def __create_security_group(self): """ Configure OpenStack security groups. Configures and deploys an OpenStack security group object :return: the creator object """ sg_rules = list() sg_rules.append( SecurityGroupRuleConfig(sec_grp_name=self.sg_name, direction=Direction.ingress, protocol=Protocol.icmp)) sg_rules.append( SecurityGroupRuleConfig(sec_grp_name=self.sg_name, direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22)) sg_rules.append( SecurityGroupRuleConfig(sec_grp_name=self.sg_name, direction=Direction.egress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22)) log = "Security group with name: '%s'" % self.sg_name self.logger.info(log) return deploy_utils.create_security_group( self.os_creds, SecurityGroupConfig(name=self.sg_name, description=self.sg_desc, rule_settings=sg_rules))
def create_security_group(self, sec_grp_name): logger.info("Creating the security groups...") rule_ping = SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.icmp) rule_ssh = SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22) rule_http = SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=80, port_range_max=80) rules = [rule_ping, rule_ssh, rule_http] secgroup_settings = SecurityGroupConfig(name=sec_grp_name, rule_settings=rules) sec_group_creator = OpenStackSecurityGroup(self.os_creds, secgroup_settings) sec_group = sec_group_creator.create() self.creators.append(sec_group_creator) return sec_group
def test_remove_rule_by_setting(self): """ Tests the creation of an OpenStack Security Group with two simple custom rules then removes one by the rule setting object """ # Create Security Group sec_grp_rule_settings = list() sec_grp_rule_settings.append( SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name, direction=Direction.ingress, description='test_rule_1')) sec_grp_rule_settings.append( SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name, direction=Direction.egress, protocol=Protocol.udp, ethertype=Ethertype.IPv6, description='test_rule_2')) sec_grp_rule_settings.append( SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name, direction=Direction.egress, protocol=Protocol.udp, ethertype=Ethertype.IPv4, port_range_min=10, port_range_max=20, description='test_rule_3')) sec_grp_settings = SecurityGroupConfig( name=self.sec_grp_name, description='hello group', rule_settings=sec_grp_rule_settings) self.sec_grp_creator = create_security_group.OpenStackSecurityGroup( self.os_creds, sec_grp_settings) self.sec_grp_creator.create() sec_grp = neutron_utils.get_security_group( self.neutron, self.keystone, sec_grp_settings=sec_grp_settings) validation_utils.objects_equivalent( self.sec_grp_creator.get_security_group(), sec_grp) rules = neutron_utils.get_rules_by_security_group( self.neutron, self.sec_grp_creator.get_security_group()) self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules)) validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(), rules) self.assertTrue( validate_sec_grp(self.neutron, self.keystone, self.sec_grp_creator.sec_grp_settings, self.sec_grp_creator.get_security_group(), rules)) self.sec_grp_creator.remove_rule(rule_setting=sec_grp_rule_settings[0]) rules_after_del = neutron_utils.get_rules_by_security_group( self.neutron, self.sec_grp_creator.get_security_group()) self.assertEqual(len(rules) - 1, len(rules_after_del))
def test_create_group_with_one_simple_rule(self): """ Tests the creation of an OpenStack Security Group with one simple custom rule. """ # Create Security Group sec_grp_rule_settings = list() sec_grp_rule_settings.append( SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name, direction=Direction.ingress, description='test_rule_1')) sec_grp_settings = SecurityGroupConfig( name=self.sec_grp_name, description='hello group', rule_settings=sec_grp_rule_settings) self.sec_grp_creator = create_security_group.OpenStackSecurityGroup( self.os_creds, sec_grp_settings) self.sec_grp_creator.create() sec_grp = neutron_utils.get_security_group( self.neutron, self.keystone, sec_grp_settings=sec_grp_settings) validation_utils.objects_equivalent( self.sec_grp_creator.get_security_group(), sec_grp) rules = neutron_utils.get_rules_by_security_group( self.neutron, self.sec_grp_creator.get_security_group()) self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules)) validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(), rules) self.assertTrue( validate_sec_grp(self.neutron, self.keystone, self.sec_grp_creator.sec_grp_settings, self.sec_grp_creator.get_security_group(), rules))
