def run(test, params, env): """ Test command: virsh nwfilter-undefine. 1) Prepare parameters. 2) Run nwfilter-undefine command. 3) Check result. 4) Clean env """ # Prepare parameters filter_ref = params.get("undefine_filter_ref", "") options_ref = params.get("undefine_options_ref", "") status_error = params.get("status_error", "no") # libvirt acl polkit related params uri = params.get("virsh_uri") unprivileged_user = params.get('unprivileged_user') try: if unprivileged_user: if unprivileged_user.count('EXAMPLE'): unprivileged_user = '******' if not libvirt_version.version_compare(1, 1, 1): if params.get('setup_libvirt_polkit') == 'yes': test.cancel("API acl test not supported in current" " libvirt version.") # Backup filter xml if filter_ref: new_filter = libvirt_xml.NwfilterXML() filterxml = new_filter.new_from_filter_dumpxml(filter_ref) logging.debug("the filter xml is: %s" % filterxml.xmltreefile) filter_xml = filterxml.xmltreefile.name # Run command cmd_result = virsh.nwfilter_undefine( filter_ref, options=options_ref, unprivileged_user=unprivileged_user, uri=uri, ignore_status=True, debug=True) status = cmd_result.exit_status # Check result if status_error == "yes": if status == 0: test.fail("Run successfully with wrong command.") elif status_error == "no": if status: test.fail("Run failed with right command.") chk_result = check_list(filter_ref) if chk_result: test.fail("filter %s show up in filter list." % filter_ref) finally: # Clean env if status == 0: virsh.nwfilter_define(filter_xml, options="", ignore_status=True, debug=True)
def run(test, params, env): """ Test virsh nwfilter-edit with uuid. 1) Prepare parameters. 2) Run nwfilter-edit command. 3) Check result. 4) Clean env """ # Prepare parameters filter_name = params.get("edit_filter_name", "") status_error = params.get("status_error", "no") new_uuid = "11111111-1111-1111-1111-111111111111" edit_cmd = ":2s/<uuid>.*$/<uuid>%s<\/uuid>/" % new_uuid # Since commit 46a811d, the logic changed for not allow update filter # uuid, so decide status_error with libvirt version. if libvirt_version.version_compare(1, 2, 7): status_error = True else: status_error = False # Backup filter xml new_filter = libvirt_xml.NwfilterXML() filterxml = new_filter.new_from_filter_dumpxml(filter_name) logging.debug("the filter xml is: %s" % filterxml.xmltreefile) try: # Run command session = aexpect.ShellSession("sudo -s") try: session.sendline("virsh nwfilter-edit %s" % filter_name) session.sendline(edit_cmd) # Press ESC session.send('\x1b') # Save and quit session.send('ZZ') remote.handle_prompts(session, None, None, r"[\#\$]\s*$") session.close() if not status_error: logging.info("Succeed to do nwfilter edit") else: test.fail("edit uuid should fail but got succeed.") except (aexpect.ShellError, aexpect.ExpectError, remote.LoginTimeoutError) as details: log = session.get_output() session.close() if "Try again? [y,n,f,?]:" in log and status_error: logging.debug("edit uuid failed as expected.") else: test.fail("Failed to do nwfilter-edit: %s\n%s" % (details, log)) finally: # Clean env virsh.nwfilter_undefine(filter_name, debug=True) virsh.nwfilter_define(filterxml.xml, debug=True)
