Python lib_get_l3_service_type Beispiele

Beispiel #1

    def check(self):
        super(zstack_kvm_vm_network_checker, self).check()
        vm = self.test_obj.vm
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        if not vr_vms:
            test_util.test_warn('No Virtual Router was found for VM: %s. Skip testing.' % vm.uuid)
            return self.judge(self.exp_result)

        for vr_vm in vr_vms:
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'DHCP' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger("Skip [VR:] %s, since it doesn't provide DHCP service" % vr_vm.uuid)
                continue

            guest_ip = nic.ip
            command = 'ping -c 5 -W 5 %s >/tmp/ping_result 2>&1; ret=$?; cat /tmp/ping_result; exit $ret' % guest_ip
            if not test_lib.lib_execute_sh_cmd_by_agent_with_retry(host.managementIp, command, self.exp_result):
                test_util.test_logger('Checker result: FAIL to ping [target:] %s [ip:] %s from [host:] %s' % (vm.uuid, guest_ip, host.uuid))

                if self.exp_result == True:
                    test_util.test_logger("network connection result is not expected pass, will print VR's network configuration:")
                    test_lib.lib_print_vr_network_conf(vr_vm)
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: SUCCESSFULLY ping [target:] %s [ip:] %s from [host:] %s' % (vm.uuid, guest_ip, host.uuid))

        test_util.test_logger("Checker result: ping target [vm:] %s from [host:] %s SUCCESS" % (vm.uuid, host.uuid))

        return self.judge(True)

Beispiel #2

Datei: zstack_kvm_vm_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_snat_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)

        vm_cmd_result = None
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        test_lib.lib_set_vm_host_l2_ip(vm)
        for vr_vm in vr_vms:
            test_util.test_logger("Begin to check [vm:] %s SNAT" % vm.uuid)
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'SNAT' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger("Skip [VR:] %s, since it doesn't provide SNAT service" % vr_vm.uuid)
                continue

            ping_target = test_lib.test_config.pingTestTarget.text_
            #Check if there is a SG rule to block ICMP checking
            if test_lib.lib_is_sg_rule_exist(nic.uuid, None, None, inventory.EGRESS):
                if not test_lib.lib_is_sg_rule_exist(nic.uuid, inventory.ICMP, ping_target, inventory.EGRESS):
                    test_util.test_warn('Skip SNAT checker: because there is ICMP Egress Rule was assigned to [nic:] %s and the allowed target ip is not %s' % (nic.uuid, ping_target))
                    return self.judge(self.exp_result)

            guest_ip = nic.ip
            vm_command = 'ping -c 5 -W 5 %s >/tmp/ping_result 2>&1; ret=$?; cat /tmp/ping_result; exit $ret' % ping_target
            vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
            if not vm_cmd_result:
                test_util.test_logger('Checker result: FAIL to ping [target:] %s from [vm:] %s .' % (ping_target, vm.uuid))
                if self.exp_result == True:
                    test_util.test_logger("network connection result is not expected pass, will print VR's network configuration:")
                    test_lib.lib_print_vr_network_conf(vr_vm)
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: SUCCEED to ping [target:] %s from [vm:] %s .' % (ping_target, vm.uuid))
                return self.judge(True)

Beispiel #3

    def check(self):
        super(zstack_kvm_vm_snat_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)

        vm_cmd_result = None
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        test_lib.lib_set_vm_host_l2_ip(vm)
        for vr_vm in vr_vms:
            test_util.test_logger("Begin to check [vm:] %s SNAT" % vm.uuid)
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'SNAT' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger("Skip [VR:] %s, since it doesn't provide SNAT service" % vr_vm.uuid)
                continue

            ping_target = test_lib.test_config.pingTestTarget.text_
            #Check if there is a SG rule to block ICMP checking
            if test_lib.lib_is_sg_rule_exist(nic.uuid, None, None, inventory.EGRESS):
                if not test_lib.lib_is_sg_rule_exist(nic.uuid, inventory.ICMP, ping_target, inventory.EGRESS):
                    test_util.test_warn('Skip SNAT checker: because there is ICMP Egress Rule was assigned to [nic:] %s and the allowed target ip is not %s' % (nic.uuid, ping_target))
                    return self.judge(self.exp_result)

            guest_ip = nic.ip
            vm_command = 'ping -c 5 -W 5 %s >/tmp/ping_result 2>&1; ret=$?; cat /tmp/ping_result; exit $ret' % ping_target
            vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
            if not vm_cmd_result:
                test_util.test_logger('Checker result: FAIL to ping [target:] %s from [vm:] %s .' % (ping_target, vm.uuid))
                if self.exp_result == True:
                    test_util.test_logger("network connection result is not expected pass, will print VR's network configuration:")
                    test_lib.lib_print_vr_network_conf(vr_vm)
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: SUCCEED to ping [target:] %s from [vm:] %s .' % (ping_target, vm.uuid))
                return self.judge(True)

Beispiel #4

Datei: test_create_vm_with_userdata2.py Projekt: zstackorg/zstack-woodpecker

def test():
    img_option = test_util.ImageOption()
    image_name = 'userdata-image'
    image_url = os.environ.get('userdataImageUrl')
    img_option.set_name(image_name)
    bs_uuid = res_ops.query_resource_fields(res_ops.BACKUP_STORAGE, [], None)[0].uuid
    img_option.set_backup_storage_uuid_list([bs_uuid])
    img_option.set_format('raw')
    img_option.set_url(image_url)
    image_inv = img_ops.add_root_volume_template(img_option)
    image = test_image.ZstackTestImage()
    image.set_image(image_inv)
    image.set_creation_option(img_option)
    test_obj_dict.add_image(image)

    l3_name = os.environ.get('l3VlanNetworkName5')
    l3_net = test_lib.lib_get_l3_by_name(l3_name)
    l3_net_uuid = l3_net.uuid
    if 'DHCP' not in test_lib.lib_get_l3_service_type(l3_net_uuid):
        test_util.test_skip('Only DHCP support userdata')
    for ns in l3_net.networkServices:
        if ns.networkServiceType == 'DHCP':
            sp_uuid = ns.networkServiceProviderUuid
            sp = test_lib.lib_get_network_service_provider_by_uuid(sp_uuid)
            if sp.type != 'Flat':
                test_util.test_skip('Only Flat DHCP support userdata')