def create_security_group_config(neutron, security_group): """ Returns a SecurityGroupConfig object :param neutron: the neutron client :param security_group: a SNAPS-OO SecurityGroup domain object :return: """ rules = neutron_utils.get_rules_by_security_group(neutron, security_group) rule_settings = list() for rule in rules: rule_settings.append( SecurityGroupRuleConfig(sec_grp_name=security_group.name, description=rule.description, direction=rule.direction, ethertype=rule.ethertype, port_range_min=rule.port_range_min, port_range_max=rule.port_range_max, protocol=rule.protocol, remote_group_id=rule.remote_group_id, remote_ip_prefix=rule.remote_ip_prefix)) return SecurityGroupConfig(name=security_group.name, description=security_group.description, rule_settings=rule_settings)
def test_config_name_and_direction(self): settings = SecurityGroupRuleConfig(**{ 'sec_grp_name': 'foo', 'direction': 'ingress' }) self.assertEqual('foo', settings.sec_grp_name) self.assertEqual(Direction.ingress, settings.direction)
def test_proto_null(self): settings = SecurityGroupRuleConfig(**{ 'sec_grp_name': 'foo', 'direction': 'ingress', 'protocol': 'null' }) self.assertEqual('foo', settings.sec_grp_name) self.assertEqual(Direction.ingress, settings.direction) self.assertEqual(Protocol.null, settings.protocol)
def prepare_security_groups(self): """Create Open Baton security group if it doesn't exist yet""" self.logger.info( "Creating security group for Open Baton if not yet existing...") sg_rules = list() sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.egress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="orchestra-sec-group-allowall", direction=Direction.egress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) security_group = OpenStackSecurityGroup( self.snaps_creds, SecurityGroupConfig(name="orchestra-sec-group-allowall", rule_settings=sg_rules)) security_group_info = security_group.create() self.created_resources.append(security_group) self.mano['details']['sec_group'] = security_group_info.name self.logger.info( "Security group orchestra-sec-group-allowall prepared")
def test_all(self): rule_settings = list() rule_settings.append( SecurityGroupRuleConfig(sec_grp_name='bar', direction=Direction.egress, description='test_rule_1')) rule_settings.append( SecurityGroupRuleConfig(sec_grp_name='bar', direction=Direction.ingress, description='test_rule_2')) settings = SecurityGroupConfig(name='bar', description='fubar', project_name='foo', rule_settings=rule_settings) self.assertEqual('bar', settings.name) self.assertEqual('fubar', settings.description) self.assertEqual('foo', settings.project_name) self.assertEqual(rule_settings[0], settings.rule_settings[0]) self.assertEqual(rule_settings[1], settings.rule_settings[1])
def _add_custom_rule(self, sec_grp_name): """ To add custom rule for SCTP Traffic """ sec_grp_rules = list() sec_grp_rules.append( SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.sctp)) security_group = OpenStackSecurityGroup( self.snaps_creds, SecurityGroupConfig(name=sec_grp_name, rule_settings=sec_grp_rules)) security_group.create() self.created_object.append(security_group)
def test_all(self): settings = SecurityGroupRuleConfig(sec_grp_name='foo', description='fubar', direction=Direction.egress, remote_group_id='rgi', protocol=Protocol.icmp, ethertype=Ethertype.IPv6, port_range_min=1, port_range_max=2, remote_ip_prefix='prfx') self.assertEqual('foo', settings.sec_grp_name) self.assertEqual('fubar', settings.description) self.assertEqual(Direction.egress, settings.direction) self.assertEqual('rgi', settings.remote_group_id) self.assertEqual(Protocol.icmp, settings.protocol) self.assertEqual(Ethertype.IPv6, settings.ethertype) self.assertEqual(1, settings.port_range_min) self.assertEqual(2, settings.port_range_max) self.assertEqual('prfx', settings.remote_ip_prefix)
def __generate_rule_setting(self, rule): """ Creates a SecurityGroupRuleConfig object for a given rule :param rule: the rule from which to create the SecurityGroupRuleConfig object :return: the newly instantiated SecurityGroupRuleConfig object """ sec_grp = neutron_utils.get_security_group_by_id( self._neutron, rule.security_group_id) setting = SecurityGroupRuleConfig( description=rule.description, direction=rule.direction, ethertype=rule.ethertype, port_range_min=rule.port_range_min, port_range_max=rule.port_range_max, protocol=rule.protocol, remote_group_id=rule.remote_group_id, remote_ip_prefix=rule.remote_ip_prefix, sec_grp_name=sec_grp.name) return setting
