def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") vn_s = {'vn1': '20.1.1.0/24', 'vn2': ['10.1.1.0/24']} self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name='ubuntu-traffic', flavor='contrail_flavor_small')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ':'.join( [self.inputs.domain_name, self.inputs.project_name, 'default'])) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.logger.info( "Finished configuring setup for security group tests.")
def config_basic(self, check_dm): #mx config using device manager #both dm_mx and use_device_manager knobs are required for DM #this check is present in is_test_applicable if check_dm: if self.inputs.use_devicemanager_for_md5: for i in range(len(self.inputs.dm_mx.values())): router_params = self.inputs.dm_mx.values()[i] if router_params['model'] == 'mx': self.phy_router_fixture = self.useFixture( PhysicalRouterFixture( router_params['name'], router_params['control_ip'], model=router_params['model'], vendor=router_params['vendor'], asn=router_params['asn'], ssh_username=router_params['ssh_username'], ssh_password=router_params['ssh_password'], mgmt_ip=router_params['control_ip'], connections=self.connections, dm_managed=True)) physical_dev = self.vnc_lib.physical_router_read( id=self.phy_router_fixture.phy_device.uuid) physical_dev.set_physical_router_management_ip( router_params['mgmt_ip']) physical_dev._pending_field_updates self.vnc_lib.physical_router_update(physical_dev) else: if self.inputs.ext_routers: for i in range(len( self.inputs.physical_routers_data.values())): router_params = self.inputs.physical_routers_data.values( )[i] if router_params['model'] == 'mx': cmd = [] cmd.append( 'set groups md5_tests routing-options router-id %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests routing-options route-distinguisher-id %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests routing-options autonomous-system %s' % router_params['asn']) cmd.append( 'set groups md5_tests protocols bgp group md5_tests type internal' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests multihop' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests local-address %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests protocols bgp group md5_tests hold-time 90' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests keep all' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family inet-vpn unicast' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family inet6-vpn unicast' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family evpn signaling' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family route-target' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests local-as %s' % router_params['asn']) for node in self.inputs.bgp_control_ips: cmd.append( 'set groups md5_tests protocols bgp group md5_tests neighbor %s peer-as %s' % (node, router_params['asn'])) cmd.append('set apply-groups md5_tests') mx_handle = NetconfConnection( host=router_params['mgmt_ip']) mx_handle.connect() cli_output = mx_handle.config(stmts=cmd, timeout=120) #ipv6 not supported for vcenter so skipping config if self.inputs.orchestrator != 'vcenter': vn61_name = "test_vnv6sr" vn61_net = ['2001::101:0/120'] #vn1_fixture = self.config_vn(vn1_name, vn1_net) vn61_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn61_name, inputs=self.inputs, subnets=vn61_net)) vn62_name = "test_vnv6dn" vn62_net = ['2001::201:0/120'] #vn2_fixture = self.config_vn(vn2_name, vn2_net) vn62_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn62_name, inputs=self.inputs, subnets=vn62_net)) vm61_name = 'source_vm' vm62_name = 'dest_vm' #vm1_fixture = self.config_vm(vn1_fixture, vm1_name) #vm2_fixture = self.config_vm(vn2_fixture, vm2_name) vm61_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn61_fixture.obj, vm_name=vm61_name, node_name=None, image_name='cirros', flavor='m1.tiny')) vm62_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn62_fixture.obj, vm_name=vm62_name, node_name=None, image_name='cirros', flavor='m1.tiny')) vm61_fixture.wait_till_vm_is_up() vm62_fixture.wait_till_vm_is_up() rule = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn61_name, 'src_ports': [0, -1], 'dest_network': vn62_name, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] policy_name = 'allow_all' policy_fixture = self.config_policy(policy_name, rule) vn61_policy_fix = self.attach_policy_to_vn(policy_fixture, vn61_fixture) vn62_policy_fix = self.attach_policy_to_vn(policy_fixture, vn62_fixture) vn1 = "vn1" vn2 = "vn2" vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']} rules = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn1, 'src_ports': [0, -1], 'dest_network': vn2, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] self.logger.info("Configure the policy with allow any") self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.config_policy_and_attach_to_vn(rules) self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=1, vn_objs=vns, image_name='cirros', flavor='m1.tiny')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1]
