Beispiel #1
0
    def create_sg_test_resources(self):
        """Config common resources."""
        self.logger.info("Configuring setup for security group tests.")

        vn_s = {'vn1': '20.1.1.0/24', 'vn2': ['10.1.1.0/24']}
        self.multi_vn_fixture = self.useFixture(
            MultipleVNFixture(connections=self.connections,
                              inputs=self.inputs,
                              subnet_count=2,
                              vn_name_net=vn_s,
                              project_name=self.inputs.project_name))
        vns = self.multi_vn_fixture.get_all_fixture_obj()
        (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
        (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]

        self.logger.info("Configure security groups required for test.")
        self.config_sec_groups()

        self.multi_vm_fixture = self.useFixture(
            MultipleVMFixture(project_name=self.inputs.project_name,
                              connections=self.connections,
                              vm_count_per_vn=3,
                              vn_objs=vns,
                              image_name='ubuntu-traffic',
                              flavor='contrail_flavor_small'))
        vms = self.multi_vm_fixture.get_all_fixture()
        (self.vm1_name, self.vm1_fix) = vms[0]
        (self.vm2_name, self.vm2_fix) = vms[1]
        (self.vm3_name, self.vm3_fix) = vms[2]
        (self.vm4_name, self.vm4_fix) = vms[3]
        (self.vm5_name, self.vm5_fix) = vms[4]
        (self.vm6_name, self.vm6_fix) = vms[5]

        self.logger.info("Adding the sec groups to the VM's")
        self.vm1_fix.add_security_group(secgrp=self.sg1_name)
        self.vm1_fix.add_security_group(secgrp=self.sg2_name)
        self.vm2_fix.add_security_group(secgrp=self.sg2_name)
        self.vm4_fix.add_security_group(secgrp=self.sg1_name)
        self.vm4_fix.add_security_group(secgrp=self.sg2_name)
        self.vm5_fix.add_security_group(secgrp=self.sg1_name)

        self.logger.info("Remove the default sec group form the VM's")
        default_secgrp_id = get_secgrp_id_from_name(
            self.connections, ':'.join(
                [self.inputs.domain_name, self.inputs.project_name,
                 'default']))
        self.vm1_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm2_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm4_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm5_fix.remove_security_group(secgrp=default_secgrp_id)

        self.logger.info("Verifying setup of security group tests.")
        self.verify_sg_test_resources()

        self.logger.info(
            "Finished configuring setup for security group tests.")
Beispiel #2
0
    def config_basic(self, check_dm):
        #mx config using device manager
        #both dm_mx and use_device_manager knobs are required for DM
        #this check is present in is_test_applicable
        if check_dm:
            if self.inputs.use_devicemanager_for_md5:
                for i in range(len(self.inputs.dm_mx.values())):
                    router_params = self.inputs.dm_mx.values()[i]
                    if router_params['model'] == 'mx':
                        self.phy_router_fixture = self.useFixture(
                            PhysicalRouterFixture(
                                router_params['name'],
                                router_params['control_ip'],
                                model=router_params['model'],
                                vendor=router_params['vendor'],
                                asn=router_params['asn'],
                                ssh_username=router_params['ssh_username'],
                                ssh_password=router_params['ssh_password'],
                                mgmt_ip=router_params['control_ip'],
                                connections=self.connections,
                                dm_managed=True))
                        physical_dev = self.vnc_lib.physical_router_read(
                            id=self.phy_router_fixture.phy_device.uuid)
                        physical_dev.set_physical_router_management_ip(
                            router_params['mgmt_ip'])
                        physical_dev._pending_field_updates
                        self.vnc_lib.physical_router_update(physical_dev)
        else:
            if self.inputs.ext_routers:
                for i in range(len(
                        self.inputs.physical_routers_data.values())):
                    router_params = self.inputs.physical_routers_data.values(
                    )[i]
                    if router_params['model'] == 'mx':
                        cmd = []
                        cmd.append(
                            'set groups md5_tests routing-options router-id %s'
                            % router_params['mgmt_ip'])
                        cmd.append(
                            'set groups md5_tests routing-options route-distinguisher-id %s'
                            % router_params['mgmt_ip'])
                        cmd.append(
                            'set groups md5_tests routing-options autonomous-system %s'
                            % router_params['asn'])
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests type internal'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests multihop'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests local-address %s'
                            % router_params['mgmt_ip'])
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests hold-time 90'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests keep all'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests family inet-vpn unicast'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests family inet6-vpn unicast'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests family evpn signaling'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests family route-target'
                        )
                        cmd.append(
                            'set groups md5_tests protocols bgp group md5_tests local-as %s'
                            % router_params['asn'])
                        for node in self.inputs.bgp_control_ips:
                            cmd.append(
                                'set groups md5_tests protocols bgp group md5_tests neighbor %s peer-as %s'
                                % (node, router_params['asn']))
                        cmd.append('set apply-groups md5_tests')
                        mx_handle = NetconfConnection(
                            host=router_params['mgmt_ip'])
                        mx_handle.connect()
                        cli_output = mx_handle.config(stmts=cmd, timeout=120)

