def test_reboot_router(self): """Test for reboot router""" # Validate the Following # 1. Post restart PF and LB rules should still function # 2. verify if the ssh into the virtual machine # still works through the sourceNAT Ip # Retrieve router for the user account self.debug("Public IP: %s" % self.vm_1.ssh_ip) self.debug("Public IP: %s" % self.public_ip.ipaddress.ipaddress) routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check list routers returns a valid list") router = routers[0] self.debug("Rebooting the router (ID: %s)" % router.id) cmd = rebootRouter.rebootRouterCmd() cmd.id = router.id self.apiclient.rebootRouter(cmd) # Poll listVM to ensure VM is stopped properly timeout = self.services["timeout"] while True: time.sleep(self.services["sleep"]) # Ensure that VM is in stopped state list_vm_response = list_virtual_machines(self.apiclient, id=self.vm_1.id) if isinstance(list_vm_response, list): vm = list_vm_response[0] if vm.state == "Running": self.debug("VM state: %s" % vm.state) break if timeout == 0: raise Exception("Failed to start VM (ID: %s) in change service offering" % vm.id) timeout = timeout - 1 # we should be able to SSH after successful reboot try: self.debug("SSH into VM (ID : %s ) after reboot" % self.vm_1.id) remoteSSHClient( self.public_ip.ipaddress.ipaddress, self.services["natrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) except Exception as e: self.fail("SSH Access failed for %s: %s" % (self.public_ip.ipaddress.ipaddress, e)) return
def test_releaseIP(self): """Test for release public IP address""" self.debug("Deleting Public IP : %s" % self.ip_addr.id) self.ip_address.delete(self.apiclient) # Sleep to ensure that deleted state is reflected in other calls time.sleep(self.services["sleep"]) # ListPublicIpAddresses should not list deleted Public IP address list_pub_ip_addr_resp = list_publicIP( self.apiclient, id=self.ip_addr.id ) self.debug("List Public IP response" + str(list_pub_ip_addr_resp)) self.assertEqual( list_pub_ip_addr_resp, None, "Check if disassociated IP Address is no longer available" ) # ListPortForwardingRules should not list # associated rules with Public IP address try: list_nat_rule = list_nat_rules( self.apiclient, id=self.nat_rule.id ) self.debug("List NAT Rule response" + str(list_nat_rule)) except cloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # listLoadBalancerRules should not list # associated rules with Public IP address try: list_lb_rule = list_lb_rules( self.apiclient, id=self.lb_rule.id ) self.debug("List LB Rule response" + str(list_lb_rule)) except cloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # SSH Attempt though public IP should fail with self.assertRaises(Exception): ssh_2 = remoteSSHClient( self.ip_addr.ipaddress, self.services["natrule"]["publicport"], self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def try_ssh(self, ip_addr, hostnames): try: self.debug( "SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" % (self.vm_1.ipaddress, ip_addr)) # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs ssh_1 = remoteSSHClient(ip_addr, self.services['lbrule']["publicport"], self.vm_1.username, self.vm_1.password) hostnames.append(ssh_1.execute("hostname")[0]) self.debug(hostnames) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, ip_addr)) time.sleep(self.services["lb_switch_wait"]) return
def test_releaseIP(self): """Test for release public IP address""" self.debug("Deleting Public IP : %s" % self.ip_addr.id) self.ip_address.delete(self.apiclient) # Sleep to ensure that deleted state is reflected in other calls time.sleep(self.services["sleep"]) # ListPublicIpAddresses should not list deleted Public IP address list_pub_ip_addr_resp = list_publicIP(self.apiclient, id=self.ip_addr.id) self.debug("List Public IP response" + str(list_pub_ip_addr_resp)) self.assertEqual( list_pub_ip_addr_resp, None, "Check if disassociated IP Address is no longer available") # ListPortForwardingRules should not list # associated rules with Public IP address try: list_nat_rule = list_nat_rules(self.apiclient, id=self.nat_rule.id) self.debug("List NAT Rule response" + str(list_nat_rule)) except cloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # listLoadBalancerRules should not list # associated rules with Public IP address try: list_lb_rule = list_lb_rules(self.apiclient, id=self.lb_rule.id) self.debug("List LB Rule response" + str(list_lb_rule)) except cloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # SSH Attempt though public IP should fail with self.assertRaises(Exception): ssh_2 = remoteSSHClient(self.ip_addr.ipaddress, self.services["natrule"]["publicport"], self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0) return
