def test_public_ip_admin_account(self):
"""Test for Associate/Disassociate public IP address for admin account"""
# Validate the following:
# 1. listPubliIpAddresses API returns the list of acquired addresses
# 2. the returned list should contain our acquired IP address
ip_address = PublicIPAddress.create(self.apiclient, self.account.name,
self.zone.id,
self.account.domainid)
list_pub_ip_addr_resp = list_publicIP(self.apiclient,
id=ip_address.ipaddress.id)
self.assertEqual(isinstance(list_pub_ip_addr_resp, list), True,
"Check list response returns a valid list")
# listPublicIpAddresses should return newly created public IP
self.assertNotEqual(len(list_pub_ip_addr_resp), 0,
"Check if new IP Address is associated")
self.assertEqual(
list_pub_ip_addr_resp[0].id, ip_address.ipaddress.id,
"Check Correct IP Address is returned in the List Cacls")
ip_address.delete(self.apiclient)
time.sleep(30)
# Validate the following:
# 1.listPublicIpAddresses should no more return the released address
list_pub_ip_addr_resp = list_publicIP(self.apiclient,
id=ip_address.ipaddress.id)
if list_pub_ip_addr_resp is None:
return
if (list_pub_ip_addr_resp) and (isinstance(
list_pub_ip_addr_resp,
list)) and (len(list_pub_ip_addr_resp) > 0):
self.fail("list public ip response is not empty")
return
def test_public_ip_user_account(self):
"""Test for Associate/Disassociate public IP address for user account"""
# Validate the following:
# 1. listPubliIpAddresses API returns the list of acquired addresses
# 2. the returned list should contain our acquired IP address
ip_address = PublicIPAddress.create(self.apiclient, self.user.name,
self.zone.id, self.user.domainid)
# listPublicIpAddresses should return newly created public IP
list_pub_ip_addr_resp = list_publicIP(self.apiclient,
id=ip_address.ipaddress.id)
self.assertEqual(isinstance(list_pub_ip_addr_resp, list), True,
"Check list response returns a valid list")
self.assertNotEqual(len(list_pub_ip_addr_resp), 0,
"Check if new IP Address is associated")
self.assertEqual(
list_pub_ip_addr_resp[0].id, ip_address.ipaddress.id,
"Check Correct IP Address is returned in the List Call")
ip_address.delete(self.apiclient)
list_pub_ip_addr_resp = list_publicIP(self.apiclient,
id=ip_address.ipaddress.id)
self.assertEqual(
list_pub_ip_addr_resp, None,
"Check if disassociated IP Address is no longer available")
return
def test_public_ip_admin_account(self):
"""Test for Associate/Disassociate public IP address for admin account"""
# Validate the following:
# 1. listPubliIpAddresses API returns the list of acquired addresses
# 2. the returned list should contain our acquired IP address
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid
)
list_pub_ip_addr_resp = list_publicIP(
self.apiclient,
id=ip_address.ipaddress.id
)
self.assertEqual(
isinstance(list_pub_ip_addr_resp, list),
True,
"Check list response returns a valid list"
)
# listPublicIpAddresses should return newly created public IP
self.assertNotEqual(
len(list_pub_ip_addr_resp),
0,
"Check if new IP Address is associated"
)
self.assertEqual(
list_pub_ip_addr_resp[0].id,
ip_address.ipaddress.id,
"Check Correct IP Address is returned in the List Cacls"
)
ip_address.delete(self.apiclient)
time.sleep(30)
# Validate the following:
# 1.listPublicIpAddresses should no more return the released address
list_pub_ip_addr_resp = list_publicIP(
self.apiclient,
id=ip_address.ipaddress.id
)
if list_pub_ip_addr_resp is None:
return
if (list_pub_ip_addr_resp) and (
isinstance(
list_pub_ip_addr_resp,
list)) and (
len(list_pub_ip_addr_resp) > 0):
self.fail("list public ip response is not empty")
return
def test_public_ip_user_account(self):
"""Test for Associate/Disassociate public IP address for user account"""
# Validate the following:
# 1. listPubliIpAddresses API returns the list of acquired addresses
# 2. the returned list should contain our acquired IP address
ip_address = PublicIPAddress.create(
self.apiclient,
self.user.name,
self.zone.id,
self.user.domainid
)
# listPublicIpAddresses should return newly created public IP
list_pub_ip_addr_resp = list_publicIP(
self.apiclient,
id=ip_address.ipaddress.id
)
self.assertEqual(
isinstance(list_pub_ip_addr_resp, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_pub_ip_addr_resp),
0,
"Check if new IP Address is associated"
)
self.assertEqual(
list_pub_ip_addr_resp[0].id,
ip_address.ipaddress.id,
"Check Correct IP Address is returned in the List Call"
)
ip_address.delete(self.apiclient)
list_pub_ip_addr_resp = list_publicIP(
self.apiclient,
id=ip_address.ipaddress.id
)
self.assertEqual(
list_pub_ip_addr_resp,
None,
"Check if disassociated IP Address is no longer available"
)
return
def test_router_common(self):
"""Performs common router tests and returns router public_ips"""
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertTrue(len(routers) >= 1, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
self.assertTrue(
len(public_ips) >= 1, "Check public IP list has at least one IP")
return public_ips
def test_releaseIP(self):
"""Test for release public IP address"""
logger.debug("Deleting Public IP : %s" % self.ip_addr.id)
self.ip_address.delete(self.apiclient)
retriesCount = 10
isIpAddressDisassociated = False
while retriesCount > 0:
listResponse = list_publicIP(
self.apiclient,
id=self.ip_addr.id
)
if listResponse is None:
isIpAddressDisassociated = True
break
retriesCount -= 1
time.sleep(60)
# End while
self.assertTrue(
isIpAddressDisassociated,
"Failed to disassociate IP address")
# ListPortForwardingRules should not list
# associated rules with Public IP address
try:
list_nat_rule = list_nat_rules(
self.apiclient,
id=self.nat_rule.id
)
logger.debug("List NAT Rule response" + str(list_nat_rule))
except CloudstackAPIException:
logger.debug("Port Forwarding Rule is deleted")
# listLoadBalancerRules should not list
# associated rules with Public IP address
try:
list_lb_rule = list_lb_rules(
self.apiclient,
id=self.lb_rule.id
)
logger.debug("List LB Rule response" + str(list_lb_rule))
except CloudstackAPIException:
logger.debug("Port Forwarding Rule is deleted")
# SSH Attempt though public IP should fail
with self.assertRaises(Exception):
SshClient(
self.ip_addr.ipaddress,
self.services["natrule"]["publicport"],
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_releaseIP(self):
"""Test for release public IP address"""
self.debug("Deleting Public IP : %s" % self.ip_addr.id)
self.ip_address.delete(self.apiclient)
retriesCount = 10
isIpAddressDisassociated = False
while retriesCount > 0:
listResponse = list_publicIP(
self.apiclient,
id=self.ip_addr.id
)
if listResponse is None:
isIpAddressDisassociated = True
break
retriesCount -= 1
time.sleep(60)
# End while
self.assertTrue(
