Ejemplo n.º 1
0
def createNetworkRulesForVM(apiclient, virtualmachine, ruletype,
                            account, networkruledata):
    """Acquire IP, create Firewall and NAT/StaticNAT rule
        (associating it with given vm) for that IP"""

    try:
        public_ip = PublicIPAddress.create(
                apiclient,accountid=account.name,
                zoneid=virtualmachine.zoneid,domainid=account.domainid,
                networkid=virtualmachine.nic[0].networkid)

        FireWallRule.create(
            apiclient,ipaddressid=public_ip.ipaddress.id,
            protocol='TCP', cidrlist=[networkruledata["fwrule"]["cidr"]],
            startport=networkruledata["fwrule"]["startport"],
            endport=networkruledata["fwrule"]["endport"]
            )

        if ruletype == NAT_RULE:
            # Create NAT rule
            NATRule.create(apiclient, virtualmachine,
                                 networkruledata["natrule"],ipaddressid=public_ip.ipaddress.id,
                                 networkid=virtualmachine.nic[0].networkid)
        elif ruletype == STATIC_NAT_RULE:
            # Enable Static NAT for VM
            StaticNATRule.enable(apiclient,public_ip.ipaddress.id,
                                     virtualmachine.id, networkid=virtualmachine.nic[0].networkid)
    except Exception as e:
        [FAIL, e]
    return [PASS, public_ip]
Ejemplo n.º 2
0
 def delete_StaticNatRule_For_VM(self, vm, public_ip):
     self.debug("Disabling static NAT for public IP - %s" % public_ip.ipaddress.ipaddress)
     StaticNATRule.disable(self.api_client,
                           ipaddressid=public_ip.ipaddress.id,
                           virtualmachineid=vm.id
                           )
     self.debug("Static NAT disabled for public IP - %s" % public_ip.ipaddress.ipaddress)
Ejemplo n.º 3
0
 def delete_StaticNatRule_For_VM(self, public_ip):
     self.debug("Disabling Static NAT rule on public IP - %s" %
                public_ip.ipaddress.ipaddress)
     StaticNATRule.disable(self.api_client,
                           ipaddressid=public_ip.ipaddress.id
                           )
     self.debug("Static NAT rule disabled on public IP - %s" %
                public_ip.ipaddress.ipaddress)
Ejemplo n.º 4
0
 def create_StaticNatRule_For_VM(self, vm, public_ip, network, vmguestip=None):
     self.debug("Enabling static NAT for public IP - %s" % public_ip.ipaddress.ipaddress)
     StaticNATRule.enable(self.api_client,
                          ipaddressid=public_ip.ipaddress.id,
                          virtualmachineid=vm.id,
                          networkid=network.id,
                          vmguestip=vmguestip
                          )
     self.debug("Static NAT enabled for public IP - %s" % public_ip.ipaddress.ipaddress)
Ejemplo n.º 5
0
    def removeNetworkRules(self, rule, ipaddressobj):
        """ Remove specified rule on acquired public IP and
        default network of virtual machine
        """
        self.fw_rule.delete(self.apiclient)

        if rule == STATIC_NAT_RULE:
            StaticNATRule.disable(self.apiclient, ipaddressobj.ipaddress.id)

        elif rule == LB_RULE:
            self.lb_rule.delete(self.apiclient)
        else:
            self.nat_rule.delete(self.apiclient)
        return
Ejemplo n.º 6
0
 def create_StaticNatRule_For_VM(self,
                                 vm,
                                 public_ip,
                                 network,
                                 vmguestip=None):
     self.debug("Enabling static NAT for IP: %s" %
                public_ip.ipaddress.ipaddress)
     StaticNATRule.enable(self.api_client,
                          ipaddressid=public_ip.ipaddress.id,
                          virtualmachineid=vm.id,
                          networkid=network.id,
                          vmguestip=vmguestip)
     self.debug("Static NAT enabled for IP: %s" %
                public_ip.ipaddress.ipaddress)
Ejemplo n.º 7
0
 def delete_StaticNatRule_For_VM(self, vm, public_ip):
     self.debug("Disabling static NAT for IP: %s" %
                public_ip.ipaddress.ipaddress)
     try:
         StaticNATRule.disable(
             self.apiclient,
             ipaddressid=public_ip.ipaddress.id,
             virtualmachineid=vm.id,
         )
         self.debug("Static NAT disabled for IP: %s" %
                    public_ip.ipaddress.ipaddress)
     except Exception as e:
         self.fail("Failed to disabled static NAT on IP: %s - %s" %
                   (public_ip.ipaddress.ipaddress, e))
 def create_StaticNatRule_For_VM(self, vm, public_ip, network):
     self.debug("Enabling static NAT for IP: %s" % public_ip.ipaddress.ipaddress)
     try:
         StaticNATRule.enable(
             self.apiclient,
             ipaddressid=public_ip.ipaddress.id,
             virtualmachineid=vm.id,
             networkid=network.id
         )
         self.debug("Static NAT enabled for IP: %s" %
                    public_ip.ipaddress.ipaddress)
     except Exception as e:
         self.fail("Failed to enable static NAT on IP: %s - %s" % (
             public_ip.ipaddress.ipaddress, e))
 def delete_StaticNatRule_For_VM(self, vm, public_ip):
     self.debug("Disabling static NAT for IP: %s" %
                                                     public_ip.ipaddress.ipaddress)
     try:
             StaticNATRule.disable(
                                     self.apiclient,
                                     ipaddressid=public_ip.ipaddress.id,
                                     virtualmachineid=vm.id,
                                     )
             self.debug("Static NAT disabled for IP: %s" %
                                                     public_ip.ipaddress.ipaddress)
     except Exception as e:
             self.fail("Failed to disabled static NAT on IP: %s - %s" % (
                                                 public_ip.ipaddress.ipaddress, e))
 def create_StaticNatRule_For_VM(self, vm, public_ip, network):
     self.debug("Enabling static NAT for IP: %s" %
                                                     public_ip.ipaddress.ipaddress)
     try:
             StaticNATRule.enable(
                                     self.apiclient,
                                     ipaddressid=public_ip.ipaddress.id,
                                     virtualmachineid=vm.id,
                                     networkid=network.id
                                     )
             self.debug("Static NAT enabled for IP: %s" %
                                                     public_ip.ipaddress.ipaddress)
     except Exception as e:
             self.fail("Failed to enable static NAT on IP: %s - %s" % (
                                                 public_ip.ipaddress.ipaddress, e))
Ejemplo n.º 11
0
    def removeNetworkRules(self, rule, ipaddressobj):
        """ Remove specified rule on acquired public IP and
        default network of virtual machine
        """
        self.fw_rule.delete(self.apiclient)

        if rule == STATIC_NAT_RULE:
            StaticNATRule.disable(
                self.apiclient,
                ipaddressobj.ipaddress.id)