def run(test, params, env): """ Test command: virsh nwfilter-dumpxml. 1) Prepare parameters. 2) Run dumpxml command. 3) Check result. """ # Prepare parameters filter_name = params.get("dumpxml_filter_name", "") options_ref = params.get("dumpxml_options_ref", "") status_error = params.get("status_error", "no") # Run command cmd_result = virsh.nwfilter_dumpxml(filter_name, options=options_ref, ignore_status=True, debug=True) output = cmd_result.stdout.strip() status = cmd_result.exit_status # Check result if status_error == "yes": if status == 0: raise error.TestFail("Run successfully with wrong command.") elif status_error == "no": if status: raise error.TestFail("Run failed with right command.") # Get uuid and name from output xml and compare with nwfilter-list # output new_filter = libvirt_xml.NwfilterXML() new_filter['xml'] = output uuid = new_filter.uuid name = new_filter.filter_name if check_list(uuid, name): logging.debug("The filter with uuid %s and name %s" % (uuid, name) + " from nwfilter-dumpxml was found in" + " nwfilter-list output") else: raise error.TestFail("The uuid %s with name %s from" % (uuid, name) + " nwfilter-dumpxml did not match with" + " nwfilter-list output") # Run command second time with uuid cmd_result = virsh.nwfilter_dumpxml(uuid, options=options_ref, ignore_status=True, debug=True) output1 = cmd_result.stdout.strip() status1 = cmd_result.exit_status if status_error == "yes": if status1 == 0: raise error.TestFail("Run successfully with wrong command.") elif status_error == "no": if status1: raise error.TestFail("Run failed with right command.") if output1 != output: raise error.TestFail("nwfilter dumpxml output was different" + " between using filter uuid and name")
def run(test, params, env): """ Test update filter rules when domain is running. 1) Prepare parameters. 2) Add filter to domain interface. 3) Start domain. 4) Update filter rule and check 5) Cleanup """ # Prepare parameters filter_name = params.get("filter_name", "testcase") check_cmd = params.get("check_cmd") expect_match = params.get("expect_match") check_vm_cmd = params.get("check_vm_cmd") vm_expect_match = params.get("vm_expect_match") vm_name = params.get("main_vm") vm = env.get_vm(vm_name) filterref_dict = {} filterref_dict['name'] = filter_name # backup vm xml vmxml_backup = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) new_filter = libvirt_xml.NwfilterXML() filter_backup = new_filter.new_from_filter_dumpxml(filter_name) try: # Update first vm interface with filter vmxml = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) iface_xml = vmxml.get_devices('interface')[0] vmxml.del_device(iface_xml) new_iface = interface.Interface('network') new_iface.xml = iface_xml.xml new_filterref = new_iface.new_filterref(**filterref_dict) new_iface.filterref = new_filterref logging.debug("new interface xml is: %s" % new_iface) vmxml.add_device(new_iface) vmxml.sync() # Start vm vm.start() session = vm.wait_for_login() vmxml = libvirt_xml.VMXML.new_from_dumpxml(vm_name) iface_xml = vmxml.get_devices('interface')[0] iface_target = iface_xml.target['dev'] logging.debug("iface target dev name is %s", iface_target) # Update filter rule by nwfilter-define filterxml = utlv.create_nwfilter_xml(params) # Define filter xml virsh.nwfilter_define(filterxml.xml, debug=True) # Check ebtables on host after filter update if "DEVNAME" in check_cmd: check_cmd = check_cmd.replace("DEVNAME", iface_target) ret = utils_misc.wait_for( lambda: not utils.system(check_cmd, ignore_status=True), timeout=30) if not ret: raise error.TestFail("Rum command '%s' failed" % check_cmd) out = utils.system_output(check_cmd, ignore_status=False) if expect_match and not re.search(expect_match, out): raise error.TestFail("'%s' not found in output: %s" % (expect_match, out)) # Check in vm if check_vm_cmd: output = session.cmd_output(check_vm_cmd) logging.debug("cmd output: %s", output) if vm_expect_match and not re.search(vm_expect_match, output): raise error.TestFail("'%s' not found in output: %s" % (vm_expect_match, output)) finally: # Clean env if vm.is_alive(): vm.destroy(gracefully=False) # Recover xml of vm. vmxml_backup.sync() # Restore created filter virsh.nwfilter_undefine(filter_name, debug=True) virsh.nwfilter_define(filter_backup.xml, debug=True)
