def test_various_random_ip_addresses(self): buffer = [] r = random.Random() r.seed() for i in range(0, 10): ip_address = {} # todo need to know what kind of configurations are valid! config = deep_copy(self.basic_config) ip_address = deep_copy(self.basic_config["ip_address"][0]) ip_address["public_ip"] = "10.0.2.%d" % (i + 103) ip_address["source_nat"] = r.choice((True, False)) ip_address["add"] = True ip_address["one_to_one_nat"] = r.choice((True, False)) ip_address["first_i_p"] = r.choice((True, False)) ip_address["nic_dev_id"] = r.choice((2,3)) config["ip_address"].append(ip_address) # runs a bunch of times adding an IP address each time self.update_config(config) ip_address["add"] = False buffer.append(copy.deepcopy(ip_address)) self.check_no_errors() self.clear_log() assert ip.has_ip("%s/24" % ip_address["public_ip"], "eth%s" % ip_address["nic_dev_id"]), \ "Configure %s on eth%s failed" % (ip_address["public_ip"], ip_address["nic_dev_id"]) # Create some acls for the IPs we just created # This will lead to multiple attempts to add the same acl - *this is intentional* self.check_acl(buffer) # Now delete all the IPs we just made for ips in buffer: config = copy.deepcopy(self.basic_config) config["ip_address"].append(ips) self.update_config(config) assert not ip.has_ip("%s/24" % ips["public_ip"], "eth%s" % ips["nic_dev_id"]), \ "Delete %s on eth%s failed" % (ips["public_ip"], ips["nic_dev_id"])
def guest_network(self,config): vpn_config = { "local_public_ip": config['router_guest_ip'], "local_guest_cidr":"%s/%s" % (config['router_guest_gateway'], config['cidr']), "local_public_gateway":"172.16.1.1", "peer_gateway_ip":"10.200.200.1", "peer_guest_cidr_list":"10.0.0.0/24", "esp_policy":"3des-md5", "ike_policy":"3des-md5", "ipsec_psk":"vpnblabla", "ike_lifetime":86400, "esp_lifetime":3600, "create":True, "dpd":False, "passive":False, "type":"site2sitevpn" } octets = config['router_guest_ip'].split('.') configs = [] # This should fail because the network does not yet exist self.update_config(vpn_config) assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip']) self.update_config(config) self.update_config(vpn_config) assert ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device']) assert process.is_up("apache2"), "Apache2 should be running after adding a guest network" assert process.is_up("dnsmasq"), "Dnsmasq should be running after adding a guest network" assert file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip']) assert file.mode_is("/etc/ipsec.d/ipsec.vpn-%s.secrets" % vpn_config['peer_gateway_ip'], "400") result = run("/usr/sbin/ipsec setup status", timeout=600, warn_only=True) assert result.succeeded, 'ipsec returned non zero status %s' % config['router_guest_ip'] # Add a host to the dhcp server # This must happen in order for dnsmasq to be listening for n in range(3,13): ipb = ".".join(octets[0:3]) ipa = "%s.%s" % (ipb, n) gw = "%s.1" % ipb self.basic_dhcp_entry['ipv4_adress'] = ipa self.basic_dhcp_entry['default_gateway'] = gw self.basic_dhcp_entry['host_name'] = "host_%s" % (ipa) self.update_config(self.basic_dhcp_entry) configs.append(copy.deepcopy(self.basic_dhcp_entry)) assert port.is_listening(80) assert port.is_listening(53) assert port.is_listening(53) assert port.is_listening(67) for o in configs: line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name']) assert file.has_line("/etc/dhcphosts.txt", line) config['add'] = False self.update_config(config) assert not ip.has_ip("%s/%s" % (config['router_guest_ip'], config['cidr']), config['device']) # Now setup what we have redundant self.redundant("-e") self.configure() assert process.is_up("keepalived"), "Keepalived should be running after enabling redundancy" assert process.is_up("conntrackd"), "Conntrackd should be running after enabling redundancy" self.redundant("-d") self.configure() assert not process.is_up("keepalived"), "Keepalived should be not running after disabling redundancy" assert not process.is_up("conntrackd"), "Conntrackd should be not running after disabling redundancy" for o in configs: o['add'] = False self.update_config(o) for o in configs: line = "%s,%s,%s,infinite" % (o['mac_address'], o['ipv4_adress'], o['host_name']) assert file.has_line("/etc/dhcphosts.txt", line) is False # If the network gets deleted so should the vpn assert not file.exists("/etc/ipsec.d/ipsec.vpn-%s.conf" % vpn_config['peer_gateway_ip'])