def create_fip_pool(self, vn_id, name=None, **kwargs):
connections = kwargs.get('connections') or self.connections
name = name or get_random_name('fip-pool')
return self.useFixture(
FloatingIPFixture(connections=connections,
pool_name=name,
vn_id=vn_id))
def create_multiple_floatingip(self, inputs, connections, count,
fvn_fixture):
body = {'router:external': 'True'}
net_dict = {'network': body}
net_rsp = connections.quantum_h.update_network(fvn_fixture.uuid,
net_dict)
assert net_rsp['network'][
'router:external'] == True, 'Failed to update router:external to True'
fip_fixture = self.useFixture(
FloatingIPFixture(project_name=inputs.project_name,
inputs=inputs,
connections=connections,
pool_name='',
vn_id=fvn_fixture.uuid,
option='neutron'))
assert fip_fixture.verify_on_setup()
if count == 1:
fip_resp = connections.quantum_h.create_floatingip(
fvn_fixture.uuid, connections.project_id)
if fip_resp:
self.addCleanup(fip_fixture.delete_floatingip,
fip_resp['floatingip']['id'])
else:
fip_resp = fip_fixture.create_floatingips(fvn_fixture.uuid, count)
self.addCleanup(fip_fixture.delete_floatingips, fip_resp)
return fip_resp
def verify_snat_with_fip(self, ext_vn_fixture, public_vm_fix, vm_fixture,
connections, inputs):
result = True
fip_fixture = self.useFixture(
FloatingIPFixture(project_name=inputs.project_name,
inputs=inputs,
connections=connections,
pool_name='',
vn_id=ext_vn_fixture.vn_id,
option='neutron'))
assert fip_fixture.verify_on_setup()
fip_id = fip_fixture.create_and_assoc_fip(ext_vn_fixture.vn_id,
vm_fixture.vm_id)
self.addCleanup(fip_fixture.disassoc_and_delete_fip, fip_id)
fip = vm_fixture.vnc_lib_h.floating_ip_read(
id=fip_id).get_floating_ip_address()
if not public_vm_fix.ping_to_ip(fip):
result = result and False
self.logger.error('Ping from %s to %s FAILED' %
(public_vm_fix.vm_name, vm_fixture.vm_name))
public_vm_fix.put_pub_key_to_vm()
vm_fixture.put_pub_key_to_vm()
self.logger.info("scp files from public_vm %s to private vm %s " %
(public_vm_fix.vm_name, vm_fixture.vm_name))
result = result and public_vm_fix.check_file_transfer(
dest_vm_fixture=vm_fixture, mode='scp', size='1000', fip=fip)
return result
def config_fip(self, vn_id, pool_name):
fip_fixture = self.useFixture(
FloatingIPFixture(project_name=self.inputs.project_name,
inputs=self.inputs,
connections=self.connections,
pool_name=pool_name,
vn_id=vn_id))
return fip_fixture
def create_floatingip_pool(self, floating_vn, name=None):
fip_pool_name = name if name else get_random_name('fip')
fip_fixture = self.useFixture(
FloatingIPFixture(project_name=self.inputs.project_name,
inputs=self.inputs,
connections=self.connections,
pool_name=fip_pool_name,
vn_id=floating_vn.vn_id))
assert fip_fixture.verify_on_setup()
return fip_fixture
def test_ingress_ip_assignment(self):
'''
Verify that Ingress gets a CLuster IP which is reachable to Pods in same
namespace. Also verify that a Floating IP is assigned to the Ingress
from the Public FIP poo.
Steps:
1. Create a service with 2 pods running nginx
2. Create an ingress out of this service
3. From another Pod do a wget on the ingress Cluster ip
Validate that Ingress get a IP from Public FIP pool which might/might not be accessible.