        elif rule == LB_RULE:
            self.lb_rule.delete(self.apiclient)
        else:
            self.nat_rule.delete(self.apiclient)
        return
Ejemplo n.º 12
0
 def create_StaticNatRule_For_VM(self, vm, public_ip, network, services=None):
     logger.debug("Enabling static NAT for IP: %s" %public_ip.ipaddress.ipaddress)
     if not services:
         services = self.services["natrule"]
     try:
             StaticNATRule.enable(
                                     self.apiclient,
                                     ipaddressid=public_ip.ipaddress.id,
                                     virtualmachineid=vm.id,
                                     networkid=network.id
                                     )
             logger.debug("Static NAT enabled for IP: %s" %
                                                     public_ip.ipaddress.ipaddress)
             logger.debug("Adding NetworkACL rules to make NAT rule accessible")
     except Exception as e:
             self.fail("Failed to enable static NAT on IP: %s - %s" % (
                                                 public_ip.ipaddress.ipaddress, e))
Ejemplo n.º 13
0
    def createNetworkRules(self, rule, ipaddressobj, networkid):
        """ Create specified rule on acquired public IP and
        default network of virtual machine
        """
        # Open up firewall port for SSH
        self.fw_rule = FireWallRule.create(
            self.apiclient,
            ipaddressid=ipaddressobj.ipaddress.id,
            protocol=self.services["fwrule"]["protocol"],
            cidrlist=['0.0.0.0/0'],
            startport=self.services["fwrule"]["startport"],
            endport=self.services["fwrule"]["endport"]
        )

        if rule == STATIC_NAT_RULE:
            StaticNATRule.enable(
                self.apiclient,
                ipaddressobj.ipaddress.id,
                self.virtual_machine.id,
                networkid
            )

        elif rule == LB_RULE:
            self.lb_rule = LoadBalancerRule.create(
                self.apiclient,
                self.services["lbrule"],
                ipaddressid=ipaddressobj.ipaddress.id,
                accountid=self.account.name,
                networkid=self.virtual_machine.nic[0].networkid,
                domainid=self.account.domainid)

            vmidipmap = [{"vmid": str(self.virtual_machine.id),
                          "vmip": str(self.virtual_machine.nic[0].ipaddress)}]

            self.lb_rule.assign(
                self.apiclient,
                vmidipmap=vmidipmap
            )
        else:
            self.nat_rule = NATRule.create(
                self.apiclient,
                self.virtual_machine,
                self.services["natrule"],
                ipaddressobj.ipaddress.id
            )
        return
Ejemplo n.º 14
0
    def createNetworkRules(self, rule, ipaddressobj, networkid):
        """ Create specified rule on acquired public IP and
        default network of virtual machine
        """
        # Open up firewall port for SSH
        self.fw_rule = FireWallRule.create(
            self.apiclient,
            ipaddressid=ipaddressobj.ipaddress.id,
            protocol=self.services["fwrule"]["protocol"],
            cidrlist=['0.0.0.0/0'],
            startport=self.services["fwrule"]["startport"],
            endport=self.services["fwrule"]["endport"]
        )

        if rule == STATIC_NAT_RULE:
            StaticNATRule.enable(
                self.apiclient,
                ipaddressobj.ipaddress.id,
                self.virtual_machine.id,
                networkid
            )

        elif rule == LB_RULE:
            self.lb_rule = LoadBalancerRule.create(
                self.apiclient,
                self.services["lbrule"],
                ipaddressid=ipaddressobj.ipaddress.id,
                accountid=self.account.name,
                networkid=self.virtual_machine.nic[0].networkid,
                domainid=self.account.domainid)

            vmidipmap = [{"vmid": str(self.virtual_machine.id),
                          "vmip": str(self.virtual_machine.nic[0].ipaddress)}]

            self.lb_rule.assign(
                self.apiclient,
                vmidipmap=vmidipmap
            )
        else:
            self.nat_rule = NATRule.create(
                self.apiclient,
                self.virtual_machine,
                self.services["natrule"],
                ipaddressobj.ipaddress.id
            )
        return
Ejemplo n.º 15
0
    def removeNetworkRules(self, rule):
        """ Remove specified rule on acquired public IP and
        default network of virtual machine
        """
        self.fw_rule.delete(self.apiclient)

        if rule == STATIC_NAT_RULE:
            StaticNATRule.disable(self.apiclient, self.ipaddress.ipaddress.id)

        elif rule == LB_RULE:
            self.lb_rule.delete(self.apiclient)
        else:
            self.nat_rule.delete(self.apiclient)

        logger.debug("Releasing IP %s from account %s" %
                     (self.ipaddress.ipaddress.ipaddress, self.account.name))
        self.ipaddress.delete(self.apiclient)

        return
Ejemplo n.º 16
0
    def removeNetworkRules(self, rule):
        """ Remove specified rule on acquired public IP and
        default network of virtual machine
        """
        self.fw_rule.delete(self.apiclient)

        if rule == STATIC_NAT_RULE:
            StaticNATRule.disable(
                self.apiclient,
                self.ipaddress.ipaddress.id)

        elif rule == LB_RULE:
            self.lb_rule.delete(self.apiclient)
        else:
            self.nat_rule.delete(self.apiclient)

        logger.debug("Releasing IP %s from account %s" % (self.ipaddress.ipaddress.ipaddress, self.account.name))
        self.ipaddress.delete(self.apiclient)

        return
Ejemplo n.º 17
0
 def create_StaticNatRule_For_VM(self, vm, public_ip, network, vmguestip=None):
     self.debug("Enabling Static NAT rule on public IP - %s for VM with ID - %s in network with ID - %s" %
                (public_ip.ipaddress.ipaddress, vm.id, network.id))
     static_nat_rule = StaticNATRule.enable(self.api_client,
                                            ipaddressid=public_ip.ipaddress.id,
                                            virtualmachineid=vm.id,
                                            networkid=network.id,
                                            vmguestip=vmguestip
                                            )
     self.debug("Static NAT rule enabled on public IP - %s for VM with ID - %s in network with ID - %s" %
                (public_ip.ipaddress.ipaddress, vm.id, network.id))
     return static_nat_rule
Ejemplo n.º 18
0
def createNetworkRulesForVM(apiclient, virtualmachine, ruletype, account,
                            networkruledata):
    """Acquire IP, create Firewall and NAT/StaticNAT rule
        (associating it with given vm) for that IP"""

    try:
        public_ip = PublicIPAddress.create(
            apiclient,
            accountid=account.name,
            zoneid=virtualmachine.zoneid,
            domainid=account.domainid,
            networkid=virtualmachine.nic[0].networkid)

        FireWallRule.create(apiclient,
                            ipaddressid=public_ip.ipaddress.id,
                            protocol='TCP',
                            cidrlist=[networkruledata["fwrule"]["cidr"]],
                            startport=networkruledata["fwrule"]["startport"],
                            endport=networkruledata["fwrule"]["endport"])

        if ruletype == NAT_RULE:
            # Create NAT rule
            NATRule.create(apiclient,
                           virtualmachine,
                           networkruledata["natrule"],
                           ipaddressid=public_ip.ipaddress.id,
                           networkid=virtualmachine.nic[0].networkid)
        elif ruletype == STATIC_NAT_RULE:
            # Enable Static NAT for VM
            StaticNATRule.enable(apiclient,
                                 public_ip.ipaddress.id,
                                 virtualmachine.id,
                                 networkid=virtualmachine.nic[0].networkid)
    except Exception as e:
        [FAIL, e]
    return [PASS, public_ip]
Ejemplo n.º 19
0
 def create_StaticNatRule_For_VM(self,
                                 vm,
                                 public_ip,
                                 network,
                                 vmguestip=None):
     self.debug(
         "Enabling Static NAT rule on public IP - %s for VM with ID - %s in network with ID - %s"
         % (public_ip.ipaddress.ipaddress, vm.id, network.id))
     static_nat_rule = StaticNATRule.enable(
         self.api_client,
         ipaddressid=public_ip.ipaddress.id,
         virtualmachineid=vm.id,
         networkid=network.id,
         vmguestip=vmguestip)
     self.debug(
         "Static NAT rule enabled on public IP - %s for VM with ID - %s in network with ID - %s"
         % (public_ip.ipaddress.ipaddress, vm.id, network.id))
     return static_nat_rule
Ejemplo n.º 20
0
    def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self):
        """Test deploy virtual machines in VPC networks"""