    vm = test_stub.create_vm(l3_uuid_list = [l3_net_uuid], vm_name = 'userdata-vm',image_uuid = image.get_image().uuid,system_tags = ["userdata::%s" % os.environ.get('userdata_systemTags')])

    test_obj_dict.add_vm(vm)
    time.sleep(60)

    try:
        vm.check()
    except:
        test_util.test_logger("expected failure to connect VM")

    vm_ip = vm.get_vm().vmNics[0].ip
    ssh_cmd = 'ssh -i %s -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null test@%s' % (os.environ.get('sshkeyPriKey_file'), vm_ip)

    cmd = '%s cat /tmp/helloworld_config' % ssh_cmd
    process_result = test_stub.execute_shell_in_process(cmd, tmp_file)
    if process_result != 0:
        test_util.test_fail("fail to cat /tmp/helloworld_config")

    cmd = '%s find /tmp/temp' % ssh_cmd
    process_result = test_stub.execute_shell_in_process(cmd, tmp_file)
    if process_result != 0:
        test_util.test_fail("fail to find /tmp/temp")

    vm.destroy()
    test_obj_dict.rm_vm(vm)
    image.delete()
    if test_lib.lib_get_image_delete_policy() != 'Direct':
        image.expunge()
    test_obj_dict.rm_image(image)
    test_util.test_pass('Create VM with userdata  Success')

Beispiel #5

Datei: zstack_kvm_vm_checker.py Projekt: xzmirabel/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_dns_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)
        default_l3_uuid = vm.defaultL3NetworkUuid
        vr = test_lib.lib_find_vr_by_pri_l3(default_l3_uuid)
        nic = test_lib.lib_get_vm_nic_by_vr(vm, vr)

        test_util.test_logger("Begin to check [vm:] %s DNS setting" % vm.uuid)
        if not 'DNS' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
            test_util.test_logger(
                'Checker result: SKIP DNS checker, since VM [VR:] %s does not provide DNS service. '
                % vr.uuid)
            return self.judge(self.exp_result)

        command = 'cat /etc/resolv.conf'
        cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(
            host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm),
            test_lib.lib_get_vm_password(vm), command, self.exp_result)
        if not cmd_result:
            test_util.test_logger(
                'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.'
                % (vm.uuid, host.name))
            return self.judge(False)

        vr_guest_ip = test_lib.lib_find_vr_private_ip(vr)
        if isinstance(cmd_result, str) and vr_guest_ip in cmd_result:
            test_util.test_logger(
                'Checker result: VR [IP:] %s is SUCCESSFULLY set in guest [vm:] %s /etc/resolv.conf. '
                % (vr_guest_ip, vm.uuid))
        else:
            test_util.test_logger(
                'Checker result: VR [IP:] %s is NOT set in guest [vm:] %s /etc/resolv.conf'
                % (vr_guest_ip, vm.uuid))
            return self.judge(False)

        l3_inv = test_lib.lib_get_l3_by_uuid(default_l3_uuid)
        if l3_inv.domainName:
            if not l3_inv.domainName in cmd_result:
                test_util.test_logger(
                    'Checker result: L3: %s, Domain Name: %s is NOT set in guest [vm:] %s /etc/resolv.conf'
                    % (l3_inv.uuid, l3_inv.domainName, vm.uuid))
                return self.judge(False)
            else:
                test_util.test_logger(
                    'Checker result: L3: %s, Domain Name: %s is set in guest [vm:] %s /etc/resolv.conf'
                    % (l3_inv.uuid, l3_inv.domainName, vm.uuid))

        return self.judge(True)

Beispiel #6

Datei: zstack_kvm_security_group_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_sg_tcp_ingress_checker, self).check()
        all_ports = port_header.all_ports
        test_result = True

        test_util.test_dsc('Check TCP ingress rules')
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
            return self.judge(self.exp_result)

        stub_vm = self.test_obj.get_stub_vm(l3_uuid)
        if not stub_vm:
            test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid)
            return self.judge(self.exp_result)
        stub_vm = stub_vm.vm

        stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
        target_addr = '%s/32' % stub_vm_ip

        rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr)
        allowed_ports = []

        for rule in rules:
            rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort))
            test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid))
            for port in rule_allowed_ports:
                if not port in allowed_ports:
                    allowed_ports.append(port)

        if not allowed_ports:
            #If no allowed port, it means all denied. 
            denied_ports = list(all_ports)
        else:
            denied_ports = list_ops.list_minus(all_ports, allowed_ports)

        test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
        if test_vm.state == inventory.RUNNING:
            try:
                test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid)
                test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports)
            except:
                traceback.print_exc(file=sys.stdout)
                test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid))
                test_result = False
        else:
            test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid)

        test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid)
        print_iptables(test_vm)
        return self.judge(test_result)

Beispiel #7

Datei: zstack_vcenter_security_group_checker.py Projekt: zhiqian1027/zstack-woodpecker

    def check(self):
        super(zstack_vcenter_sg_tcp_ingress_checker, self).check()
        all_ports = port_header.all_ports
        test_result = True

        test_util.test_dsc('Check TCP ingress rules')
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
            return self.judge(self.exp_result)

        stub_vm = self.test_obj.get_stub_vm(l3_uuid)
        if not stub_vm:
            test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid)
            return self.judge(self.exp_result)
        stub_vm = stub_vm.vm

        stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
        target_addr = '%s/32' % stub_vm_ip

        rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr)
        allowed_ports = []

        for rule in rules:
            rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort))
            test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid))
            for port in rule_allowed_ports:
                if not port in allowed_ports:
                    allowed_ports.append(port)

        if not allowed_ports:
            #If no allowed port, it means all denied. 
            denied_ports = list(all_ports)
        else:
            denied_ports = list_ops.list_minus(all_ports, allowed_ports)

        test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
        if test_vm.state == inventory.RUNNING:
            try:
                test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid)
                test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports)
            except:
                traceback.print_exc(file=sys.stdout)
                test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid))
                test_result = False
        else:
            test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid)

        test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid)
        print_iptables(test_vm)
        return self.judge(test_result)