def try_ssh(self, ip_addr, hostnames): try: self.debug( "SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" % (self.vm_1.ipaddress, ip_addr) ) # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs ssh_1 = remoteSSHClient( ip_addr, self.services['lbrule']["publicport"], self.vm_1.username, self.vm_1.password ) hostnames.append(ssh_1.execute("hostname")[0]) self.debug(hostnames) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, ip_addr)) time.sleep(self.services["lb_switch_wait"]) return
def test_02_port_fwd_on_non_src_nat(self): """Test for port forwarding on non source NAT""" #Validate the following: #1. listPortForwardingRules should not return the deleted rule anymore #2. attempt to do ssh should now fail ip_address = PublicIPAddress.create( self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["server"] ) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH fw_rule = FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) #Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ip_address.ipaddress.id ) #Validate the following: #1. listPortForwardingRules should not return the deleted rule anymore #2. attempt to do ssh should now fail list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned" ) try: self.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, ip_address.ipaddress.ipaddress )) self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress) except Exception as e: self.fail( "SSH Access failed for %s: %s" % \ (self.virtual_machine.ipaddress, e) ) nat_rule.delete(self.apiclient) try: list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) except cloudstackAPIException: self.debug("Nat Rule is deleted") # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): self.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) remoteSSHClient( ip_address.ipaddress.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password ) return
def test_01_port_fwd_on_src_nat(self): """Test for port forwarding on source NAT""" # Validate the following: # 1. listPortForwarding rules API should return the added PF rule # 2. attempt to do an ssh into the user VM through the sourceNAT src_nat_ip_addrs = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list") src_nat_ip_addr = src_nat_ip_addrs[0] # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") self.assertEqual(vm_response[0].state, "Running", "VM state should be Running before creating a NAT rule.") # Open up firewall port for SSH fw_rule = FireWallRule.create( self.apiclient, ipaddressid=src_nat_ip_addr.id, protocol=self.services["natrule"]["protocol"], cidrlist=["0.0.0.0/0"], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"], ) # Create NAT rule nat_rule = NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], src_nat_ip_addr.id) list_nat_rule_response = list_nat_rules(self.apiclient, id=nat_rule.id) self.assertEqual(isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list") self.assertNotEqual(len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created") self.assertEqual(list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned") # SSH virtual machine to test port forwarding try: self.debug( "SSHing into VM with IP address %s with NAT IP %s" % (self.virtual_machine.ipaddress, src_nat_ip_addr.ipaddress) ) self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress) except Exception as e: self.fail("SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e)) nat_rule.delete(self.apiclient) try: list_nat_rule_response = list_nat_rules(self.apiclient, id=nat_rule.id) except cloudstackAPIException: self.debug("Nat Rule is deleted") # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): self.debug("SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) remoteSSHClient( src_nat_ip_addr.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password, ) return
def test_reboot_router(self): """Test for reboot router""" #Validate the Following #1. Post restart PF and LB rules should still function #2. verify if the ssh into the virtual machine # still works through the sourceNAT Ip #Retrieve router for the user account self.debug("Public IP: %s" % self.vm_1.ssh_ip) self.debug("Public IP: %s" % self.public_ip.ipaddress.ipaddress) routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check list routers returns a valid list") router = routers[0] self.debug("Rebooting the router (ID: %s)" % router.id) cmd = rebootRouter.rebootRouterCmd() cmd.id = router.id self.apiclient.rebootRouter(cmd) # Poll listVM to ensure VM is stopped properly timeout = self.services["timeout"] while True: time.sleep(self.services["sleep"]) # Ensure that VM is in stopped state list_vm_response = list_virtual_machines(self.apiclient, id=self.vm_1.id) if isinstance(list_vm_response, list): vm = list_vm_response[0] if vm.state == 'Running': self.debug("VM state: %s" % vm.state) break if timeout == 0: raise Exception( "Failed to start VM (ID: %s) in change service offering" % vm.id) timeout = timeout - 1 #we should be able to SSH after successful reboot try: self.debug("SSH into VM (ID : %s ) after reboot" % self.vm_1.id) remoteSSHClient(self.public_ip.ipaddress.ipaddress, self.services["natrule"]["publicport"], self.vm_1.username, self.vm_1.password) except Exception as e: self.fail( "SSH Access failed for %s: %s" % \ (self.public_ip.ipaddress.ipaddress, e)) return