        # 1. Create VPC Offering by specifying all supported Services
        #   (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl)
        # 2. Create a VPC using the above VPC offering
        # 3. Create a network as part of this VPC.
        # 4. Deploy few Vms.
        # 5. Create a LB rule for this VM.
        # 6. Create a PF rule for this VM.
        # 7. Create a  Static Nat rule for this VM.
        # 8. Create Ingress rules on the network to open the above created
        #    LB PF and Static Nat rule
        # 9. Create Egress Network ACL for this network to access google.com.
        # 10. Enable VPN services

        if not self.isOvsPluginEnabled:
            self.skipTest("OVS plugin should be enabled to run this test case")

        self.debug("Creating a VPC offering..")
        vpc_off = VpcOffering.create(self.apiclient,
                                     self.services["vpc_offering"])

        vpc_off.update(self.apiclient, state='Enabled')

        self.debug("creating a VPC network in the account: %s" %
                   self.account.name)
        vpc = VPC.create(self.apiclient,
                         self.services["vpc"],
                         vpcofferingid=vpc_off.id,
                         zoneid=self.zone.id,
                         account=self.account.name,
                         domainid=self.account.domainid,
                         networkDomain=self.account.domainid)
        self.validate_vpc_network(vpc)

        self.network_offering = NetworkOffering.create(
            self.apiclient,
            self.services["network_offering"],
            conservemode=False)
        # Enable Network offering
        self.network_offering.update(self.apiclient, state='Enabled')

        gateway = vpc.cidr.split('/')[0]
        # Split the cidr to retrieve gateway
        # for eg. cidr = 10.0.0.1/24
        # Gateway = 10.0.0.1

        # Creating network using the network offering created
        self.debug("Creating network with network offering: %s" %
                   self.network_offering.id)
        network = Network.create(self.apiclient,
                                 self.services["network"],
                                 accountid=self.account.name,
                                 domainid=self.account.domainid,
                                 networkofferingid=self.network_offering.id,
                                 zoneid=self.zone.id,
                                 gateway=gateway,
                                 vpcid=vpc.id)
        self.debug("Created network with ID: %s" % network.id)
        # Spawn an instance in that network
        virtual_machine = VirtualMachine.create(
            self.apiclient,
            self.services["virtual_machine"],
            accountid=self.account.name,
            domainid=self.account.domainid,
            serviceofferingid=self.service_offering.id,
            networkids=[str(network.id)])
        self.debug("Deployed VM in network: %s" % network.id)

        self.debug("Associating public IP for network: %s" % network.name)
        public_ip = PublicIPAddress.create(self.apiclient,
                                           accountid=self.account.name,
                                           zoneid=self.zone.id,
                                           domainid=self.account.domainid,
                                           networkid=network.id,
                                           vpcid=vpc.id)
        self.debug("Associated %s with network %s" %
                   (public_ip.ipaddress.ipaddress, network.id))

        self.debug("Creating LB rule for IP address: %s" %
                   public_ip.ipaddress.ipaddress)

        LoadBalancerRule.create(self.apiclient,
                                self.services["lbrule"],
                                ipaddressid=public_ip.ipaddress.id,
                                accountid=self.account.name,
                                networkid=network.id,
                                vpcid=vpc.id,
                                domainid=self.account.domainid)

        self.debug("Associating public IP for network: %s" % vpc.name)
        public_ip_2 = PublicIPAddress.create(self.apiclient,
                                             accountid=self.account.name,
                                             zoneid=self.zone.id,
                                             domainid=self.account.domainid,
                                             networkid=network.id,
                                             vpcid=vpc.id)
        self.debug("Associated %s with network %s" %
                   (public_ip_2.ipaddress.ipaddress, network.id))

        NATRule.create(self.apiclient,
                       virtual_machine,
                       self.services["natrule"],
                       ipaddressid=public_ip_2.ipaddress.id,
                       openfirewall=False,
                       networkid=network.id,
                       vpcid=vpc.id)

        self.debug("Adding NetwrokACl rules to make PF and LB accessible")
        NetworkACL.create(self.apiclient,
                          networkid=network.id,
                          services=self.services["natrule"],
                          traffictype='Ingress')

        NetworkACL.create(self.apiclient,
                          networkid=network.id,
                          services=self.services["lbrule"],
                          traffictype='Ingress')
        self.debug("Checking if we can SSH into VM?")
        try:
            virtual_machine.get_ssh_client(
                ipaddress=public_ip_2.ipaddress.ipaddress, )
            self.debug("SSH into VM is successfully")
        except Exception as e:
            self.fail("Failed to SSH into VM - %s, %s" %
                      (public_ip_2.ipaddress.ipaddress, e))

        self.debug("Associating public IP for network: %s" % network.name)
        public_ip_3 = PublicIPAddress.create(self.apiclient,
                                             accountid=self.account.name,
                                             zoneid=self.zone.id,
                                             domainid=self.account.domainid,
                                             networkid=network.id,
                                             vpcid=vpc.id)
        self.debug("Associated %s with network %s" %
                   (public_ip_3.ipaddress.ipaddress, network.id))
        self.debug("Enabling static NAT for IP: %s" %
                   public_ip_3.ipaddress.ipaddress)
        try:
            StaticNATRule.enable(self.apiclient,
                                 ipaddressid=public_ip_3.ipaddress.id,
                                 virtualmachineid=virtual_machine.id,
                                 networkid=network.id)
            self.debug("Static NAT enabled for IP: %s" %
                       public_ip_3.ipaddress.ipaddress)
        except Exception as e:
            self.fail("Failed to enable static NAT on IP: %s - %s" %
                      (public_ip_3.ipaddress.ipaddress, e))

        public_ips = PublicIPAddress.list(self.apiclient,
                                          networkid=network.id,
                                          listall=True,
                                          isstaticnat=True,
                                          account=self.account.name,
                                          domainid=self.account.domainid)
        self.assertEqual(isinstance(public_ips, list), True,
                         "List public Ip for network should list the Ip addr")
        self.assertEqual(public_ips[0].ipaddress,
                         public_ip_3.ipaddress.ipaddress,
                         "List public Ip for network should list the Ip addr")
        # TODO: Remote Access VPN is not yet supported in VPC
        return
    def test_01_acquire_public_ips_in_isolated_network_with_single_vr(self):
        """ Acquire IPs in multiple subnets in isolated networks with single VR

        # Steps
        # 1. Create network offering with single VR, and enable it
        # 2. create isolated network with the network offering
        # 3. create a vm in the network.
        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP
        # 4. get a free public ip, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP and new ip
        # 5. remove the port forwarding rule, and release the new ip
        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic IP, eth2 -> source nat IP

        # 6. create new public ip range 1
        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
        # 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 2,
        # 9. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 2, new ip 3
        # 10. release new ip 2
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 3
        # 11. release new ip 1
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3
        # 12. create new public ip range 2
        # 13. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4
        # 14. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/5
        # 15. get a free ip 6 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/5/6
        # 16. release new ip 5
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/6
        # 17. release new ip 4
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 6
        # 18. release new ip 3
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth4 -> new ip 6
        # 19. restart network
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth4 -> new ip 6
        # 20. reboot router
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        # 21. restart network with cleanup
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        # 22. restart network with cleanup, makeredundant=true
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        """

