def createNetworkRulesForVM(apiclient, virtualmachine, ruletype,
account, networkruledata):
"""Acquire IP, create Firewall and NAT/StaticNAT rule
(associating it with given vm) for that IP"""
try:
public_ip = PublicIPAddress.create(
apiclient,accountid=account.name,
zoneid=virtualmachine.zoneid,domainid=account.domainid,
networkid=virtualmachine.nic[0].networkid)
FireWallRule.create(
apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[networkruledata["fwrule"]["cidr"]],
startport=networkruledata["fwrule"]["startport"],
endport=networkruledata["fwrule"]["endport"]
)
if ruletype == NAT_RULE:
# Create NAT rule
NATRule.create(apiclient, virtualmachine,
networkruledata["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=virtualmachine.nic[0].networkid)
elif ruletype == STATIC_NAT_RULE:
# Enable Static NAT for VM
StaticNATRule.enable(apiclient,public_ip.ipaddress.id,
virtualmachine.id, networkid=virtualmachine.nic[0].networkid)
except Exception as e:
[FAIL, e]
return [PASS, public_ip]
def setUp(self):
try:
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(
self.apiclient,
self.services["account"],
domainid=self.domain.id
)
self.cleanup = [
self.account,
]
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.virtual_machine.account,
zoneid=self.virtual_machine.zoneid,
domainid=self.virtual_machine.domainid,
services=self.services["virtual_machine"]
)
return
except cloudstackAPIException as e:
self.tearDown()
raise e
def acquire_Public_Ip(self):
"""Acquires the public IP"""
try:
self.debug("Acquiring public IP for account: %s" %
self.account.name)
public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
self.debug("Acquired public IP: %s" %
public_ip.ipaddress.ipaddress)
self.debug("Configuring NAT rule for the acquired public ip")
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
return public_ip
except Exception as e:
self.fail("Failed to acquire new public IP: %s" % e)
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(self.apiclient,
self.services["account"],
domainid=self.domain.id)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.virtual_machine_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.public_ip = PublicIPAddress.create(
self.apiclient, self.virtual_machine.account,
self.virtual_machine.zoneid, self.virtual_machine.domainid,
self.services["virtual_machine"])
NATRule.create(self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id)
self.cleanup = [
self.account,
]
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(
self.apiclient,
self.services["account"],
domainid=self.domain.id
)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
self.cleanup = [
self.account,
]
return
def setUp(self):
try:
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(self.apiclient,
self.services["account"],
domainid=self.domain.id)
self.cleanup = [
self.account,
]
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.virtual_machine.account,
zoneid=self.virtual_machine.zoneid,
domainid=self.virtual_machine.domainid,
services=self.services["virtual_machine"])
return
except cloudstackAPIException as e:
self.tearDown()
raise e
def test_disable_static_nat(self, value):
""" Add secondary IP to NIC of a VM"""
# Steps:
# 1. Create Account and create network in it (isoalted/ shared/ vpc)
# 2. Deploy a VM in this network and account
# 3. Add 2 secondary IPs to the default nic of VM
# 4. Acquire public IP, open firewall for it, and
# enable static NAT rule for this public IP to the 1st secondary IP
# 5. Disable the static nat rule and enable it again
# Validations:
# 1. Verify step 5 by listing seconday IP and checking the appropriate flag
self.account = Account.create(self.apiclient,self.services["account"],domainid=self.domain.id)
self.cleanup.append(self.account)
network = createNetwork(self, value)
try:
virtual_machine = VirtualMachine.create(self.apiclient,self.services["virtual_machine"],
networkids=[network.id],serviceofferingid=self.service_offering.id,
accountid=self.account.name,domainid=self.account.domainid)
except Exception as e:
self.fail("vm creation failed: %s" % e)
try:
ipaddress_1 = NIC.addIp(self.apiclient, id=virtual_machine.nic[0].id)
except Exception as e:
self.fail("Failed while adding secondary IP to NIC of vm %s" % virtual_machine.id)
public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name,
zoneid=self.zone.id,domainid=self.account.domainid,
networkid=network.id, vpcid = network.vpcid if value == VPC_NETWORK else None)
if value != VPC_NETWORK:
FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"])
StaticNATRule.enable(self.apiclient, public_ip.ipaddress.id, virtual_machine.id,
network.id, vmguestip=ipaddress_1.ipaddress)
self.VerifyStaticNatForPublicIp(public_ip.ipaddress.id, True)
# Disabling static NAT
StaticNATRule.disable(self.apiclient, public_ip.ipaddress.id)
self.VerifyStaticNatForPublicIp(public_ip.ipaddress.id, False)
StaticNATRule.enable(self.apiclient, public_ip.ipaddress.id, virtual_machine.id,
network.id, vmguestip=ipaddress_1.ipaddress)
self.VerifyStaticNatForPublicIp(public_ip.ipaddress.id, True)
public_ip.delete(self.apiclient)
return
def VerifyStaticNatForPublicIp(self, ipaddressid, natrulestatus):
""" List public IP and verify that NAT rule status for the IP is as desired """
publiciplist = PublicIPAddress.list(self.apiclient, id=ipaddressid, listall=True)
self.assertEqual(validateList(publiciplist)[0], PASS, "Public IP list validation failed")
self.assertEqual(publiciplist[0].isstaticnat, natrulestatus, "isstaticnat should be %s, it is %s" %