def test_02_port_fwd_on_non_src_nat(self): """Test for port forwarding on non source NAT""" #Validate the following: #1. listPortForwardingRules should not return the deleted rule anymore #2. attempt to do ssh should now fail ip_address = PublicIPAddress.create(self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["server"]) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule.") # Open up firewall port for SSH fw_rule = FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"]) #Create NAT rule nat_rule = NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], ip_address.ipaddress.id) #Validate the following: #1. listPortForwardingRules should not return the deleted rule anymore #2. attempt to do ssh should now fail list_nat_rule_response = list_nat_rules(self.apiclient, id=nat_rule.id) self.assertEqual(isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list") self.assertNotEqual(len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created") self.assertEqual(list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned") try: self.debug("SSHing into VM with IP address %s with NAT IP %s" % (self.virtual_machine.ipaddress, ip_address.ipaddress.ipaddress)) self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress) except Exception as e: self.fail( "SSH Access failed for %s: %s" % \ (self.virtual_machine.ipaddress, e) ) nat_rule.delete(self.apiclient) try: list_nat_rule_response = list_nat_rules(self.apiclient, id=nat_rule.id) except cloudstackAPIException: self.debug("Nat Rule is deleted") # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): self.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) remoteSSHClient(ip_address.ipaddress.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0) return
def test_assign_and_removal_lb(self): """Test for assign & removing load balancing rule""" # Validate: # 1. Verify list API - listLoadBalancerRules lists # all the rules with the relevant ports # 2. listLoadBalancerInstances will list # the instances associated with the corresponding rule. # 3. verify ssh attempts should pass as long as there # is at least one instance associated with the rule src_nat_ip_addrs = list_publicIP( self.apiclient, account=self.account.account.name, domainid=self.account.account.domainid ) self.assertEqual(isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list") self.non_src_nat_ip = src_nat_ip_addrs[0] # Open up firewall port for SSH fw_rule = FireWallRule.create( self.apiclient, ipaddressid=self.non_src_nat_ip.id, protocol=self.services["lbrule"]["protocol"], cidrlist=["0.0.0.0/0"], startport=self.services["lbrule"]["publicport"], endport=self.services["lbrule"]["publicport"], ) # Check if VM is in Running state before creating LB rule vm_response = VirtualMachine.list( self.apiclient, account=self.account.account.name, domainid=self.account.account.domainid ) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") for vm in vm_response: self.assertEqual(vm.state, "Running", "VM state should be Running before creating a NAT rule.") lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], self.non_src_nat_ip.id, self.account.account.name ) lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2]) try: self.debug( "SSHing into IP address: %s with VMs (ID: %s , %s) added to LB rule" % (self.non_src_nat_ip.ipaddress, self.vm_1.id, self.vm_2.id) ) # Create SSH client for each VM ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) except Exception as e: self.fail("SSH failed for VM with IP: %s" % self.non_src_nat_ip.ipaddress) try: self.debug( "SSHing again into IP address: %s with VMs (ID: %s , %s) added to LB rule" % (self.non_src_nat_ip.ipaddress, self.vm_1.id, self.vm_2.id) ) ssh_2 = remoteSSHClient( self.non_src_nat_ip.ipaddress, self.services["lbrule"]["publicport"], self.vm_2.username, self.vm_2.password, ) # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs res_1 = ssh_1.execute("hostname")[0] self.debug(res_1) time.sleep(self.services["lb_switch_wait"]) res_2 = ssh_2.execute("hostname")[0] self.debug(res_2) except Exception as e: self.fail("SSH failed for VM with IP: %s" % self.non_src_nat_ip.ipaddress) self.assertIn(self.vm_1.name, res_1, "Check if ssh succeeded for server1") self.assertIn(self.vm_2.name, res_2, "Check if ssh succeeded for server2") # Removing VM and assigning another VM to LB rule lb_rule.remove(self.apiclient, [self.vm_2]) try: self.debug( "SSHing again into IP address: %s with