isIpAddressDisassociated,
"Failed to disassociate IP address")
# ListPortForwardingRules should not list
# associated rules with Public IP address
try:
list_nat_rule = list_nat_rules(
self.apiclient,
id=self.nat_rule.id
)
self.debug("List NAT Rule response" + str(list_nat_rule))
except CloudstackAPIException:
self.debug("Port Forwarding Rule is deleted")
# listLoadBalancerRules should not list
# associated rules with Public IP address
try:
list_lb_rule = list_lb_rules(
self.apiclient,
id=self.lb_rule.id
)
self.debug("List LB Rule response" + str(list_lb_rule))
except CloudstackAPIException:
self.debug("Port Forwarding Rule is deleted")
# SSH Attempt though public IP should fail
with self.assertRaises(Exception):
SshClient(
self.ip_addr.ipaddress,
self.services["natrule"]["publicport"],
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_isolate_network_FW_PF_default_routes(self):
"""Stop existing router, add a PF rule and check we can access the VM """
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, "Running", "Check list router response for router state")
public_ips = list_publicIP(
self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id
)
self.assertEqual(isinstance(public_ips, list), True, "Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=["0.0.0.0/0"],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"],
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, self.vm_1, self.services["natrule"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id)
self.assertEqual(isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, "Active", "Check list port forwarding rules")
result = "failed"
try:
ssh_command = "ping -c 3 8.8.8.8"
self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
ssh = self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5
)
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
self.assertEqual(result.count("3 packets received"), 1, "Ping to outside world from VM should be successful")
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
self.hypervisor = self.testClient.getHypervisorInfo()
template = get_test_template(self.apiclient, self.zone.id,
self.hypervisor)
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM, Port forwarding rule, LB rules
self.account = Account.create(self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id)
self.service_offering = ServiceOffering.create(
self.apiclient, self.services["service_offerings"]["tiny"])
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.ip_address = PublicIPAddress.create(self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid)
ip_addrs = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
issourcenat=False)
try:
self.ip_addr = ip_addrs[0]
except Exception as e:
raise Exception(
"Failed: During acquiring source NAT for account: %s, :%s" %
(self.account.name, e))
self.nat_rule = NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"],
self.ip_addr.id)
self.lb_rule = LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
self.ip_addr.id,
accountid=self.account.name)
self.cleanup = [self.virtual_machine, self.account]
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
self.hypervisor = self.testClient.getHypervisorInfo()
template = get_test_template(self.apiclient, self.zone.id,
self.hypervisor)
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id)
self.service_offering = ServiceOffering.create(
self.apiclient, self.services["service_offerings"]["tiny"])
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
src_nat_ip_addrs = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
self.fail("SSH failed for VM with IP: %s %s" %
(src_nat_ip_addr.ipaddress, e))
self.lb_rule = LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name)
self.lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule"],
src_nat_ip_addr.id)
self.cleanup = []
return
def test_router_common(self):
"""Performs common router tests and returns router public_ips"""
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertTrue(
len(routers) >= 1,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
self.assertTrue(
len(public_ips) >= 1,
"Check public IP list has at least one IP"
)
return public_ips
def test_router_dhcphosts(self):
"""Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.logger.debug("Testing SSH to VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
self.logger.debug("Deleting and Expunging VM %s with ip %s" % (self.vm_1.id, self.vm_1.nic[0].ipaddress))
self.vm_1.delete(self.apiclient)
self.logger.debug("Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50")
self.vm_1 = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)],
ipaddress="10.1.1.50")
self.cleanup.append(self.vm_1)
self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
return
def test_isolate_network_FW_PF_default_routes(self):
"""Stop existing router, add a PF rule and check we can access the VM """
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
result = 'failed'
try:
ssh_command = "ping -c 3 8.8.8.8"
self.logger.debug("SSH into VM with IP: %s" % nat_rule.ipaddress)
ssh = self.vm_1.get_ssh_client(ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5)
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (nat_rule.ipaddress))
self.assertEqual(
result.count("3 packets received"),
1,
"Ping to outside world from VM should be successful"
)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
self.hypervisor = self.testClient.getHypervisorInfo()
template = get_test_template(
self.apiclient,
self.zone.id,
self.hypervisor
)
if template == FAILED:
self.fail("get_test_template() failed to return template")
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]["tiny"]
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
# Wait for VM to come up
time.sleep(120)
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
raise Exception(
"Warning: Exception during fetching source NAT: %s" %
e)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.vm_1.account,
self.vm_1.zoneid,
self.vm_1.domainid,
self.services["virtual_machine"]
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name
)
lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id
)
self.cleanup = [self.nat_rule,
lb_rule,
self.vm_1,
self.service_offering,
self.account,
]
return
def test_isolate_network_password_server(self):
"""Check the password file in the Router VM"""
self.logger.debug("Starting test_isolate_network_password_server...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"], public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.test_password_file_not_empty(self.vm_1, router)
self.test_password_file_not_empty(self.vm_2, router)
return
def test_01_RouterStopCreatePF(self):
"""Test router stop create port forwarding
"""