def run(test, params, env): """ Test start domain with nwfilter rules. 1) Prepare parameters. 2) Prepare nwfilter rule and update domain interface to apply. 3) Start domain and check rule. 4) Clean env """ # Prepare parameters filter_name = params.get("filter_name", "testcase") bug_url = params.get("bug_url", "") vm_name = params.get("main_vm") if not libvirt_version.version_compare(1, 2, 6): raise error.TestNAError("Bug %s not fixed on current build" % bug_url) vm = env.get_vm(vm_name) # Prepare vm filterref parameters dict list filterref_dict = {} filterref_dict['name'] = filter_name # backup vm and filter xml vmxml_backup = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) backup_filter = libvirt_xml.NwfilterXML() filterxml = backup_filter.new_from_filter_dumpxml(filter_name) libvirtd = utils_libvirtd.LibvirtdSession() def nwfilter_sync_loop(filter_name, filerxml): """ Undefine filter and redefine filter from xml in loop """ for i in range(2400): virsh.nwfilter_undefine(filter_name, ignore_status=True) time.sleep(0.1) virsh.nwfilter_define(filterxml.xml, ignore_status=True) def vm_start_destory_loop(vm): """ Start and destroy vm in loop """ for i in range(2400): vm.start() time.sleep(0.1) vm.destroy(gracefully=False) try: libvirtd.start() # Update first vm interface with filter vmxml = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) iface_xml = vmxml.get_devices('interface')[0] vmxml.del_device(iface_xml) new_iface = interface.Interface('network') new_iface.xml = iface_xml.xml new_filterref = new_iface.new_filterref(**filterref_dict) new_iface.filterref = new_filterref logging.debug("new interface xml is: %s" % new_iface) vmxml.add_device(new_iface) vmxml.sync() filter_thread = threading.Thread(target=nwfilter_sync_loop, args=(filter_name, filterxml)) vm_thread = threading.Thread(target=vm_start_destory_loop, args=(vm,)) filter_thread.start() time.sleep(0.3) vm_thread.start() ret = utils_misc.wait_for(lambda: not libvirtd.is_working(), timeout=240, step=1) filter_thread.join() vm_thread.join() if ret: raise error.TestFail("Libvirtd hang, %s" % bug_url) finally: libvirtd.exit() # Clean env if vm.is_alive(): vm.destroy(gracefully=False) # Recover xml of vm and filter. vmxml_backup.sync() virsh.nwfilter_undefine(filter_name, ignore_status=True) virsh.nwfilter_define(filterxml.xml, ignore_status=True)
def run(test, params, env): """ Test command: virsh nwfilter-define. 1) Prepare parameters. 2) Set options of virsh define. 3) Run define command. 4) Check result. 5) Clean env """ # Prepare parameters filter_name = params.get("filter_name", "testcase") filter_uuid = params.get("filter_uuid", "11111111-b071-6127-b4ec-111111111111") exist_filter = params.get("exist_filter", "no-mac-spoofing") filter_xml = params.get("filter_create_xml_file") options_ref = params.get("options_ref", "") status_error = params.get("status_error", "no") boundary_test_skip = "yes" == params.get("boundary_test_skip") new_uuid = "yes" == params.get("new_uuid", 'no') bug_url = params.get("bug_url") # libvirt acl polkit related params uri = params.get("virsh_uri") unprivileged_user = params.get('unprivileged_user') if unprivileged_user: if unprivileged_user.count('EXAMPLE'): unprivileged_user = '******' if not libvirt_version.version_compare(1, 1, 1): if params.get('setup_libvirt_polkit') == 'yes': test.cancel("API acl test not supported in current" " libvirt version.") if exist_filter == filter_name and new_uuid: # Since commit 46a811d, update filter with new uuid will fail. if libvirt_version.version_compare(1, 2, 7): status_error = 'yes' else: status_error = 'no' try: if filter_xml == "invalid-filter-xml": tmp_xml = xml_utils.TempXMLFile() tmp_xml.write('"<filter><<<BAD>>><\'XML</name\>' '!