def test_config_all(self): settings = SecurityGroupRuleConfig( **{ 'sec_grp_name': 'foo', 'description': 'fubar', 'direction': 'egress', 'remote_group_id': 'rgi', 'protocol': 'tcp', 'ethertype': 'IPv6', 'port_range_min': 1, 'port_range_max': 2, 'remote_ip_prefix': 'prfx' }) self.assertEqual('foo', settings.sec_grp_name) self.assertEqual('fubar', settings.description) self.assertEqual(Direction.egress, settings.direction) self.assertEqual('rgi', settings.remote_group_id) self.assertEqual(Protocol.tcp, settings.protocol) self.assertEqual(Ethertype.IPv6, settings.ethertype) self.assertEqual(1, settings.port_range_min) self.assertEqual(2, settings.port_range_max) self.assertEqual('prfx', settings.remote_ip_prefix)
def test_vnf(self): """Run IXIA Stress test on clearwater ims instance.""" start_time = time.time() cfy_client = self.orchestrator['object'] outputs = cfy_client.deployments.outputs.get( self.vnf['descriptor'].get('name'))['outputs'] dns_ip = outputs['dns_ip'] ellis_ip = outputs['ellis_ip'] self.__logger.info("Creating full IXIA network ...") subnet_settings = SubnetConfig(name='ixia_management_subnet', cidr='10.10.10.0/24', dns_nameservers=[env.get('NAMESERVER')]) network_settings = NetworkConfig(name='ixia_management_network', subnet_settings=[subnet_settings]) network_creator = OpenStackNetwork(self.snaps_creds, network_settings) network_creator.create() self.created_object.append(network_creator) ext_net_name = snaps_utils.get_ext_net_name(self.snaps_creds) router_creator = OpenStackRouter( self.snaps_creds, RouterConfig(name='ixia_management_router', external_gateway=ext_net_name, internal_subnets=[subnet_settings.name])) router_creator.create() self.created_object.append(router_creator) # security group creation self.__logger.info("Creating security groups for IXIA VMs") sg_rules = list() sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="ixia_management", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="ixia_management", direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="ixia_management", direction=Direction.ingress, protocol=Protocol.icmp)) ixia_managment_sg_settings = SecurityGroupConfig( name="ixia_management", rule_settings=sg_rules) securit_group_creator = OpenStackSecurityGroup( self.snaps_creds, ixia_managment_sg_settings) securit_group_creator.create() self.created_object.append(securit_group_creator) sg_rules = list() sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="ixia_ssh_http", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) ixia_ssh_http_sg_settings = SecurityGroupConfig(name="ixia_ssh_http", rule_settings=sg_rules) securit_group_creator = OpenStackSecurityGroup( self.snaps_creds, ixia_ssh_http_sg_settings) securit_group_creator.create() self.created_object.append(securit_group_creator) chassis_flavor_settings = FlavorConfig(name="ixia_vChassis", ram=4096, disk=40, vcpus=2) flavor_creator = OpenStackFlavor(self.snaps_creds, chassis_flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) card_flavor_settings = FlavorConfig(name="ixia_vCard", ram=4096, disk=4, vcpus=2) flavor_creator = OpenStackFlavor(self.snaps_creds, card_flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) load_flavor_settings = FlavorConfig(name="ixia_vLoad", ram=8192, disk=100, vcpus=4) flavor_creator = OpenStackFlavor(self.snaps_creds, load_flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) chassis_image_settings = ImageConfig( name=self.test['requirements']['chassis']['image'], image_user='******', exists=True) card_image_settings = ImageConfig( name=self.test['requirements']['card']['image'], image_user='******', exists=True) load_image_settings = ImageConfig( name=self.test['requirements']['load']['image'], image_user='******', exists=True) chassis_port_settings = PortConfig(name='ixia_chassis_port', network_name=network_settings.name) card1_port1_settings = PortConfig(name='ixia_card1_port1', network_name=network_settings.name) card2_port1_settings = PortConfig(name='ixia_card2_port1', network_name=network_settings.name) card1_port2_settings = PortConfig(name='ixia_card1_port2', network_name="cloudify_ims_network") card2_port2_settings = PortConfig(name='ixia_card2_port2', network_name="cloudify_ims_network") load_port_settings = PortConfig(name='ixia_load_port', network_name=network_settings.name) chassis_settings = VmInstanceConfig( name='ixia_vChassis', flavor=chassis_flavor_settings.name, port_settings=[chassis_port_settings], security_group_names=[ ixia_ssh_http_sg_settings.name, ixia_managment_sg_settings.name ], floating_ip_settings=[ FloatingIpConfig( name='ixia_vChassis_fip', port_name=chassis_port_settings.name, router_name=router_creator.router_settings.name) ]) vm_creator = OpenStackVmInstance(self.snaps_creds, chassis_settings, chassis_image_settings) self.