# validate the following
# 1. wait for router to start, guest network to be implemented and
# VM to report Running
# 2. stopRouter for this account
# 3. wait for listRouters to report Router as 'Stopped'
# 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid
# 5. createPortForwardingRule (ipaddressid from step 5.)
# a. for port 22 (ssh) for user VM deployed in step 1.
# b. public port 22 , private port 22
# 6. startRouter stopped for this account
# 7. wait for listRouters to show router as Running
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
self.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
try:
self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(nat_rule.ipaddress, e)
)
return
def test_RVR_Network_FW_PF_SSH_default_routes(self):
""" Test redundant router internals """
self.logger.debug("Starting test_RVR_Network_FW_PF_SSH_default_routes...")
self.logger.debug("Creating network with network offering: %s" % self.network_offering.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
self.logger.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id
)
self.logger.debug("Associated %s with network %s" % (
public_ip.ipaddress.ipaddress,
network.id
))
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip_1 = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip_1.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip_1.id
)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
result = 'failed'
try:
ssh_command = "ping -c 3 8.8.8.8"
ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress, retries=5)
self.logger.debug("Ping to google.com from VM")
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
self.assertEqual(
result.count("3 packets received"),
1,
"Ping to outside world from VM should be successful"
)
return
def test_router_dhcphosts(self):
"""Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"], public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.logger.debug("Testing SSH to VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.logger.debug("Testing DHCP hosts for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
self.logger.debug("Deleting and Expunging VM %s with ip %s" %
(self.vm_1.id, self.vm_1.nic[0].ipaddress))
self.vm_1.delete(self.apiclient)
self.logger.debug(
"Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50"
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)],
ipaddress="10.1.1.50")
self.cleanup.append(self.vm_1)
self.logger.debug("Testing DHCP hosts for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
template = get_template(
self.apiclient,
self.zone.id,
self.services["ostype"]
)
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
self.fail("SSH failed for VM with IP: %s %s" %
(src_nat_ip_addr.ipaddress, e))
self.lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name
)
self.lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
src_nat_ip_addr.id
)
self.cleanup = []
return
def test_02_isolate_network_FW_PF_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_isolate_network_FW_PF_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(self.apiclient,
self.services["network_offering_egress_false"],
conservemode=True)
network_offering_egress_false.update(self.apiclient, state='Enabled')
self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_false.id)
network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id)
self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
expected = 0
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful once rule is added!"
)
return
def test_01_isolate_network_FW_PF_default_routes_egress_true(self):
""" Test redundant router internals """
self.logger.debug("Starting test_01_isolate_network_FW_PF_default_routes_egress_true...")
self.logger.debug("Creating Network Offering with default egress TRUE")
network_offering_egress_true = NetworkOffering.create(self.apiclient,
self.services["network_offering_egress_true"],
conservemode=True)
network_offering_egress_true.update(self.apiclient, state='Enabled')
self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_true.id)
network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_true.id,
zoneid=self.zone.id)
self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_true)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
# Test SSH after closing port 22
expected = 1
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should be successful!"
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful!"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful once rule is added!"
)
return
def test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(
self.apiclient,
self.services["nw_off_persistent_RVR_egress_false"],
conservemode=True
)
network_offering_egress_false.update(self.api_client, state='Enabled')
self.logger.debug("Creating network with network offering: %s" % network_offering_egress_false.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
expected = 0
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_53"]["protocol"],
startport=self.services["egress_53"]["startport"],
endport=self.services["egress_53"]["endport"],
cidrlist=self.services["egress_53"]["cidrlist"]
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful once rule is added!"
)
return
def test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true(self):
""" Test redundant router internals """
self.logger.debug("Starting test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true...")
self.logger.debug("Creating Network Offering with default egress TRUE")
network_offering_egress_true = NetworkOffering.create(
self.apiclient,
self.services["nw_off_persistent_RVR_egress_true"],
conservemode=True
)
network_offering_egress_true.update(self.api_client, state='Enabled')
self.logger.debug("Creating network with network offering: %s" % network_offering_egress_true.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_true.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_true)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
public_ip = public_ips[0]
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
# Test SSH after closing port 22
expected = 1
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should be successful!"
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful!"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful once rule is added!"