        #ipv6 not supported for vcenter so skipping config
        if self.inputs.orchestrator != 'vcenter':
            vn61_name = "test_vnv6sr"
            vn61_net = ['2001::101:0/120']
            #vn1_fixture = self.config_vn(vn1_name, vn1_net)
            vn61_fixture = self.useFixture(
                VNFixture(project_name=self.inputs.project_name,
                          connections=self.connections,
                          vn_name=vn61_name,
                          inputs=self.inputs,
                          subnets=vn61_net))
            vn62_name = "test_vnv6dn"
            vn62_net = ['2001::201:0/120']
            #vn2_fixture = self.config_vn(vn2_name, vn2_net)
            vn62_fixture = self.useFixture(
                VNFixture(project_name=self.inputs.project_name,
                          connections=self.connections,
                          vn_name=vn62_name,
                          inputs=self.inputs,
                          subnets=vn62_net))
            vm61_name = 'source_vm'
            vm62_name = 'dest_vm'
            #vm1_fixture = self.config_vm(vn1_fixture, vm1_name)
            #vm2_fixture = self.config_vm(vn2_fixture, vm2_name)
            vm61_fixture = self.useFixture(
                VMFixture(project_name=self.inputs.project_name,
                          connections=self.connections,
                          vn_obj=vn61_fixture.obj,
                          vm_name=vm61_name,
                          node_name=None,
                          image_name='cirros',
                          flavor='m1.tiny'))

            vm62_fixture = self.useFixture(
                VMFixture(project_name=self.inputs.project_name,
                          connections=self.connections,
                          vn_obj=vn62_fixture.obj,
                          vm_name=vm62_name,
                          node_name=None,
                          image_name='cirros',
                          flavor='m1.tiny'))
            vm61_fixture.wait_till_vm_is_up()
            vm62_fixture.wait_till_vm_is_up()

            rule = [
                {
                    'direction': '<>',
                    'protocol': 'any',
                    'source_network': vn61_name,
                    'src_ports': [0, -1],
                    'dest_network': vn62_name,
                    'dst_ports': [0, -1],
                    'simple_action': 'pass',
                },
            ]
            policy_name = 'allow_all'
            policy_fixture = self.config_policy(policy_name, rule)

            vn61_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                       vn61_fixture)
            vn62_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                       vn62_fixture)

        vn1 = "vn1"
        vn2 = "vn2"
        vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']}
        rules = [
            {
                'direction': '<>',
                'protocol': 'any',
                'source_network': vn1,
                'src_ports': [0, -1],
                'dest_network': vn2,
                'dst_ports': [0, -1],
                'simple_action': 'pass',
            },
        ]

        self.logger.info("Configure the policy with allow any")
        self.multi_vn_fixture = self.useFixture(
            MultipleVNFixture(connections=self.connections,
                              inputs=self.inputs,
                              subnet_count=2,
                              vn_name_net=vn_s,
                              project_name=self.inputs.project_name))
        vns = self.multi_vn_fixture.get_all_fixture_obj()
        (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
        (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]
        self.config_policy_and_attach_to_vn(rules)

