def test_rabbitmq(self):
#清空环境
for i in self.clr_env:
fun.cmd(i, 'gw_s')
agent_config = fun.cmd('cat /etc/jsac/agentjsac.config', 'gw_s')
print(agent_config)
agent_list = agent_config.split('\n')
for i in agent_list:
str_domain = re.findall(
"DeviceDomain = (\w*\d*.\w*\d*.\w*\d*.\w*\d*.\w*\d*)", i)
if str_domain:
domain = str_domain
print(domain)
#下发配置
fun.send('ManageExchange', 'AddAclPolicy', domain, base_path)
#检查配置下发是否成功
re = fun.cmd(self.case_step['step1'][0], 'gw_s')
print(re)
assert self.case_step['step1'][1] in re
'''
def teardown_method(self): self.clr_met = clr_env.clear_met for i in self.clr_met: fun.cmd(i, 'gw') fun.iperf_kill()
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.cmd(self.case_step["step1"][0], 'c')
fun.cmd(self.case_step["step1"][0], 's')
def test_vlan_bond_a1(self):
# 开启switch开关并检查是否开启成功
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 下发vlan配置
fun.send(rbmExc, message.setvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], 'vlan', 100)
assert self.case1_step2[key][1] in re
# 测试从设备端ping vlanA设备正常
resA_cmd = 'ping ' + vlanAOpeIp + ' -c 4'
print('从设备端ping vlanA设备的命令是:{}'.format(resA_cmd))
resA = fun.cmd(resA_cmd, 'gw')
print('从设备端ping vlanA的结果为:{}'.format(resA))
assert '0% packet loss' in resA
# 测试从vlanA ping设备正常
dutA_cmd = 'ping ' + gwInternetIp + ' -c 4'
print('从vlanA ping设备的命令是:{}'.format(dutA_cmd))
dutA = fun.cmd(dutA_cmd, 'vlanA')
print('从vlanA ping设备的结果为:{}'.format(dutA))
assert '0% packet loss' in dutA
# 测试从设备端ping vlanB设备正常
resB_cmd = 'ping ' + vlanBOpeIp + ' -c 4'
print('从设备端ping vlanB设备的命令是:{}'.format(resB_cmd))
resB = fun.cmd(resB_cmd, 'gw')
print('从设备端ping vlanB设备的结果为:{}'.format(resB))
assert '0% packet loss' in resB
# 测试从vlanB ping设备正常
dutB_cmd = 'ping ' + gwInternetIp + ' -c 4'
print('从vlanB ping设备的命令是:{}'.format(dutB_cmd))
dutB = fun.cmd(dutB_cmd, 'vlanB')
print('从vlanB ping设备的结果为:{}'.format(dutB))
assert '0% packet loss' in dutB
# 还原环境,移除vlan的配置,且关闭vlan的开关
# 关闭switch开关并检查是否关闭成功
for key in self.case1_step11:
fun.cmd(self.case1_step11[key][0], 'gw')
re = fun.cmd(self.case1_step11[key][1], 'gw')
assert self.case1_step11[key][2] in re
# 清空vlan配置
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0],
'gw',
self.case1_step2[key][1],
'vlan',
100,
flag='不存在')
assert self.case1_step2[key][1] not in re
def setup_method(self):
clr_env.data_check_setup_met()
fun.cmd(f"rm -rf /opt/pkt/*pcap", 'gw')
re = fun.cmd(f"ls /opt/pkt/", 'gw')
print('setup_method_re:', re)
assert 'pcap' not in re
def test_selabel_cipso_type_right_and_left(self):
# 下发配置并检查结果
for key in self.case2_step:
fun.cmd(self.case2_step[key][0], 'gw')
re = fun.cmd(self.case2_step[key][1], 'gw')
assert self.case2_step[key][2] in re
def setup_class(self):
# 获取参数
fun.ssh_gw.connect()
fun.ssh_c.connect()
fun.ssh_s.connect()
self.clr_env = clr_env.clear_env
self.case1_step1 = index.case1_step1
self.case1_step2 = index.case1_step2
self.case2_step1 = index.case2_step1
self.case2_step2 = index.case2_step2
self.case3_step1 = index.case3_step1
self.case3_step2 = index.case3_step2
self.case4_step1 = index.case4_step1
self.case4_step2 = index.case4_step2
self.pkt1_cfg = index.pkt1_cfg
self.pkt2_cfg = index.pkt2_cfg
self.pkt3_cfg = index.pkt3_cfg
self.pkt4_cfg = index.pkt4_cfg
self.cap_pcap1 = self.pkt1_cfg["capture"][3]
self.cap_pcap2 = self.pkt2_cfg["capture"][3]
self.cap_pcap3 = self.pkt3_cfg["capture"][3]
self.cap_pcap4 = self.pkt4_cfg["capture"][3]
clr_env.clear_env()
fun.cmd('rm -rf /opt/pkt/test_acl_mode_*', 's')
def test_nginx_test_a1(self):
# 清空环境
for i in self.clr_env:
fun.cmd(i, 'gw')