)
return
def test_01_RouterStopCreateLB(self):
"""Test router stop create Load balancing
"""
# validate the following
# 1. listLoadBalancerRules (publicipid=ipaddressid of source NAT)
# 2. rule should be for port 22 as applied and
# should be in state=Active
# 3. ssh access should be allowed to the userVMs over the source NAT IP
# and port 22
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping router with ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
self.debug("Creating LB rule for public IP: %s" % public_ip.id)
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
public_ip.id,
accountid=self.account.name
)
self.debug("Assigning VM %s to LB rule: %s" % (
self.vm_1.id,
lb_rule.id
))
lb_rule.assign(self.apiclient, [self.vm_1])
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# After router start, LB RUle should be in Active state
lb_rules = list_lb_rules(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"Check for list LB rules response return valid data"
)
self.assertEqual(
lb_rules[0].state,
'Active',
"Check list load balancing rules"
)
self.assertEqual(
lb_rules[0].publicport,
str(self.services["lbrule"]["publicport"]),
"Check list load balancing rules"
)
try:
self.debug("SSH into VM with IP: %s" % public_ip.ipaddress)
self.vm_1.ssh_port = self.services["lbrule"]["publicport"]
self.vm_1.get_ssh_client(public_ip.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.vm_1.ipaddress, e)
)
return
def test_router_dhcp_opts(self):
"""Check that the /etc/dhcpopts.txt has entries for the"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network1.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
network1_router = routers[0]
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network2.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
network2_router = routers[0]
self.assertEqual(
network1_router.state,
'Running',
"Check list router response for router state"
)
self.assertEqual(
network2_router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network1.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
network1_public_ip = public_ips[0]
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network2.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
network2_public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=network1_public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
network1_public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=network2_public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
network2_public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.logger.debug("Testing DHCP options for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router)
self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router)
return
def test_01_RouterStopCreateLB(self):
"""Test router stop create Load balancing
"""
# validate the following
# 1. listLoadBalancerRules (publicipid=ipaddressid of source NAT)
# 2. rule should be for port 22 as applied and
# should be in state=Active
# 3. ssh access should be allowed to the userVMs over the source NAT IP
# and port 22
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping router with ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"])
self.debug("Creating LB rule for public IP: %s" % public_ip.id)
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
public_ip.id,
accountid=self.account.name)
self.debug("Assigning VM %s to LB rule: %s" %
(self.vm_1.id, lb_rule.id))
lb_rule.assign(self.apiclient, [self.vm_1])
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# After router start, LB RUle should be in Active state
lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_rules, list), True,
"Check for list LB rules response return valid data")
self.assertEqual(lb_rules[0].state, 'Active',
"Check list load balancing rules")
self.assertEqual(lb_rules[0].publicport,
str(self.services["lbrule"]["publicport"]),
"Check list load balancing rules")
try:
self.debug("SSH into VM with IP: %s" % public_ip.ipaddress)
self.vm_1.ssh_port = self.services["lbrule"]["publicport"]
self.vm_1.get_ssh_client(public_ip.ipaddress)
except Exception as e:
self.fail("SSH Access failed for %s: %s" %
(self.vm_1.ipaddress, e))
return
def test_01_port_fwd_on_src_nat(self):
"""Test for port forwarding on source NAT"""
# Validate the following:
# 1. listPortForwarding rules API should return the added PF rule
# 2. attempt to do an ssh into the user VM through the sourceNAT
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(src_nat_ip_addrs, list),
True,
"Check list response returns a valid list"
)
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat_ip_addr.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
src_nat_ip_addr.id
)
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
# SSH virtual machine to test port forwarding
try:
self.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
src_nat_ip_addr.ipaddress
))
self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress)
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
if vm_response[0].state != 'Running':
self.fail(
"State of VM : %s is not found to be Running" % str(
self.virtual_machine.ipaddress))
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
try:
nat_rule.delete(self.apiclient)
except Exception as e:
self.fail("NAT Rule Deletion Failed: %s" % e)
# NAT rule listing should fail as the nat rule does not exist
with self.assertRaises(Exception):
list_nat_rules(self.apiclient,
id=nat_rule.id)
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
self.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
src_nat_ip_addr.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password
)
return
def test_router_dhcp_opts(self):
"""Check that the /etc/dhcpopts.txt has entries for the"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network1.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
network1_router = routers[0]
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network2.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
network2_router = routers[0]
self.assertEqual(network1_router.state, 'Running',
"Check list router response for router state")
self.assertEqual(network2_router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network1.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
network1_public_ip = public_ips[0]
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network2.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
network2_public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=network1_public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"],
network1_public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=network2_public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"],
network2_public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.logger.debug("Testing DHCP options for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router)
