def create_VPN(self, public_ip):
"""Creates VPN for the network"""
self.debug("Creating VPN with public IP: %s" % public_ip.ipaddress.id)
try:
# Assign VPN to Public IP
vpn = Vpn.create(
self.apiclient, self.public_ip.ipaddress.id, account=self.account.name, domainid=self.account.domainid
)
self.debug("Verifying the remote VPN access")
vpns = Vpn.list(self.apiclient, publicipid=public_ip.ipaddress.id, listall=True)
self.assertEqual(isinstance(vpns, list), True, "List VPNs shall return a valid response")
return vpn
except Exception as e:
self.fail("Failed to create remote VPN access: %s" % e)
def enable_vpcs_localvpngateway(self, vpcs_data):
for vpc_data in vpcs_data:
vpc = get_vpc(api_client=self.api_client, name=self.dynamic_names['vpcs'][vpc_data['data']['name']])
if vpc_data['data']['vpnconnections']:
self.logger.debug('>>> VPN LOCAL GATEWAY => Creating on VPC "%s"...', vpc_data['data']['name'])
localvpngateway = Vpn.createVpnGateway(api_client=self.api_client, vpc=vpc)
self.logger.debug('>>> VPN LOCAL GATEWAY => ID: %s => IP: %s => VPC: %s => Domain: %s',
localvpngateway['id'], localvpngateway['publicip'], localvpngateway['vpcid'],
localvpngateway['domainid'])
def create_VPN(self, public_ip):
"""Creates VPN for the network"""
self.debug("Creating VPN with public IP: %s" % public_ip.ipaddress.id)
try:
# Assign VPN to Public IP
vpn = Vpn.create(self.apiclient,
self.public_ip.ipaddress.id,
account=self.account.name,
domainid=self.account.domainid)
self.debug("Verifying the remote VPN access")
vpns = Vpn.list(self.apiclient,
publicipid=public_ip.ipaddress.id,
listall=True)
self.assertEqual(isinstance(vpns, list), True,
"List VPNs shall return a valid response")
return vpn
except Exception as e:
self.fail("Failed to create remote VPN access: %s" % e)
def test_08_add_TCP_PF_Rule_In_VPN(self):
"""
Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN
"""
# Steps for verification
# 1. Enable vpn on SourceNAT IP address
# 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed
# Should not conflict with UPD ports used for VPN
vm_res = VirtualMachine.list(self.apiclient,
id=self.virtual_machine.id,
listall=True)
self.assertEqual(
validateList(vm_res)[0], PASS, "Failed to list virtual machine")
network_id = vm_res[0].nic[0].networkid
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
associatednetworkid=network_id)
self.assertEqual(
validateList(src_nat_list)[0], PASS,
"Failed to list source nat ip address")
ip = src_nat_list[0]
try:
vpn = Vpn.create(
self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertIsNotNone(vpn, "Failed to create remote access vpn")
except Exception as e:
self.fail("Failed to enable vpn on SourceNAT IP with error: %s" %
e)
#Create PF rule with TCP ports 500,4500 and 1701
self.services['natrule']['protocol'] = "TCP"
for port in [500, 4500, 1701]:
self.services['natrule']['privateport'] = port
self.services['natrule']['publicport'] = port
try:
nat = NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"], ip.id)
self.assertIsNotNone(
nat, "Failed to add PF rule with tcp parts matching vpn")
except Exception as e:
self.fail(
"Creating PF rule for TCP port %s in VPN failed : %s" %
(port, e))
return
def deploy_vpcs_remotevpngateways(self, vpcs_data, account):
for vpc_data in vpcs_data:
for vpnconnection_data in vpc_data['data']['vpnconnections']:
vpc = get_vpc(
api_client=self.api_client,
name=self.dynamic_names['vpcs'][vpc_data['data']['name']])
vpc_vpngateway = get_vpngateway(api_client=self.api_client,
vpc=vpc)
remotevpc = get_vpc(
api_client=self.api_client,
name=self.dynamic_names['vpcs'][vpnconnection_data])
remotevpc_vpngateway = get_vpngateway(
api_client=self.api_client, vpc=remotevpc)
self.logger.debug(
'>>> VPN CUSTOMER GATEWAY => Creating to VPC "%s"...',
vpnconnection_data)
vpncustomergateway = VpnCustomerGateway.create(
api_client=self.api_client,
name="remotegateway_to_" + remotevpc.name,
gateway=remotevpc_vpngateway.publicip,
cidrlist=remotevpc.cidr,
presharedkey='notasecret',
ikepolicy='aes128-sha256;modp2048',
esppolicy='aes128-sha256;modp2048',
account=account.name,
domainid=account.domainid)
self.logger.debug(
'>>> VPN CUSTOMER GATEWAY => ID: %s => Name: %s => CIDR List: %s '
'=> Gateway: %s => Domain: %s', vpncustomergateway.id,
vpncustomergateway.name, vpncustomergateway.cidrlist,
vpncustomergateway.gateway, vpncustomergateway.domainid)
self.logger.debug(
'>>> VPN CONNECTION => Creating from VPC "%s" to VPC "%s"...',
vpc_data['data']['name'], vpnconnection_data)
vpnconnection = Vpn.createVpnConnection(
api_client=self.api_client,
s2svpngatewayid=vpc_vpngateway.id,
s2scustomergatewayid=vpncustomergateway.id)
self.logger.debug(
'>>> VPN CONNECTION => ID: %s => VPN Local Gateway: %s '
'=> VPN Customer Gateway: %s => State: %s',
vpnconnection['id'], vpnconnection['s2svpngatewayid'],
vpnconnection['s2scustomergatewayid'],
vpnconnection['state'])
def enable_vpcs_localvpngateway(self, vpcs_data):
for vpc_data in vpcs_data:
vpc = get_vpc(
api_client=self.api_client,
name=self.dynamic_names['vpcs'][vpc_data['data']['name']])
if vpc_data['data']['vpnconnections']:
self.logger.debug(
'>>> VPN LOCAL GATEWAY => Creating on VPC "%s"...',
vpc_data['data']['name'])
localvpngateway = Vpn.createVpnGateway(
api_client=self.api_client, vpc=vpc)
self.logger.debug(