        # Create new domain1
        self.domain1 = Domain.create(self.apiclient,
                                     services=self.services["acl"]["domain1"],
                                     parentdomainid=self.domain.id)
        # Create account1
        self.account1 = Account.create(self.apiclient,
                                       self.services["acl"]["accountD1"],
                                       domainid=self.domain1.id)
        self.cleanup.append(self.account1)
        self.cleanup.append(self.domain1)

        # 1. Create network offering with single VR, and enable it
        self.network_offering = NetworkOffering.create(
            self.apiclient,
            self.services["isolated_network_offering"],
        )
        self.network_offering.update(self.apiclient, state='Enabled')
        self.cleanup.append(self.network_offering)

        # 2. create isolated network with the network offering
        self.services["network"]["zoneid"] = self.zone.id
        self.services["network"]["networkoffering"] = self.network_offering.id
        self.network1 = Network.create(self.apiclient,
                                       self.services["network"],
                                       self.account1.name,
                                       self.account1.domainid)

        # 3. create a vm in the network.
        try:
            self.virtual_machine1 = VirtualMachine.create(
                self.apiclient,
                self.services["virtual_machine"],
                accountid=self.account1.name,
                domainid=self.account1.domainid,
                serviceofferingid=self.service_offering.id,
                templateid=self.template.id,
                zoneid=self.zone.id,
                networkids=self.network1.id)
        except Exception as e:
            self.fail("Exception while deploying virtual machine: %s" % e)

        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_router_publicnic_state(router, host, "eth2")

        # 4. get a free public ip, assign to network, and create port forwarding rules (ssh) to the vm
        ipaddress = PublicIPAddress.create(
            self.apiclient,
            zoneid=self.zone.id,
            networkid=self.network1.id,
        )
        nat_rule = NATRule.create(self.apiclient,
                                  self.virtual_machine1,
                                  self.services["natrule"],
                                  ipaddressid=ipaddress.ipaddress.id,
                                  openfirewall=True)
        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP/new ip
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress.ipaddress.ipaddress,
                                             "eth2", True)
            self.verify_router_publicnic_state(router, host, "eth2")

        # 5. release the new ip
        ipaddress.delete(self.apiclient)

        #   verify the available nics in VR should be "eth0,eth1,eth2"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress.ipaddress.ipaddress,
                                             "eth2", False)
            self.verify_router_publicnic_state(router, host, "eth2")

        # 6. create new public ip range 1
        self.services["publiciprange"]["zoneid"] = self.zone.id
        self.services["publiciprange"]["forvirtualnetwork"] = "true"
        random_subnet_number = random.randrange(10, 50)
        self.services["publiciprange"]["vlan"] = get_free_vlan(
            self.apiclient, self.zone.id)[1]
        self.services["publiciprange"]["gateway"] = "172.16." + str(
            random_subnet_number) + ".1"
        self.services["publiciprange"]["startip"] = "172.16." + str(
            random_subnet_number) + ".2"
        self.services["publiciprange"]["endip"] = "172.16." + str(
            random_subnet_number) + ".10"
        self.services["publiciprange"]["netmask"] = "255.255.255.0"
        self.public_ip_range1 = PublicIpRange.create(
            self.apiclient, self.services["publiciprange"])
        self.cleanup.append(self.public_ip_range1)

        # 7. get a free ip 4 in new ip range 2, assign to network, and enable static nat to vm
        ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
        ipaddress_1 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_1)

        StaticNATRule.enable(self.apiclient,
                             virtualmachineid=self.virtual_machine1.id,
                             ipaddressid=ipaddress_1.ipaddress.id,
                             networkid=self.network1.id)

        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_1.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 8. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 2,
        ip_address_2 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
        ipaddress_2 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_2)

        nat_rule = NATRule.create(self.apiclient,
                                  self.virtual_machine1,
                                  self.services["natrule"],
                                  ipaddressid=ipaddress_2.ipaddress.id,
                                  openfirewall=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_1.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_2.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 9. get a free ip in new ip range, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 2, new ip 3
        ip_address_3 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
        ipaddress_3 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_3)

        nat_rule = NATRule.create(self.apiclient,
                                  self.virtual_machine1,
                                  self.services["natrule"],
                                  ipaddressid=ipaddress_3.ipaddress.id,
                                  openfirewall=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_1.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_2.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 10. release new ip 2
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 1, new ip 3
        ipaddress_2.delete(self.apiclient)

        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_1.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_2.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 11. release new ip 1
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3
        ipaddress_1.delete(self.apiclient)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_1.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_2.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 12. create new public ip range 2
        self.services["publiciprange"]["zoneid"] = self.zone.id
        self.services["publiciprange"]["forvirtualnetwork"] = "true"
        self.services["publiciprange"]["vlan"] = get_free_vlan(
            self.apiclient, self.zone.id)[1]
        self.services["publiciprange"]["gateway"] = "172.16." + str(
            random_subnet_number + 1) + ".1"
        self.services["publiciprange"]["startip"] = "172.16." + str(
            random_subnet_number + 1) + ".2"
        self.services["publiciprange"]["endip"] = "172.16." + str(
            random_subnet_number + 1) + ".10"
        self.services["publiciprange"]["netmask"] = "255.255.255.0"
        self.public_ip_range2 = PublicIpRange.create(
            self.apiclient, self.services["publiciprange"])
        self.cleanup.append(self.public_ip_range2)

        # 13. get a free ip 4 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4

        ip_address_4 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
        ipaddress_4 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_4)

        StaticNATRule.enable(self.apiclient,
                             virtualmachineid=self.virtual_machine1.id,
                             ipaddressid=ipaddress_4.ipaddress.id,
                             networkid=self.network1.id)

        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(
                router, host, "eth0,eth1,eth2,eth3,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3|eth4")

        # 14. get a free ip 5 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/5
        ip_address_5 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
        ipaddress_5 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_5)

        nat_rule = NATRule.create(self.apiclient,
                                  self.virtual_machine1,
                                  self.services["natrule"],
                                  ipaddressid=ipaddress_5.ipaddress.id,
                                  openfirewall=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(
                router, host, "eth0,eth1,eth2,eth3,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3|eth4")

        # 15. get a free ip 6 in new ip range 2, assign to network, and create port forwarding rules (ssh) to the vm
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/5/6
        ip_address_6 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
        ipaddress_6 = PublicIPAddress.create(self.apiclient,
                                             zoneid=self.zone.id,
                                             networkid=self.network1.id,
                                             ipaddress=ip_address_6)

        nat_rule = NATRule.create(self.apiclient,
                                  self.virtual_machine1,
                                  self.services["natrule"],
                                  ipaddressid=ipaddress_6.ipaddress.id,
                                  openfirewall=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(
                router, host, "eth0,eth1,eth2,eth3,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3|eth4")

        # 16. release new ip 5
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 4/6
        ipaddress_5.delete(self.apiclient)

        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(
                router, host, "eth0,eth1,eth2,eth3,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3|eth4")

        # 17. release new ip 4
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 3, eth4 -> new ip 6
        ipaddress_4.delete(self.apiclient)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(
                router, host, "eth0,eth1,eth2,eth3,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_3.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3|eth4")

        # 18. release new ip 3
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth4 -> new ip 6
        ipaddress_3.delete(self.apiclient)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth4")

        # 19. restart network
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth4,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth4 -> new ip 6
        self.network1.restart(self.apiclient)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth4,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth4", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth4", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth4")

        # 20. reboot router
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        if len(routers) > 0:
            router = routers[0]
            cmd = rebootRouter.rebootRouterCmd()
            cmd.id = router.id
            self.apiclient.rebootRouter(cmd)
            router = self.get_router(router.id)
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")

        # 21. restart network with cleanup
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        self.network1.restart(self.apiclient, cleanup=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth3", True)