Validate that service and its loadbalancing work
'''
app = 'http_test'
labels = {'app':app}
namespace = self.setup_namespace(name='default')
assert namespace.verify_on_setup()
service = self.setup_http_service(namespace=namespace.name,
labels=labels)
pod1 = self.setup_nginx_pod(namespace=namespace.name,
labels=labels)
pod2 = self.setup_nginx_pod(namespace=namespace.name,
labels=labels)
if not getattr(self.public_vn, 'public_vn_fixture', None):
vn_fixture = self.useFixture(VNFixture(project_name=self.inputs.project_name,
vn_name='__public__',
connections=self.connections,
inputs=self.inputs,
option="contrail"))
assert vn_fixture.verify_on_setup()
fip_pool_fixture = self.useFixture(FloatingIPFixture(
project_name=self.inputs.project_name,
inputs=self.inputs,
connections=self.connections,
pool_name='__fip_pool_public__',
vn_id=vn_fixture.vn_id))
assert fip_pool_fixture.verify_on_setup()
ingress = self.setup_simple_nginx_ingress(service.name,
namespace=namespace.name)
assert ingress.verify_on_setup()
pod3 = self.setup_busybox_pod(namespace=namespace.name)
self.verify_nginx_pod(pod1)
self.verify_nginx_pod(pod2)
assert pod3.verify_on_setup()
# Now validate ingress from within the cluster network
assert self.validate_nginx_lb([pod1, pod2], ingress.cluster_ip,
test_pod=pod3)
def setup_common_objects(self, inputs, connections):
self.inputs = inputs
self.connections = connections
self.base_rel = get_release()
(self.vn11_name, self.vn11_subnets) = ("vn11", ["192.168.1.0/24"])
(self.vn22_name, self.vn22_subnets) = ("vn22", ["192.168.2.0/24"])
(self.fip_vn_name, self.fip_vn_subnets) = ("fip_vn", ['200.1.1.0/24'])
(self.vn11_vm1_name, self.vn11_vm2_name, self.vn11_vm3_name,
self.vn11_vm4_name) = ('vn11_vm1', 'vn11_vm2', 'vn11_vm3', 'vn11_vm4')
self.vn22_vm1_name = 'vn22_vm1'
self.vn22_vm2_name = 'vn22_vm2'
self.fvn_vm1_name = 'fvn_vm1'
# Configure 3 VNs, 2 of them vn11, vn22 and 1 fip_vn
self.vn11_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections, inputs=self.inputs, vn_name=self.vn11_name, subnets=self.vn11_subnets))
assert self.vn11_fixture.verify_on_setup()
self.vn22_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections, inputs=self.inputs, vn_name=self.vn22_name, subnets=self.vn22_subnets))
self.fvn_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name, connections=self.connections,
inputs=self.inputs, vn_name=self.fip_vn_name, subnets=self.fip_vn_subnets))
# Configure 4 VMs in VN11, 2 VM in VN22, and 1 VM in FVN
self.vn11_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm1_name, image_name='ubuntu'))
self.vn11_vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm2_name, image_name='ubuntu'))
self.vn11_vm3_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm3_name, image_name='ubuntu'))
self.vn11_vm4_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm4_name, image_name='ubuntu'))
self.vn22_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm1_name, image_name='ubuntu'))
self.vn22_vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm2_name, image_name='ubuntu'))
self.fvn_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.fvn_fixture.obj, vm_name=self.fvn_vm1_name, image_name='ubuntu'))
# Adding Policy between vn11 and vn22 ######
assert self.vn11_fixture.verify_on_setup()
assert self.vn22_fixture.verify_on_setup()
rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'any', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy_name = 'p1'
self.policy_fixture = self.useFixture(
PolicyFixture(
policy_name=policy_name, rules_list=rules, inputs=self.inputs,
connections=self.connections))
policy_fq_name = [self.policy_fixture.policy_fq_name]
self.vn11_fixture.bind_policies(
policy_fq_name, self.vn11_fixture.vn_id)
self.addCleanup(self.vn11_fixture.unbind_policies,
self.vn11_fixture.vn_id, [self.policy_fixture.policy_fq_name])
self.vn22_fixture.bind_policies(