@#$%^&*)>(}>}{CORRUPTE|>!</filter>') tmp_xml.flush() filter_xml = tmp_xml.name logging.info("Test invalid xml is: %s" % filter_xml) elif filter_xml: # Create filter xml new_filter = libvirt_xml.NwfilterXML() filterxml_backup = new_filter.new_from_filter_dumpxml(exist_filter) # Backup xml if only update exist filter if exist_filter == filter_name and not new_uuid: filter_uuid = filterxml_backup.uuid params['filter_uuid'] = filter_uuid filterxml = utlv.create_nwfilter_xml(params) filterxml.xmltreefile.write(filter_xml) # Run command cmd_result = virsh.nwfilter_define(filter_xml, options=options_ref, unprivileged_user=unprivileged_user, uri=uri, ignore_status=True, debug=True) status = cmd_result.exit_status # Check result chk_result = check_list(filter_uuid, filter_name) xml_path = "%s/%s.xml" % (NWFILTER_ETC_DIR, filter_name) if status_error == "yes": if status == 0: if boundary_test_skip: test.cancel("Boundary check commit 4f20943 not" " in this libvirt build yet.") else: err_msg = "Run successfully with wrong command." if bug_url: err_msg += " Check more info in %s" % bug_url test.fail(err_msg) elif status_error == "no": if status: err_msg = "Run failed with right command." if bug_url: err_msg += " Check more info in %s" % bug_url test.fail(err_msg) if not chk_result: test.fail("Can't find filter in nwfilter-list" + " output") if not os.path.exists(xml_path): test.fail("Can't find filter xml under %s" % NWFILTER_ETC_DIR) logging.info("Dump the xml after define:") virsh.nwfilter_dumpxml(filter_name, ignore_status=True, debug=True) finally: # Clean env if exist_filter == filter_name: logging.info("Restore exist filter: %s" % exist_filter) virsh.nwfilter_undefine(filter_name, ignore_status=True) virsh.nwfilter_define(filterxml_backup.xml, ignore_status=True) else: if chk_result: virsh.nwfilter_undefine(filter_name, ignore_status=True) if os.path.exists(filter_xml): os.remove(filter_xml)
def run(test, params, env): """ Test command: virsh nwfilter-edit. 1) Prepare parameters. 2) Run nwfilter-edit command. 3) Check result. 4) Clean env """ # Prepare parameters filter_name = params.get("edit_filter_name", "") filter_ref = params.get("edit_filter_ref", "") edit_priority = params.get("edit_priority", "") extra_option = params.get("edit_extra_option", "") status_error = params.get("status_error", "no") status = True edit_cmd = [] edit_cmd.append(":1s/priority=.*$/priority='" + edit_priority + "'>") # Backup filter xml if filter_name and filter_ref.find("invalid") == -1: new_filter = libvirt_xml.NwfilterXML() filterxml = new_filter.new_from_filter_dumpxml(filter_name) logging.debug("the filter xml is: %s" % filterxml.xmltreefile) filter_xml = filterxml.xmltreefile.name uuid = filterxml.uuid pre_priority = filterxml.filter_priority # Run command if status_error == "no": if filter_ref == "name": edit_filter_xml(filter_name, edit_cmd) elif filter_ref == "uuid": edit_filter_xml(uuid, edit_cmd) else: raise error.TestNAError("For positive test, edit_filter_ref cloud" " be either 'name' or 'uuid'.") else: if filter_ref.find("invalid") == 0: if extra_option == "": filter_name = filter_ref edit_result = virsh.nwfilter_edit(filter_name, extra_option, ignore_status=True, debug=True) if edit_result.exit_status == 0: raise error.TestFail("nwfilter-edit should fail but succeed") else: logging.info("Run command failed as expected") status = False else: raise