        # 22. restart network with cleanup, makeredundant=true
        #   verify the available nics in VR should be "eth0,eth1,eth2,eth3,"
        #   verify the IPs in VR. eth0 -> guest nic, eth2 -> source nat IP, eth3 -> new ip 6
        self.network1.restart(self.apiclient, cleanup=True, makeredundant=True)
        routers = self.get_routers(self.network1.id)
        for router in routers:
            host = self.get_router_host(router)
            self.verify_network_interfaces_in_router(router, host,
                                                     "eth0,eth1,eth2,eth3,")
            guestIp, controlIp, sourcenatIp = self.get_router_ips(router)
            self.verify_ip_address_in_router(router, host, guestIp, "eth0",
                                             True)
            self.verify_ip_address_in_router(router, host, controlIp, "eth1",
                                             True)
            self.verify_ip_address_in_router(router, host, sourcenatIp, "eth2",
                                             True)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_4.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_5.ipaddress.ipaddress,
                                             "eth3", False)
            self.verify_ip_address_in_router(router, host,
                                             ipaddress_6.ipaddress.ipaddress,
                                             "eth3", True)
            self.verify_router_publicnic_state(router, host, "eth2|eth3")
Ejemplo n.º 22
0
    def test_01_firewall_rules_port_fw(self):
        """"Checking firewall rules deletion after static NAT disable"""


        # Validate the following:
        #1. Enable static NAT for a VM
        #2. Open up some ports. At this point there will be new rows in the
        #   firewall_rules table.
        #3. Disable static NAT for the VM.
        #4. Check fire wall rules are deleted from firewall_rules table.

        public_ip = self.public_ip.ipaddress

        # Enable Static NAT for VM
        StaticNATRule.enable(
                             self.apiclient,
                             public_ip.id,
                             self.virtual_machine.id
                            )
        self.debug("Enabled static NAT for public IP ID: %s" %
                                                    public_ip.id)

        #Create Static NAT rule, in fact it's firewall rule
        nat_rule = StaticNATRule.create(
                        self.apiclient,
                        self.services["firewall_rule"],
                        public_ip.id
                        )
        self.debug("Created Static NAT rule for public IP ID: %s" %
                                                    public_ip.id)
        self.debug("Checking IP address")
        ip_response = PublicIPAddress.list(
                                         self.apiclient,
                                         id = public_ip.id
                                        )
        self.assertEqual(
                            isinstance(ip_response, list),
                            True,
                            "Check ip response returns a valid list"
                        )
        self.assertNotEqual(
                            len(ip_response),
                            0,
                            "Check static NAT Rule is created"
                            )
        self.assertTrue(
                            ip_response[0].isstaticnat,
                            "IP is not static nat enabled"
                        )
        self.assertEqual(
                            ip_response[0].virtualmachineid,
                            self.virtual_machine.id,
                            "IP is not binding with the VM"
                        )

        self.debug("Checking Firewall rule")
        firewall_response = FireWallRule.list(
                                                self.apiclient,
                                                ipaddressid = public_ip.id,
                                                listall = True
                                             )
        self.assertEqual(
                            isinstance(firewall_response, list),
                            True,
                            "Check firewall response returns a valid list"
                        )
        self.assertNotEqual(
                            len(firewall_response),
                            0,
                            "Check firewall rule is created"
                            )
        self.assertEqual(
                            firewall_response[0].state,
                            "Active",
                            "Firewall rule is not active"
                        )
        self.assertEqual(
                            firewall_response[0].ipaddressid,
                            public_ip.id,
                            "Firewall rule is not static nat related"
                        )
        self.assertEqual(
                            firewall_response[0].startport,
                            str(self.services["firewall_rule"]["startport"]),
                            "Firewall rule is not with specific port"
                        )

        self.debug("Removed the firewall rule")
        nat_rule.delete(self.apiclient)

        self.debug("Checking IP address, it should still existed")
        ip_response = PublicIPAddress.list(
                                         self.apiclient,
                                         id = public_ip.id
                                        )
        self.assertEqual(
                            isinstance(ip_response, list),
                            True,
                            "Check ip response returns a valid list"
                        )
        self.assertNotEqual(
                            len(ip_response),
                            0,
                            "Check static NAT Rule is created"
                            )
        self.assertTrue(
                            ip_response[0].isstaticnat,
                            "IP is not static nat enabled"
                        )
        self.assertEqual(
                            ip_response[0].virtualmachineid,
                            self.virtual_machine.id,
                            "IP is not binding with the VM"
                        )

        self.debug("Checking Firewall rule, it should be removed")
        firewall_response = FireWallRule.list(
                                                self.apiclient,
                                                ipaddressid = public_ip.id,
                                                listall = True
                                             )
        self.assertEqual(
                            isinstance(firewall_response, list),
                            True,
                            "Check firewall response returns a valid list"
                        )
        if len(firewall_response) != 0 :
            self.assertEqual(
                            firewall_response[0].state,
                            "Deleting",
                            "Firewall rule should be deleted or in deleting state"
                        )
        return
Ejemplo n.º 23
0
    def test_01_firewall_rules_port_fw(self):
        """"Checking firewall rules deletion after static NAT disable"""

        # Validate the following:
        #1. Enable static NAT for a VM
        #2. Open up some ports. At this point there will be new rows in the
        #   firewall_rules table.
        #3. Disable static NAT for the VM.
        #4. Check fire wall rules are deleted from firewall_rules table.

        public_ip = self.public_ip.ipaddress

        # Enable Static NAT for VM
        StaticNATRule.enable(self.apiclient, public_ip.id,
                             self.virtual_machine.id)
        self.debug("Enabled static NAT for public IP ID: %s" % public_ip.id)

        #Create Static NAT rule, in fact it's firewall rule
        nat_rule = StaticNATRule.create(self.apiclient,
                                        self.services["firewall_rule"],
                                        public_ip.id)
        self.debug("Created Static NAT rule for public IP ID: %s" %
                   public_ip.id)
        self.debug("Checking IP address")
        ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
        self.assertEqual(isinstance(ip_response, list), True,
                         "Check ip response returns a valid list")
        self.assertNotEqual(len(ip_response), 0,
                            "Check static NAT Rule is created")
        self.assertTrue(ip_response[0].isstaticnat,
                        "IP is not static nat enabled")
        self.assertEqual(ip_response[0].virtualmachineid,
                         self.virtual_machine.id,
                         "IP is not binding with the VM")

        self.debug("Checking Firewall rule")
        firewall_response = FireWallRule.list(self.apiclient,
                                              ipaddressid=public_ip.id,
                                              listall=True)
        self.assertEqual(isinstance(firewall_response, list), True,
                         "Check firewall response returns a valid list")
        self.assertNotEqual(len(firewall_response), 0,
                            "Check firewall rule is created")
        self.assertEqual(firewall_response[0].state, "Active",
                         "Firewall rule is not active")
        self.assertEqual(firewall_response[0].ipaddressid, public_ip.id,
                         "Firewall rule is not static nat related")
        self.assertEqual(firewall_response[0].startport,
                         str(self.services["firewall_rule"]["startport"]),
                         "Firewall rule is not with specific port")

        self.debug("Removed the firewall rule")
        nat_rule.delete(self.apiclient)

        self.debug("Checking IP address, it should still existed")
        ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
        self.assertEqual(isinstance(ip_response, list), True,
                         "Check ip response returns a valid list")
        self.assertNotEqual(len(ip_response), 0,
                            "Check static NAT Rule is created")
        self.assertTrue(ip_response[0].isstaticnat,
                        "IP is not static nat enabled")
        self.assertEqual(ip_response[0].virtualmachineid,
                         self.virtual_machine.id,
                         "IP is not binding with the VM")