(natrulestatus, publiciplist[0].isstaticnat))
return
def acquire_publicip(self, network):
self.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=self.vpc.id)
self.debug("Associated %s with network %s" %
(public_ip.ipaddress.ipaddress, network.id))
return public_ip
def acquire_Public_IP(self, network):
self.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=None, # network.id,
vpcid=self.vpc.id,
)
self.debug("Associated %s with network %s" % (public_ip.ipaddress.ipaddress, network.id))
return public_ip
def test_disassociate_ip_mapped_to_secondary_ip_through_PF_rule(self, value):
""" Add secondary IP to NIC of a VM"""
## Steps:
# 1. Create Account and create network in it (isoalted/ shared/ vpc)
# 2. Deploy a VM in this network and account
# 3. Add secondary IP to the default nic of VM
# 4. Acquire public IP, open firewall for it, and
# create NAT rule for this public IP to the 1st secondary IP
# 5. Try to delete the public IP used for NAT rule
# Validations:
# 1. Step 5 should succeed
self.account = Account.create(self.apiclient,self.services["account"],domainid=self.domain.id)
self.cleanup.append(self.account)
network = createNetwork(self, value)
try:
virtual_machine = VirtualMachine.create(self.apiclient,self.services["virtual_machine"],
networkids=[network.id],serviceofferingid=self.service_offering.id,
accountid=self.account.name,domainid=self.account.domainid)
except Exception as e:
self.fail("vm creation failed: %s" % e)
try:
ipaddress_1 = NIC.addIp(self.apiclient, id=virtual_machine.nic[0].id)
except Exception as e:
self.fail("Failed while adding secondary IP to NIC of vm %s" % virtual_machine.id)
public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name,
zoneid=self.zone.id,domainid=self.account.domainid,
networkid=network.id, vpcid = network.vpcid if value == VPC_NETWORK else None)
if value != VPC_NETWORK:
FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"])
# Create NAT rule
natrule = NATRule.create(self.api_client, virtual_machine,
self.services["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=network.id, vmguestip = ipaddress_1.ipaddress)
try:
public_ip.delete(self.apiclient)
except Exception as e:
self.fail("Exception while deleting nat rule %s: %s" % (natrule.id, e))
return
def is_public_ip_in_correct_state(apiclient, ipaddressid, state):
""" Check if the given IP is in the correct state (given)
and return True/False accordingly"""
retriesCount = 10
while True:
portableips = PublicIPAddress.list(apiclient, id=ipaddressid)
assert validateList(portableips)[0] == PASS, "IPs list validation failed"
if str(portableips[0].state).lower() == state:
break
elif retriesCount == 0:
return False
else:
retriesCount -= 1
time.sleep(60)
continue
return True
def is_public_ip_in_correct_state(apiclient, ipaddressid, state):
""" Check if the given IP is in the correct state (given)
and return True/False accordingly"""
retriesCount = 10
while True:
portableips = PublicIPAddress.list(apiclient, id=ipaddressid)
assert validateList(
portableips)[0] == PASS, "IPs list validation failed"
if str(portableips[0].state).lower() == state:
break
elif retriesCount == 0:
return False
else:
retriesCount -= 1
time.sleep(60)
continue
return True
def createNetworkRules(self, virtual_machine, network, vmguestip, networktype, ruletype):
""" Acquire public ip in the given network, open firewall if required and
create NAT rule for the public ip to the given guest vm ip address"""
try:
public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name,
zoneid=self.zone.id,domainid=self.account.domainid,
networkid=network.id, vpcid = network.vpcid if networktype == VPC_NETWORK else None)
if networktype != VPC_NETWORK:
FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"])
if ruletype == "nat":
NATRule.create(self.api_client, virtual_machine,
self.services["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=network.id, vmguestip = vmguestip)
elif ruletype == "staticnat":
StaticNATRule.enable(self.apiclient, public_ip.ipaddress.id, virtual_machine.id, network.id, vmguestip=vmguestip)
except Exception:
return FAIL
return PASS
def create_vm(self, pfrule=False, egress_policy=True, RR=False):
self.create_network_offering(egress_policy, RR)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id)
self.cleanup_networks.append(self.network)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying instance in the account: %s" % self.account.name)
project = None
try:
self.virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
mode=self.zone.networktype if pfrule else 'basic',
networkids=[str(self.network.id)],
projectid=project.id if project else None)
self.cleanup_vms.append(self.virtual_machine)
except Exception as e:
self.fail("Virtual machine deployment failed with exception: %s" % e)
self.debug("Deployed instance %s in account: %s" % (self.virtual_machine.id,self.account.name))
# Checking if VM is running or not, in case it is deployed in error state, test case fails
self.vm_list = list_virtual_machines(self.apiclient, id=self.virtual_machine.id)
self.assertEqual(validateList(self.vm_list)[0], PASS, "vm list validation failed, vm list is %s" % self.vm_list)
self.assertEqual(str(self.vm_list[0].state).lower(),'running',"VM state should be running, it is %s" % self.vm_list[0].state)
self.public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.debug("Creating NAT rule for VM ID: %s" % self.virtual_machine.id)
#Create NAT rule
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id
)
return
