def create(self, target_vm=None): ''' @param: target_vm: ZstackTestVm(). Target_vm is important. It is for eip testing. If target_vm is none, it means this eip is not attached for any vm. ''' self.eip = net_ops.create_eip(self.eip_creation_option) vm_nic_uuid = self.eip_creation_option.get_vm_nic_uuid() self.target_vm = target_vm vip_uuid = self.eip_creation_option.get_vip_uuid() self.vip = test_lib.lib_get_vip_by_uuid(vip_uuid) if vm_nic_uuid: self.state = eip_header.ATTACHED else: self.state = eip_header.DETACHED super(ZstackTestEip, self).create()
def check(self): super(zstack_vcenter_pf_vip_icmp_checker, self).check() test_result = True pf_rule = self.test_obj.get_port_forwarding() vip_uuid = pf_rule.vipUuid cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid) vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) else: test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid)) return self.judge(test_result)
def check(self): super(zstack_kvm_pf_vip_icmp_checker, self).check() test_result = True pf_rule = self.test_obj.get_port_forwarding() vip_uuid = pf_rule.vipUuid cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid) vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) else: test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid)) return self.judge(test_result)
def check(self): super(vip_used_for_checker, self).check() test_result = True vip_uuid = self.test_obj.get_vip().uuid try: vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid) except: test_util.test_logger('Check Result: not find vip by [uuid:] %s '\ % vip_uuid) return self.judge(False) if vip_db and self.use_for in vip_db.useFor: test_util.test_logger('Check Result: [vip:] %s is used for %s' \ % (vip_uuid, self.use_for)) return self.judge(True) test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \ % (vip_uuid, self.use_for)) return self.judge(False)
def check(self): super(vip_used_for_checker, self).check() test_result = True vip_uuid = self.test_obj.get_vip().uuid try: vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid) except: test_util.test_logger('Check Result: not find vip by [uuid:] %s '\ % vip_uuid) return self.judge(False) if vip_db and vip_db.useFor == self.use_for: test_util.test_logger('Check Result: [vip:] %s is used for %s' \ % (vip_uuid, self.use_for)) return self.judge(True) test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \ % (vip_uuid, self.use_for)) return self.judge(False)
def check(self): super(vip_used_for_checker, self).check() test_result = True vip_uuid = self.test_obj.get_vip().uuid try: vip_db = test_lib.lib_get_vip_by_uuid(vip_uuid) except: test_util.test_logger('Check Result: not find vip by [uuid:] %s '\ % vip_uuid) return self.judge(False) #Because of bug16125,these lines which are check vip.usefor is commented out temporary. # if vip_db and self.use_for in vip_db.useFor and vip_db.useFor.count(self.use_for) == 1: # test_util.test_logger('Check Result: [vip:] %s is used for %s' \ # % (vip_uuid, self.use_for)) # return self.judge(True) # test_util.test_logger('Check Result: [vip:] %s is NOT used for %s' \ # % (vip_uuid, self.use_for)) # return self.judge(False) return self.judge(True)
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() vm_nic1 = vm1.get_vm().vmNics[0] vm_nic1_uuid = vm_nic1.uuid vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm3) vm3.check() vm_nic3 = vm3.get_vm().vmNics[0] vm_nic3_uuid = vm_nic3.uuid pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.create_vip('vip for multi-services', l3_uuid1) vip_uuid = vip1.get_vip().uuid cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create PF in mevoco1') l3_name = os.environ.get('l3NoVlanNetworkName1') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) l3_name = os.environ.get('l3VlanNetworkName4') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr) pf_creation_opt1 = PfRule.generate_pf_rule_option( vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid) test_pf1 = zstack_pf_header.ZstackTestPortForwarding() test_pf1.set_creation_option(pf_creation_opt1) test_pf1.create() vip1.attach_pf(test_pf1) vip1.check() test_pf1.attach(vm_nic1_uuid, vm1) vip1.check() test_util.test_dsc('Create LB in mevoco1') lb = zstack_lb_header.ZstackTestLoadBalancer() lb.create('create lb test', vip1.get_vip().uuid) test_obj_dict1.add_load_balancer(lb) vip1.attach_lb(lb) lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port=222, lbi_port=22) lbl = lb.create_listener(lb_creation_option) lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid]) lb.check() vip1.check() test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) # delete ipsec os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" not in vip1_db.useFor # delete PF test_pf1.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "PortForwarding" not in vip1_db.useFor # delete LB lb.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert vip1_db.useFor is None test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) vip2.delete() test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1.delete() test_util.test_pass('Create multiple service with 1 snat IP Success')