'>>> VPN LOCAL GATEWAY => ID: %s => IP: %s => VPC: %s => Domain: %s',
localvpngateway['id'], localvpngateway['publicip'],
localvpngateway['vpcid'], localvpngateway['domainid'])
def deploy_vpcs_remotevpngateways(self, vpcs_data, account):
for vpc_data in vpcs_data:
for vpnconnection_data in vpc_data['data']['vpnconnections']:
vpc = get_vpc(api_client=self.api_client, name=self.dynamic_names['vpcs'][vpc_data['data']['name']])
vpc_vpngateway = get_vpngateway(api_client=self.api_client, vpc=vpc)
remotevpc = get_vpc(api_client=self.api_client, name=self.dynamic_names['vpcs'][vpnconnection_data])
remotevpc_vpngateway = get_vpngateway(api_client=self.api_client, vpc=remotevpc)
self.logger.debug('>>> VPN CUSTOMER GATEWAY => Creating to VPC "%s"...', vpnconnection_data)
vpncustomergateway = VpnCustomerGateway.create(
api_client=self.api_client,
name="remotegateway_to_" + remotevpc.name,
gateway=remotevpc_vpngateway.publicip,
cidrlist=remotevpc.cidr,
presharedkey='notasecret',
ikepolicy='aes128-sha256;modp2048',
esppolicy='aes128-sha256;modp2048',
account=account.name,
domainid=account.domainid
)
self.logger.debug('>>> VPN CUSTOMER GATEWAY => ID: %s => Name: %s => CIDR List: %s '
'=> Gateway: %s => Domain: %s', vpncustomergateway.id, vpncustomergateway.name,
vpncustomergateway.cidrlist, vpncustomergateway.gateway, vpncustomergateway.domainid)
self.logger.debug('>>> VPN CONNECTION => Creating from VPC "%s" to VPC "%s"...',
vpc_data['data']['name'], vpnconnection_data)
vpnconnection = Vpn.createVpnConnection(
api_client=self.api_client,
s2svpngatewayid=vpc_vpngateway.id,
s2scustomergatewayid=vpncustomergateway.id
)
self.logger.debug('>>> VPN CONNECTION => ID: %s => VPN Local Gateway: %s '
'=> VPN Customer Gateway: %s => State: %s', vpnconnection['id'],
vpnconnection['s2svpngatewayid'], vpnconnection['s2scustomergatewayid'],
vpnconnection['state'])
def test_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 0) Get the default network offering for VPC
self.logger.debug("Retrieving default VPC offering")
networkOffering = NetworkOffering.list(
self.apiclient,
name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0,
"No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient, isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"No VPC offerings found")
try:
vpc = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc is not None, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
try:
# 2) Create network in VPC
ntwk = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" %
(ntwk.id, vpc.id))
try:
# 3) Deploy a vm
vm = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deployed virtual machine: OK")
try:
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id)
ip = src_nat_list[0]
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Acquired public ip address: OK")
try:
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"])
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpnUser = None
# 5) Add VPN user for VPC
try:
vpnUser = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"])
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpnUser,
"Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
#TODO: Add an actual remote vpn connection test from a remote vpc
try:
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
except Exceptio as e:
self.fail(e)
finally:
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_01_redundant_vpc_site2site_vpn(self):
"""Test Site 2 Site VPN Across redundant VPCs"""
self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn")
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(
networkOffering) > 0, "No VPC based network offering")
# Create and enable redundant VPC offering
redundant_vpc_offering = self._create_vpc_offering(
'redundant_vpc_offering')
self.assert_(redundant_vpc_offering is not None,
"Failed to create redundant VPC Offering")
redundant_vpc_offering.update(self.apiclient, state='Enabled')
# Create VPC 1
vpc1 = None
try:
vpc1 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % vpc1.id)
# Create VPC 2
vpc2 = None
try:
vpc2 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % vpc2.id)
default_acl = NetworkACLList.list(
self.apiclient, name="default_allow")[0]
# Create network in VPC 1
ntwk1 = None
try:
ntwk1 = Network.create(
apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
ntwk2 = None
try:
ntwk2 = Network.create(
apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
vm1 = None
try:
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk1.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
vm2 = None
try:
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk2.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(
vpn1_response is not None, "Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(
vpn2_response is not None, "Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id
)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id
)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(
self.apiclient, customer1_response.id, vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, customer2_response.id, vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(
vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
natrule = None
try:
natrule = self._create_natrule(
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(
natrule is not None, "Failed to create portforward for vm2")
time.sleep(20)