        self.multi_vm_fixture = self.useFixture(
            MultipleVMFixture(project_name=self.inputs.project_name,
                              connections=self.connections,
                              vm_count_per_vn=1,
                              vn_objs=vns,
                              image_name='cirros',
                              flavor='m1.tiny'))
        vms = self.multi_vm_fixture.get_all_fixture()
        (self.vm1_name, self.vm1_fix) = vms[0]
        (self.vm2_name, self.vm2_fix) = vms[1]
Beispiel #3
0
    def config_basic(self):
        vn61_name = "test_vnv6sr"
        vn61_net = ['2001::101:0/120']
        vn61_fixture = self.useFixture(
            VNFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_name=vn61_name,
                      inputs=self.inputs,
                      subnets=vn61_net))
        vn62_name = "test_vnv6dn"
        vn62_net = ['2001::201:0/120']
        vn62_fixture = self.useFixture(
            VNFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_name=vn62_name,
                      inputs=self.inputs,
                      subnets=vn62_net))
        vm61_name = 'source_vm'
        vm62_name = 'dest_vm'
        vm61_fixture = self.useFixture(
            VMFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_obj=vn61_fixture.obj,
                      vm_name=vm61_name,
                      node_name=None,
                      image_name='cirros-0.3.0-x86_64-uec',
                      flavor='m1.tiny'))

        vm62_fixture = self.useFixture(
            VMFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_obj=vn62_fixture.obj,
                      vm_name=vm62_name,
                      node_name=None,
                      image_name='cirros-0.3.0-x86_64-uec',
                      flavor='m1.tiny'))
        vm61_fixture.wait_till_vm_is_up()
        vm62_fixture.wait_till_vm_is_up()

        rule = [
            {
                'direction': '<>',
                'protocol': 'any',
                'source_network': vn61_name,
                'src_ports': [0, -1],
                'dest_network': vn62_name,
                'dst_ports': [0, -1],
                'simple_action': 'pass',
            },
        ]
        policy_name = 'allow_all'
        policy_fixture = self.config_policy(policy_name, rule)

        vn61_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                   vn61_fixture)
        vn62_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                   vn62_fixture)

        vn1 = "vn1"
        vn2 = "vn2"
        vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']}
        rules = [
            {
                'direction': '<>',
                'protocol': 'any',
                'source_network': vn1,
                'src_ports': [0, -1],
                'dest_network': vn2,
                'dst_ports': [0, -1],
                'simple_action': 'pass',
            },
        ]

        self.logger.info("Configure the policy with allow any")
        self.multi_vn_fixture = self.useFixture(
            MultipleVNFixture(connections=self.connections,
                              inputs=self.inputs,
                              subnet_count=2,
                              vn_name_net=vn_s,
                              project_name=self.inputs.project_name))
        vns = self.multi_vn_fixture.get_all_fixture_obj()
        (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
        (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]
        self.config_policy_and_attach_to_vn(rules)

        self.multi_vm_fixture = self.useFixture(
            MultipleVMFixture(project_name=self.inputs.project_name,
                              connections=self.connections,
                              vm_count_per_vn=1,
                              vn_objs=vns,
                              image_name='cirros-0.3.0-x86_64-uec',
                              flavor='m1.tiny'))
        vms = self.multi_vm_fixture.get_all_fixture()
        (self.vm1_name, self.vm1_fix) = vms[0]
        (self.vm2_name, self.vm2_fix) = vms[1]
Beispiel #4
0
    def create_sg_test_resources(self):
        """Config common resources."""
        self.logger.info("Configuring setup for security group tests.")