Beispiel #8

Datei: zstack_kvm_security_group_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_sg_icmp_ingress_checker, self).check()
        test_result = True

        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        test_util.test_dsc('Check ICMP ingress rules')
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
            return self.judge(self.exp_result)

        stub_vm = self.test_obj.get_stub_vm(l3_uuid)
        if not stub_vm:
            #test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
            test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid)
            return self.judge(self.exp_result)
        stub_vm = stub_vm.vm

        stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
        target_addr = '%s/32' % stub_vm_ip


        test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
        if test_vm.state == inventory.RUNNING:
            rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
            target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
            if rules:
                if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
                    test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
                else:
                    test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
                    test_result = False
            else:
                if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
                    test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
                else:
                    test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
        else:
            test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
            
        test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
        print_iptables(test_vm)
        return self.judge(test_result)

Beispiel #9

Datei: zstack_vcenter_security_group_checker.py Projekt: zhiqian1027/zstack-woodpecker

    def check(self):
        super(zstack_vcenter_sg_icmp_ingress_checker, self).check()
        test_result = True

        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        test_util.test_dsc('Check ICMP ingress rules')
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
            return self.judge(self.exp_result)

        stub_vm = self.test_obj.get_stub_vm(l3_uuid)
        if not stub_vm:
            test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
            return self.judge(self.exp_result)
        stub_vm = stub_vm.vm

        stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
        target_addr = '%s/32' % stub_vm_ip


        test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
        if test_vm.state == inventory.RUNNING:
            rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
            target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
            if rules:
                if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
                    test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
                else:
                    test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
                    test_result = False
            else:
                if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
                    test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
                else:
                    test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
        else:
            test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
            
        test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
        print_iptables(test_vm)
        return self.judge(test_result)

Beispiel #10

    def create(self, target_vm=None):
        if not self.pf_creation_option.get_vm_nic_uuid():
            self.state = pf_header.DETACHED
        else:
            if not self.pf_creation_option.get_vip_uuid():
                l3_uuid = test_lib.lib_get_l3_uuid_by_nic(self.pf_creation_option.get_vm_nic_uuid())
                if not 'PortForwarding' in test_lib.lib_get_l3_service_type(l3_uuid):
                    test_util.test_fail('[l3:] %s is not available PortForwarding network for [vm:] %s' % (l3_uuid, target_vm.get_vm().uuid))
                vr = test_lib.lib_find_vr_by_l3_uuid(l3_uuid)[0]
                vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr)
                vip = net_ops.create_vip(vr_pub_nic.l3NetworkUuid)
                self.pf_creation_option.set_vip_uuid(vip.uuid)
            self.state = pf_header.ATTACHED
            if not target_vm:
                test_util.test_fail('You forget to add target_vm object when calling pf.create(target_vm). ')
                    
        self.port_forwarding = net_ops.create_port_forwarding(self.pf_creation_option)
        self.target_vm = target_vm
        super(ZstackTestPortForwarding, self).create()

        return self.port_forwarding

Beispiel #11

Datei: zstack_kvm_vm_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_dns_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)
        default_l3_uuid = vm.defaultL3NetworkUuid
        vr = test_lib.lib_find_vr_by_pri_l3(default_l3_uuid)
        nic = test_lib.lib_get_vm_nic_by_vr(vm, vr)

        test_util.test_logger("Begin to check [vm:] %s DNS setting" % vm.uuid)
        if not 'DNS' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
            test_util.test_logger('Checker result: SKIP DNS checker, since VM [VR:] %s does not provide DNS service. ' % vr.uuid)
            return self.judge(self.exp_result)

        command = 'cat /etc/resolv.conf'
        cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), command, self.exp_result)
        if not cmd_result:
            test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
            return self.judge(False)

        vr_guest_ip = test_lib.lib_find_vr_private_ip(vr)
        if isinstance(cmd_result, str) and vr_guest_ip in cmd_result:
            test_util.test_logger('Checker result: VR [IP:] %s is SUCCESSFULLY set in guest [vm:] %s /etc/resolv.conf. ' % (vr_guest_ip, vm.uuid))
        else:
            test_util.test_logger('Checker result: VR [IP:] %s is NOT set in guest [vm:] %s /etc/resolv.conf' % (vr_guest_ip, vm.uuid))
            return self.judge(False)

        l3_inv = test_lib.lib_get_l3_by_uuid(default_l3_uuid)
        if l3_inv.domainName:
            if not l3_inv.domainName in cmd_result:
                test_util.test_logger('Checker result: L3: %s, Domain Name: %s is NOT set in guest [vm:] %s /etc/resolv.conf' % (l3_inv.uuid, l3_inv.domainName, vm.uuid))
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: L3: %s, Domain Name: %s is set in guest [vm:] %s /etc/resolv.conf' % (l3_inv.uuid, l3_inv.domainName, vm.uuid))

        return self.judge(True)