self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
template = get_template(
self.apiclient,
self.zone.id,
self.services["ostype"]
)
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM, Port forwarding rule, LB rules
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]
)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid
)
ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
issourcenat=False
)
try:
self.ip_addr = ip_addrs[0]
except Exception as e:
raise Exception(
"Failed: During acquiring source NAT for account: %s, :%s" %
(self.account.name, e))
self.nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.ip_addr.id
)
self.lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
self.ip_addr.id,
accountid=self.account.name
)
self.cleanup = [
self.virtual_machine,
self.account
]
return
def setUpClass(cls):
cloudstackTestClient = super(
TestMultipleVPNAccessonVPC,
cls
).getClsTestClient()
cls.debug("Obtain the Admin's API Client")
cls.api_client = cloudstackTestClient.getApiClient()
cls.debug("Get the dictionary information that will be used during CCP tests, from test_data.py present on the Client")
cls.services = cloudstackTestClient.getParsedTestDataConfig()
if cls.services is None:
cls.debug("Services Object is None")
raise Exception("Services Object is None")
cls.debug("Procure the CloudStack Setup configuration Information")
with open(cls.services["config_path"], 'rb') as fp:
cls.pullconfig = json.load(fp)
cls.debug("Update 'remote.access.vpn.client.iprange','remote.access.vpn.user.limit','max.account.primary.storage','max.account.public.ips','max.account.user.vms','max.account.volumes','max.account.cpus', Global Configuration Parameters")
update_vpn_client_iprange = Configurations.update(
cls.api_client,
name="remote.access.vpn.client.iprange",
value="10.1.2.1-10.1.2.120")
cls.debug("'remote.access.vpn.client.iprange' Global Configuration Parameter Updated Successfully")
update_vpn_user_limit = Configurations.update(
cls.api_client,
name="remote.access.vpn.user.limit",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'remote.access.vpn.user.limit' Global Configuration Parameter Updated Successfully")
update_max_account_primary_stg_limit = Configurations.update(
cls.api_client,
name="max.account.primary.storage",
value=str(int(cls.services["vpnclient_count"]*20 + 100))
)
cls.debug("'max.account.primary.storage' Global Configuration Parameter Updated Successfully")
update_max_account_public_ips_limit = Configurations.update(
cls.api_client,
name="max.account.public.ips",
value=str(int(cls.services["vpnclient_count"]*2 + 10))
)
cls.debug("'max.account.public.ips' Global Configuration Parameter Updated Successfully")
update_max_account_user_vms_limit = Configurations.update(
cls.api_client,
name="max.account.user.vms",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.user.vms' Global Configuration Parameter Updated Successfully")
update_max_account_volumes_limit = Configurations.update(
cls.api_client,
name="max.account.volumes",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.volumes' Global Configuration Parameter Updated Successfully")
update_max_account_cpus_limit = Configurations.update(
cls.api_client,
name="max.account.cpus",
value=str(int(cls.services["vpnclient_count"]*2))
)
cls.debug("'max.account.cpus' Global Configuration Parameter Updated Successfully")
cls.debug("Restart the Management Server")
TestMultipleVPNAccessonVPC.restart_mgmt_server(cls.services["config_path"])
cls.debug("Completed restarting the Management Server")
cls.debug("Wait for 120 seconds...")
time.sleep(120)
cls.debug("End of 120 seconds wait time....")
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(
cls.api_client,
zone_name = cls.services["zone_vpn"]["name"])
cls.debug("Use an Existing 'Tiny Instance' Service Offering on the Setup")
list_service_offerings = []
list_service_offerings = list_service_offering(
cls.api_client,
keyword="Tiny Instance",
)
cls._cleanup = []
if list_service_offerings is not None:
cls.debug("Found an Existing 'Tiny Instance' Service Offering on the Setup")
cls.service_offering = list_service_offerings[0]
else:
cls.debug("Create a service offering which will be used for VM deployments in this test")
cls.service_offering = ServiceOffering.create(
cls.api_client,
cls.services["service_offering"]
)
cls.debug("Add the created service offering to the _cleanup queue")
cls._cleanup.append(cls.service_offering)
try:
cls.debug("Create or Use Existing Account to own the VPN Clients, which is used to test Remote VPN Access to VPC")
cls.api_client_vpn_client_reg_user = cloudstackTestClient.getUserApiClient(
UserName="******",
DomainName="ROOT"
)
list_vpn_client_regular_user = User.list(
cls.api_client,
username="******"
)
cls.debug("Procure the Account Name and DomainID Information of the Regular Account")
cls.vpn_client_reg_acct_name = list_vpn_client_regular_user[0].account
cls.vpn_client_reg_domain_id = list_vpn_client_regular_user[0].domainid
list_vpn_client_regular_user_acct = Account.list(
cls.api_client,
name = cls.vpn_client_reg_acct_name,
listall = True
)
cls._cleanup.append(Account(list_vpn_client_regular_user_acct[0].__dict__))
# Register a Template that already has VPN client installed on it. The template registered here
# has extra scripts to facilitate automated operations to execute Test Cases.
# Template has pre-configured configuration files required for the VPN Client operations.
# The following files are present on the registered template. The location of the files are locations
# on a VM deployed from this template
# 1. "/tmp/ipsec.conf"
# 2. "/tmp/ipsec.secrets"
# 3. "/tmp/options.xl2tpd.client"
# 4. "/tmp/xl2tpd.conf"
# 5 "/tmp/vpnclient_services.sh"
# 6. "/tmp/firstconn_expectscript.exp"
# 7. "/tmp/secondconn_expectscript.exp"
cls.debug("Use an Existing VPN Client Template on the Setup")
list_vpn_client_templates = list_templates(
cls.api_client_vpn_client_reg_user,
keyword="VPNClient",
templatefilter="featured",
zoneid = cls.zone.id
)
if list_vpn_client_templates is not None:
cls.debug("Found an Existing VPN Client Template on the Setup")
cls.template = list_vpn_client_templates[0]
else:
cls.debug("Register a Template that already has VPN client installed on it")
cls.template = Template.register(
cls.api_client,
cls.services["vpn_template"],
zoneid=cls.zone.id,
hypervisor='XenServer'
)
cls._cleanup.append(cls.template)
cls.debug("Sleep for {0} seconds specified in the dictionary before checking for Template's Availability".format(cls.services["sleep"]))
time.sleep(cls.services["sleep"])
cls.debug("Procure Timeout Value from the dictionary")
timeout = cls.services["timeout"]
while True:
list_template_response = list_templates(
cls.api_client_vpn_client_reg_user,
templatefilter='featured',
id=cls.template.id,
)
if isinstance(list_template_response, list):
break
elif timeout == 0:
raise Exception("List template failed!")
