ubuntu',
                         connections=self.connections))
        assert self.vpc1_vn1_vm1_fixture.verify_on_setup()
        self.vpc1_vn1_vm1_fixture.c_vm_fixture.wait_till_vm_is_up()
        self.vpc1_vn1_vm2_fixture = self.useFixture(
            VPCVMFixture(self.vpc1_vn1_fixture,
                         image_name='ubuntu-traffic',
                         connections=self.connections))
        assert self.vpc1_vn1_vm2_fixture.verify_on_setup()
        self.vpc1_vn1_vm2_fixture.c_vm_fixture.wait_till_vm_is_up()
        vm1_fixture = self.vpc1_vn1_vm1_fixture
        result = True

        # Just Read the existing vpc as a fixture
        vpc1_contrail_fixture = self.useFixture(
            ProjectFixture(project_name=vpc1_id,
                           username=self.admin_inputs.stack_user,
                           password=self.admin_inputs.stack_password,
                           connections=self.connections))
        vpc1_contrail_fixture.get_project_connections()
        public_vn_fixture = self.useFixture(
            VNFixture(project_name=vpc1_id,
                      connections=vpc1_contrail_fixture.project_connections,
                      inputs=self.inputs,
                      vn_name='public',
                      subnets=[public_vn_subnet],
                      rt_number=public_vn_rt))
        assert public_vn_fixture.verify_on_setup(),\
            "Public VN Fixture verification failed, Check logs"

        nat_instance_fixture = self.useFixture(
            VPCVMFixture(
                vpc1_vn1_fixture,
                image_name='nat-service',
                connections=vpc1_contrail_fixture.project_connections,
                instance_type='nat',
                public_vn_fixture=public_vn_fixture,
            ))

        # Create Route table
        rtb_id = vpc1_fixture.create_route_table()
        self.addCleanup(vpc1_fixture.delete_route_table, rtb_id)
        assert vpc1_fixture.verify_route_table(rtb_id),\
            "Verification of Routetable %s failed!" % (rtb_id)

        # Associate route table with subnet
        subnet_id = vpc1_vn1_fixture.subnet_id
        assoc_id = vpc1_fixture.associate_route_table(rtb_id, subnet_id)
        if not assoc_id:
            self.logger.error('Association of Subnet %s with RTB %s failed' \
                %(subnet_id, rtb_id))

            return False
        # end if
        self.addCleanup(vpc1_fixture.disassociate_route_table, assoc_id)

        # Add route
        prefix = '0.0.0.0/0'
        c_result = vpc1_fixture.create_route(prefix, rtb_id,
                                             nat_instance_fixture.instance_id)
        if not c_result:
            self.logger.error('Unable to create default route in RTB %s with \
                instance %s ' % (rtb_id, vm1_fixture.instance_id))
            return False
        self.addCleanup(vpc1_fixture.delete_route, rtb_id, prefix)

        # Check if route is installed in agent
        c_vm1_fixture = vm1_fixture.c_vm_fixture
        vm1_node_ip = c_vm1_fixture.vm_node_ip
        agent_path = self.agent_inspect_h[vm1_node_ip].get_vna_active_route(
            vrf_id=c_vm1_fixture.agent_vrf_id[c_vm1_fixture.vn_fq_name],
            ip=prefix.split('/')[0],
            prefix=prefix.split('/')[1])
        if not agent_path:
            self.logger.error('Route %s added is not seen in agent!' %
                              (prefix))
            result = result and False
        if not c_vm1_fixture.ping_with_certainty(public_ip_to_ping,
                                                 expectation=True):
            self.logger.error('Ping to Public IP %s failed!' %
                              (public_ip_to_ping))
            result = result and False
        return result
Beispiel #9
0
    def test_route_using_gateway(self):
        self.vpc1_cidr = '10.2.5.0/24'
        self.vpc1_vn1_cidr = '10.2.5.0/25'
        self.vpc1_vn2_cidr = '10.2.5.128/25'
        self.vpc2_cidr = '10.2.50.0/24'
        self.vpc2_vn1_cidr = '10.2.50.0/25'
        self.vpc1_fixture = self.useFixture(
            VPCFixture(self.vpc1_cidr, connections=self.connections))
        assert self.vpc1_fixture.verify_on_setup()
        vpc1_fixture = self.vpc1_fixture
        vpc1_id = vpc1_fixture.vpc_id
        public_vn_subnet = self.inputs.fip_pool
        public_ip_to_ping = '8.8.8.8'
        public_vn_rt = self.inputs.mx_rt
        self.vpc1_vn1_fixture = self.useFixture(
            VPCVNFixture(self.vpc1_fixture,
                         subnet_cidr=self.vpc1_vn1_cidr,
                         connections=self.connections))
        assert self.vpc1_vn1_fixture.verify_on_setup()
        vpc1_vn1_fixture = self.vpc1_vn1_fixture
        self.vpc1_vn1_vm1_fixture = self.useFixture(
            VPCVMFixture(self.vpc1_vn1_fixture,
                         image_name='ubuntu',
                         connections=self.connections))
        assert self.vpc1_vn1_vm1_fixture.verify_on_setup()
        self.vpc1_vn1_vm1_fixture.c_vm_fixture.wait_till_vm_is_up()
        vm1_fixture = self.vpc1_vn1_vm1_fixture
        result = True