Beispiel #12

Datei: zstack_kvm_vm_checker.py Projekt: xzmirabel/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_dhcp_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)

        vm_cmd_result = None
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        print('find %d vr vms.' % len(vr_vms))
        for vr_vm in vr_vms:
            test_util.test_logger(
                "Begin to check [vm:] %s DHCP binding setting in [VR:] %s" %
                (vm.uuid, vr_vm.uuid))
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'DHCP' in \
                    test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger(
                    "Skip [VR:] %s, since it doesn't provide DHCP service" %
                    vr_vm.uuid)
                continue

            guest_ip = nic.ip
            guest_mac = nic.mac
            vr_ip = test_lib.lib_find_vr_mgmt_ip(vr_vm)
            if vr_vm.hasattr(
                    'applianceVmType') and vr_vm.applianceVmType == 'vrouter':
                command = '/bin/cli-shell-api showCfg'
            else:
                command = 'cat /etc/hosts.dhcp'
            vr_cmd_result = test_lib.lib_execute_sh_cmd_by_agent_with_retry(
                vr_ip, command, self.exp_result)
            if not vr_cmd_result:
                test_util.test_logger(
                    'Checker result: FAIL to execute shell commaond in [vm:] %s'
                    % vr_vm.uuid)
                return self.judge(False)

            if vr_cmd_result == True:
                test_util.test_logger(
                    'Checker result: FAIL to get ssh result in [vm:] %s' %
                    vr_vm.uuid)
                return self.judge(False)

            if not guest_mac in vr_cmd_result or not guest_ip in vr_cmd_result:
                test_util.test_logger(
                    'Checker result: [vm:] %s [mac:] %s is not found in [vr:] %s. VR ip/mac result is %s.'
                    % (vm.uuid, guest_mac, vr_vm.uuid, vr_cmd_result))
                return self.judge(False)
            else:
                test_util.test_logger(
                    'Checker result: [vm:] %s [mac:] %s is found in VR %s .' %
                    (vm.uuid, guest_mac, vr_vm.uuid))

            test_util.test_logger("Begin to check VM DHCP in VM: %s" % vm.uuid)
            if not vm_cmd_result:
                vm_command = '/sbin/ip a'
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(
                    host.managementIp, nic.ip,
                    test_lib.lib_get_vm_username(vm),
                    test_lib.lib_get_vm_password(vm), vm_command,
                    self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger(
                        'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.'
                        % (vm.uuid, host.name))
                    return self.judge(False)

            if isinstance(vm_cmd_result, str) and guest_ip in vm_cmd_result:
                test_util.test_logger(
                    'Checker result: guest [ip:] %s is SET in guest [vm:] %s.'
                    % (guest_ip, vm.uuid))
            else:
                test_util.test_logger(
                    'Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. \n Will Try again. It might be because the ifconfig is not reflect the ip address yet. \n The current ifconfig result is: %s'
                    % (guest_ip, vm.uuid, vm_cmd_result))
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(
                    host.managementIp, nic.ip,
                    test_lib.lib_get_vm_username(vm),
                    test_lib.lib_get_vm_password(vm), vm_command,
                    self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger(
                        'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.'
                        % (vm.uuid, host.name))
                    return self.judge(False)
                if isinstance(vm_cmd_result,
                              str) and guest_ip in vm_cmd_result:
                    test_util.test_logger(
                        'Checker result: guest [ip:] %s is SET in guest [vm:] %s.'
                        % (guest_ip, vm.uuid))
                else:
                    if not guest_ip in vm_cmd_result:
                        test_util.test_logger(
                            'Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. The current ifconfig result is: %s'
                            % (guest_ip, vm.uuid, vm_cmd_result))
                    else:
                        test_util.test_logger(
                            'vm_cmd_result: %s is not string type. It is: %s .'
                            % (vm_cmd_result, type(vm_cmd_result)))
                    return self.judge(False)

        return self.judge(True)

Beispiel #13

Datei: zstack_kvm_security_group_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_sg_icmp_internal_vms_checker, self).check()
        #only check ingress icmp.
        if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid):
            test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid)
            return self.judge(self.exp_result)

        test_result = True

        test_util.test_dsc('Check ICMP rules between attached VMs')
        nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid)
            return self.judge(self.exp_result)

        target_ip = nic.ip
        allowed_src_nic_list = []
        temp_allowed_src_nic_list = []
        denied_nic_list = []
        for sg in nic_sg_list:
            same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
            if len(same_l3_nic_list) < 2 :
                test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid)
                continue

            #if source vm's udp and tcp engress rules exist, while icmp ingress
            # rule does not exist, the src vm egress icmp should be denied.
            #minus current nic.
            nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid])
            for nic_uuid in nic_list_temp:
                source_nic_egress_icmp_rules = \
                        self.test_obj.get_nic_icmp_egress_rules(nic_uuid)
                if not source_nic_egress_icmp_rules:
                    if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \
                            self.test_obj.get_nic_udp_egress_rules(nic_uuid):
                        if not nic_uuid in denied_nic_list:
                            denied_nic_list.append(nic_uuid)
                    else:
                        if not nic_uuid in temp_allowed_src_nic_list:
                            temp_allowed_src_nic_list.append(nic_uuid)
                else:
                    for rule in source_nic_egress_icmp_rules:
                        if target_ip in rule.allowedCidr:
                            if not nic_uuid in allowed_src_nic_list:
                                allowed_src_nic_list.append(nic_uuid)
                            break
                    else:
                        if not nic_uuid in denied_nic_list:
                            denied_nic_list.append(nic_uuid)

        for nic_uuid in list(denied_nic_list):
            if nic_uuid in allowed_src_nic_list:
                denied_nic_list.remove(nic_uuid)

        for nic_uuid in temp_allowed_src_nic_list:
            if not nic_uuid in denied_nic_list and \
                    not nic_uuid in allowed_src_nic_list:
                allowed_src_nic_list.append(nic_uuid)


        allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list)
        denied_vm_list = get_all_running_vms_by_nics(denied_nic_list)

        for src_vm in allowed_vm_list:
            if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
                test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid))
            else:
                test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
                test_result = False

        for src_vm in denied_vm_list:
            if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
                test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid))
                test_result = False
            else:
                test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))

        test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid)
        print_iptables(dst_vm)
        return self.judge(test_result)

Beispiel #14

Datei: zstack_kvm_security_group_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        test_util.test_dsc('Check TCP access between SG VMs.')
        super(zstack_kvm_sg_tcp_internal_vms_checker, self).check()
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s, since it doesn't provide DHCP service" % l3_uuid)
            return self.judge(self.exp_result)

        test_result = True
        all_ports = port_header.all_ports

        tcp_egress_rules = self.test_obj.get_nic_tcp_egress_rules(self.nic_uuid)
        src_all_allowed_egress_ports = get_all_ports(tcp_egress_rules)
        if not src_all_allowed_egress_ports:
            src_all_allowed_egress_ports = list(all_ports)
        #src_all_allowed_ingress_ports = get_all_ports(self.test_obj.get_nic_tcp_ingress_rules(self.nic_uuid))
        #if not src_all_allowed_ingress_ports:
        #    src_all_allowed_ingress_ports = list(all_ports)

        nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
        src_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)