time.sleep(5)
timeout = timeout - 1
cls.debug("Verify template response to check whether template is present")
if list_template_response is None:
raise Exception("Check whether the VPN Client Template is available")
template_response = list_template_response[0]
if template_response.isready == False:
raise Exception("Template state is not ready, it is %r" % template_response.isready)
# Queue that holds all the VPN Client VMs Information
cls.vpnclientvms = []
cls.debug("Deploy {0} VPN Clients in the account".format(int(cls.services["vpnclient_count"])))
for vm in xrange(0,int(cls.services["vpnclient_count"])):
cls.debug("Deploy a new VM {0} in first account. This VM which will be configured as VPN Client".format(int(vm)))
new_vpnclient_vm = VirtualMachine.create(
cls.api_client_vpn_client_reg_user,
cls.services["virtual_machine"],
zoneid=cls.zone.id,
serviceofferingid=cls.service_offering.id,
templateid=cls.template.id,
)
cls.debug("Add new VM {0} to the vpnclientvms Queue".format(int(vm)))
cls.vpnclientvms.append(new_vpnclient_vm)
cls.debug("Allow SSH Access to the new VPN Client VM {0}".format(int(vm)))
new_vpnclient_vm.access_ssh_over_nat(
cls.api_client_vpn_client_reg_user,
cls.services,
new_vpnclient_vm,
allow_egress=True
)
cls.debug("VM for VPNClient Access Got Created with Public IP Address %s" % new_vpnclient_vm.public_ip)
cls.debug("Create or Use existing Account in which we deploy VPCs and test remote access to them from the First Account's VMs present on isolated Network")
cls.api_client_vpn_server_reg_user = cloudstackTestClient.getUserApiClient(
UserName="******",
DomainName="ROOT"
)
list_vpn_server_regular_user = User.list(
cls.api_client,
username="******"
)
cls.debug("Procure the Account Name and DomainID Information of the Regular Account")
cls.vpn_server_reg_acct_name = list_vpn_server_regular_user[0].account
cls.vpn_server_reg_domain_id = list_vpn_server_regular_user[0].domainid
list_vpn_server_regular_user_acct = Account.list(
cls.api_client,
name = cls.vpn_server_reg_acct_name,
listall = True
)
cls._cleanup.append(Account(list_vpn_server_regular_user_acct[0].__dict__))
cls.debug("Use an Existing 'VPC off-' Service Offering on the Setup")
list_available_vpc_offerings = list_vpc_offerings(
cls.api_client,
keyword="VPC off-",
)
if list_available_vpc_offerings is not None:
cls.debug("Found an Existing 'VPC off-' Service Offering on the Setup")
cls.vpc_offering = VpcOffering(list_available_vpc_offerings[0].__dict__)
else:
cls.debug("Creating a VPC offering..")
cls.vpc_offering = VpcOffering.create(
cls.api_client,
cls.services["vpc_offering"]
)
# Add the created VPC Offering to __cleanup queue
cls._cleanup.append(cls.vpc_offering)
# Enable to created VPC Offering inorder to deploy VPCs with it
cls.debug("Enabling the VPC offering created")
cls.vpc_offering.update(cls.api_client, state='Enabled')
cls.debug("Enabled the VPC Offering")
# Create a VPC for the second account
cls.debug("Creating a VPC in the account: %s" % cls.vpn_server_reg_acct_name)
cls.firstvpc = VPC.create(
cls.api_client_vpn_server_reg_user,
cls.services["vpc_remote_vpn"],
vpcofferingid=cls.vpc_offering.id,
zoneid=cls.zone.id
)
cls.debug("Use an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup")
list_available_network_offerings = list_network_offerings(
cls.api_client,
keyword="NET_OFF-RemoteAccessVPNTest-",
)
if list_available_network_offerings is not None:
cls.debug("Found an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup")
cls.network_off = NetworkOffering(list_available_network_offerings[0].__dict__)
else:
cls.debug('Create NetworkOffering for Networks in VPC')
cls.services["vpc_network_offering"]["name"] = "NET_OFF-RemoteAccessVPNTest-"+ random_gen()
cls.network_off = NetworkOffering.create(
cls.api_client,
cls.services["vpc_network_offering"],
conservemode=False
)
# Add the created Network Offering to __cleanup queue
cls._cleanup.append(cls.network_off)
# Enable Network offering
cls.network_off.update(cls.api_client, state='Enabled')
cls.debug('Created and Enabled NetworkOffering')
cls.services["network"]["name"] = "NETWORK-" + random_gen()
# Create First Network Tier in the First VPC created for second account using the network offering created above.
cls.debug('Adding Network=%s' % cls.services["network"])
cls.firstnetworktier = Network.create(
cls.api_client_vpn_server_reg_user,
cls.services["network"],
networkofferingid=cls.network_off.id,
zoneid=cls.zone.id,
gateway=cls.services["firstnetwork_tier"]["gateway"],
netmask=cls.services["firstnetwork_tier"]["netmask"],
vpcid=cls.firstvpc.id
)
cls.debug("Created network with ID: %s" % cls.firstnetworktier.id)