__logger.info("Creating Ixia vChassis VM") vm_creator.create() fip_chassis = vm_creator.get_floating_ip().ip self.created_object.append(vm_creator) card1_settings = VmInstanceConfig( name='ixia_vCard1', flavor=card_flavor_settings.name, port_settings=[card1_port1_settings, card1_port2_settings], security_group_names=[ixia_managment_sg_settings.name]) vm_creator = OpenStackVmInstance(self.snaps_creds, card1_settings, card_image_settings) self.__logger.info("Creating Ixia vCard1 VM") vm_creator.create() vcard_ips = list() vcard_ips_p2 = list() vcard_ips.append(vm_creator.get_port_ip('ixia_card1_port1')) vcard_ips_p2.append(vm_creator.get_port_ip('ixia_card1_port2')) self.created_object.append(vm_creator) card2_settings = VmInstanceConfig( name='ixia_vCard2', flavor=card_flavor_settings.name, port_settings=[card2_port1_settings, card2_port2_settings], security_group_names=[ixia_managment_sg_settings.name]) vm_creator = OpenStackVmInstance(self.snaps_creds, card2_settings, card_image_settings) self.__logger.info("Creating Ixia vCard2 VM") vm_creator.create() vcard_ips.append(vm_creator.get_port_ip('ixia_card2_port1')) vcard_ips_p2.append(vm_creator.get_port_ip('ixia_card2_port2')) self.created_object.append(vm_creator) load_settings = VmInstanceConfig( name='ixia_vLoad', flavor=load_flavor_settings.name, port_settings=[load_port_settings], security_group_names=[ ixia_ssh_http_sg_settings.name, ixia_managment_sg_settings.name ], floating_ip_settings=[ FloatingIpConfig( name='ixia_vLoad_fip', port_name=load_port_settings.name, router_name=router_creator.router_settings.name) ]) vm_creator = OpenStackVmInstance(self.snaps_creds, load_settings, load_image_settings) self.__logger.info("Creating Ixia vLoad VM") vm_creator.create() fip_load = vm_creator.get_floating_ip().ip self.created_object.append(vm_creator) self.__logger.info("Chassis IP is: %s", fip_chassis) login_url = "https://" + str(fip_chassis) + "/api/v1/auth/session" cards_url = "https://" + str(fip_chassis) + "/api/v2/ixos/cards/" payload = json.dumps({ "username": "******", "password": "******", "rememberMe": "false" }) api_key = json.loads( (IxChassisUtils.ChassisRestAPI.postWithPayload(login_url, payload)))["apiKey"] self.__logger.info("Adding 2 card back inside the ixia chassis...") for ip in vcard_ips: payload = {"ipAddress": str(ip)} response = json.loads( IxChassisUtils.ChassisRestAPI.postOperation( cards_url, api_key, payload)) count = 0 while (int( IxChassisUtils.ChassisRestAPI.getWithHeaders( response['url'], api_key)['progress']) != 100): self.__logger.debug("Operation did not finish yet. \ Waiting for 1 more second..") time.sleep(1) if count > 60: raise Exception("Adding card take more than 60 seconds") count += 1 ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy()) ssh.connect(fip_chassis, username="******", password="******") cmd = "set license-check disable" run_blocking_ssh_command(ssh, cmd) cmd = "restart-service ixServer" run_blocking_ssh_command(ssh, cmd) self.config_ellis(ellis_ip) # Get IPs of P-CSCF resolver = dns.resolver.Resolver() resolver.nameservers = [dns_ip] result = resolver.query("bono.clearwater.local") iplistims = '' i = 0 for rdata in result: i = i + 1 print rdata.address iplistims += str(rdata.address) if i != len(result): iplistims += ';' kResourcesUrl = 'http://%s:%s/api/v0/resources' % (fip_load, 8080) kRxfPath = r"REG_CALL_OPNFV_v13.rxf" test_filname = self.test['inputs']['test_filname'] kGatewaySharedFolder = '/mnt/ixload-share/' kRxfRelativeUploadPath = 'uploads/%s' % os.path.split(kRxfPath)[1] kRxfAbsoluteUploadPath = os.path.join(kGatewaySharedFolder, kRxfRelativeUploadPath) kChassisList = [str(fip_chassis)] dataFileNameList = [ test_filname, 'Registration_only_LPS.tst', 'SIPCall.tst' ] kPortListPerCommunityCommunity = { "VoIP1@VM1": [(1, 1, 1)], "VoIP2@VM2": [(1, 2, 1)] } kStatsToDisplayDict = self.test['inputs']['stats'] connection = IxRestUtils.getConnection(fip_load, 8080) self.