def test_delete_account(self): """Test for delete account""" # Validate the Following # 1. after account.cleanup.interval (global setting) # time all the PF/LB rules should be deleted # 2. verify that list(LoadBalancer/PortForwarding)Rules # API does not return any rules for the account # 3. The domR should have been expunged for this account self.account.delete(self.apiclient) interval = list_configurations(self.apiclient, name='account.cleanup.interval') self.assertEqual(isinstance(interval, list), True, "Check if account.cleanup.interval config present") # Sleep to ensure that all resources are deleted time.sleep(int(interval[0].value)) # ListLoadBalancerRules should not list # associated rules with deleted account # Unable to find account testuser1 in domain 1 : Exception try: list_lb_rules(self.apiclient, account=self.account.name, domainid=self.account.domainid) except CloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # ListPortForwardingRules should not # list associated rules with deleted account try: list_nat_rules(self.apiclient, account=self.account.name, domainid=self.account.domainid) except CloudstackAPIException: self.debug("NATRule is deleted") # Retrieve router for the user account try: routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(routers, None, "Check routers are properly deleted.") except CloudstackAPIException: self.debug("Router is deleted") except Exception as e: raise Exception( "Encountered %s raised while fetching routers for account: %s" % (e, self.account.name)) return
def test_releaseIP(self): """Test for release public IP address""" self.debug("Deleting Public IP : %s" % self.ip_addr.id) self.ip_address.delete(self.apiclient) retriesCount = 10 isIpAddressDisassociated = False while retriesCount > 0: listResponse = list_publicIP( self.apiclient, id=self.ip_addr.id ) if listResponse is None: isIpAddressDisassociated = True break retriesCount -= 1 time.sleep(60) # End while self.assertTrue( isIpAddressDisassociated, "Failed to disassociate IP address") # ListPortForwardingRules should not list # associated rules with Public IP address try: list_nat_rule = list_nat_rules( self.apiclient, id=self.nat_rule.id ) self.debug("List NAT Rule response" + str(list_nat_rule)) except CloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # listLoadBalancerRules should not list # associated rules with Public IP address try: list_lb_rule = list_lb_rules( self.apiclient, id=self.lb_rule.id ) self.debug("List LB Rule response" + str(list_lb_rule)) except CloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # SSH Attempt though public IP should fail with self.assertRaises(Exception): SshClient( self.ip_addr.ipaddress, self.services["natrule"]["publicport"], self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def test_releaseIP(self): """Test for release public IP address""" logger.debug("Deleting Public IP : %s" % self.ip_addr.id) self.ip_address.delete(self.apiclient) retriesCount = 10 isIpAddressDisassociated = False while retriesCount > 0: listResponse = list_publicIP( self.apiclient, id=self.ip_addr.id ) if listResponse is None: isIpAddressDisassociated = True break retriesCount -= 1 time.sleep(60) # End while self.assertTrue( isIpAddressDisassociated, "Failed to disassociate IP address") # ListPortForwardingRules should not list # associated rules with Public IP address try: list_nat_rule = list_nat_rules( self.apiclient, id=self.nat_rule.id ) logger.debug("List NAT Rule response" + str(list_nat_rule)) except CloudstackAPIException: logger.debug("Port Forwarding Rule is deleted") # listLoadBalancerRules should not list # associated rules with Public IP address try: list_lb_rule = list_lb_rules( self.apiclient, id=self.lb_rule.id ) logger.debug("List LB Rule response" + str(list_lb_rule)) except CloudstackAPIException: logger.debug("Port Forwarding Rule is deleted") # SSH Attempt though public IP should fail with self.assertRaises(Exception): SshClient( self.ip_addr.ipaddress, self.services["natrule"]["publicport"], self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def test_router_dns_guestipquery(self): """Checks that guest VM can query VR DNS""" self.logger.debug("Starting test_router_dns_guestipquery...") public_ip = self.test_router_common()[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm1.id) FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm1.id) nat_rule1 = NATRule.create(self.apiclient, self.vm1, self.services["natrule1"], public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertTrue( len(nat_rules) >= 1, "Check for list NAT rules to have at least one rule") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") result1 = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) ssh = self.vm1.get_ssh_client( ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) result1 = str(ssh.execute("nslookup %s" % VM1_NAME)) self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1)) result2 = str(ssh.execute("nslookup %s" % VM2_NAME)) self.logger.debug("nslookup %s: %s " % (VM2_NAME, result2)) except Exception as e: self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e)) if not result1: self.fail( "Did not to receive any response from the guest VM, failing.") self.assertTrue( VM1_NAME in result1 and "#53" in result1, "VR DNS should serve requests from guest network, ping for %s successful." % VM1_NAME) self.assertTrue( VM2_NAME in result2 and "#53" in result2, "VR DNS should serve requests from guest network, ping for %s successful." % VM2_NAME) return