for i in range(100):
# fun.cmd('systemctl reload nginx_fstack', 'gw')
fun.send(rbmExc, message.addsmtp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.addpop3['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
ff = fun.cmd('ff_netstat -an', 'gw')
print('ff结果为:{}'.format(ff))
assert proxy_ip in ff
fun.send(rbmExc, message.mailcheck1['SetMailCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
# 配置清空
fun.send(rbmExc, message.delsmtp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
fun.send(rbmExc, message.delpop3['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
print('已经执行了{}次'.format(i + 1))
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.cmd(self.case1_step7["step2"][0], 'gw')
fun.send(rbmExc, message.verifymod_DelAuthCert['DelAuthCert'], domain_rmb, base_path)
clr_env.verifymod_teardown_met(base_path)
def test_case1(self):
# 网关设备的nginx查询有问题,返回None
# re = fun.cmd('systemctl status agentjsac', 'gw')
# assert re != None
# re = fun.cmd('ps -ef |grep agentjsac', 'gw')
# assert re != None
# re = fun.cmd('netstat -anp', 'gw')
# assert re != None
# re = fun.cmd('systemctl status nginx_kernel', 'gw')
# assert re != None
# re = fun.cmd('ps -ef |grep nginx', 'gw')
# assert re != None
# 隔离的前置机查询nginx没有问题
re = fun.cmd('systemctl status agentjsac', 'FrontDut')
assert re != None
re = fun.cmd('ps -ef |grep agentjsac', 'FrontDut')
assert re != None
re = fun.cmd('netstat -anp', 'FrontDut')
assert re != None
re = fun.cmd('systemctl status nginx_kernel', 'FrontDut')
assert re != None
re = fun.cmd('ps -ef |grep nginx', 'FrontDut')
assert re != None
def teardown_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
fun.pid_kill(self.cap_pcap)
def test_acl_CURD_a3(self):
# 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
def teardown_method(self):
clr_env.clear_env('gw')
clr_env.clear_met_acl('gw')
fun.cmd("rm -f /opt/*txt*", 'c')
re1 = fun.cmd("ls /opt/ |grep txt", 'c')
print('客户端txt文件查询结果是:', re1)
assert self.case_step2["step1"][0] not in re1
def teardown_class(self): #回收环境 for i in clr_env.clear_env: fun.cmd(i,'gw') for i in fun.mac: fun.ssh_close(i)
def test_selabel_a2(self):
# 下发配置并检查结果
for key in self.case2_step:
fun.cmd(self.case2_step[key][0], 'gw')
re = fun.cmd(self.case2_step[key][1], 'gw')
assert self.case2_step[key][2] in re
def test_selabel_cipso_doi_left(self):
# 下发配置并检查结果
for key in self.case2_step:
fun.cmd(self.case2_step[key][0], 'gw')
re = fun.cmd(self.case2_step[key][1], 'gw')
assert self.case2_step[key][2] in re
print('doi为0、-1时无法添加,doi为1时可以添加')
def teardown_class(self):
# 回收环境
clr_env.clear_env()
fun.cmd('ipmac -c', 'gw')
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
fun.rbm_close()
fun.ssh_close('gw')
def teardown_class(self):
#回收环境
for i in clr_env.clear_env:
fun.cmd(i,'gw')
fun.rbm_close()
fun.ssh_close('gw')
def verifymod_teardown_met(base_path):
start = time.time()
fun.send(rbmExc, message.verifymod_switch_stop['ManageAuthServer'],
rbmDomain, base_path)
fun.cmd('ipauth-jsac --clear', 'gw')
print(
"=========================== verifymod_teardown_met 结束 耗时:{}s =================================="
.format(time.time() - start))
def test_selabel_cipso_doi_right(self):
# 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
print('doi为4294967295时添加成功')
def teardown_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
# 判断抓包程序是否停止,如果进程还在则停止
fun.pid_kill(self.cap_pcap1)
def test_selabel_cipso_level_right_left(self):
# # 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
print('无法添加标记字段level的右边界256及左边界-1')
def setup_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