# Create Ingress and Egress NetworkACL rules for First Network Tier in the First VPC created for second account.
cls.debug("Adding NetworkACL rules to make Network accessible for all Protocols and all CIDRs ")
NetworkACL.create(
cls.api_client_vpn_server_reg_user,
cls.services["all_rule"],
networkid=cls.firstnetworktier.id,
traffictype='Ingress'
)
NetworkACL.create(
cls.api_client_vpn_server_reg_user,
cls.services["all_rule"],
networkid=cls.firstnetworktier.id,
traffictype='Egress'
)
listFirstVPC = VPC.list(
cls.api_client_vpn_server_reg_user,
id=cls.firstvpc.id
)
cls.debug("Information about the VPC: {0}".format(str(listFirstVPC)))
cls.debug("Obtain the source nat IP Address of the first VPC.")
cls.listFirstVPCPublicIpAddress = list_publicIP(
cls.api_client_vpn_server_reg_user,
issourcenat="true",
vpcid=listFirstVPC[0].id,
listall="true"
)
cls.debug("Information about the VPC's Source NAT IP Address: {0}".format(str(cls.listFirstVPCPublicIpAddress)))
cls.debug("Enable Remote Access VPN on the source nat Public IP Address of the first VPC")
cls.FirstVPNonFirstVPC = Vpn.create(
cls.api_client_vpn_server_reg_user,
cls.listFirstVPCPublicIpAddress[0].id
)
cls.debug("Successfully Created First VPN on VPC with preshared key:"+ cls.FirstVPNonFirstVPC.presharedkey)
cls.listfirstNetworkTier = list_networks(
cls.api_client_vpn_server_reg_user,
id=cls.firstnetworktier.id,
listall=True
)
cls.debug("Create a VM using the default template on the First Network Tier in the First VPC of the Second Account")
cls.vm1 = VirtualMachine.create(
cls.api_client_vpn_server_reg_user,
cls.services["virtual_machine"],
zoneid=cls.zone.id,
serviceofferingid=cls.service_offering.id,
templateid=cls.template.id,
networkids=[str(cls.firstnetworktier.id)]
)
cls.debug("First VM deployed in the first Network Tier")
except Exception as e:
cleanup_resources(cls.api_client, cls._cleanup)
printex = traceback.format_exc()
cls.debug("Exception Occurred : {0}".format(printex))
raise Exception("Warning: Exception during Setting Up the Test Suite Configuration : %s" % e)
return
def test_01_RouterStopCreateFW(self):
"""Test router stop create Firewall rule
"""
# validate the following
# 1. 1. listFirewallRules (filter by ipaddressid of sourcenat)
# 2. rule should be for ports 1-600 and in state=Active
# (optional backend)
# 3. verify on router using iptables -t nat -nvx if rules are applied
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping the router: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IP response return valid data"
)
public_ip = public_ips[0]
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
self.debug("Starting the router: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# After Router start, FW rule should be in Active state
fw_rules = list_firewall_rules(
self.apiclient,
id=fw_rule.id,
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"Check for list FW rules response return valid data"
)
self.assertEqual(
fw_rules[0].state,
'Active',
"Check list load balancing rules"
)
self.assertEqual(
fw_rules[0].startport,
self.services["fwrule"]["startport"],
"Check start port of firewall rule"
)
self.assertEqual(
fw_rules[0].endport,
self.services["fwrule"]["endport"],
"Check end port of firewall rule"
)
# For DNS and DHCP check 'dnsmasq' process status
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(
self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t nat -L',
hypervisor=self.hypervisor
)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list),
True,
"Check for list hosts response return valid data"
)
host = hosts[0]
try:
result = get_process_status(
host.ipaddress,
22,
self.hostConfig['username'],
self.hostConfig['password'],
router.linklocalip,
'iptables -t nat -L'
)
except KeyError:
self.skipTest(
"Provide a marvin config file with host\
credentials to run %s" %
self._testMethodName)
self.debug("iptables -t nat -L: %s" % result)
self.debug("Public IP: %s" % public_ip.ipaddress)
res = str(result)
self.assertEqual(
res.count(str(public_ip.ipaddress)),
1,
"Check public IP address"
)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
template = get_template(
self.apiclient,
self.zone.id,
self.services["ostype"]
)
if template == FAILED:
self.fail(
"get_template() failed to return template with description %s" %
self.services["ostype"])
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
# Wait for VM to come up
time.sleep(120)
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
raise Exception(
"Warning: Exception during fetching source NAT: %s" %
e)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.vm_1.account,
self.vm_1.zoneid,
self.vm_1.domainid,
self.services["virtual_machine"]
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name
)
lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id
)
self.cleanup = [self.nat_rule,
lb_rule,
self.vm_1,
self.service_offering,
self.account,
]
return
def test_01_port_fwd_on_src_nat(self):
"""Test for port forwarding on source NAT"""
# Validate the following:
# 1. listPortForwarding rules API should return the added PF rule
# 2. attempt to do an ssh into the user VM through the sourceNAT
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(src_nat_ip_addrs, list),
True,
"Check list response returns a valid list"
)
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat_ip_addr.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
src_nat_ip_addr.id
)
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
# SSH virtual machine to test port forwarding
try:
logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
src_nat_ip_addr.ipaddress
))
self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress)
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
if vm_response[0].state != 'Running':
self.fail(
"State of VM : %s is not found to be Running" % str(
self.virtual_machine.ipaddress))
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
try:
nat_rule.delete(self.apiclient)
except Exception as e:
self.fail("NAT Rule Deletion Failed: %s" % e)
# NAT rule listing should fail as the nat rule does not exist
with self.assertRaises(Exception):
list_nat_rules(self.apiclient,
id=nat_rule.id)
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
logger.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
src_nat_ip_addr.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_isolate_network_password_server(self):
"""Check the password file in the Router VM"""
self.logger.debug("Starting test_isolate_network_password_server...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.test_password_file_not_empty(self.vm_1, router)
self.test_password_file_not_empty(self.vm_2, router)
return
def test_01_CreatePFOnStoppedRouter(self):
"""Stop existing router, add a PF rule and check we can access the VM """
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.logger.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
self.logger.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
try:
self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(nat_rule.ipaddress, e)
)
return
def test_01_RouterStopCreatePF(self):
"""Test router stop create port forwarding
"""