        #save all shared sg for self.nic_uuid, the key was the other nic_uuid, who shared sg with self.nic_uuid
        nic_shared_sg_dict = {}

        #find all other nic shared with same sg.
        for sg in nic_sg_list:
            same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
            if len(same_l3_nic_list) == 1:
                test_util.test_logger("Skip [SG:] %s, since there is not 2nd VM is attached in this SG." % sg.security_group.uuid)
                continue

            if self.nic_uuid in same_l3_nic_list:
                same_l3_nic_list.remove(self.nic_uuid)

            for nic_uuid in same_l3_nic_list:
                if not nic_shared_sg_dict.has_key(nic_uuid):
                    nic_shared_sg_dict[nic_uuid] = [sg]
                elif not sg in nic_shared_sg_dict[nic_uuid]:
                    nic_shared_sg_dict[nic_uuid].append(sg)

        #for each shared sg nic to test.
        for nic_uuid in nic_shared_sg_dict.keys():
            dst_vm = test_lib.lib_get_vm_by_nic(nic_uuid)

            if dst_vm.state != inventory.RUNNING:
                test_util.test_logger("Skip [vm:] %s, since it is not running." % dst_vm.uuid)
                continue

            allowed_ingress_ports = []
            allowed_egress_ports = []

            #find out all shared SG ingress ports and egress ports
            for sg in nic_shared_sg_dict[nic_uuid]:
                sg_allowed_ingress_ports = \
                        get_all_ports(sg.get_tcp_ingress_all_rule())

                for port in sg_allowed_ingress_ports:
                    if not port in allowed_ingress_ports:
                        allowed_ingress_ports.append(port)

                sg_allowed_egress_ports = \
                        get_all_ports(sg.get_tcp_egress_all_rule())

                if not sg_allowed_egress_ports:
                    sg_allowed_egress_ports = list(all_ports)

                for port in sg_allowed_egress_ports:
                    if not port in allowed_egress_ports:
                        allowed_egress_ports.append(port)

            #find out all not shared SG ingress and egress ports for target 
            src_vm_allowedCidr = '%s/32' % test_lib.lib_get_nic_by_uuid(self.nic_uuid).ip
            dst_vm_allowedCidr = '%s/32' % test_lib.lib_get_nic_by_uuid(nic_uuid).ip

            #query all other left SG rules, which might not shard between src_vm
            #and dst_vm, but setting specifically for these two vms. 
            for in_port in get_all_ports(self.test_obj.get_nic_tcp_ingress_rule_by_addr(nic_uuid, src_vm_allowedCidr)):
                if not in_port in allowed_ingress_ports:
                    allowed_ingress_ports.append(in_port)

            for out_port in get_all_ports(self.test_obj.get_nic_tcp_egress_rule_by_addr(self.nic_uuid, dst_vm_allowedCidr)):
                if not out_port in allowed_egress_ports:
                    allowed_egress_ports.append(out_port)

            dst_all_allowed_ingress_ports = get_all_ports(self.test_obj.get_nic_tcp_ingress_rules(nic_uuid))

            if not dst_all_allowed_ingress_ports:
                test_util.test_logger('Destinated VM nic: %s does not allow any ingress rule, since it does not set any ingress rule' % nic_uuid)
                continue
            #if (not allowed_ingress_ports) \
            #    and (not dst_all_allowed_ingress_ports) \
            #    and (not self.test_obj.get_nic_udp_ingress_rules(nic_uuid)) \
            #    and (not self.test_obj.get_nic_icmp_ingress_rules(nic_uuid)):
            #        
            #    allowed_ingress_ports = list(all_ports)

            #if not find suitable port, means all egress opened. 
            if (not src_all_allowed_egress_ports) \
                and (not self.test_obj.get_nic_udp_egress_rules(nic_uuid)) \
                and (not self.test_obj.get_nic_icmp_egress_rules(nic_uuid)):

                allowed_egress_ports = list(all_ports)

            if internal_sg_allow_all(self.nic_uuid, nic_uuid, 'Ingress'):
                allowed_ingress_ports = all_ports

            if internal_sg_allow_all(self.nic_uuid, nic_uuid, 'Egress'):
                allowed_egress_ports = all_ports

            shared_ports = get_shared_ports(allowed_egress_ports, \
                    allowed_ingress_ports)

            not_shared_ports = list_ops.list_minus(all_ports, shared_ports)

            test_lib.lib_open_vm_listen_ports(dst_vm, all_ports, l3_uuid)
            try:
                test_lib.lib_check_vm_ports(src_vm, dst_vm, shared_ports, \
                        not_shared_ports)
            except:
                traceback.print_exc(file=sys.stdout)
                test_util.test_logger('Check result: [Security Group] meets failure when checking TCP Egress rule between [src_vm:] %s and [dst_vm:] %s. ' % (src_vm.uuid, dst_vm.uuid))
                test_result = False
                break

        test_util.test_logger('Check result: [Security Group] finishes TCP connection testing from [vm:] %s to other VMs in same SG.' % src_vm.uuid)
        print_iptables(src_vm)
        return self.judge(test_result)

Beispiel #15

Datei: zstack_vcenter_security_group_checker.py Projekt: zhiqian1027/zstack-woodpecker

    def check(self):
        test_util.test_dsc('Check TCP access between SG VMs.')
        super(zstack_vcenter_sg_tcp_internal_vms_checker, self).check()
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s, since it doesn't provide DHCP service" % l3_uuid)
            return self.judge(self.exp_result)

        test_result = True
        all_ports = port_header.all_ports

        tcp_egress_rules = self.test_obj.get_nic_tcp_egress_rules(self.nic_uuid)
        src_all_allowed_egress_ports = get_all_ports(tcp_egress_rules)
        if not src_all_allowed_egress_ports:
            src_all_allowed_egress_ports = list(all_ports)
        #src_all_allowed_ingress_ports = get_all_ports(self.test_obj.get_nic_tcp_ingress_rules(self.nic_uuid))
        #if not src_all_allowed_ingress_ports:
        #    src_all_allowed_ingress_ports = list(all_ports)

        nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
        src_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)