        self.vn1_subnets = get_random_cidrs(self.inputs.get_af())
        self.vn2_subnets = get_random_cidrs(self.inputs.get_af())

        self.vn1_prefix = self.vn1_subnets[0].split('/')[0]
        self.vn1_prefix_len = int(self.vn1_subnets[0].split('/')[1])
        self.vn2_prefix = self.vn2_subnets[0].split('/')[0]
        self.vn2_prefix_len = int(self.vn2_subnets[0].split('/')[1])

        vn_s = {'vn1': self.vn1_subnets[0], 'vn2': self.vn2_subnets}

        self.multi_vn_fixture = self.useFixture(
            MultipleVNFixture(connections=self.connections,
                              inputs=self.inputs,
                              subnet_count=2,
                              vn_name_net=vn_s,
                              project_name=self.inputs.project_name))
        vns = self.multi_vn_fixture.get_all_fixture_obj()
        (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
        (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]

        self.logger.info("Configure security groups required for test.")
        self.config_sec_groups()

        self.logger.debug("Verify the configured VN's.")
        assert self.multi_vn_fixture.verify_on_setup()

        self.multi_vm_fixture = self.useFixture(
            MultipleVMFixture(project_name=self.inputs.project_name,
                              connections=self.connections,
                              vm_count_per_vn=3,
                              vn_objs=vns,
                              image_name='ubuntu-traffic',
                              flavor='contrail_flavor_small'))
        vms = self.multi_vm_fixture.get_all_fixture()
        (self.vm1_name, self.vm1_fix) = vms[0]
        (self.vm2_name, self.vm2_fix) = vms[1]
        (self.vm3_name, self.vm3_fix) = vms[2]
        (self.vm4_name, self.vm4_fix) = vms[3]
        (self.vm5_name, self.vm5_fix) = vms[4]
        (self.vm6_name, self.vm6_fix) = vms[5]

        self.logger.info("Adding the sec groups to the VM's")
        self.vm1_fix.add_security_group(secgrp=self.sg1_name)
        self.vm1_fix.add_security_group(secgrp=self.sg2_name)
        self.vm2_fix.add_security_group(secgrp=self.sg2_name)
        self.vm4_fix.add_security_group(secgrp=self.sg1_name)
        self.vm4_fix.add_security_group(secgrp=self.sg2_name)
        self.vm5_fix.add_security_group(secgrp=self.sg1_name)

        self.logger.info("Remove the default sec group form the VM's")
        default_secgrp_id = get_secgrp_id_from_name(
            self.connections, ':'.join([
                self.connections.domain_name, self.inputs.project_name,
                'default'
            ]))
        self.vm1_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm2_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm4_fix.remove_security_group(secgrp=default_secgrp_id)
        self.vm5_fix.remove_security_group(secgrp=default_secgrp_id)

        self.logger.info("Verifying setup of security group tests.")
        self.verify_sg_test_resources()

        self.set_tcp_port_use_optimizations([
            self.vm1_fix, self.vm2_fix, self.vm3_fix, self.vm4_fix,
            self.vm5_fix, self.vm6_fix
        ])