def config_basic(self): vn61_name = "test_vnv6sr" vn61_net = ['2001::101:0/120'] vn61_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn61_name, inputs=self.inputs, subnets=vn61_net)) vn62_name = "test_vnv6dn" vn62_net = ['2001::201:0/120'] vn62_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn62_name, inputs=self.inputs, subnets=vn62_net)) vm61_name = 'source_vm' vm62_name = 'dest_vm' vm61_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn61_fixture.obj, vm_name=vm61_name, node_name=None, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vm62_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn62_fixture.obj, vm_name=vm62_name, node_name=None, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vm61_fixture.wait_till_vm_is_up() vm62_fixture.wait_till_vm_is_up() rule = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn61_name, 'src_ports': [0, -1], 'dest_network': vn62_name, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] policy_name = 'allow_all' policy_fixture = self.config_policy(policy_name, rule) vn61_policy_fix = self.attach_policy_to_vn(policy_fixture, vn61_fixture) vn62_policy_fix = self.attach_policy_to_vn(policy_fixture, vn62_fixture) vn1 = "vn1" vn2 = "vn2" vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']} rules = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn1, 'src_ports': [0, -1], 'dest_network': vn2, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] self.logger.info("Configure the policy with allow any") self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.config_policy_and_attach_to_vn(rules) self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=1, vn_objs=vns, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1]
def create_sg_test_resources(self): """Config common resources.""" self.logger.info("Configuring setup for security group tests.") self.vn1_subnets = get_random_cidrs(self.inputs.get_af()) self.vn2_subnets = get_random_cidrs(self.inputs.get_af()) self.vn1_prefix = self.vn1_subnets[0].split('/')[0] self.vn1_prefix_len = int(self.vn1_subnets[0].split('/')[1]) self.vn2_prefix = self.vn2_subnets[0].split('/')[0] self.vn2_prefix_len = int(self.vn2_subnets[0].split('/')[1]) vn_s = {'vn1': self.vn1_subnets[0], 'vn2': self.vn2_subnets} self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.logger.info("Configure security groups required for test.") self.config_sec_groups() self.logger.debug("Verify the configured VN's.") assert self.multi_vn_fixture.verify_on_setup() self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=3, vn_objs=vns, image_name='ubuntu-traffic', flavor='contrail_flavor_small')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1] (self.vm3_name, self.vm3_fix) = vms[2] (self.vm4_name, self.vm4_fix) = vms[3] (self.vm5_name, self.vm5_fix) = vms[4] (self.vm6_name, self.vm6_fix) = vms[5] self.logger.info("Adding the sec groups to the VM's") self.vm1_fix.add_security_group(secgrp=self.sg1_name) self.vm1_fix.add_security_group(secgrp=self.sg2_name) self.vm2_fix.add_security_group(secgrp=self.sg2_name) self.vm4_fix.add_security_group(secgrp=self.sg1_name) self.vm4_fix.add_security_group(secgrp=self.sg2_name) self.vm5_fix.add_security_group(secgrp=self.sg1_name) self.logger.info("Remove the default sec group form the VM's") default_secgrp_id = get_secgrp_id_from_name( self.connections, ':'.join([ self.connections.domain_name, self.inputs.project_name, 'default' ])) self.vm1_fix.remove_security_group(secgrp=default_secgrp_id) self.vm2_fix.remove_security_group(secgrp=default_secgrp_id) self.vm4_fix.remove_security_group(secgrp=default_secgrp_id) self.vm5_fix.remove_security_group(secgrp=default_secgrp_id) self.logger.info("Verifying setup of security group tests.") self.verify_sg_test_resources() self.set_tcp_port_use_optimizations([ self.vm1_fix, self.vm2_fix, self.vm3_fix, self.vm4_fix, self.vm5_fix, self.vm6_fix ]) self.logger.info( "Finished configuring setup for security group tests.")