def test_isolate_network_FW_PF_default_routes(self): """Stop existing router, add a PF rule and check we can access the VM """ self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...") routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") router = routers[0] self.assertEqual(router.state, "Running", "Check list router response for router state") public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual(isinstance(public_ips, list), True, "Check for list public IPs response return valid data") public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=["0.0.0.0/0"], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"], ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule = NATRule.create(self.apiclient, self.vm_1, self.services["natrule"], public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id) self.assertEqual(isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, "Active", "Check list port forwarding rules") result = "failed" try: ssh_command = "ping -c 3 8.8.8.8" self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress) ssh = self.vm_1.get_ssh_client( ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5 ) result = str(ssh.execute(ssh_command)) self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received"))) except: self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress)) self.assertEqual(result.count("3 packets received"), 1, "Ping to outside world from VM should be successful") return
def test_router_dns_guestipquery(self): """Checks that guest VM can query VR DNS""" self.logger.debug("Starting test_router_dns_guestipquery...") public_ip = self.test_router_common()[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm.id) nat_rule1 = NATRule.create( self.apiclient, self.vm, self.services["natrule1"], public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule1.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertTrue( len(nat_rules) >= 1, "Check for list NAT rules to have at least one rule" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) result = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) result = str(ssh.execute("nslookup google.com")) except Exception as e: self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e)) if not result: self.fail("Did not to receive any response from the guest VM, failing.") self.assertTrue("google.com" in result and "#53" in result, "VR DNS should serve requests from guest network, unable to get valid nslookup result from guest VM.")
def test_01_CreatePFOnStoppedRouter(self): """Stop existing router, add a PF rule and check we can access the VM """ # Get router details associated for that account routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.logger.debug("Stopping router ID: %s" % router.id) # Stop the router cmd = stopRouter.stopRouterCmd() cmd.id = router.id self.apiclient.stopRouter(cmd) routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) router = routers[0] self.assertEqual( router.state, 'Stopped', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.vm_1, self.services["natrule"], public_ip.id ) self.logger.debug("Starting router ID: %s" % router.id) # Start the router cmd = startRouter.startRouterCmd() cmd.id = router.id self.apiclient.startRouter(cmd) routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) # NAT Rule should be in Active state after router start nat_rules = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) try: self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress) self.vm_1.get_ssh_client( ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"]) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (nat_rule.ipaddress, e) ) return
def test_02_port_fwd_on_non_src_nat(self): """Test for port forwarding on non source NAT""" # Validate the following: # 1. listPortForwardingRules should not return the deleted rule anymore # 2. attempt to do ssh should now fail ip_address = PublicIPAddress.create( self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["virtual_machine"] ) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ip_address.ipaddress.id ) # Validate the following: # 1. listPortForwardingRules should not return the deleted rule anymore # 2. attempt to do ssh should now fail list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned" ) try: self.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, ip_address.ipaddress.ipaddress )) self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e) ) nat_rule.delete(self.apiclient) try: list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) except CloudstackAPIException: self.debug("Nat Rule is deleted") # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): self.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) SshClient( ip_address.ipaddress.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def test_01_port_fwd_on_src_nat(self): """Test for port forwarding on source NAT""" # Validate the following: # 1. listPortForwarding rules API should return the added PF rule # 2. attempt to do an ssh into the user VM through the sourceNAT src_nat_ip_addrs = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list" ) src_nat_ip_addr = src_nat_ip_addrs[0] # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=src_nat_ip_addr.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], src_nat_ip_addr.id ) list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned" ) # SSH virtual machine to test port forwarding try: self.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, src_nat_ip_addr.ipaddress )) self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress) vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) if vm_response[0].state != 'Running': self.fail( "State of VM : %s is not found to be Running" % str( self.virtual_machine.ipaddress)) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e) ) try: nat_rule.delete(self.apiclient) except Exception as e: self.fail("NAT Rule Deletion Failed: %s" % e) # NAT rule listing should fail as the nat rule does not exist with self.assertRaises(Exception): list_nat_rules(self.apiclient, id=nat_rule.id) # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): self.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) SshClient( src_nat_ip_addr.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password ) return