__logger.info("Creating a new session...") sessionUrl = IxLoadUtils.createSession(connection, self.test['version']) license_server = self.test['inputs']['licenseServer'] IxLoadUtils.configureLicenseServer(connection, sessionUrl, license_server) files_dir = os.path.join(self.case_dir, 'ixia/files') target_file = open(os.path.join(files_dir, test_filname), 'w') j2_env = Environment(loader=FileSystemLoader(files_dir), trim_blocks=True) self.test['inputs'].update( dict(ipchassis=fip_chassis, ipcard1=vcard_ips_p2[0], ipcard2=vcard_ips_p2[1], iplistims=iplistims)) target_file.write( j2_env.get_template(test_filname + '.template').render( self.test['inputs'])) target_file.close() self.__logger.info('Uploading files %s...' % kRxfPath) for dataFile in dataFileNameList: localFilePath = os.path.join(files_dir, dataFile) remoteFilePath = os.path.join(kGatewaySharedFolder, 'uploads/%s' % dataFile) IxLoadUtils.uploadFile(connection, kResourcesUrl, localFilePath, remoteFilePath) self.__logger.info('Upload file finished.') self.__logger.info("Loading repository %s..." % kRxfAbsoluteUploadPath) IxLoadUtils.loadRepository(connection, sessionUrl, kRxfAbsoluteUploadPath) self.__logger.info("Clearing chassis list...") IxLoadUtils.clearChassisList(connection, sessionUrl) self.__logger.info("Adding chassis %s..." % (kChassisList)) IxLoadUtils.addChassisList(connection, sessionUrl, kChassisList) self.__logger.info("Assigning new ports...") IxLoadUtils.assignPorts(connection, sessionUrl, kPortListPerCommunityCommunity) self.__logger.info("Starting the test...") IxLoadUtils.runTest(connection, sessionUrl) self.__logger.info("Polling values for stats %s..." % (kStatsToDisplayDict)) result = IxLoadUtils.pollStats(connection, sessionUrl, kStatsToDisplayDict) self.__logger.info("Test finished.") self.__logger.info("Checking test status...") testRunError = IxLoadUtils.getTestRunError(connection, sessionUrl) self.__logger.info(result) duration = time.time() - start_time self.details['test_vnf'].update(status='PASS', result=result, duration=duration) if testRunError: self.__logger.info("The test exited with following error: %s" % (testRunError)) self.details['test_vnf'].update(status='FAIL', duration=duration) return False else: self.__logger.info("The test completed successfully.") self.details['test_vnf'].update(status='PASS', duration=duration) self.result += 1 / 3 * 100 return True
def setUp(self): """ Instantiates the CreateImage object that is responsible for downloading and creating an OS image file within OpenStack """ super(self.__class__, self).__start__() self.nova = nova_utils.nova_client(self.os_creds, self.os_session) guid = self.__class__.__name__ + '-' + str(uuid.uuid4()) self.keypair_priv_filepath = 'tmp/' + guid self.keypair_pub_filepath = self.keypair_priv_filepath + '.pub' self.keypair_name = guid + '-kp' self.vm_inst_name = guid + '-inst' self.test_file_local_path = 'tmp/' + guid + '-hello.txt' self.port_1_name = guid + '-port-1' self.port_2_name = guid + '-port-2' self.floating_ip_name = guid + 'fip1' # Setup members to cleanup just in case they don't get created self.inst_creator = None self.keypair_creator = None self.sec_grp_creator = None self.flavor_creator = None self.router_creator = None self.network_creator = None self.image_creator = None try: # Create Image os_image_settings = openstack_tests.ubuntu_image_settings( name=guid + '-' + '-image', image_metadata=self.image_metadata) self.image_creator = create_image.OpenStackImage( self.os_creds, os_image_settings) self.image_creator.create() # First network is public self.pub_net_config = openstack_tests.get_pub_net_config( project_name=self.os_creds.project_name, net_name=guid + '-pub-net', mtu=1442, subnet_name=guid + '-pub-subnet', router_name=guid + '-pub-router', external_net=self.ext_net_name) self.network_creator = create_network.OpenStackNetwork( self.os_creds, self.pub_net_config.network_settings) self.network_creator.create() # Create routers self.router_creator = create_router.OpenStackRouter( self.os_creds, self.pub_net_config.router_settings) self.router_creator.create() # Create Flavor flavor_config = openstack_tests.get_flavor_config( name=guid + '-flavor-name', ram=2048, disk=10, vcpus=2, metadata=self.flavor_metadata) self.flavor_creator = create_flavor.OpenStackFlavor( self.admin_os_creds, flavor_config) self.flavor_creator.create() # Create Key/Pair self.keypair_creator = create_keypairs.OpenStackKeypair( self.os_creds, KeypairConfig(name=self.keypair_name, public_filepath=self.keypair_pub_filepath, private_filepath=self.keypair_priv_filepath)) self.keypair_creator.create() # Create Security Group sec_grp_name = guid + '-sec-grp' rule1 = SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.icmp) rule2 = SecurityGroupRuleConfig(sec_grp_name=sec_grp_name, direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=22, port_range_max=22) self.sec_grp_creator = OpenStackSecurityGroup( self.os_creds, SecurityGroupConfig(name=sec_grp_name, rule_settings=[rule1, rule2])) self.sec_grp_creator.create() # Create instance ports_settings = list() ports_settings.append( PortConfig( name=self.port_1_name, network_name=self.pub_net_config.network_settings.name)) instance_settings = VmInstanceConfig( name=self.vm_inst_name, flavor=self.flavor_creator.flavor_settings.name, port_settings=ports_settings, floating_ip_settings=[ FloatingIpConfig( name=self.floating_ip_name, port_name=self.port_1_name, router_name=self.pub_net_config.router_settings.name) ]) self.inst_creator = create_instance.OpenStackVmInstance( self.os_creds, instance_settings, self.image_creator.image_settings, keypair_settings=self.keypair_creator.keypair_settings) except: self.tearDown() raise
def deploy_orchestrator(self): """ Deploy Cloudify Manager. network, security group, fip, VM creation """ # network creation start_time = time.time() self.__logger.info("Creating keypair ...") kp_file = os.path.join(self.data_dir, "cloudify_ims.pem") keypair_settings = KeypairConfig(name='cloudify_ims_kp', private_filepath=kp_file) keypair_creator = OpenStackKeypair(self.snaps_creds, keypair_settings) keypair_creator.create() self.created_object.append(keypair_creator) self.__logger.info("Creating full network ...") subnet_settings = SubnetConfig(name='cloudify_ims_subnet', cidr='10.67.79.0/24') network_settings = NetworkConfig(name='cloudify_ims_network', subnet_settings=[subnet_settings]) network_creator = OpenStackNetwork(self.snaps_creds, network_settings) network_creator.create() self.created_object.append(network_creator) ext_net_name = snaps_utils.get_ext_net_name(self.snaps_creds) router_creator = OpenStackRouter( self.snaps_creds, RouterConfig(name='cloudify_ims_router', external_gateway=ext_net_name, internal_subnets=[subnet_settings.name])) router_creator.create() self.created_object.append(router_creator) # security group creation self.__logger.info("Creating security group for cloudify manager vm") sg_rules = list() sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="sg-cloudify-manager", direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig(sec_grp_name="sg-cloudify-manager", direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) securit_group_creator = OpenStackSecurityGroup( self.snaps_creds, SecurityGroupConfig(name="sg-cloudify-manager", rule_settings=sg_rules)) securit_group_creator.create() self.created_object.append(securit_group_creator) # orchestrator VM flavor self.__logger.info("Get or create flavor for cloudify manager vm ...") flavor_settings = FlavorConfig( name=self.orchestrator['requirements']['flavor']['name'], ram=self.orchestrator['requirements']['flavor']['ram_min'], disk=50, vcpus=2) flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) image_settings = ImageConfig( name=self.orchestrator['requirements']['os_image'], image_user='******', exists=True) port_settings = PortConfig(name='cloudify_manager_port', network_name=network_settings.name) manager_settings = VmInstanceConfig( name='cloudify_manager', flavor=flavor_settings.name, port_settings=[port_settings], security_group_names=[securit_group_creator.sec_grp_settings.name], floating_ip_settings=[ FloatingIpConfig( name='cloudify_manager_fip', port_name=port_settings.name, router_name=router_creator.router_settings.name) ]) manager_creator = OpenStackVmInstance(self.snaps_creds, manager_settings, image_settings, keypair_settings) self.__logger.info("Creating cloudify manager VM") manager_creator.create() self.created_object.append(manager_creator) public_auth_url = keystone_utils.get_endpoint(self.snaps_creds, 'identity') self.__logger.info("Set creds for cloudify manager") cfy_creds = dict(keystone_username=self.snaps_creds.username, keystone_password=self.snaps_creds.password, keystone_tenant_name=self.snaps_creds.project_name, keystone_url=public_auth_url) cfy_client = CloudifyClient(host=manager_creator.get_floating_ip().ip, username='******', password='******', tenant='default_tenant') self.orchestrator['object'] = cfy_client self.__logger.info("Attemps running status of the Manager") cfy_status = None retry = 10 while str(cfy_status) != 'running' and retry: try: cfy_status = cfy_client.manager.get_status()['status'] self.