# setup ssh connection to vm2
ssh_client = self._get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
self.logger.debug("Starting test: test_01_vpc_remote_access_vpn")
# 0) Get the default network offering for VPC
self.logger.debug("Retrieving default VPC offering")
networkOffering = NetworkOffering.list(
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(
networkOffering) > 0, "No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient, name="Default VPC offering")
self.assert_(vpcOffering is not None and len(
vpcOffering) > 0, "No VPC offerings found")
vpc = None
try:
vpc = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc is not None, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
try:
# 2) Create network in VPC
ntwk = Network.create(
apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug(
"Network %s created in VPC %s" % (ntwk.id, vpc.id))
try:
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor
)
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deployed virtual machine: OK")
try:
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
ip = src_nat_list[0]
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Acquired public ip address: OK")
try:
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"]
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpnUser = None
# 5) Add VPN user for VPC
try:
vpnUser = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"]
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(
vpnUser, "Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
try:
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 1) Create VPC
vpc_offering = VpcOffering.list(self.apiclient, isdefault=True)
self.assertTrue(vpc_offering is not None and len(vpc_offering) > 0,
"No VPC offerings found")
vpc = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpc_offering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
self.assertIsNotNone(vpc, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
self.cleanup.append(vpc)
# 2) Create network in VPC
ntwk = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=self.network_offerings[0].id,
zoneid=self.zone.id,
vpcid=vpc.id)
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id))
self.cleanup.append(ntwk)
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor)
self.assertIsNotNone(vm, "VM failed to deploy")
self.assertEquals(vm.state, 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
self.logger.debug("Deployed virtual machine: OK")
self.cleanup.append(vm)
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id)
ip = src_nat_list[0]
self.logger.debug("Acquired public ip address: OK")
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"])
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpn_user = None
# 5) Add VPN user for VPC
vpn_user = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"])
self.assertIsNotNone(vpn_user,
"Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
self.logger.debug("Deleted the Remote Access VPN: OK")
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=` i `)
vpc_n = VPC.create(apiclient=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=` i `)
ntwk_n = Network.create(
apiclient=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offerings[0].id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" %
(i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default')
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" %
(i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response,
"Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" %
(i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC" + ` i `, ip.ipaddress,
vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(
0, customer_response
) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug(
"VPN customer gateway added for VPC%d %s enabled" %
(i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(
self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True,
"Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id,
vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" %
(i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, vpn_cust_gw_list[i].id,
vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" %
(0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug(
"Setup SSH connection to last VM created (%d) to ensure availability for ping tests"
% maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(
ssh_max_client,
"Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug(
"Setup SSH connection to first VM created (0) to ensure availability for ping tests"
)
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(
int(packet_loss), 0,
"Ping towards vm" + ` i ` + "did not succeed")
self.logger.debug("Ping from vm0 to vm%d did succeed" % i)
else:
self.fail("Failed to setup ssh connection to %s" %
vm_list[0].public_ip)
return
def test_08_add_TCP_PF_Rule_In_VPN(self):
"""
Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN
"""
# Steps for verification
# 1. Enable vpn on SourceNAT IP address
# 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed
# Should not conflict with UPD ports used for VPN
vm_res = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id,
listall=True
)
self.assertEqual(
validateList(vm_res)[0],
PASS,
"Failed to list virtual machine"
)
network_id = vm_res[0].nic[0].networkid
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