        self.debug("Checking Firewall rule, it should be removed")
        firewall_response = FireWallRule.list(self.apiclient,
                                              ipaddressid=public_ip.id,
                                              listall=True)
        self.assertEqual(isinstance(firewall_response, list), True,
                         "Check firewall response returns a valid list")
        if len(firewall_response) != 0:
            self.assertEqual(
                firewall_response[0].state, "Deleting",
                "Firewall rule should be deleted or in deleting state")
        return
Ejemplo n.º 24
0
    def setUpClass(cls):
        cls._cleanup = []
        cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient()
        cls.api_client = cls.testClient.getApiClient()
        cls.hypervisor = cls.testClient.getHypervisorInfo()
        cls.vpcSupported = True
        cls._cleanup = []
        cls.services = Services().services
        # Get Zone, Domain and templates
        cls.domain = get_domain(cls.api_client)
        cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
        cls.template = get_template(cls.api_client, cls.zone.id,
                                    cls.services["ostype"])
        cls.services["virtual_machine"]["zoneid"] = cls.zone.id
        cls.services["virtual_machine"]["template"] = cls.template.id

        cls.service_offering = ServiceOffering.create(
            cls.api_client, cls.services["service_offering"])
        cls._cleanup.append(cls.service_offering)
        cls.vpc_off = VpcOffering.create(cls.api_client,
                                         cls.services["vpc_offering"])
        cls.vpc_off.update(cls.api_client, state='Enabled')
        cls._cleanup.append(cls.vpc_off)

        cls.account = Account.create(cls.api_client,
                                     cls.services["account"],
                                     admin=True,
                                     domainid=cls.domain.id)
        cls._cleanup.insert(0, cls.account)

        cls.services["vpc"]["cidr"] = '10.1.1.1/16'
        cls.vpc = VPC.create(cls.api_client,
                             cls.services["vpc"],
                             vpcofferingid=cls.vpc_off.id,
                             zoneid=cls.zone.id,
                             account=cls.account.name,
                             domainid=cls.account.domainid)

        private_gateway = PrivateGateway.create(cls.api_client,
                                                gateway='10.1.3.1',
                                                ipaddress='10.1.3.100',
                                                netmask='255.255.255.0',
                                                vlan=678,
                                                vpcid=cls.vpc.id)
        cls.gateways = PrivateGateway.list(cls.api_client,
                                           id=private_gateway.id,
                                           listall=True)

        static_route = StaticRoute.create(cls.api_client,
                                          cidr='11.1.1.1/24',
                                          gatewayid=private_gateway.id)
        cls.static_routes = StaticRoute.list(cls.api_client,
                                             id=static_route.id,
                                             listall=True)

        cls.nw_off = NetworkOffering.create(cls.api_client,
                                            cls.services["network_offering"],
                                            conservemode=False)
        # Enable Network offering
        cls.nw_off.update(cls.api_client, state='Enabled')
        cls._cleanup.append(cls.nw_off)

        # Creating network using the network offering created
        cls.network_1 = Network.create(cls.api_client,
                                       cls.services["network"],
                                       accountid=cls.account.name,
                                       domainid=cls.account.domainid,
                                       networkofferingid=cls.nw_off.id,
                                       zoneid=cls.zone.id,
                                       gateway='10.1.1.1',
                                       vpcid=cls.vpc.id)

        # Spawn an instance in that network
        vm_1 = VirtualMachine.create(cls.api_client,
                                     cls.services["virtual_machine"],
                                     accountid=cls.account.name,
                                     domainid=cls.account.domainid,
                                     serviceofferingid=cls.service_offering.id,
                                     networkids=[str(cls.network_1.id)])
        vm_2 = VirtualMachine.create(cls.api_client,
                                     cls.services["virtual_machine"],
                                     accountid=cls.account.name,
                                     domainid=cls.account.domainid,
                                     serviceofferingid=cls.service_offering.id,
                                     networkids=[str(cls.network_1.id)])

        # Spawn an instance in that network
        vm_3 = VirtualMachine.create(cls.api_client,
                                     cls.services["virtual_machine"],
                                     accountid=cls.account.name,
                                     domainid=cls.account.domainid,
                                     serviceofferingid=cls.service_offering.id,
                                     networkids=[str(cls.network_1.id)])

        VirtualMachine.list(cls.api_client,
                            account=cls.account.name,
                            domainid=cls.account.domainid,
                            listall=True)

        public_ip_1 = PublicIPAddress.create(cls.api_client,
                                             accountid=cls.account.name,
                                             zoneid=cls.zone.id,
                                             domainid=cls.account.domainid,
                                             networkid=cls.network_1.id,
                                             vpcid=cls.vpc.id)

        NATRule.create(cls.api_client,
                       vm_1,
                       cls.services["natrule"],
                       ipaddressid=public_ip_1.ipaddress.id,
                       openfirewall=False,
                       networkid=cls.network_1.id,
                       vpcid=cls.vpc.id)

        NetworkACL.create(cls.api_client,
                          networkid=cls.network_1.id,
                          services=cls.services["natrule"],
                          traffictype='Ingress')

        public_ip_2 = PublicIPAddress.create(cls.api_client,
                                             accountid=cls.account.name,
                                             zoneid=cls.zone.id,
                                             domainid=cls.account.domainid,
                                             networkid=cls.network_1.id,
                                             vpcid=cls.vpc.id)
        try:
            StaticNATRule.enable(cls.api_client,
                                 ipaddressid=public_ip_2.ipaddress.id,
                                 virtualmachineid=vm_2.id,
                                 networkid=cls.network_1.id)
        except Exception as e:
            cls.fail("Failed to enable static NAT on IP: %s - %s" %
                     (public_ip_2.ipaddress.ipaddress, e))

        PublicIPAddress.list(cls.api_client,
                             networkid=cls.network_1.id,
                             listall=True,
                             isstaticnat=True,
                             account=cls.account.name,
                             domainid=cls.account.domainid)
        public_ip_3 = PublicIPAddress.create(cls.api_client,
                                             accountid=cls.account.name,
                                             zoneid=cls.zone.id,
                                             domainid=cls.account.domainid,
                                             networkid=cls.network_1.id,
                                             vpcid=cls.vpc.id)

        lb_rule = LoadBalancerRule.create(cls.api_client,
                                          cls.services["lbrule"],
                                          ipaddressid=public_ip_3.ipaddress.id,
                                          accountid=cls.account.name,
                                          networkid=cls.network_1.id,
                                          vpcid=cls.vpc.id,
                                          domainid=cls.account.domainid)

        lb_rule.assign(cls.api_client, [vm_3])

        NetworkACL.create(cls.api_client,
                          networkid=cls.network_1.id,
                          services=cls.services["lbrule"],
                          traffictype='Ingress')

        NetworkACL.create(cls.api_client,
                          networkid=cls.network_1.id,
                          services=cls.services["http_rule"],
                          traffictype='Egress')
Ejemplo n.º 25
0
    def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self):
        """Test deploy virtual machines in VPC networks"""