        # Just Read the existing vpc as a fixture
        vpc1_contrail_fixture = self.useFixture(
            ProjectFixture(project_name=vpc1_id,
                           username=self.admin_inputs.stack_user,
                           password=self.admin_inputs.stack_password,
                           connections=self.connections))
        vpc1_contrail_fixture.get_project_connections()
        public_vn_fixture = self.public_vn_obj.public_vn_fixture
        assert public_vn_fixture.verify_on_setup(),\
            "Public VN Fixture verification failed, Check logs"

        # Assign floating IP. Internet GW is just dummy
        ec2_base = EC2Base(logger=self.inputs.logger,
                           inputs=self.inputs,
                           tenant=vpc1_id)
        vpc_fip_fixture = self.useFixture(
            VPCFIPFixture(public_vn_obj=self.public_vn_obj,
                          connections=self.connections,
                          ec2_base=ec2_base))
        assert vpc_fip_fixture.verify_on_setup(
        ), "FIP pool verification failed, Pls check logs"

        (fip, fip_alloc_id) = vpc_fip_fixture.create_and_assoc_fip(
            vm1_fixture.instance_id)
        if fip is None or fip_alloc_id is None:
            self.logger.error('FIP creation and/or association failed! ')
            result = result and False
        if result:
            self.addCleanup(vpc_fip_fixture.disassoc_and_delete_fip,
                            fip_alloc_id, fip)

        # Create Internet gateway
        gw_id = vpc1_fixture.create_gateway()
        self.addCleanup(vpc1_fixture.delete_gateway, gw_id)

        # Create Route table
        rtb_id = vpc1_fixture.create_route_table()
        self.addCleanup(vpc1_fixture.delete_route_table, rtb_id)
        assert vpc1_fixture.verify_route_table(rtb_id),\
            "Verification of Routetable %s failed!" % (rtb_id)

        # Associate route table with subnet
        subnet_id = vpc1_vn1_fixture.subnet_id
        assoc_id = vpc1_fixture.associate_route_table(rtb_id, subnet_id)
        if not assoc_id:
            self.logger.error('Association of Subnet %s with RTB %s failed' %
                              (subnet_id, rtb_id))
            return False
        # end if
        self.addCleanup(vpc1_fixture.disassociate_route_table, assoc_id)

        # Add route
        prefix = '0.0.0.0/0'
        c_result = vpc1_fixture.create_route(prefix, rtb_id, gw_id=gw_id)
        if not c_result:
            self.logger.error('Unable to create default route in RTB %s with \
                gateway %s ' % (rtb_id, gw_id))
            return False
        self.addCleanup(vpc1_fixture.delete_route, rtb_id, prefix)

        # No need to check if this route is installed in agent
        c_vm1_fixture = vm1_fixture.c_vm_fixture
        if not c_vm1_fixture.ping_with_certainty(public_ip_to_ping,
                                                 expectation=True):
            self.logger.error('Ping to Public IP %s failed!' %
                              (public_ip_to_ping))
            result = result and False
        return result