associatednetworkid=network_id
)
self.assertEqual(
validateList(src_nat_list)[0],
PASS,
"Failed to list source nat ip address"
)
ip = src_nat_list[0]
try:
vpn = Vpn.create(
self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertIsNotNone(
vpn,
"Failed to create remote access vpn"
)
except Exception as e:
self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e)
#Create PF rule with TCP ports 500,4500 and 1701
self.services['natrule']['protocol']="TCP"
for port in [500, 4500, 1701]:
self.services['natrule']['privateport'] = port
self.services['natrule']['publicport'] = port
try:
nat = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ip.id
)
self.assertIsNotNone(
nat,
"Failed to add PF rule with tcp parts matching vpn"
)
except Exception as e:
self.fail("Creating PF rule for TCP port %s in VPN failed : %s" % (port, e))
return
def test_vpc_site2site_vpn(self):
"""Test VPN in VPC"""
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient,
name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0,
"No VPC based network offering")
# 1) Create VPC offering
vpcOffering = VpcOffering.list(self.apiclient, isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"No VPC offerings found")
# Create VPC 1
try:
vpc1 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % (vpc1.id))
# Create VPC 2
try:
vpc2 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % (vpc2.id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC 1
try:
ntwk1 = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
try:
ntwk2 = Network.create(apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
try:
vm1 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk1.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
try:
vm2 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk2.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(vpn1_response is not None,
"Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(vpn2_response is not None,
"Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(self.apiclient,
customer1_response.id,
vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(self.apiclient,
customer2_response.id,
vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2.public_ip is not None,
"Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
try:
natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip,
ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(natrule is not None,
"Failed to create portforward for vm2")
time.sleep(10)
# setup ssh connection to vm2
ssh_client = self.get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def setUpClass(cls):
cloudstackTestClient = super(
TestMultipleVPNAccessonVPC,
cls
).getClsTestClient()
cls.debug("Obtain the Admin's API Client")
cls.api_client = cloudstackTestClient.getApiClient()
cls.debug("Get the dictionary information that will be used during CCP tests, from test_data.py present on the Client")
cls.services = cloudstackTestClient.getParsedTestDataConfig()
if cls.services is None:
cls.debug("Services Object is None")
raise Exception("Services Object is None")
cls.debug("Procure the CloudStack Setup configuration Information")
with open(cls.services["config_path"], 'rb') as fp:
cls.pullconfig = json.load(fp)
cls.debug("Update 'remote.access.vpn.client.iprange','remote.access.vpn.user.limit','max.account.primary.storage','max.account.public.ips','max.account.user.vms','max.account.volumes','max.account.cpus', Global Configuration Parameters")
update_vpn_client_iprange = Configurations.update(
cls.api_client,
name="remote.access.vpn.client.iprange",
value="10.1.2.1-10.1.2.120")
cls.debug("'remote.access.vpn.client.iprange' Global Configuration Parameter Updated Successfully")
update_vpn_user_limit = Configurations.update(
cls.api_client,
name="remote.access.vpn.user.limit",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'remote.access.vpn.user.limit' Global Configuration Parameter Updated Successfully")
update_max_account_primary_stg_limit = Configurations.update(
cls.api_client,
name="max.account.primary.storage",
value=str(int(cls.services["vpnclient_count"]*20 + 100))
)
cls.debug("'max.account.primary.storage' Global Configuration Parameter Updated Successfully")
update_max_account_public_ips_limit = Configurations.update(
cls.api_client,
name="max.account.public.ips",
value=str(int(cls.services["vpnclient_count"]*2 + 10))
)
cls.debug("'max.account.public.ips' Global Configuration Parameter Updated Successfully")
update_max_account_user_vms_limit = Configurations.update(
cls.api_client,
name="max.account.user.vms",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.user.vms' Global Configuration Parameter Updated Successfully")
update_max_account_volumes_limit = Configurations.update(
cls.api_client,
name="max.account.volumes",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.volumes' Global Configuration Parameter Updated Successfully")
update_max_account_cpus_limit = Configurations.update(
cls.api_client,
name="max.account.cpus",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.cpus' Global Configuration Parameter Updated Successfully")
cls.debug("Restart the Management Server")
TestMultipleVPNAccessonVPC.restart_mgmt_server(cls.services["config_path"])
cls.debug("Completed restarting the Management Server")
cls.debug("Wait for 120 seconds...")