        # 1. Create VPC Offering by specifying all supported Services
        #   (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl)
        # 2. Create a VPC using the above VPC offering
        # 3. Create a network as part of this VPC.
        # 4. Deploy few Vms.
        # 5. Create a LB rule for this VM.
        # 6. Create a PF rule for this VM.
        # 7. Create a  Static Nat rule for this VM.
        # 8. Create Ingress rules on the network to open the above created
        #    LB PF and Static Nat rule
        # 9. Create Egress Network ACL for this network to access google.com.
        # 10. Enable VPN services

        if not self.isOvsPluginEnabled:
            self.skipTest("OVS plugin should be enabled to run this test case")

        self.debug("Creating a VPC offering..")
        vpc_off = VpcOffering.create(
                                     self.apiclient,
                                     self.services["vpc_offering"]
                                     )

        vpc_off.update(self.apiclient, state='Enabled')

        self.debug("creating a VPC network in the account: %s" %
                                                    self.account.name)
        vpc = VPC.create(
                         self.apiclient,
                         self.services["vpc"],
                         vpcofferingid=vpc_off.id,
                         zoneid=self.zone.id,
                         account=self.account.name,
                         domainid=self.account.domainid,
                         networkDomain=self.account.domainid
                         )
        self.validate_vpc_network(vpc)

        self.network_offering = NetworkOffering.create(
                                            self.apiclient,
                                            self.services["network_offering"],
                                            conservemode=False
                                            )
        # Enable Network offering
        self.network_offering.update(self.apiclient, state='Enabled')

        gateway = vpc.cidr.split('/')[0]
        # Split the cidr to retrieve gateway
        # for eg. cidr = 10.0.0.1/24
        # Gateway = 10.0.0.1

        # Creating network using the network offering created
        self.debug("Creating network with network offering: %s" %
                                                    self.network_offering.id)
        network = Network.create(
                                self.apiclient,
                                self.services["network"],
                                accountid=self.account.name,
                                domainid=self.account.domainid,
                                networkofferingid=self.network_offering.id,
                                zoneid=self.zone.id,
                                gateway=gateway,
                                vpcid=vpc.id
                                )
        self.debug("Created network with ID: %s" % network.id)
        # Spawn an instance in that network
        virtual_machine = VirtualMachine.create(
                                  self.apiclient,
                                  self.services["virtual_machine"],
                                  accountid=self.account.name,
                                  domainid=self.account.domainid,
                                  serviceofferingid=self.service_offering.id,
                                  networkids=[str(network.id)]
                                  )
        self.debug("Deployed VM in network: %s" % network.id)

        self.debug("Associating public IP for network: %s" % network.name)
        public_ip = PublicIPAddress.create(
                                self.apiclient,
                                accountid=self.account.name,
                                zoneid=self.zone.id,
                                domainid=self.account.domainid,
                                networkid=network.id,
                                vpcid=vpc.id
                                )
        self.debug("Associated %s with network %s" % (
                                        public_ip.ipaddress.ipaddress,
                                        network.id
                                        ))

        self.debug("Creating LB rule for IP address: %s" %
                                        public_ip.ipaddress.ipaddress)

        LoadBalancerRule.create(
                                    self.apiclient,
                                    self.services["lbrule"],
                                    ipaddressid=public_ip.ipaddress.id,
                                    accountid=self.account.name,
                                    networkid=network.id,
                                    vpcid=vpc.id,
                                    domainid=self.account.domainid
                                )

        self.debug("Associating public IP for network: %s" % vpc.name)
        public_ip_2 = PublicIPAddress.create(
                                self.apiclient,
                                accountid=self.account.name,
                                zoneid=self.zone.id,
                                domainid=self.account.domainid,
                                networkid=network.id,
                                vpcid=vpc.id
                                )
        self.debug("Associated %s with network %s" % (
                                        public_ip_2.ipaddress.ipaddress,
                                        network.id
                                        ))

        NATRule.create(
                                  self.apiclient,
                                  virtual_machine,
                                  self.services["natrule"],
                                  ipaddressid=public_ip_2.ipaddress.id,
                                  openfirewall=False,
                                  networkid=network.id,
                                  vpcid=vpc.id
                                  )

        self.debug("Adding NetwrokACl rules to make PF and LB accessible")
        NetworkACL.create(
                self.apiclient,
                networkid=network.id,
                services=self.services["natrule"],
                traffictype='Ingress'
                )

        NetworkACL.create(
                                self.apiclient,
                                networkid=network.id,
                                services=self.services["lbrule"],
                                traffictype='Ingress'
                                )
        self.debug("Checking if we can SSH into VM?")
        try:
            virtual_machine.get_ssh_client(
                ipaddress=public_ip_2.ipaddress.ipaddress,
                )
            self.debug("SSH into VM is successfully")
        except Exception as e:
            self.fail("Failed to SSH into VM - %s, %s" %
                    (public_ip_2.ipaddress.ipaddress, e))

        self.debug("Associating public IP for network: %s" % network.name)
        public_ip_3 = PublicIPAddress.create(
                                self.apiclient,
                                accountid=self.account.name,
                                zoneid=self.zone.id,
                                domainid=self.account.domainid,
                                networkid=network.id,
                                vpcid=vpc.id
                                )
        self.debug("Associated %s with network %s" % (
                                        public_ip_3.ipaddress.ipaddress,
                                        network.id
                                        ))
        self.debug("Enabling static NAT for IP: %s" %
                                            public_ip_3.ipaddress.ipaddress)
        try:
            StaticNATRule.enable(
                              self.apiclient,
                              ipaddressid=public_ip_3.ipaddress.id,
                              virtualmachineid=virtual_machine.id,
                              networkid=network.id
                              )
            self.debug("Static NAT enabled for IP: %s" %
                                            public_ip_3.ipaddress.ipaddress)
        except Exception as e:
            self.fail("Failed to enable static NAT on IP: %s - %s" % (
                                            public_ip_3.ipaddress.ipaddress, e))

        public_ips = PublicIPAddress.list(
                                          self.apiclient,
                                          networkid=network.id,
                                          listall=True,
                                          isstaticnat=True,
                                          account=self.account.name,
                                          domainid=self.account.domainid
                                          )
        self.assertEqual(
                         isinstance(public_ips, list),
                         True,
                         "List public Ip for network should list the Ip addr"
                         )
        self.assertEqual(
                         public_ips[0].ipaddress,
                         public_ip_3.ipaddress.ipaddress,
                         "List public Ip for network should list the Ip addr"
                         )
        # TODO: Remote Access VPN is not yet supported in VPC
        return
Ejemplo n.º 26
0
    def setUpClass(cls):
        cls._cleanup = []
        cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient()
        cls.api_client = cls.testClient.getApiClient()
        cls.hypervisor = cls.testClient.getHypervisorInfo()
        cls.vpcSupported = True
        cls._cleanup = []
        cls.services = Services().services
        # Get Zone, Domain and templates
        cls.domain = get_domain(cls.api_client)
        cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
        cls.template = get_template(
            cls.api_client,
            cls.zone.id,
            cls.services["ostype"]
        )
        cls.services["virtual_machine"]["zoneid"] = cls.zone.id
        cls.services["virtual_machine"]["template"] = cls.template.id

        cls.service_offering = ServiceOffering.create(
            cls.api_client,
            cls.services["service_offering"]
        )
        cls._cleanup.append(cls.service_offering)
        cls.vpc_off = VpcOffering.create(
            cls.api_client,
            cls.services["vpc_offering"]
        )
        cls.vpc_off.update(cls.api_client, state='Enabled')
        cls._cleanup.append(cls.vpc_off)

        cls.account = Account.create(
            cls.api_client,
            cls.services["account"],
            admin=True,
            domainid=cls.domain.id
        )
        cls._cleanup.insert(0, cls.account)

        cls.services["vpc"]["cidr"] = '10.1.1.1/16'
        cls.vpc = VPC.create(
            cls.api_client,
            cls.services["vpc"],
            vpcofferingid=cls.vpc_off.id,
            zoneid=cls.zone.id,
            account=cls.account.name,
            domainid=cls.account.domainid
        )

        private_gateway = PrivateGateway.create(
            cls.api_client,
            gateway='10.1.3.1',
            ipaddress='10.1.3.100',
            netmask='255.255.255.0',
            vlan=678,
            vpcid=cls.vpc.id
        )
        cls.gateways = PrivateGateway.list(
            cls.api_client,
            id=private_gateway.id,
            listall=True
        )

        static_route = StaticRoute.create(
            cls.api_client,
            cidr='11.1.1.1/24',
            gatewayid=private_gateway.id
        )
        cls.static_routes = StaticRoute.list(
            cls.api_client,
            id=static_route.id,
            listall=True
        )

        cls.nw_off = NetworkOffering.create(
            cls.api_client,
            cls.services["network_offering"],
            conservemode=False
        )
        # Enable Network offering
        cls.nw_off.update(cls.api_client, state='Enabled')
        cls._cleanup.append(cls.nw_off)