        self.logger.info(
            "Finished configuring setup for security group tests.")
Beispiel #5
0
    def config_basic(self, is_mx_present):
        #mx config using device manager
        if is_mx_present:
            if self.inputs.ext_routers:
                if self.inputs.use_devicemanager_for_md5:
                    router_params = self.inputs.physical_routers_data.values(
                    )[0]
                    self.phy_router_fixture = self.useFixture(
                        PhysicalRouterFixture(
                            router_params['name'],
                            router_params['mgmt_ip'],
                            model=router_params['model'],
                            vendor=router_params['vendor'],
                            asn=router_params['asn'],
                            ssh_username=router_params['ssh_username'],
                            ssh_password=router_params['ssh_password'],
                            mgmt_ip=router_params['mgmt_ip'],
                            connections=self.connections))
        else:
            if self.inputs.ext_routers:
                router_params = self.inputs.physical_routers_data.values()[0]
                cmd = []
                cmd.append(
                    'set groups md5_tests routing-options router-id %s' %
                    router_params['mgmt_ip'])
                cmd.append(
                    'set groups md5_tests routing-options route-distinguisher-id %s'
                    % router_params['mgmt_ip'])
                cmd.append(
                    'set groups md5_tests routing-options autonomous-system %s'
                    % router_params['asn'])
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests type internal'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests multihop'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests local-address %s'
                    % router_params['mgmt_ip'])
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests hold-time 90'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests keep all'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests family inet-vpn unicast'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests family inet6-vpn unicast'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests family evpn signaling'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests family route-target'
                )
                cmd.append(
                    'set groups md5_tests protocols bgp group md5_tests local-as %s'
                    % router_params['asn'])
                for node in self.inputs.bgp_control_ips:
                    cmd.append(
                        'set groups md5_tests protocols bgp group md5_tests neighbor %s peer-as %s'
                        % (node, router_params['asn']))
                cmd.append('set apply-groups md5_tests')
                mx_handle = NetconfConnection(host=router_params['mgmt_ip'])
                mx_handle.connect()
                cli_output = mx_handle.config(stmts=cmd, timeout=120)
        vn61_name = "test_vnv6sr"
        vn61_net = ['2001::101:0/120']
        #vn1_fixture = self.config_vn(vn1_name, vn1_net)
        vn61_fixture = self.useFixture(
            VNFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_name=vn61_name,
                      inputs=self.inputs,
                      subnets=vn61_net))
        vn62_name = "test_vnv6dn"
        vn62_net = ['2001::201:0/120']
        #vn2_fixture = self.config_vn(vn2_name, vn2_net)
        vn62_fixture = self.useFixture(
            VNFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_name=vn62_name,
                      inputs=self.inputs,
                      subnets=vn62_net))
        vm61_name = 'source_vm'
        vm62_name = 'dest_vm'
        #vm1_fixture = self.config_vm(vn1_fixture, vm1_name)
        #vm2_fixture = self.config_vm(vn2_fixture, vm2_name)
        vm61_fixture = self.useFixture(
            VMFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_obj=vn61_fixture.obj,
                      vm_name=vm61_name,
                      node_name=None,
                      image_name='cirros-0.3.0-x86_64-uec',
                      flavor='m1.tiny'))

        vm62_fixture = self.useFixture(
            VMFixture(project_name=self.inputs.project_name,
                      connections=self.connections,
                      vn_obj=vn62_fixture.obj,
                      vm_name=vm62_name,
                      node_name=None,
                      image_name='cirros-0.3.0-x86_64-uec',
                      flavor='m1.tiny'))
        vm61_fixture.wait_till_vm_is_up()
        vm62_fixture.wait_till_vm_is_up()

        rule = [
            {
                'direction': '<>',
                'protocol': 'any',
                'source_network': vn61_name,
                'src_ports': [0, -1],
                'dest_network': vn62_name,
                'dst_ports': [0, -1],
                'simple_action': 'pass',
            },
        ]
        policy_name = 'allow_all'
        policy_fixture = self.config_policy(policy_name, rule)

        vn61_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                   vn61_fixture)
        vn62_policy_fix = self.attach_policy_to_vn(policy_fixture,
                                                   vn62_fixture)

        vn1 = "vn1"
        vn2 = "vn2"
        vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']}
        rules = [
            {
                'direction': '<>',
                'protocol': 'any',
                'source_network': vn1,
                'src_ports': [0, -1],
                'dest_network': vn2,
                'dst_ports': [0, -1],
                'simple_action': 'pass',
            },
        ]

        self.logger.info("Configure the policy with allow any")
        self.multi_vn_fixture = self.useFixture(
            MultipleVNFixture(connections=self.connections,
                              inputs=self.inputs,
                              subnet_count=2,
                              vn_name_net=vn_s,
                              project_name=self.inputs.project_name))
        vns = self.multi_vn_fixture.get_all_fixture_obj()
        (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
        (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]
        self.config_policy_and_attach_to_vn(rules)

        self.multi_vm_fixture = self.useFixture(
            MultipleVMFixture(project_name=self.inputs.project_name,
                              connections=self.connections,
                              vm_count_per_vn=1,
                              vn_objs=vns,
                              image_name='cirros-0.3.0-x86_64-uec',
                              flavor='m1.tiny'))
        vms = self.multi_vm_fixture.get_all_fixture()
        (self.vm1_name, self.vm1_fix) = vms[0]
        (self.vm2_name, self.vm2_fix) = vms[1]