time.sleep(120)
cls.debug("End of 120 seconds wait time....")
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(
cls.api_client,
zone_name = cls.services["zone_vpn"]["name"])
cls.debug("Use an Existing 'Tiny Instance' Service Offering on the Setup")
list_service_offerings = []
list_service_offerings = list_service_offering(
cls.api_client,
keyword="Tiny Instance",
)
cls._cleanup = []
if list_service_offerings is not None:
cls.debug("Found an Existing 'Tiny Instance' Service Offering on the Setup")
cls.service_offering = list_service_offerings[0]
else:
cls.debug("Create a service offering which will be used for VM deployments in this test")
cls.service_offering = ServiceOffering.create(
cls.api_client,
cls.services["service_offering"]
)
cls.debug("Add the created service offering to the _cleanup queue")
cls._cleanup.append(cls.service_offering)
try:
cls.debug("Create or Use Existing Account to own the VPN Clients, which is used to test Remote VPN Access to VPC")
cls.api_client_vpn_client_reg_user = cloudstackTestClient.getUserApiClient(
UserName="******",
DomainName="ROOT"
)
list_vpn_client_regular_user = User.list(
cls.api_client,
username="******"
)
cls.debug("Procure the Account Name and DomainID Information of the Regular Account")
cls.vpn_client_reg_acct_name = list_vpn_client_regular_user[0].account
cls.vpn_client_reg_domain_id = list_vpn_client_regular_user[0].domainid
list_vpn_client_regular_user_acct = Account.list(
cls.api_client,
name = cls.vpn_client_reg_acct_name,
listall = True
)
cls._cleanup.append(Account(list_vpn_client_regular_user_acct[0].__dict__))
# Register a Template that already has VPN client installed on it. The template registered here
# has extra scripts to facilitate automated operations to execute Test Cases.
# Template has pre-configured configuration files required for the VPN Client operations.
# The following files are present on the registered template. The location of the files are locations
# on a VM deployed from this template
# 1. "/tmp/ipsec.conf"
# 2. "/tmp/ipsec.secrets"
# 3. "/tmp/options.xl2tpd.client"
# 4. "/tmp/xl2tpd.conf"
# 5 "/tmp/vpnclient_services.sh"
# 6. "/tmp/firstconn_expectscript.exp"
# 7. "/tmp/secondconn_expectscript.exp"
cls.debug("Use an Existing VPN Client Template on the Setup")
list_vpn_client_templates = list_templates(
cls.api_client_vpn_client_reg_user,
keyword="VPNClient",
templatefilter="featured",
zoneid = cls.zone.id
)
if list_vpn_client_templates is not None:
cls.debug("Found an Existing VPN Client Template on the Setup")
cls.template = list_vpn_client_templates[0]
else:
cls.debug("Register a Template that already has VPN client installed on it")
cls.template = Template.register(
cls.api_client,
cls.services["vpn_template"],
zoneid=cls.zone.id,
hypervisor='XenServer'
)
cls._cleanup.append(cls.template)
cls.debug("Sleep for {0} seconds specified in the dictionary before checking for Template's Availability".format(cls.services["sleep"]))
time.sleep(cls.services["sleep"])
cls.debug("Procure Timeout Value from the dictionary")
timeout = cls.services["timeout"]
while True:
list_template_response = list_templates(
cls.api_client_vpn_client_reg_user,
templatefilter='featured',
id=cls.template.id,
)
if isinstance(list_template_response, list):
break
elif timeout == 0:
raise Exception("List template failed!")