def config_basic(self, is_mx_present): #mx config using device manager if is_mx_present: if self.inputs.ext_routers: if self.inputs.use_devicemanager_for_md5: router_params = self.inputs.physical_routers_data.values( )[0] self.phy_router_fixture = self.useFixture( PhysicalRouterFixture( router_params['name'], router_params['mgmt_ip'], model=router_params['model'], vendor=router_params['vendor'], asn=router_params['asn'], ssh_username=router_params['ssh_username'], ssh_password=router_params['ssh_password'], mgmt_ip=router_params['mgmt_ip'], connections=self.connections)) else: if self.inputs.ext_routers: router_params = self.inputs.physical_routers_data.values()[0] cmd = [] cmd.append( 'set groups md5_tests routing-options router-id %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests routing-options route-distinguisher-id %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests routing-options autonomous-system %s' % router_params['asn']) cmd.append( 'set groups md5_tests protocols bgp group md5_tests type internal' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests multihop' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests local-address %s' % router_params['mgmt_ip']) cmd.append( 'set groups md5_tests protocols bgp group md5_tests hold-time 90' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests keep all' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family inet-vpn unicast' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family inet6-vpn unicast' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family evpn signaling' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests family route-target' ) cmd.append( 'set groups md5_tests protocols bgp group md5_tests local-as %s' % router_params['asn']) for node in self.inputs.bgp_control_ips: cmd.append( 'set groups md5_tests protocols bgp group md5_tests neighbor %s peer-as %s' % (node, router_params['asn'])) cmd.append('set apply-groups md5_tests') mx_handle = NetconfConnection(host=router_params['mgmt_ip']) mx_handle.connect() cli_output = mx_handle.config(stmts=cmd, timeout=120) vn61_name = "test_vnv6sr" vn61_net = ['2001::101:0/120'] #vn1_fixture = self.config_vn(vn1_name, vn1_net) vn61_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn61_name, inputs=self.inputs, subnets=vn61_net)) vn62_name = "test_vnv6dn" vn62_net = ['2001::201:0/120'] #vn2_fixture = self.config_vn(vn2_name, vn2_net) vn62_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn62_name, inputs=self.inputs, subnets=vn62_net)) vm61_name = 'source_vm' vm62_name = 'dest_vm' #vm1_fixture = self.config_vm(vn1_fixture, vm1_name) #vm2_fixture = self.config_vm(vn2_fixture, vm2_name) vm61_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn61_fixture.obj, vm_name=vm61_name, node_name=None, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vm62_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn62_fixture.obj, vm_name=vm62_name, node_name=None, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vm61_fixture.wait_till_vm_is_up() vm62_fixture.wait_till_vm_is_up() rule = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn61_name, 'src_ports': [0, -1], 'dest_network': vn62_name, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] policy_name = 'allow_all' policy_fixture = self.config_policy(policy_name, rule) vn61_policy_fix = self.attach_policy_to_vn(policy_fixture, vn61_fixture) vn62_policy_fix = self.attach_policy_to_vn(policy_fixture, vn62_fixture) vn1 = "vn1" vn2 = "vn2" vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']} rules = [ { 'direction': '<>', 'protocol': 'any', 'source_network': vn1, 'src_ports': [0, -1], 'dest_network': vn2, 'dst_ports': [0, -1], 'simple_action': 'pass', }, ] self.logger.info("Configure the policy with allow any") self.multi_vn_fixture = self.useFixture( MultipleVNFixture(connections=self.connections, inputs=self.inputs, subnet_count=2, vn_name_net=vn_s, project_name=self.inputs.project_name)) vns = self.multi_vn_fixture.get_all_fixture_obj() (self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0] (self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1] self.config_policy_and_attach_to_vn(rules) self.multi_vm_fixture = self.useFixture( MultipleVMFixture(project_name=self.inputs.project_name, connections=self.connections, vm_count_per_vn=1, vn_objs=vns, image_name='cirros-0.3.0-x86_64-uec', flavor='m1.tiny')) vms = self.multi_vm_fixture.get_all_fixture() (self.vm1_name, self.vm1_fix) = vms[0] (self.vm2_name, self.vm2_fix) = vms[1]