        #save all shared sg for self.nic_uuid, the key was the other nic_uuid, who shared sg with self.nic_uuid
        nic_shared_sg_dict = {}

        #find all other nic shared with same sg.
        for sg in nic_sg_list:
            same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
            if len(same_l3_nic_list) == 1:
                test_util.test_logger("Skip [SG:] %s, since there is not 2nd VM is attached in this SG." % sg.security_group.uuid)
                continue

            if self.nic_uuid in same_l3_nic_list:
                same_l3_nic_list.remove(self.nic_uuid)

            for nic_uuid in same_l3_nic_list:
                if not nic_shared_sg_dict.has_key(nic_uuid):
                    nic_shared_sg_dict[nic_uuid] = [sg]
                elif not sg in nic_shared_sg_dict[nic_uuid]:
                    nic_shared_sg_dict[nic_uuid].append(sg)

        #for each shared sg nic to test.
        for nic_uuid in nic_shared_sg_dict.keys():
            dst_vm = test_lib.lib_get_vm_by_nic(nic_uuid)

            if dst_vm.state != inventory.RUNNING:
                test_util.test_logger("Skip [vm:] %s, since it is not running." % dst_vm.uuid)
                continue

            allowed_ingress_ports = []
            allowed_egress_ports = []

            #find out all shared SG ingress ports and egress ports
            for sg in nic_shared_sg_dict[nic_uuid]:
                sg_allowed_ingress_ports = \
                        get_all_ports(sg.get_tcp_ingress_all_rule())

                for port in sg_allowed_ingress_ports:
                    if not port in allowed_ingress_ports:
                        allowed_ingress_ports.append(port)

                sg_allowed_egress_ports = \
                        get_all_ports(sg.get_tcp_egress_all_rule())

                if not sg_allowed_egress_ports:
                    sg_allowed_egress_ports = list(all_ports)

                for port in sg_allowed_egress_ports:
                    if not port in allowed_egress_ports:
                        allowed_egress_ports.append(port)

            #find out all not shared SG ingress and egress ports for target 
            src_vm_allowedCidr = '%s/32' % test_lib.lib_get_nic_by_uuid(self.nic_uuid).ip
            dst_vm_allowedCidr = '%s/32' % test_lib.lib_get_nic_by_uuid(nic_uuid).ip

            #query all other left SG rules, which might not shard between src_vm
            #and dst_vm, but setting specifically for these two vms. 
            for in_port in get_all_ports(self.test_obj.get_nic_tcp_ingress_rule_by_addr(nic_uuid, src_vm_allowedCidr)):
                if not in_port in allowed_ingress_ports:
                    allowed_ingress_ports.append(in_port)

            for out_port in get_all_ports(self.test_obj.get_nic_tcp_egress_rule_by_addr(self.nic_uuid, dst_vm_allowedCidr)):
                if not out_port in allowed_egress_ports:
                    allowed_egress_ports.append(out_port)

            dst_all_allowed_ingress_ports = get_all_ports(self.test_obj.get_nic_tcp_ingress_rules(nic_uuid))

            if not dst_all_allowed_ingress_ports:
                test_util.test_logger('Destinated VM nic: %s does not allow any ingress rule, since it does not set any ingress rule' % nic_uuid)
                continue
            #if (not allowed_ingress_ports) \
            #    and (not dst_all_allowed_ingress_ports) \
            #    and (not self.test_obj.get_nic_udp_ingress_rules(nic_uuid)) \
            #    and (not self.test_obj.get_nic_icmp_ingress_rules(nic_uuid)):
            #        
            #    allowed_ingress_ports = list(all_ports)

            #if not find suitable port, means all egress opened. 
            if (not src_all_allowed_egress_ports) \
                and (not self.test_obj.get_nic_udp_egress_rules(nic_uuid)) \
                and (not self.test_obj.get_nic_icmp_egress_rules(nic_uuid)):

                allowed_egress_ports = list(all_ports)

            shared_ports = get_shared_ports(allowed_egress_ports, \
                    allowed_ingress_ports)

            not_shared_ports = list_ops.list_minus(all_ports, shared_ports)

            test_lib.lib_open_vm_listen_ports(dst_vm, all_ports, l3_uuid)
            try:
                test_lib.lib_check_vm_ports(src_vm, dst_vm, shared_ports, \
                        not_shared_ports)
            except:
                traceback.print_exc(file=sys.stdout)
                test_util.test_logger('Check result: [Security Group] meets failure when checking TCP Egress rule between [src_vm:] %s and [dst_vm:] %s. ' % (src_vm.uuid, dst_vm.uuid))
                test_result = False
                break

        test_util.test_logger('Check result: [Security Group] finishes TCP connection testing from [vm:] %s to other VMs in same SG.' % src_vm.uuid)
        print_iptables(src_vm)
        return self.judge(test_result)