# validate the following
# 1. wait for router to start, guest network to be implemented and
# VM to report Running
# 2. stopRouter for this account
# 3. wait for listRouters to report Router as 'Stopped'
# 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid
# 5. createPortForwardingRule (ipaddressid from step 5.)
# a. for port 22 (ssh) for user VM deployed in step 1.
# b. public port 22 , private port 22
# 6. startRouter stopped for this account
# 7. wait for listRouters to show router as Running
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"])
self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule"], public_ip.id)
self.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
try:
self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail("SSH Access failed for %s: %s" % (nat_rule.ipaddress, e))
return
def test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(
self.apiclient,
self.services["nw_off_persistent_RVR_egress_false"],
conservemode=True
)
network_offering_egress_false.update(self.api_client, state='Enabled')
self.logger.debug("Creating network with network offering: %s" % network_offering_egress_false.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
expected = 0
gateway = find_public_gateway(self)
ssh_command = "ping -c 3 %s" % gateway
check_string = "3 packets received"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = self.HTTP_COMMAND % gateway
check_string = self.HTTP_CHECK_STRING
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
self.HTTP_ASSERT_FAILURE_MESSAGE
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_8080"]["protocol"],
startport=self.services["egress_8080"]["startport"],
endport=self.services["egress_8080"]["endport"],
cidrlist=self.services["egress_8080"]["cidrlist"]
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_53"]["protocol"],
startport=self.services["egress_53"]["startport"],
endport=self.services["egress_53"]["endport"],
cidrlist=self.services["egress_53"]["cidrlist"]
)
expected = 1
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
self.HTTP_ASSERT_SUCCESS_MESSAGE
)
return
def test_01_RouterStopCreateFW(self):
"""Test router stop create Firewall rule
"""
# validate the following
# 1. 1. listFirewallRules (filter by ipaddressid of sourcenat)
# 2. rule should be for ports 1-600 and in state=Active
# (optional backend)
# 3. verify on router using iptables -t nat -nvx if rules are applied
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping the router: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IP response return valid data")
public_ip = public_ips[0]
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"])
self.debug("Created firewall rule: %s" % fw_rule.id)
self.debug("Starting the router: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# After Router start, FW rule should be in Active state
fw_rules = list_firewall_rules(
self.apiclient,
id=fw_rule.id,
)
self.assertEqual(isinstance(fw_rules, list), True,
"Check for list FW rules response return valid data")
self.assertEqual(fw_rules[0].state, 'Active',
"Check list load balancing rules")
self.assertEqual(fw_rules[0].startport,
str(self.services["fwrule"]["startport"]),
"Check start port of firewall rule")
self.assertEqual(fw_rules[0].endport,
str(self.services["fwrule"]["endport"]),
"Check end port of firewall rule")
# For DNS and DHCP check 'dnsmasq' process status
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t nat -L',
hypervisor=self.hypervisor)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list), True,
"Check for list hosts response return valid data")
host = hosts[0]
host.user = self.services["configurableData"]["host"]["username"]
host.passwd = self.services["configurableData"]["host"]["password"]
try:
result = get_process_status(host.ipaddress, 22, host.user,
host.passwd, router.linklocalip,
'iptables -t nat -L')
except KeyError:
self.skipTest("Provide a marvin config file with host\
credentials to run %s" % self._testMethodName)
self.debug("iptables -t nat -L: %s" % result)
self.debug("Public IP: %s" % public_ip.ipaddress)
res = str(result)
self.assertEqual(res.count(str(public_ip.ipaddress)), 1,
"Check public IP address")
return
def test_02_isolate_network_FW_PF_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_isolate_network_FW_PF_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(self.apiclient,
self.services["network_offering_egress_false"],
conservemode=True)
network_offering_egress_false.update(self.apiclient, state='Enabled')
self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_false.id)
network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id)
self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
expected = 0
gateway = find_public_gateway(self)
ssh_command = "ping -c 3 %s" % gateway
check_string = "3 packets received"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = self.HTTP_COMMAND % gateway
check_string = self.HTTP_CHECK_STRING
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
self.HTTP_ASSERT_FAILURE_MESSAGE
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_8080"]["protocol"],
startport=self.services["egress_8080"]["startport"],
endport=self.services["egress_8080"]["endport"],
cidrlist=self.services["egress_8080"]["cidrlist"]
)
expected = 1
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
self.HTTP_ASSERT_SUCCESS_MESSAGE
)
return