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 global ipsec3 global ipsec4 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr test_util.test_dsc('Create test vm in mevoco2') vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4')) test_obj_dict2.add_vm(vm3) vm3.check() pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3) third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip1.get_vip().uuid, [third_zstack_cidrs]) vip1_uuid = vip1.get_vip().uuid vip1_db = test_lib.lib_get_vip_by_uuid(vip1_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) ipsec4 = ipsec_ops.create_ipsec_connection('ipsec4', pri_l3_uuid3, vip1.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) ipsec_ops.delete_ipsec_connection(ipsec3.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) if test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) ipsec_ops.delete_ipsec_connection(ipsec4.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def check(self): super(pf_checker, self).check() test_result = True try: test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid) except: test_util.test_logger('Check Result: [vip:] %s is not exist' % self.test_obj.get_vip().uuid) self.test_obj.update() return self.judge(False) if not self.test_obj.get_pf_list(): test_util.test_logger('Check Result: [vip:] %s is not attached to any pf.' % self.test_obj.get_vip().uuid) self.test_obj.update() return self.judge(False) vip = self.test_obj.get_vip() vipIp = vip.ip all_ports = port_header.all_ports pf_running_list = self.test_obj.get_pf_list_for_running_vm() pf_tcp_list, pf_udp_list = self.separate_tcp_udp_list(pf_running_list) pf_tcp_dict = self.gen_tcp_dict_by_allowed_cidr(pf_tcp_list) pf_stopped_list = self.test_obj.get_pf_list_for_stopped_vm() pf_detached_list = self.test_obj.get_detached_pf_list() vip_l3 = self.test_obj.get_vip().l3NetworkUuid if not pf_running_list: # all ports should be denied, since no living vm. for pf in pf_stopped_list: test_result = self.check_denied_pf(pf) if test_result != self.exp_result: return self.judge(test_result) for pf in pf_detached_list: test_result = self.check_denied_pf(pf) if test_result != self.exp_result: return self.judge(test_result) else: #open TCP ports for living vms for pf in pf_tcp_list: target_vm = pf.get_target_vm().vm vm_l3 = test_lib.lib_get_nic_by_uuid(pf.get_port_forwarding().vmNicUuid).l3NetworkUuid test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_l3) #calc allowed ports, per allowed_cidr for allowed_vr_ip, pf_dict_list in pf_tcp_dict.iteritems(): allowed_ports = [] denied_ports = all_ports #find all pf rules on running vm. These rules are supposed to be connectable, unless they are blocked by target vm's sg. allowed_ports, denied_ports = \ self.count_pf_allowed_denied_ports( pf_dict_list, allowed_ports, denied_ports) #although the target_vm might be different, but the denied_vr_vm should be same. target_vm_nic_uuid = pf_dict_list[0].get_port_forwarding().vmNicUuid allowed_vr_vm, denied_vr_vm = \ self.get_allowed_denied_vr_vm(allowed_vr_ip, target_vm_nic_uuid) denied_vr_ip = test_lib.lib_find_vr_pub_ip(denied_vr_vm) try: test_lib.lib_check_ports_in_a_command(allowed_vr_vm, allowed_vr_ip, vipIp, allowed_ports, denied_ports, target_vm) except: traceback.print_exc(file=sys.stdout) test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCP [rules] for allowed Cidr: %s from [vm:] %s . " % \ (vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) if test_result != self.exp_result: return self.judge(test_result) test_util.test_logger("Checking pass for [vip:] %s Port Forwardings TCP rules for allowed Cidr: %s from [vm:] %s " % \ (vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid)) #check denied vr access. allowed_ports = [] denied_ports = all_ports #the denied vr might be in other pf rule. if denied_vr_ip in pf_tcp_dict.keys(): allowed_ports, denied_ports = \ self.count_pf_allowed_denied_ports( pf_tcp_dict[denied_vr_ip], allowed_ports, denied_ports) try: test_lib.lib_check_ports_in_a_command(denied_vr_vm, denied_vr_ip, vipIp, allowed_ports, denied_ports, target_vm) except: traceback.print_exc(file=sys.stdout) test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCPs for not allowed Cidr from [vm:] %s" % (vip.uuid, allowed_vr_vm.