Beispiel #16

Datei: zstack_kvm_vm_checker.py Projekt: zstackorg/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_dhcp_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)

        vm_cmd_result = None
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        print('find %d vr vms.' % len(vr_vms))
        for vr_vm in vr_vms:
            test_util.test_logger("Begin to check [vm:] %s DHCP binding setting in [VR:] %s" % (vm.uuid, vr_vm.uuid))
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'DHCP' in \
                    test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger("Skip [VR:] %s, since it doesn't provide DHCP service" % vr_vm.uuid)
                continue

            for i in range(300):
                cond = res_ops.gen_query_conditions('uuid', '=', vr_vm.uuid)
                vr = res_ops.query_resource_fields(res_ops.VM_INSTANCE, cond, None)[0]
                if "connected" in vr.status.lower():
                    test_util.test_logger("vr.uuid=%s vr.status=%s" %(vr_vm.uuid, vr.status.lower()))
                    break
                time.sleep(1)
            else:
                test_util.test_fail("vr.uuid=%s is not changed to changed within max waiting time." %(vr_vm.uuid))
          
            guest_ip = nic.ip
            guest_mac = nic.mac
            vr_ip = test_lib.lib_find_vr_mgmt_ip(vr_vm)
            if vr_vm.hasattr('applianceVmType') and vr_vm.applianceVmType == 'vrouter':
                command = '/bin/cli-shell-api showCfg'
            else:
                command = 'cat /etc/hosts.dhcp'
            vr_cmd_result = test_lib.lib_execute_sh_cmd_by_agent_with_retry(vr_ip, command, self.exp_result)
            if not vr_cmd_result:
                test_util.test_logger('Checker result: FAIL to execute shell commaond in [vm:] %s' % vr_vm.uuid)
                return self.judge(False)
            
            if vr_cmd_result == True:
                test_util.test_logger('Checker result: FAIL to get ssh result in [vm:] %s' % vr_vm.uuid)
                return self.judge(False)

            if not guest_mac in vr_cmd_result or not guest_ip in vr_cmd_result:
                test_util.test_logger('Checker result: [vm:] %s [mac:] %s is not found in [vr:] %s. VR ip/mac result is %s.' % (vm.uuid, guest_mac, vr_vm.uuid, vr_cmd_result))
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: [vm:] %s [mac:] %s is found in VR %s .' % (vm.uuid, guest_mac, vr_vm.uuid))

            test_util.test_logger("Begin to check VM DHCP in VM: %s" % vm.uuid)
            if not vm_cmd_result:
                vm_command = '/sbin/ip a'
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
                    return self.judge(False)

            if isinstance(vm_cmd_result, str) and guest_ip in vm_cmd_result:
                test_util.test_logger('Checker result: guest [ip:] %s is SET in guest [vm:] %s.' % (guest_ip, vm.uuid))
            else:
                test_util.test_logger('Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. \n Will Try again. It might be because the ifconfig is not reflect the ip address yet. \n The current ifconfig result is: %s' % (guest_ip, vm.uuid, vm_cmd_result))
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
                    return self.judge(False)
                if isinstance(vm_cmd_result, str) and guest_ip in vm_cmd_result:
                    test_util.test_logger('Checker result: guest [ip:] %s is SET in guest [vm:] %s.' % (guest_ip, vm.uuid))
                else:
                    if not guest_ip in vm_cmd_result:
                        test_util.test_logger('Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. The current ifconfig result is: %s' % (guest_ip, vm.uuid, vm_cmd_result))
                    else:
                        test_util.test_logger('vm_cmd_result: %s is not string type. It is: %s .' % (vm_cmd_result, type(vm_cmd_result)))
                    return self.judge(False)

        return self.judge(True)

Beispiel #17

Datei: zstack_kvm_vm_checker.py Projekt: KevinDavidMitnick/zstack-woodpecker

    def check(self):
        super(zstack_kvm_vm_dhcp_checker, self).check()
        vm = self.test_obj.vm
        test_lib.lib_install_testagent_to_vr(vm)
        host = test_lib.lib_get_vm_host(vm)
        test_lib.lib_install_testagent_to_host(host)
        test_lib.lib_set_vm_host_l2_ip(vm)

        vm_cmd_result = None
        vr_vms = test_lib.lib_find_vr_by_vm(vm)
        print('find %d vr vms.' % len(vr_vms))
        for vr_vm in vr_vms:
            test_util.test_logger("Begin to check [vm:] %s DHCP binding setting in [VR:] %s" % (vm.uuid, vr_vm.uuid))
            nic = test_lib.lib_get_vm_nic_by_vr(vm, vr_vm)
            if not 'DHCP' in \
                    test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
                test_util.test_logger("Skip [VR:] %s, since it doesn't provide DHCP service" % vr_vm.uuid)
                continue

            guest_ip = nic.ip
            guest_mac = nic.mac
            vr_ip = test_lib.lib_find_vr_mgmt_ip(vr_vm)
            command = 'cat /etc/hosts.dhcp'
            vr_cmd_result = test_lib.lib_execute_sh_cmd_by_agent_with_retry(vr_ip, command, self.exp_result)
            if not vr_cmd_result:
                test_util.test_logger('Checker result: FAIL to execute shell commaond in [vm:] %s' % vr_vm.uuid)
                return self.judge(False)
            
            if vr_cmd_result == True:
                test_util.test_logger('Checker result: FAIL to get ssh result in [vm:] %s' % vr_vm.uuid)
                return self.judge(False)

            if not guest_mac in vr_cmd_result or not guest_ip in vr_cmd_result:
                test_util.test_logger('Checker result: [vm:] %s [mac:] %s is not found in [vr:] %s. VR ip/mac result is %s.' % (vm.uuid, guest_mac, vr_vm.uuid, vr_cmd_result))
                return self.judge(False)
            else:
                test_util.test_logger('Checker result: [vm:] %s [mac:] %s is found in VR %s .' % (vm.uuid, guest_mac, vr_vm.uuid))

            test_util.test_logger("Begin to check VM DHCP in VM: %s" % vm.uuid)
            if not vm_cmd_result:
                vm_command = '/sbin/ip a'
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
                    return self.judge(False)

            if isinstance(vm_cmd_result, str) and guest_ip in vm_cmd_result:
                test_util.test_logger('Checker result: guest [ip:] %s is SET in guest [vm:] %s.' % (guest_ip, vm.uuid))
            else:
                test_util.test_logger('Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. \n Will Try again. It might be because the ifconfig is not reflect the ip address yet. \n The current ifconfig result is: %s' % (guest_ip, vm.uuid, vm_cmd_result))
                vm_cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), vm_command, self.exp_result)
                if not vm_cmd_result:
                    test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
                    return self.judge(False)
                if isinstance(vm_cmd_result, str) and guest_ip in vm_cmd_result:
                    test_util.test_logger('Checker result: guest [ip:] %s is SET in guest [vm:] %s.' % (guest_ip, vm.uuid))
                else:
                    if not guest_ip in vm_cmd_result:
                        test_util.test_logger('Checker result: guest [ip:] %s is NOT found in guest [vm:] %s. The current ifconfig result is: %s' % (guest_ip, vm.uuid, vm_cmd_result))
                    else:
                        test_util.test_logger('vm_cmd_result: %s is not string type. It is: %s .' % (vm_cmd_result, type(vm_cmd_result)))
                    return self.judge(False)

        return self.judge(True)