time.sleep(5)
timeout = timeout - 1
cls.debug("Verify template response to check whether template is present")
if list_template_response is None:
raise Exception("Check whether the VPN Client Template is available")
template_response = list_template_response[0]
if template_response.isready == False:
raise Exception("Template state is not ready, it is %r" % template_response.isready)
# Queue that holds all the VPN Client VMs Information
cls.vpnclientvms = []
cls.debug("Deploy {0} VPN Clients in the account".format(int(cls.services["vpnclient_count"])))
for vm in xrange(0,int(cls.services["vpnclient_count"])):
cls.debug("Deploy a new VM {0} in first account. This VM which will be configured as VPN Client".format(int(vm)))
new_vpnclient_vm = VirtualMachine.create(
cls.api_client_vpn_client_reg_user,
cls.services["virtual_machine"],
zoneid=cls.zone.id,
serviceofferingid=cls.service_offering.id,
templateid=cls.template.id,
)
cls.debug("Add new VM {0} to the vpnclientvms Queue".format(int(vm)))
cls.vpnclientvms.append(new_vpnclient_vm)
cls.debug("Allow SSH Access to the new VPN Client VM {0}".format(int(vm)))
new_vpnclient_vm.access_ssh_over_nat(
cls.api_client_vpn_client_reg_user,
cls.services,
new_vpnclient_vm,
allow_egress=True
)
cls.debug("VM for VPNClient Access Got Created with Public IP Address %s" % new_vpnclient_vm.public_ip)
cls.debug("Create or Use existing Account in which we deploy VPCs and test remote access to them from the First Account's VMs present on isolated Network")
cls.api_client_vpn_server_reg_user = cloudstackTestClient.getUserApiClient(
UserName="******",
DomainName="ROOT"
)
list_vpn_server_regular_user = User.list(
cls.api_client,
username="******"
)
cls.debug("Procure the Account Name and DomainID Information of the Regular Account")
cls.vpn_server_reg_acct_name = list_vpn_server_regular_user[0].account
cls.vpn_server_reg_domain_id = list_vpn_server_regular_user[0].domainid
list_vpn_server_regular_user_acct = Account.list(
cls.api_client,
name = cls.vpn_server_reg_acct_name,
listall = True
)
cls._cleanup.append(Account(list_vpn_server_regular_user_acct[0].__dict__))
cls.debug("Use an Existing 'VPC off-' Service Offering on the Setup")
list_available_vpc_offerings = list_vpc_offerings(
cls.api_client,
keyword="VPC off-",
)
if list_available_vpc_offerings is not None:
cls.debug("Found an Existing 'VPC off-' Service Offering on the Setup")
cls.vpc_offering = VpcOffering(list_available_vpc_offerings[0].__dict__)
else:
cls.debug("Creating a VPC offering..")
cls.vpc_offering = VpcOffering.create(
cls.api_client,
cls.services["vpc_offering"]
)
# Add the created VPC Offering to __cleanup queue
cls._cleanup.append(cls.vpc_offering)
# Enable to created VPC Offering inorder to deploy VPCs with it
cls.debug("Enabling the VPC offering created")
cls.vpc_offering.update(cls.api_client, state='Enabled')
cls.debug("Enabled the VPC Offering")
# Create a VPC for the second account
cls.debug("Creating a VPC in the account: %s" % cls.vpn_server_reg_acct_name)
cls.firstvpc = VPC.create(
cls.api_client_vpn_server_reg_user,
cls.services["vpc_remote_vpn"],
vpcofferingid=cls.vpc_offering.id,
zoneid=cls.zone.id
)
cls.debug("Use an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup")
list_available_network_offerings = list_network_offerings(
cls.api_client,
keyword="NET_OFF-RemoteAccessVPNTest-",
)
if list_available_network_offerings is not None:
cls.debug("Found an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup")
cls.network_off = NetworkOffering(list_available_network_offerings[0].__dict__)
else:
cls.debug('Create NetworkOffering for Networks in VPC')
cls.services["vpc_network_offering"]["name"] = "NET_OFF-RemoteAccessVPNTest-"+ random_gen()
cls.network_off = NetworkOffering.create(
cls.api_client,
cls.services["vpc_network_offering"],
conservemode=False
)
# Add the created Network Offering to __cleanup queue
cls._cleanup.append(cls.network_off)
# Enable Network offering
cls.network_off.update(cls.api_client, state='Enabled')
cls.debug('Created and Enabled NetworkOffering')
cls.services["network"]["name"] = "NETWORK-" + random_gen()