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) test_util.test_logger("Checking pass for Port Forwarding TCP [rule:] %s for not allowed Cidr from [vm:] %s . All ports should be blocked. " % (vip.uuid, allowed_vr_vm.uuid)) if test_result != self.exp_result: return self.judge(test_result) #check pf_udp rule existance. for pf in pf_udp_list: test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(pf.get_port_forwarding()) test_util.test_logger('Check result: [Port Forwarding] %s finishes UDP rule existance testing' % pf.get_port_forwarding().uuid) return self.judge(test_result) test_util.test_logger('Check result: [Port Forwarding] finishes [vip:] %s TCP testing.' % vip.uuid) return self.judge(test_result)
def check(self): super(eip_checker, self).check() try: test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid) except: test_util.test_logger('Check Result: [vip:] %s does not exist' % self.test_obj.get_vip().uuid) return self.judge(False) vip = self.test_obj.get_vip() vipIp = vip.ip eip_obj = self.test_obj.get_eip() eip = eip_obj.get_eip() try: test_eip = test_lib.lib_get_eip_by_uuid(eip.uuid) except: test_util.test_logger('Check Result: [eip:] %s does not exist' % eip.uuid) return self.judge(False) if eip_obj.state == eip_header.ATTACHED: self.vm_nic_uuid = eip.vmNicUuid self.get_all_available_vr_ip() all_ports = port_header.all_ports if not self.vm_nic_uuid: #eip is not attached self.set_random_denied_vr() return self.judge(self.check_eip_denied_tcp()) else: vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid) #only open ports when VM is running. if eip_obj.get_target_vm().state == vm_header.RUNNING: target_vm = eip_obj.get_target_vm().vm test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_nic.l3NetworkUuid) else: self.set_random_denied_vr() return self.judge(self.check_eip_denied_tcp()) #make sure no any SG rule can impact eip testing. sg_invs = test_lib.lib_get_sg_invs_by_nic_uuid(self.vm_nic_uuid) test_result = self.exp_result if not sg_invs: #If no SG TCP rules for vm_nic, means all ports are connectable self.set_random_allowed_vr() self.denied_vr = None self.denied_vr_ip = None self.allowed_ports = all_ports self.denied_ports = [] test_result = self.check_eip_allowed_tcp() if test_result != self.exp_result: return self.judge(test_result) #if no icmp rule, means ping should be successful test_result = self.check_eip_icmp(True) if test_result != self.exp_result: return self.judge(test_result) else: self.calc_sg_tcp_ports(sg_invs) test_result = self.check_eip_allowed_tcp() if test_result != self.exp_result: return self.judge(test_result) test_result = self.check_eip_denied_tcp() if test_result != self.exp_result: return self.judge(test_result) test_util.test_logger('Checker Result for EIP checker: %s' % test_result) return self.judge(test_result)
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() vm_nic1 = vm1.get_vm().vmNics[0] vm_nic1_uuid = vm_nic1.uuid vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm3) vm3.check() vm_nic3 = vm3.get_vm().vmNics[0] vm_nic3_uuid = vm_nic3.uuid pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip) vip_uuid = vip1.get_vip().uuid cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create PF in mevoco1') l3_name = os.environ.get('l3NoVlanNetworkName1') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) l3_name = os.environ.get('l3VlanNetworkName4') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr) pf_creation_opt1 = PfRule.generate_pf_rule_option(vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid) test_pf1 = zstack_pf_header.ZstackTestPortForwarding() test_pf1.set_creation_option(pf_creation_opt1) test_pf1.create() vip1.attach_pf(test_pf1) vip1.check() test_pf1.attach(vm_nic1_uuid, vm1) vip1.check() test_util.test_dsc('Create LB in mevoco1') lb = zstack_lb_header.ZstackTestLoadBalancer() lb.create('create lb test', vip1.get_vip().uuid) test_obj_dict1.add_load_balancer(lb) vip1.attach_lb(lb) lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port = 222, lbi_port = 22) lbl = lb.create_listener(lb_creation_option) lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid]) lb.check() vip1.check() test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) # delete ipsec os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" not in vip1_db.useFor # delete PF test_pf1.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "PortForwarding" not in vip1_db.useFor # delete LB lb.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "LoadBalancer" not in vip1_db.useFor test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) vip2.delete() test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create multiple service with 1 snat IP Success')