policy_fq_name, self.vn22_fixture.vn_id)
self.addCleanup(self.vn22_fixture.unbind_policies,
self.vn22_fixture.vn_id, [self.policy_fixture.policy_fq_name])
# Adding Floating ip ###
assert self.fvn_fixture.verify_on_setup()
fip_pool_name = 'some-pool1'
self.fip_fixture = self.useFixture(
FloatingIPFixture(
project_name=self.inputs.project_name, inputs=self.inputs,
connections=self.connections, pool_name=fip_pool_name, vn_id=self.fvn_fixture.vn_id))
self.vn11_vm1_fixture.verify_on_setup()
self.vn11_vm1_fixture.wait_till_vm_is_up()
self.fip_id = self.fip_fixture.create_and_assoc_fip(
self.fvn_fixture.vn_id, self.vn11_vm1_fixture.vm_id)
self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id)
assert self.fip_fixture.verify_fip(
self.fip_id, self.vn11_vm1_fixture, self.fvn_fixture)
self.vn22_vm1_fixture.verify_on_setup()
self.vn22_vm1_fixture.wait_till_vm_is_up()
self.fip_id1 = self.fip_fixture.create_and_assoc_fip(
self.fvn_fixture.vn_id, self.vn22_vm1_fixture.vm_id)
assert self.fip_fixture.verify_fip(
self.fip_id1, self.vn22_vm1_fixture, self.fvn_fixture)
self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id1)
# Adding the service chaining resources for firewall ###
si_count = 1
svc_scaling = False
max_inst = 1
svc_mode = 'in-network'
flavor = 'm1.medium'
self.vn1_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn1"
self.vn1_name = "in_network_vn1"
self.vn1_subnets = ['10.1.1.0/24']
self.vm1_name = 'in_network_vm1'
self.vn2_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn2"
self.vn2_name = "in_network_vn2"
self.vn2_subnets = ['20.2.2.0/24']
self.vm2_name = 'in_network_vm2'
self.action_list = []
self.if_list = [['management', False], ['left', True], ['right', True]]
self.st_name = 'in_net_svc_template_1'
si_prefix = 'in_net_svc_instance_'
self.policy_name = 'policy_in_network'
self.vn1_fixture = self.config_vn(self.vn1_name, self.vn1_subnets)
self.vn2_fixture = self.config_vn(self.vn2_name, self.vn2_subnets)
self.vm1_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name)
self.vm2_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name)
svc_chain_info = self.config_svc_chain(
left_vn_fixture=self.vn1_fixture,
right_vn_fixture=self.vn2_fixture,
service_mode=svc_mode,
max_inst=max_inst,
left_vm_fixture=self.vm1_fixture,
right_vm_fixture=self.vm2_fixture)
self.st_fixture = svc_chain_info['st_fixture']
self.si_fixture = svc_chain_info['si_fixture']
self.policy_fixture = svc_chain_info['policy_fixture']
# non-admin tenant config
result = True
msg = []
self.topo_obj = sdn_topo_with_multi_project()
self.setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, self.topo_obj))
out = self.setup_obj.sdn_topo_setup()
self.assertEqual(out['result'], True, out['msg'])
if out['result'] == True:
self.topo_objs, self.config_topo, vm_fip_info = out['data']
def verify_config_after_feature_test(self):
result = True
assert self.res.verify_common_objects_without_collector()
vn11_fixture = self.res.vn11_fixture
vn11_vm3_fixture = self.res.vn11_vm3_fixture
vn11_vm4_fixture = self.res.vn11_vm4_fixture
vn22_fixture = self.res.vn22_fixture
# Ping between project1 and project2
self.logger.info("Ping across projects with policy")
src_vm_project1 = self.res.config_topo['project1']['vm']['vmc1']
dst_vm_project2 = self.res.config_topo['project2']['vm']['vmc2']
if not src_vm_project1.ping_to_ip(dst_vm_project2.vm_ip):
result = result and False
self.logger.error(
'Ping acorss project failed with allowed policy and security group rule..\n')
assert result, "ping failed across projects with policy"
# Check security group for vn11_vm3 and vn11_vm4 first add default
# secgrp then remove it and add new secgrp to deny icmp then allow it
# expect ping accordingly ####
sec_grp_obj = self.vnc_lib.security_group_read(
fq_name=[u'default-domain', self.inputs.project_name, 'default'])
vn11_vm3_fixture.add_security_group(secgrp=sec_grp_obj.uuid)