# Create First Network Tier in the First VPC created for second account using the network offering created above.
cls.debug('Adding Network=%s' % cls.services["network"])
cls.firstnetworktier = Network.create(
cls.api_client_vpn_server_reg_user,
cls.services["network"],
networkofferingid=cls.network_off.id,
zoneid=cls.zone.id,
gateway=cls.services["firstnetwork_tier"]["gateway"],
netmask=cls.services["firstnetwork_tier"]["netmask"],
vpcid=cls.firstvpc.id
)
cls.debug("Created network with ID: %s" % cls.firstnetworktier.id)
# Create Ingress and Egress NetworkACL rules for First Network Tier in the First VPC created for second account.
cls.debug("Adding NetworkACL rules to make Network accessible for all Protocols and all CIDRs ")
NetworkACL.create(
cls.api_client_vpn_server_reg_user,
cls.services["all_rule"],
networkid=cls.firstnetworktier.id,
traffictype='Ingress'
)
NetworkACL.create(
cls.api_client_vpn_server_reg_user,
cls.services["all_rule"],
networkid=cls.firstnetworktier.id,
traffictype='Egress'
)
listFirstVPC = VPC.list(
cls.api_client_vpn_server_reg_user,
id=cls.firstvpc.id
)
cls.debug("Information about the VPC: {0}".format(str(listFirstVPC)))
cls.debug("Obtain the source nat IP Address of the first VPC.")
cls.listFirstVPCPublicIpAddress = list_publicIP(
cls.api_client_vpn_server_reg_user,
issourcenat="true",
vpcid=listFirstVPC[0].id,
listall="true"
)
cls.debug("Information about the VPC's Source NAT IP Address: {0}".format(str(cls.listFirstVPCPublicIpAddress)))
cls.debug("Enable Remote Access VPN on the source nat Public IP Address of the first VPC")
cls.FirstVPNonFirstVPC = Vpn.create(
cls.api_client_vpn_server_reg_user,
cls.listFirstVPCPublicIpAddress[0].id
)
cls.debug("Successfully Created First VPN on VPC with preshared key:"+ cls.FirstVPNonFirstVPC.presharedkey)
cls.listfirstNetworkTier = list_networks(
cls.api_client_vpn_server_reg_user,
id=cls.firstnetworktier.id,
listall=True
)
cls.debug("Create a VM using the default template on the First Network Tier in the First VPC of the Second Account")
cls.vm1 = VirtualMachine.create(
cls.api_client_vpn_server_reg_user,
cls.services["virtual_machine"],
zoneid=cls.zone.id,
serviceofferingid=cls.service_offering.id,
templateid=cls.template.id,
networkids=[str(cls.firstnetworktier.id)]
)
cls.debug("First VM deployed in the first Network Tier")
except Exception as e:
cleanup_resources(cls.api_client, cls._cleanup)
printex = traceback.format_exc()
cls.debug("Exception Occurred : {0}".format(printex))
raise Exception("Warning: Exception during Setting Up the Test Suite Configuration : %s" % e)
return
def test_02_network_off_with_conserve_mode(self):
"""Test Network offering with Conserve mode ON and VR - All services
"""