VM (ID: %s) added to LB rule" % (self.non_src_nat_ip.ipaddress, self.vm_1.id) ) # Again make a SSH connection, as previous is not used after LB remove ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) res_1 = ssh_1.execute("hostname")[0] self.debug(res_1) except Exception as e: self.fail("SSH failed for VM with IP: %s" % self.non_src_nat_ip.ipaddress) self.assertIn(self.vm_1.name, res_1, "Check if ssh succeeded for server1") lb_rule.assign(self.apiclient, [self.vm_3]) try: ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) ssh_3 = remoteSSHClient( self.non_src_nat_ip.ipaddress, self.services["lbrule"]["publicport"], self.vm_3.username, self.vm_3.password, ) res_1 = ssh_1.execute("hostname")[0] self.debug(res_1) time.sleep(self.services["lb_switch_wait"]) res_3 = ssh_3.execute("hostname")[0] self.debug(res_3) except Exception as e: self.fail("SSH failed for VM with IP: %s" % self.non_src_nat_ip.ipaddress) self.assertIn(self.vm_1.name, res_1, "Check if ssh succeeded for server1") self.assertIn(self.vm_3.name, res_3, "Check if ssh succeeded for server3") return
def test_02_create_lb_rule_non_nat(self): """Test to create Load balancing rule with source NAT""" # Validate the Following: # 1. listLoadBalancerRules should return the added rule # 2. attempt to ssh twice on the load balanced IP # 3. verify using the hostname of the VM that # round robin is indeed happening as expected # Check if VM is in Running state before creating LB rule vm_response = VirtualMachine.list( self.apiclient, account=self.account.account.name, domainid=self.account.account.domainid ) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") for vm in vm_response: self.assertEqual(vm.state, "Running", "VM state should be Running before creating a NAT rule.") # Create Load Balancer rule and assign VMs to rule lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], self.non_src_nat_ip.ipaddress.id, accountid=self.account.account.name, ) self.cleanup.append(lb_rule) lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2]) lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id) self.assertEqual(isinstance(lb_rules, list), True, "Check list response returns a valid list") # verify listLoadBalancerRules lists the added load balancing rule self.assertNotEqual(len(lb_rules), 0, "Check Load Balancer Rule in its List") self.assertEqual(lb_rules[0].id, lb_rule.id, "Check List Load Balancer Rules returns valid Rule") # listLoadBalancerRuleInstances should list # all instances associated with that LB rule lb_instance_rules = list_lb_instances(self.apiclient, id=lb_rule.id) self.assertEqual(isinstance(lb_instance_rules, list), True, "Check list response returns a valid list") self.assertNotEqual(len(lb_instance_rules), 0, "Check Load Balancer instances Rule in its List") self.assertIn( lb_instance_rules[0].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID", ) self.assertIn( lb_instance_rules[1].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID", ) try: self.debug( "SSHing into IP address: %s after adding VMs (ID: %s , %s)" % (self.non_src_nat_ip.ipaddress.ipaddress, self.vm_1.id, self.vm_2.id) ) ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs hostnames = [ssh_1.execute("hostname")[0]] time.sleep(self.services["lb_switch_wait"]) self.debug( "SSHing again into IP address: %s with VMs (ID: %s , %s) added to LB rule" % (self.non_src_nat_ip.ipaddress.ipaddress, self.vm_1.id, self.vm_2.id) ) ssh_2 = remoteSSHClient( self.non_src_nat_ip.ipaddress.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) hostnames.append(ssh_2.execute("hostname")[0]) self.debug("Hostnames after adding 2 VMs to LB rule: %s" % str(hostnames)) self.assertIn(self.vm_1.name, hostnames, "Check if ssh succeeded for server1") self.assertIn(self.vm_2.name, hostnames, "Check if ssh succeeded for server2") # SSH should pass till there is a last VM associated with LB rule lb_rule.remove(self.apiclient, [self.vm_2]) self.debug( "SSHing into IP address: %s after removing VM (ID: %s) from LB rule" % (self.non_src_nat_ip.ipaddress.ipaddress, self.vm_2.id) ) ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) hostnames.append(ssh_1.execute("hostname")[0]) self.debug("Hostnames after removing VM2: %s" % str(hostnames)) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, self.non_src_nat_ip.ipaddress.ipaddress)) self.assertIn(self.vm_1.name, hostnames, "Check if ssh succeeded for server1") lb_rule.remove(self.apiclient, [self.vm_1]) with self.assertRaises(Exception): self.fail( "SSHing into IP address: %s after removing VM (ID: %s) from LB rule" % (self.non_src_nat_ip.ipaddress.ipaddress, self.vm_1.id) ) ssh_1 = remoteSSHClient( self.non_src_nat_ip.ipaddress.ipaddress, self.services["lbrule"]["publicport"], self.vm_1.username, self.vm_1.password, ) ssh_1.execute("hostname")[0] return