vn11_vm3_fixture.verify_security_group('default')
vn11_vm4_fixture.add_security_group(secgrp=sec_grp_obj.uuid)
vn11_vm4_fixture.verify_security_group('default')
assert vn11_vm3_fixture.ping_with_certainty(vn11_vm4_fixture.vm_ip)
assert vn11_vm4_fixture.ping_with_certainty(vn11_vm3_fixture.vm_ip)
vn11_vm3_fixture.remove_security_group(secgrp=sec_grp_obj.uuid)
vn11_vm4_fixture.remove_security_group(secgrp=sec_grp_obj.uuid)
result = self.check_secgrp_traffic()
assert result
# checking traffic using floating ip defined before upgrade ####
result = self.check_floatingip_traffic()
assert result
# checking policy before upgrade ####
result = self.check_policy_traffic()
assert result
# creating new resources after upgrade #####
new_res = self.vn_add_delete()
result = result and new_res
assert result
new_res = self.vm_add_delete()
result = result and new_res
assert result
# create floating ip with new vms #######
fip_pool_name = 'some-pool'
self.fip_fixture1 = self.useFixture(
FloatingIPFixture(
project_name=self.inputs.project_name, inputs=self.inputs,
connections=self.connections, pool_name=fip_pool_name, vn_id=self.res.vn11_fixture.vn_id))
self.fip_new_id = self.fip_fixture1.create_and_assoc_fip(
self.res.vn11_fixture.vn_id, self.vm22_fixture.vm_id)
assert self.fip_fixture1.verify_fip(
self.fip_new_id, self.vm22_fixture, self.res.vn11_fixture)
self.addCleanup(self.fip_fixture1.disassoc_and_delete_fip,
self.fip_new_id)
self.fip_new_id1 = self.fip_fixture1.create_and_assoc_fip(
self.res.vn11_fixture.vn_id, self.vm33_fixture.vm_id)
assert self.fip_fixture1.verify_fip(
self.fip_new_id1, self.vm33_fixture, self.res.vn11_fixture)
self.addCleanup(self.fip_fixture1.disassoc_and_delete_fip,
self.fip_new_id1)
self.logger.debug('pinging from vn22_vm1_mine to fip_vn_vm1_mine \n')
if not self.vm22_fixture.ping_with_certainty(self.fip_fixture1.fip[self.fip_new_id1]):
result = result and False
if not result:
self.logger.error('Test to ping between VMs FAILED \n')
assert result
fips = self.vm22_fixture.vnc_lib_h.floating_ip_read(
id=self.fip_new_id).get_floating_ip_address()
self.logger.debug('pinging from vn11_vm1_mine to vn22_vm1_mine \n')
if not self.vm11_fixture.ping_to_ip(fips):
result = result and False
if not result:
self.logger.error('Test to ping between VMs FAILED \n')
assert result
# Creating policy for newly created vn's
newvn_fixture = self.newvn_fixture
newvn11_fixture = self.newvn11_fixture
rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'any', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy_name = 'newpolicy'
policy_fixture1 = self.useFixture(
PolicyFixture(
policy_name=policy_name, rules_list=rules, inputs=self.inputs,
connections=self.connections))
policy_fq_name = [policy_fixture1.policy_fq_name]
newvn_fixture.bind_policies(policy_fq_name, newvn_fixture.vn_id)
self.addCleanup(newvn_fixture.unbind_policies,
newvn_fixture.vn_id, [policy_fixture1.policy_fq_name])
newvn11_fixture.bind_policies(policy_fq_name, newvn11_fixture.vn_id)
self.addCleanup(newvn11_fixture.unbind_policies,
newvn11_fixture.vn_id, [policy_fixture1.policy_fq_name])
assert newvn_fixture.verify_on_setup()
assert newvn11_fixture.verify_on_setup()
self.logger.debug(
"Pinging from newvn_vm1_mine to newvn11_vm1_mine by policy rule ")
if not self.vm4_fixture.ping_with_certainty(self.vm5_fixture.vm_ip, expectation=True):
result = result and False
if not result:
self.logger.error('Test to ping between VMs FAILED \n')
assert result
if not self.vm5_fixture.ping_with_certainty(self.vm4_fixture.vm_ip, expectation=True):
result = result and False
if not result:
self.logger.error('Test to ping between VMs FAILED \n')
assert result
# Validate the service chaining in network datapath ###
assert self.res.si_fixture.verify_on_setup()
assert self.res.vm1_fixture.ping_with_certainty(
self.res.vm2_fixture.vm_ip)
return result