error.TestNAError("For negative test, string 'invalid' is" " required in edit_filter_ref.") # no check and clean env if command fail if status: # Check result if filter_name and filter_ref.find("invalid") == -1: post_filter = libvirt_xml.NwfilterXML() postxml = post_filter.new_from_filter_dumpxml(filter_name) logging.debug("the filter xml after edit is: %s" % postxml.xmltreefile) post_priority = postxml.filter_priority if pre_priority == edit_priority: if post_priority != pre_priority: raise error.TestFail("nwfilter-edit fail to update filter" " priority") else: if post_priority == pre_priority: raise error.TestFail("nwfilter-edit fail to update filter" " priority") # Clean env if post_priority != pre_priority: virsh.nwfilter_define(filter_xml, options="", ignore_status=True, debug=True)
def run(test, params, env): """ Test command: virsh nwfilter-define. 1) Prepare parameters. 2) Set options of virsh define. 3) Run define command. 4) Check result. 5) Clean env """ # Prepare parameters filter_name = params.get("filter_name", "testcase") filter_chain = params.get("filter_chain", "root") filter_priority = params.get("filter_priority", "") filter_uuid = params.get("filter_uuid", "5c6d49af-b071-6127-b4ec-6f8ed4b55335") filterref = params.get("filterref") filterref_name = params.get("filterref_name") exist_filter = params.get("exist_filter", "no-mac-spoofing") filter_xml = params.get("filter_create_xml_file") options_ref = params.get("options_ref", "") status_error = params.get("status_error", "no") # prepare rule and protocol attributes protocol = {} rule_dict = {} rule_dict_tmp = {} # rule string should end with EOL as separator, multiple rules is supported rule = params.get( "rule", "rule_action=accept rule_direction=out protocol=mac EOL") rule_list = rule.split('EOL') for i in range(len(rule_list)): if rule_list[i]: attr = rule_list[i].split() for j in range(len(attr)): attr_list = attr[j].split('=') rule_dict_tmp[attr_list[0]] = attr_list[1] rule_dict[i] = rule_dict_tmp rule_dict_tmp = {} # process protocol parameter for i in rule_dict.keys(): if 'protocol' not in rule_dict[i]: # Set protocol as string 'None' as parse from cfg is # string 'None' protocol[i] = 'None' else: protocol[i] = rule_dict[i]['protocol'] rule_dict[i].pop('protocol') if protocol[i] in PROTOCOL_TYPES: # replace '-' with '_' in ipv6 types as '-' is not # supposed to be in class name if '-' in protocol[i]: protocol[i] = protocol[i].replace('-', '_') else: raise error.TestFail("Given protocol type %s" % protocol[i] + " is not in supported list %s" % PROTOCOL_TYPES) if filter_xml == "invalid-filter-xml": tmp_xml = xml_utils.TempXMLFile() tmp_xml.write('"<filter><<<BAD>>><\'XML</name\>' '!@#$%^&*)>(}>}{CORRUPTE|>!</filter>') tmp_xml.flush() filter_xml = tmp_xml.name logging.info("Test invalid xml is: %s" % filter_xml) elif filter_xml != " ": # Use exist xml as template with new attributes new_filter = libvirt_xml.NwfilterXML() filterxml = new_filter.new_from_filter_dumpxml(exist_filter) logging.debug("the exist xml is:\n%s" % filterxml.xmltreefile) # Backup xml if only update exist filter if exist_filter == filter_name: backup_xml = filterxml.xmltreefile.backup_copy() # Set filter attribute filterxml.filter_name = filter_name filterxml.filter_chain = filter_chain filterxml.filter_priority = filter_priority filterxml.uuid = filter_uuid if filterref: filterxml.filterref = filterref filterxml.filterref_name = filterref_name # Set rule attribute index_total = filterxml.get_rule_index() rule = filterxml.get_rule(0) rulexml = rule.backup_rule() for i in range(len(rule_dict.keys())): rulexml.rule_action = rule_dict[i].get('rule_action') rulexml.rule_direction = rule_dict[i].get('rule_direction') rulexml.rule_priority = rule_dict[i].get('rule_priority') rulexml.rule_statematch = rule_dict[i].get('rule_statematch') for j in RULE_ATTR: if j in rule_dict[i].keys(): rule_dict[i].pop(j) # set protocol attribute if protocol[i] != 'None': protocolxml = rulexml.get_protocol(protocol[i]) new_one = protocolxml.new_attr(**rule_dict[i]) protocolxml.attrs = new_one rulexml.xmltreefile = protocolxml.xmltreefile else: rulexml.del_protocol() if i <= len(index_total) - 1: filterxml.set_rule(rulexml, i) else: filterxml.add_rule(rulexml) # Reset rulexml rulexml = rule.backup_rule() logging.info("The xml for define is:\n%s" % filterxml.xmltreefile) filterxml.xmltreefile.write(filter_xml) # Run command cmd_result = virsh.nwfilter_define(filter_xml, options=options_ref, ignore_status=True, debug=True) status = cmd_result.exit_status # Check result chk_result = check_list(filter_uuid, filter_name) xml_path = "%s/%s.xml" % (NWFILTER_ETC_DIR, filter_name) if status_error == "yes": if status == 0: raise error.TestFail("Run successfully with wrong command.") elif status_error == "no": if status: raise error.TestFail("Run failed with right command.") if not chk_result: raise error.TestFail("Can't find filter in nwfilter-list output") if not os.path.exists(xml_path): raise error.TestFail("Can't find filter xml under %s" % NWFILTER_ETC_DIR) logging.info("Dump the xml after define:") virsh.nwfilter_dumpxml(filter_name, ignore_status=True, debug=True) # Clean env if exist_filter == filter_name: logging.info("Restore exist filter: %s" % exist_filter) backup_xml.write(filter_xml) virsh.nwfilter_define(filter_xml, options="", ignore_status=True, debug=True) else: if chk_result: virsh.nwfilter_undefine(filter_name, options="", ignore_status=True, debug=True) if os.path.exists(filter_xml): os.remove(filter_xml)
def run(test, params, env): """ Test command: virsh nwfilter-dumpxml. 1) Prepare parameters. 2) Run dumpxml command. 3) Check result. """ # Prepare parameters filter_name = params.get("dumpxml_filter_name", "") options_ref = params.get("dumpxml_options_ref", "") status_error = params.get("status_error", "no") # acl polkit params uri = params.get("virsh_uri") unprivileged_user = params.get('unprivileged_user') if unprivileged_user: if unprivileged_user.count('EXAMPLE'): unprivileged_user = '******' if not libvirt_version.version_compare(1, 1, 1): if params.get('setup_libvirt_polkit') == 'yes': test.cancel("API acl test not supported in current" " libvirt version.") virsh_dargs = {'ignore_status': True, 'debug': True} if params.get('setup_libvirt_polkit') == 'yes': virsh_dargs['unprivileged_user'] = unprivileged_user virsh_dargs['uri'] = uri # Run command cmd_result = virsh.nwfilter_dumpxml(filter_name, options=options_ref, **virsh_dargs) output = cmd_result.stdout.strip() status = cmd_result.exit_status # Check result if status_error == "yes": if status == 0: test.fail("Run successfully with wrong command.") elif status_error == "no": if status: test.fail("Run failed with right command.") # Get uuid and name from output xml and compare with nwfilter-list # output new_filter = libvirt_xml.NwfilterXML() new_filter['xml'] = output uuid = new_filter.uuid name = new_filter.filter_name if check_list(uuid, name): logging.debug("The filter with uuid %s and name %s" % (uuid, name) + " from nwfilter-dumpxml was found in" " nwfilter-list output") else: test.fail("The uuid %s with name %s from" % (uuid, name) + " nwfilter-dumpxml did not match with" " nwfilter-list output") # Run command second time with uuid cmd_result = virsh.nwfilter_dumpxml(uuid, options=options_ref, **virsh_dargs) output1 = cmd_result.stdout.strip() status1 = cmd_result.exit_status if status_error == "yes": if status1 == 0: test.fail("Run successfully with wrong command.") elif status_error == "no": if status1: test.fail("Run failed with right command.") if output1 != output: test.fail("nwfilter dumpxml output was different" + " between using filter uuid and name")