# Validate the following
# 1. Create a Network from the above network offering and deploy a VM.
# 2. On source NAT ipaddress, we should be allowed to add a LB rules
# 3. On source NAT ipaddress, we should be allowed to add a PF rules
# 4. On source NAT ipaddress, we should be allowed to add a Firewall
# rules
# 5. On an ipaddress that has Lb rules, we should be allowed to
# program PF rules.
# 6. We should be allowed to program multiple PF rules on the same Ip
# address on different public ports.
# 7. We should be allowed to program multiple LB rules on the same Ip
# address for different public port ranges.
# 8. On source NAT ipaddress, we should be allowed to Enable VPN
# access.
# Create a network offering with all virtual router services enabled
self.debug(
"Creating n/w offering with all services in VR & conserve mode:off"
)
self.network_offering = NetworkOffering.create(
self.api_client,
self.services["network_offering"],
conservemode=True
)
self.cleanup.append(self.network_offering)
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying VM in account: %s" % self.account.name)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Trying to create LB rule on source NAT IP: %s" %
src_nat.ipaddress)
# Create Load Balancer rule with source NAT
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=src_nat.id,
accountid=self.account.name
)
self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress)
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List lb rules should return a valid lb rules"
)
self.assertNotEqual(
len(lb_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug("Creating firewall rule on source NAT: %s" %
src_nat.ipaddress)
#Create Firewall rule on source NAT
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
fw_rules = FireWallRule.list(
self.apiclient,
id=fw_rule.id
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"List fw rules should return a valid firewall rules"
)
self.assertNotEqual(
len(fw_rules),
0,
"Length of fw rules response should not be zero"
)
self.debug("Associating public IP for network: %s" % self.network.id)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
self.debug("Associated %s with network %s" % (
public_ip.ipaddress,
self.network.id
))
self.debug("Creating PF rule for IP address: %s" %
public_ip.ipaddress)
NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
self.debug("Trying to create LB rule on IP with NAT: %s" %
public_ip.ipaddress)
# Create Load Balancer rule on IP already having NAT rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
self.debug("Creating PF rule with public port: 66")
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule_port_66"],
ipaddressid=public_ip.ipaddress.id
)
# Check if NAT rule created successfully
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT rules should return valid list"
)
self.debug("Creating LB rule with public port: 2221")
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule_port_2221"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
# Check if NAT rule created successfully
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List LB rules should return valid list"
)
# User should be able to enable VPN on source NAT
self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress)
# Assign VPN to source NAT
Vpn.create(
self.apiclient,
src_nat.id,
account=self.account.name,
domainid=self.account.domainid
)
vpns = Vpn.list(
self.apiclient,
publicipid=src_nat.id,
listall=True,
)
self.assertEqual(
isinstance(vpns, list),
True,
"List VPNs should return a valid VPN list"
)
self.assertNotEqual(
len(vpns),
0,
"Length of list VPN response should not be zero"
)
return
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 1) Create VPC
vpc = VPC.create(
api_client=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=self.vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assertIsNotNone(vpc, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
self.cleanup.append(vpc)
# 2) Create network in VPC
ntwk = Network.create(
api_client=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc.id
)
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id))
self.cleanup.append(ntwk)
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.virtual_machine_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor
)
self.assertIsNotNone(vm, "VM failed to deploy")
self.assertEquals(vm.state, 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
self.logger.debug("Deployed virtual machine: OK")
self.cleanup.append(vm)
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
ip = src_nat_list[0]
self.logger.debug("Acquired public ip address: OK")
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"]
)
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpn_user = None
# 5) Add VPN user for VPC
vpn_user = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"]
)
self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
self.logger.debug("Deleted the Remote Access VPN: OK")
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=`i`)
vpc_n = VPC.create(
api_client=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=`i`)
ntwk_n = Network.create(
api_client=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id
)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.virtual_machine_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default'
)
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id
)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC" + `i`, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(0, customer_response) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug("VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
passiveVpn = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
time.sleep(15)
self.logger.debug("Resetting VPN connection with id %s" % (passiveVpn['id']))
Vpn.resetVpnConnection(self.apiclient, passiveVpn['id'])
# Ping to put tunnel up
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress)[0]
self.logger.debug("Ping from vm0 to vm%d to make sure tunnel is up." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
self.logger.debug("Waiting for the VPN with id %s to connect" % (passiveVpn['id']))
max_retries = 30
retries = 0
while retries < max_retries:
vpnconn2_response = Vpn.listVpnConnection(self.apiclient, listall=True, id=passiveVpn['id'])
if len(vpnconn2_response) > 0 and vpnconn2_response[0].state.lower() == 'connected':
break
retries += 1
time.sleep(2)
self.assertLess(retries, max_retries, "Failed to reconnect VPN with id %s" % (passiveVpn['id']))
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug("Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug("Setup SSH connection to first VM created (0) to ensure availability for ping tests")
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(int(packet_loss), 0, " Ping towards vm" + `i` + " did not succeed")
self.logger.debug("SUCCESS! Ping from vm0 to vm%d succeeded." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
return