__logger.debug("The current manager status is %s", cfy_status) except Exception: # pylint: disable=broad-except self.__logger.warning("Cloudify Manager isn't " + "up and running. Retrying ...") retry = retry - 1 time.sleep(30) if str(cfy_status) == 'running': self.__logger.info("Cloudify Manager is up and running") else: raise Exception("Cloudify Manager isn't up and running") self.__logger.info("Put OpenStack creds in manager") secrets_list = cfy_client.secrets.list() for k, val in cfy_creds.iteritems(): if not any(d.get('key', None) == k for d in secrets_list): cfy_client.secrets.create(k, val) else: cfy_client.secrets.update(k, val) duration = time.time() - start_time self.__logger.info("Put private keypair in manager") if manager_creator.vm_ssh_active(block=True): ssh = manager_creator.ssh_client() scp = SCPClient(ssh.get_transport(), socket_timeout=15.0) scp.put(kp_file, '~/') cmd = "sudo cp ~/cloudify_ims.pem /etc/cloudify/" run_blocking_ssh_command(ssh, cmd) cmd = "sudo chmod 444 /etc/cloudify/cloudify_ims.pem" run_blocking_ssh_command(ssh, cmd) cmd = "sudo yum install -y gcc python-devel" run_blocking_ssh_command( ssh, cmd, "Unable to install packages \ on manager") self.details['orchestrator'].update(status='PASS', duration=duration) self.vnf['inputs'].update( dict(external_network_name=ext_net_name, network_name=network_settings.name)) self.result = 1 / 3 * 100 return True
def deploy_orchestrator(self): # pylint: disable=too-many-locals,too-many-statements """ Deploy Cloudify Manager. network, security group, fip, VM creation """ start_time = time.time() # orchestrator VM flavor self.__logger.info("Get or create flavor for cloudify manager vm ...") flavor_settings = FlavorConfig( name="{}-{}".format( self.orchestrator['requirements']['flavor']['name'], self.uuid), ram=self.orchestrator['requirements']['flavor']['ram_min'], disk=50, vcpus=2) flavor_creator = OpenStackFlavor(self.snaps_creds, flavor_settings) flavor_creator.create() self.created_object.append(flavor_creator) self.__logger.info("Creating a second user to bypass issues ...") user_creator = OpenStackUser( self.snaps_creds, UserConfig( name='cloudify_network_bug-{}'.format(self.uuid), password=str(uuid.uuid4()), project_name=self.tenant_name, domain_name=self.snaps_creds.user_domain_name, roles={'_member_': self.tenant_name})) user_creator.create() self.created_object.append(user_creator) snaps_creds = user_creator.get_os_creds(self.snaps_creds.project_name) self.__logger.debug("snaps creds: %s", snaps_creds) self.__logger.info("Creating keypair ...") kp_file = os.path.join(self.data_dir, "cloudify_ims.pem") keypair_settings = KeypairConfig( name='cloudify_ims_kp-{}'.format(self.uuid), private_filepath=kp_file) keypair_creator = OpenStackKeypair(snaps_creds, keypair_settings) keypair_creator.create() self.created_object.append(keypair_creator) # needs some images self.__logger.info("Upload some OS images if it doesn't exist") for image_name, image_file in self.images.iteritems(): self.__logger.info("image: %s, file: %s", image_name, image_file) if image_file and image_name: image_creator = OpenStackImage( snaps_creds, ImageConfig( name=image_name, image_user='******', img_format='qcow2', image_file=image_file)) image_creator.create() self.created_object.append(image_creator) # network creation self.__logger.info("Creating full network ...") subnet_settings = SubnetConfig( name='cloudify_ims_subnet-{}'.format(self.uuid), cidr='10.67.79.0/24', dns_nameservers=[env.get('NAMESERVER')]) network_settings = NetworkConfig( name='cloudify_ims_network-{}'.format(self.uuid), subnet_settings=[subnet_settings]) network_creator = OpenStackNetwork(snaps_creds, network_settings) network_creator.create() self.created_object.append(network_creator) ext_net_name = snaps_utils.get_ext_net_name(snaps_creds) router_creator = OpenStackRouter( snaps_creds, RouterConfig( name='cloudify_ims_router-{}'.format(self.uuid), external_gateway=ext_net_name, internal_subnets=[subnet_settings.name])) router_creator.create() self.created_object.append(router_creator) # security group creation self.