fun.cmd(f"rm -rf /opt/pkt/*pcap", 'gw')
re = fun.cmd(f"ls /opt/pkt/ | grep pcap", 'gw')
print('re:', re)
def test_acl_CURD_a4(self):
# 下发配置并检查结果
for key in self.case4_step:
fun.cmd(self.case4_step[key][0], 'gw')
print('self.case4_step[key][0]: ', self.case4_step[key][0])
re = fun.cmd(self.case4_step[key][1], 'gw')
print('self.case4_step[key][1]: ', self.case4_step[key][1])
print('re: ', re)
assert self.case4_step[key][2] in re
def test_report_acl_labelRejectPac_count(self):
# 开启acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'],
domain_rmb, base_path)
for key in self.case2_step1:
print('ip:', baseinfo.gwManageIp)
re = fun.cmd(self.case2_step1[key][0], 'gw')
print('re:', re)
assert self.case2_step1[key][1] in re
# 下发acl策略并检查结果-----查询失败问题待调查
fun.send(Exc_rmb, message.AddAclPolicy_labelRejectPac['AddAclPolicy'],
domain_rmb, base_path)
# for key in self.case2_step2:
# print('ip:',baseinfo.gwManageIp)
# re = fun.cmd(self.case2_step2[key][0],'gw',thread=1)
# print('key:',self.case2_step2[key][0])
# print('re:',re)
# assert self.case2_step2[key][1] in re
# 客户端发送正常请求报文
c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg[
"send"][1], self.pkt2_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
print('tcpreplay命令发送成功')
# jsac.agentjsac.info.log文件查看命中统计数
fun.wait_data(
f"grep -n ReportAclCount /var/log/jsac.agentjsac.info.log |tail -1",
'gw',
self.case2_step3['step1'][0],
'检查拒绝数',
300,
flag='存在')
for key in self.case2_step3:
re = fun.cmd(
"grep -n LabelRejectPac /var/log/jsac.agentjsac.info.log |tail -1 ",
'gw')
print('re:', re)
assert self.case2_step3[key][0] in re
# 关闭acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'],
domain_rmb, base_path)
for key in self.case2_step4:
re = fun.cmd(self.case2_step4[key][0], 'gw')
print('re:', re)
assert self.case2_step4[key][1] in re
# 移除掉acl策略并检查结果
fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'],
domain_rmb, base_path)
def teardown_method(self):
clr_env.clear_env()
fun.pid_kill(self.cap_pcap1, 'python', 's')
fun.pid_kill(self.cap_pcap3, 'python', 's')
fun.pid_kill(self.cap_pcap4, 'python', 's')
fun.pid_kill(self.cap_pcap5, 'python', 's')
fun.cmd(f"rm -rf /opt/pkt/*pcap", 'gw')
re = fun.cmd(f"ls /opt/pkt/", 'gw')
print('teardown_method_re:', re)
def teardown_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
fun.pid_kill(self.cap_pcap1, 'pyhton', 's')
fun.pid_kill(self.hping3_1, 'hping3', 'c')
fun.pid_kill(self.http_1, 'python2.7', 's')
fun.pid_kill(self.cap_pcap2, 'pyhton', 's')
fun.pid_kill(self.hping3_2, 'hping3', 'c')
fun.pid_kill(self.http_2, 'python2.7', 's')
def teardown_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
fun.cmd(f"rm -rf /opt/pkt/*pcap", 'gw')
re = fun.cmd(f"ls /opt/pkt/ | grep pcap", 'gw')
print('re:', re)
fun.pid_kill(self.cap_pcap1,'pyhton','s')
fun.pid_kill(self.cap_pcap2, 'pyhton', 's')
fun.pid_kill(self.cap_pcap3,'pyhton','s')
def teardown_method(self):
self.clr_met = clr_env.clear_met
for i in self.clr_met:
fun.cmd(i, 'gw')
fun.pid_kill(self.cap_pcap1)
fun.pid_kill(self.cap_pcap2)
fun.pid_kill(self.cap_pcap3)
fun.pid_kill(self.cap_pcap4)
fun.pid_kill(self.cap_pcap5)
fun.pid_kill(self.cap_pcap6)
fun.pid_kill(self.cap_pcap7)
fun.pid_kill(self.cap_pcap8)
def test_selabel_vxlan_level_255(self):
#
# # 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# # 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# # 发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
read_cmd = fun.vxlan_read(read_name, read_id)
print(read_cmd)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