        # Creating network using the network offering created
        cls.network_1 = Network.create(
            cls.api_client,
            cls.services["network"],
            accountid=cls.account.name,
            domainid=cls.account.domainid,
            networkofferingid=cls.nw_off.id,
            zoneid=cls.zone.id,
            gateway='10.1.1.1',
            vpcid=cls.vpc.id
        )

        # Spawn an instance in that network
        vm_1 = VirtualMachine.create(
            cls.api_client,
            cls.services["virtual_machine"],
            accountid=cls.account.name,
            domainid=cls.account.domainid,
            serviceofferingid=cls.service_offering.id,
            networkids=[str(cls.network_1.id)]
        )
        vm_2 = VirtualMachine.create(
            cls.api_client,
            cls.services["virtual_machine"],
            accountid=cls.account.name,
            domainid=cls.account.domainid,
            serviceofferingid=cls.service_offering.id,
            networkids=[str(cls.network_1.id)]
        )

        # Spawn an instance in that network
        vm_3 = VirtualMachine.create(
            cls.api_client,
            cls.services["virtual_machine"],
            accountid=cls.account.name,
            domainid=cls.account.domainid,
            serviceofferingid=cls.service_offering.id,
            networkids=[str(cls.network_1.id)]
        )

        VirtualMachine.list(
            cls.api_client,
            account=cls.account.name,
            domainid=cls.account.domainid,
            listall=True
        )

        public_ip_1 = PublicIPAddress.create(
            cls.api_client,
            accountid=cls.account.name,
            zoneid=cls.zone.id,
            domainid=cls.account.domainid,
            networkid=cls.network_1.id,
            vpcid=cls.vpc.id
        )

        NATRule.create(
            cls.api_client,
            vm_1,
            cls.services["natrule"],
            ipaddressid=public_ip_1.ipaddress.id,
            openfirewall=False,
            networkid=cls.network_1.id,
            vpcid=cls.vpc.id
        )

        NetworkACL.create(
            cls.api_client,
            networkid=cls.network_1.id,
            services=cls.services["natrule"],
            traffictype='Ingress'
        )

        public_ip_2 = PublicIPAddress.create(
            cls.api_client,
            accountid=cls.account.name,
            zoneid=cls.zone.id,
            domainid=cls.account.domainid,
            networkid=cls.network_1.id,
            vpcid=cls.vpc.id
        )
        try:
            StaticNATRule.enable(
                cls.api_client,
                ipaddressid=public_ip_2.ipaddress.id,
                virtualmachineid=vm_2.id,
                networkid=cls.network_1.id
            )
        except Exception as e:
            cls.fail("Failed to enable static NAT on IP: %s - %s" % (
                public_ip_2.ipaddress.ipaddress, e))

        PublicIPAddress.list(
            cls.api_client,
            networkid=cls.network_1.id,
            listall=True,
            isstaticnat=True,
            account=cls.account.name,
            domainid=cls.account.domainid
        )
        public_ip_3 = PublicIPAddress.create(
            cls.api_client,
            accountid=cls.account.name,
            zoneid=cls.zone.id,
            domainid=cls.account.domainid,
            networkid=cls.network_1.id,
            vpcid=cls.vpc.id
        )

        lb_rule = LoadBalancerRule.create(
            cls.api_client,
            cls.services["lbrule"],
            ipaddressid=public_ip_3.ipaddress.id,
            accountid=cls.account.name,
            networkid=cls.network_1.id,
            vpcid=cls.vpc.id,
            domainid=cls.account.domainid
        )

        lb_rule.assign(cls.api_client, [vm_3])

        NetworkACL.create(
            cls.api_client,
            networkid=cls.network_1.id,
            services=cls.services["lbrule"],
            traffictype='Ingress'
        )

        NetworkACL.create(
            cls.api_client,
            networkid=cls.network_1.id,
            services=cls.services["http_rule"],
            traffictype='Egress'
        )
Ejemplo n.º 27
0
    def test_static_nat_on_ip_from_non_src_nat_ip_range(self):
        """Test for static nat on a IP which is in pubic IP range different
           from public IP range that has source NAT IP associated with network
        """

        # Validate the following:
        # 1. Create a new public IP range and dedicate to a account
        # 2. Acquire a IP from new public range
        # 3. Enable static NAT on acquired IP from new range
        # 4. Create a firewall rule to open up the port
        # 5. Test SSH works to the VM

        self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"]
        self.public_ip_range = PublicIpRange.create(
                                    self.apiclient,
                                    self.services["extrapubliciprange"]
                               )
        self.cleanup.append(self.public_ip_range)
        logger.debug("Dedicating Public IP range to the account");
        dedicate_public_ip_range_response = PublicIpRange.dedicate(
                                                self.apiclient,
                                                self.public_ip_range.vlan.id,
                                                account=self.account.name,
                                                domainid=self.account.domainid
                                            )
        ip_address = PublicIPAddress.create(
            self.apiclient,
            self.account.name,
            self.zone.id,
            self.account.domainid,
            self.services["virtual_machine"]
        )
        self.cleanup.append(ip_address)
        # Check if VM is in Running state before creating NAT and firewall rules
        vm_response = VirtualMachine.list(
            self.apiclient,
            id=self.virtual_machine.id
        )

        self.assertEqual(
            isinstance(vm_response, list),
            True,
            "Check list VM returns a valid list"
        )

        self.assertNotEqual(
            len(vm_response),
            0,
            "Check Port Forwarding Rule is created"
        )
        self.assertEqual(
            vm_response[0].state,
            'Running',
            "VM state should be Running before creating a NAT rule."
        )

        # Open up firewall port for SSH
        fwr = FireWallRule.create(
            self.apiclient,
            ipaddressid=ip_address.ipaddress.id,
            protocol=self.services["natrule"]["protocol"],
            cidrlist=['0.0.0.0/0'],
            startport=self.services["natrule"]["publicport"],
            endport=self.services["natrule"]["publicport"]
        )
        self.cleanup.append(fwr)

        # Create Static NAT rule
        StaticNATRule.enable(
            self.apiclient,
            ip_address.ipaddress.id,
            self.virtual_machine.id,
            self.defaultNetworkId
        )

        try:
            logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
                       (
                           self.virtual_machine.ipaddress,
                           ip_address.ipaddress.ipaddress
                       ))
            self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress)
        except Exception as e:
            self.fail(
                "SSH Access failed for %s: %s" %
                (self.virtual_machine.ipaddress, e)
            )

        StaticNATRule.disable(
            self.apiclient,
            ip_address.ipaddress.id,
            self.virtual_machine.id
        )