__logger.info("Creating security group for cloudify manager vm") sg_rules = list() sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="sg-cloudify-manager-{}".format(self.uuid), direction=Direction.ingress, protocol=Protocol.tcp, port_range_min=1, port_range_max=65535)) sg_rules.append( SecurityGroupRuleConfig( sec_grp_name="sg-cloudify-manager-{}".format(self.uuid), direction=Direction.ingress, protocol=Protocol.udp, port_range_min=1, port_range_max=65535)) security_group_creator = OpenStackSecurityGroup( snaps_creds, SecurityGroupConfig( name="sg-cloudify-manager-{}".format(self.uuid), rule_settings=sg_rules)) security_group_creator.create() self.created_object.append(security_group_creator) image_settings = ImageConfig( name=self.orchestrator['requirements']['os_image'], image_user='******', exists=True) port_settings = PortConfig( name='cloudify_manager_port-{}'.format(self.uuid), network_name=network_settings.name) manager_settings = VmInstanceConfig( name='cloudify_manager-{}'.format(self.uuid), flavor=flavor_settings.name, port_settings=[port_settings], security_group_names=[ security_group_creator.sec_grp_settings.name], floating_ip_settings=[FloatingIpConfig( name='cloudify_manager_fip-{}'.format(self.uuid), port_name=port_settings.name, router_name=router_creator.router_settings.name)]) manager_creator = OpenStackVmInstance( snaps_creds, manager_settings, image_settings, keypair_settings) self.__logger.info("Creating cloudify manager VM") manager_creator.create() self.created_object.append(manager_creator) public_auth_url = keystone_utils.get_endpoint(snaps_creds, 'identity') cfy_creds = dict( keystone_username=snaps_creds.username, keystone_password=snaps_creds.password, keystone_tenant_name=snaps_creds.project_name, keystone_url=public_auth_url, region=snaps_creds.region_name, user_domain_name=snaps_creds.user_domain_name, project_domain_name=snaps_creds.project_domain_name) self.__logger.info("Set creds for cloudify manager %s", cfy_creds) cfy_client = CloudifyClient( host=manager_creator.get_floating_ip().ip, username='******', password='******', tenant='default_tenant') self.orchestrator['object'] = cfy_client self.__logger.info("Attemps running status of the Manager") for loop in range(10): try: self.__logger.debug( "status %s", cfy_client.manager.get_status()) cfy_status = cfy_client.manager.get_status()['status'] self.__logger.info( "The current manager status is %s", cfy_status) if str(cfy_status) != 'running': raise Exception("Cloudify Manager isn't up and running") self.__logger.info("Put OpenStack creds in manager") secrets_list = cfy_client.secrets.list() for k, val in cfy_creds.iteritems(): if not any(d.get('key', None) == k for d in secrets_list): cfy_client.secrets.create(k, val) else: cfy_client.secrets.update(k, val) break except Exception: # pylint: disable=broad-except self.logger.info( "try %s: Cloudify Manager isn't up and running", loop + 1) time.sleep(30) else: self.logger.error("Cloudify Manager isn't up and running") return False duration = time.time() - start_time if manager_creator.vm_ssh_active(block=True): self.__logger.info("Put private keypair in manager") ssh = manager_creator.ssh_client() scp = SCPClient(ssh.get_transport(), socket_timeout=15.0) scp.put(kp_file, '~/') cmd = "sudo cp ~/cloudify_ims.pem /etc/cloudify/" self.run_blocking_ssh_command(ssh, cmd) cmd = "sudo chmod 444 /etc/cloudify/cloudify_ims.pem" self.run_blocking_ssh_command(ssh, cmd) # cmd2 is badly unpinned by Cloudify cmd = "sudo yum install -y gcc python-devel python-cmd2" self.run_blocking_ssh_command( ssh, cmd, "Unable to install packages on manager") self.run_blocking_ssh_command(ssh, 'cfy status') else: self.__logger.error("Cannot connect to manager") return False self.details['orchestrator'].update(status='PASS', duration=duration) self.vnf['inputs'].update(dict( external_network_name=ext_net_name, network_name=network_settings.name, key_pair_name=keypair_settings.name )) self.result = 1/3 * 100 return True
def test_invalid_rule(self): rule_setting = SecurityGroupRuleConfig(sec_grp_name='bar', direction=Direction.ingress, description='test_rule_1') with self.assertRaises(SecurityGroupConfigError): SecurityGroupConfig(name='foo', rule_settings=[rule_setting])
def test_no_params(self): with self.assertRaises(SecurityGroupRuleConfigError): SecurityGroupRuleConfig()
def test_empty_config(self): with self.assertRaises(SecurityGroupRuleConfigError): SecurityGroupRuleConfig(**dict())
def test_name_and_direction(self): settings = SecurityGroupRuleConfig(sec_grp_name='foo', direction=Direction.ingress) self.assertEqual('foo', settings.sec_grp_name) self.assertEqual(Direction.ingress, settings.direction)
def test_config_with_name_only(self): with self.assertRaises(SecurityGroupRuleConfigError): SecurityGroupRuleConfig(**{'sec_grp_name': 'foo'})
def test_name_only(self): with self.assertRaises(SecurityGroupRuleConfigError): SecurityGroupRuleConfig(sec_grp_name='foo')