def run(test, params, env): """ Test update filter rules when domain is running. 1) Prepare parameters. 2) Add filter to domain interface. 3) Start domain. 4) Update filter rule and check 5) Cleanup """ # Prepare parameters filter_name = params.get("filter_name", "testcase") check_cmd = params.get("check_cmd") expect_match = params.get("expect_match") check_vm_cmd = params.get("check_vm_cmd") vm_expect_match = params.get("vm_expect_match") vm_name = params.get("main_vm") vm = env.get_vm(vm_name) filterref_dict = {} filterref_dict['name'] = filter_name # backup vm xml vmxml_backup = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) new_filter = libvirt_xml.NwfilterXML() filter_backup = new_filter.new_from_filter_dumpxml(filter_name) def clean_up_dirty_nwfilter_binding(): cmd_result = virsh.nwfilter_binding_list(debug=True) binding_list = cmd_result.stdout_text.strip().splitlines() binding_list = binding_list[2:] result = [] # If binding list is not empty. if binding_list: for line in binding_list: # Split on whitespace, assume 1 column linesplit = line.split(None, 1) result.append(linesplit[0]) logging.info("nwfilter binding list is: %s", result) for binding_uuid in result: try: virsh.nwfilter_binding_delete(binding_uuid) except Exception as e: logging.error( "Exception thrown while undefining nwfilter-binding: %s", str(e)) raise try: # Clean up dirty nwfilter binding if there are. clean_up_dirty_nwfilter_binding() # Update first vm interface with filter vmxml = libvirt_xml.VMXML.new_from_inactive_dumpxml(vm_name) iface_xml = vmxml.get_devices('interface')[0] vmxml.del_device(iface_xml) new_iface = interface.Interface('network') new_iface.xml = iface_xml.xml new_filterref = new_iface.new_filterref(**filterref_dict) new_iface.filterref = new_filterref logging.debug("new interface xml is: %s" % new_iface) vmxml.add_device(new_iface) vmxml.sync() # Start vm vm.start() session = vm.wait_for_login() vmxml = libvirt_xml.VMXML.new_from_dumpxml(vm_name) iface_xml = vmxml.get_devices('interface')[0] iface_target = iface_xml.target['dev'] logging.debug("iface target dev name is %s", iface_target) # Update filter rule by nwfilter-define filterxml = utlv.create_nwfilter_xml(params) # Define filter xml virsh.nwfilter_define(filterxml.xml, debug=True) # Check ebtables on host after filter update if "DEVNAME" in check_cmd: check_cmd = check_cmd.replace("DEVNAME", iface_target) ret = utils_misc.wait_for(lambda: not process.system( check_cmd, ignore_status=True, shell=True), timeout=30) if not ret: test.fail("Rum command '%s' failed" % check_cmd) out = astring.to_text( process.system_output(check_cmd, ignore_status=False, shell=True)) if expect_match and not re.search(expect_match, out): test.fail("'%s' not found in output: %s" % (expect_match, out)) # Check in vm if check_vm_cmd: output = session.cmd_output(check_vm_cmd) logging.debug("cmd output: %s", output) if vm_expect_match and not re.search(vm_expect_match, output): test.fail("'%s' not found in output: %s" % (vm_expect_match, output)) finally: # Clean env if vm.is_alive(): vm.destroy(gracefully=False) # Recover xml of vm. vmxml_backup.sync() # Restore created filter virsh.nwfilter_undefine(filter_name, debug=True) virsh.nwfilter_define(filter_backup.xml, debug=True)