Beispiel #18

def test():
    img_option = test_util.ImageOption()
    image_name = 'userdata-image'
    image_url = os.environ.get('userdataImageUrl')
    img_option.set_name(image_name)
    bs_uuid = res_ops.query_resource_fields(res_ops.BACKUP_STORAGE, [],
                                            None)[0].uuid
    img_option.set_backup_storage_uuid_list([bs_uuid])
    img_option.set_format('raw')
    img_option.set_url(image_url)
    image_inv = img_ops.add_root_volume_template(img_option)
    image = test_image.ZstackTestImage()
    image.set_image(image_inv)
    image.set_creation_option(img_option)
    test_obj_dict.add_image(image)

    l3_name = os.environ.get('l3VlanNetworkName5')
    l3_net = test_lib.lib_get_l3_by_name(l3_name)
    l3_net_uuid = l3_net.uuid
    if 'DHCP' not in test_lib.lib_get_l3_service_type(l3_net_uuid):
        test_util.test_skip('Only DHCP support userdata')
    for ns in l3_net.networkServices:
        if ns.networkServiceType == 'DHCP':
            sp_uuid = ns.networkServiceProviderUuid
            sp = test_lib.lib_get_network_service_provider_by_uuid(sp_uuid)
            if sp.type != 'Flat':
                test_util.test_skip('Only Flat DHCP support userdata')

    vm = test_stub.create_vm(
        l3_uuid_list=[l3_net_uuid],
        vm_name='userdata-vm',
        image_uuid=image.get_image().uuid,
        system_tags=["userdata::%s" % os.environ.get('userdata_systemTags')])

    test_obj_dict.add_vm(vm)
    time.sleep(60)

    try:
        vm.check()
    except:
        test_util.test_logger("expected failure to connect VM")

    vm_ip = vm.get_vm().vmNics[0].ip
    ssh_cmd = 'ssh -i %s -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null test@%s' % (
        os.environ.get('sshkeyPriKey_file'), vm_ip)

    cmd = '%s cat /tmp/helloworld_config' % ssh_cmd
    process_result = test_stub.execute_shell_in_process(cmd, tmp_file)
    if process_result != 0:
        test_util.test_fail("fail to cat /tmp/helloworld_config")

    cmd = '%s find /tmp/temp' % ssh_cmd
    process_result = test_stub.execute_shell_in_process(cmd, tmp_file)
    if process_result != 0:
        test_util.test_fail("fail to find /tmp/temp")

    vm.destroy()
    test_obj_dict.rm_vm(vm)
    image.delete()
    if test_lib.lib_get_image_delete_policy() != 'Direct':
        image.expunge()
    test_obj_dict.rm_image(image)
    test_util.test_pass('Create VM with userdata  Success')

Beispiel #19

Datei: zstack_vcenter_security_group_checker.py Projekt: zhiqian1027/zstack-woodpecker

    def check(self):
        super(zstack_vcenter_sg_icmp_internal_vms_checker, self).check()
        #only check ingress icmp.
        if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid):
            test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid)
            return self.judge(self.exp_result)

        test_result = True

        test_util.test_dsc('Check ICMP rules between attached VMs')
        nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
        nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
        dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)
        l3_uuid = nic.l3NetworkUuid
        if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
            test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid)
            return self.judge(self.exp_result)

        target_ip = nic.ip
        allowed_src_nic_list = []
        temp_allowed_src_nic_list = []
        denied_nic_list = []
        for sg in nic_sg_list:
            same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
            if len(same_l3_nic_list) < 2 :
                test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid)
                continue

            #if source vm's udp and tcp engress rules exist, while icmp ingress
            # rule does not exist, the src vm egress icmp should be denied.
            #minus current nic.
            nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid])
            for nic_uuid in nic_list_temp:
                source_nic_egress_icmp_rules = \
                        self.test_obj.get_nic_icmp_egress_rules(nic_uuid)
                if not source_nic_egress_icmp_rules:
                    if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \
                            self.test_obj.get_nic_udp_egress_rules(nic_uuid):
                        if not nic_uuid in denied_nic_list:
                            denied_nic_list.append(nic_uuid)
                    else:
                        if not nic_uuid in temp_allowed_src_nic_list:
                            temp_allowed_src_nic_list.append(nic_uuid)
                else:
                    for rule in source_nic_egress_icmp_rules:
                        if target_ip in rule.allowedCidr:
                            if not nic_uuid in allowed_src_nic_list:
                                allowed_src_nic_list.append(nic_uuid)
                            break
                    else:
                        if not nic_uuid in denied_nic_list:
                            denied_nic_list.append(nic_uuid)

        for nic_uuid in list(denied_nic_list):
            if nic_uuid in allowed_src_nic_list:
                denied_nic_list.remove(nic_uuid)

        for nic_uuid in temp_allowed_src_nic_list:
            if not nic_uuid in denied_nic_list and \
                    not nic_uuid in allowed_src_nic_list:
                allowed_src_nic_list.append(nic_uuid)


        allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list)
        denied_vm_list = get_all_running_vms_by_nics(denied_nic_list)

        for src_vm in allowed_vm_list:
            if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
                test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid))
            else:
                test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
                test_result = False

        for src_vm in denied_vm_list:
            if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
                test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid))
                test_result = False
            else:
                test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))

        test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid)
        print_iptables(dst_vm)
        return self.judge(test_result)