def test_router_dhcp_opts(self): """Check that the /etc/dhcpopts.txt has entries for the""" self.logger.debug("Starting test_router_dhcphosts...") routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid, networkid=self.network1.id) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") network1_router = routers[0] routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid, networkid=self.network2.id) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") network2_router = routers[0] self.assertEqual(network1_router.state, 'Running', "Check list router response for router state") self.assertEqual(network2_router.state, 'Running', "Check list router response for router state") public_ips = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id, associatednetworkid=self.network1.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") network1_public_ip = public_ips[0] public_ips = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id, associatednetworkid=self.network2.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") network2_public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create(self.apiclient, ipaddressid=network1_public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create(self.apiclient, self.vm_1, self.services["natrule1"], network1_public_ip.id) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create(self.apiclient, ipaddressid=network2_public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create(self.apiclient, self.vm_2, self.services["natrule2"], network2_public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") self.logger.debug("Testing DHCP options for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router) self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router) return
def test_router_dhcphosts(self): """Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs""" self.logger.debug("Starting test_router_dhcphosts...") routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") router = routers[0] self.assertEqual(router.state, 'Running', "Check list router response for router state") public_ips = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create(self.apiclient, self.vm_1, self.services["natrule1"], public_ip.id) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create(self.apiclient, self.vm_2, self.services["natrule2"], public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") self.logger.debug("Testing SSH to VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_ssh_command(self.vm_1, nat_rule1, "natrule1") self.test_ssh_command(self.vm_2, nat_rule2, "natrule2") self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphosts(self.vm_1, router) self.test_dhcphosts(self.vm_2, router) self.logger.debug("Deleting and Expunging VM %s with ip %s" % (self.vm_1.id, self.vm_1.nic[0].ipaddress)) self.vm_1.delete(self.apiclient) self.logger.debug( "Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50" ) self.vm_1 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.service_offering.id, networkids=[str(self.network.id)], ipaddress="10.1.1.50") self.cleanup.append(self.vm_1) self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphosts(self.vm_1, router) self.test_dhcphosts(self.vm_2, router) return
def test_01_isolate_network_FW_PF_default_routes_egress_true(self): """ Test redundant router internals """ self.logger.debug( "Starting test_01_isolate_network_FW_PF_default_routes_egress_true..." ) network_offering_egress_true = get_default_isolated_network_offering_with_egress( self.apiclient) self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_true.id) network = Network.create( self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=network_offering_egress_true.id, zoneid=self.zone.id) self.logger.debug("Deploying Virtual Machine on Network %s" % network.id) virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.service_offering.id, networkids=[str(network.id)]) self.logger.debug("Deployed VM in network: %s" % network.id) self.cleanup.insert(0, network) self.cleanup.insert(0, virtual_machine) self.logger.debug( "Starting test_isolate_network_FW_PF_default_routes...") routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") router = routers[0] self.assertEqual(router.state, 'Running', "Check list router response for router state") public_ips = list_public_ip(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule_ssh"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule_ssh"]["publicport"], endport=self.services["natrule_ssh"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id) # Create NAT rule nat_rule = NATRule.create(self.apiclient, virtual_machine, self.services["natrule_ssh"], public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") # Test SSH after closing port 22 expected = 1 ssh_command = "ping -c 3 8.8.8.8" check_string = "3 packets received" result = self.check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual( result, expected, "Ping to outside world from VM should be successful!") expected = 1 ssh_command = self.HTTP_COMMAND check_string = self.HTTP_CHECK_STRING result = self.check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual(result, expected, self.HTTP_ASSERT_SUCCESS_MESSAGE) EgressFireWallRule.create( self.apiclient, networkid=network.id, protocol=self.services["egress_443"]["protocol"], startport=self.services["egress_443"]["startport"], endport=self.services["egress_443"]["endport"], cidrlist=self.services["egress_443"]["cidrlist"]) expected = 0 result = self.check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual(result, expected, self.HTTP_ASSERT_FAILURE_MESSAGE) return
def test_01_RouterStopCreatePF(self): """Test router stop create port forwarding """ # validate the following # 1. wait for router to start, guest network to be implemented and # VM to report Running # 2. stopRouter for this account # 3. wait for listRouters to report Router as 'Stopped' # 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid # 5. createPortForwardingRule (ipaddressid from step 5.) # a. for port 22 (ssh) for user VM deployed in step 1. # b. public port 22 , private port 22 # 6. startRouter stopped for this account # 7. wait for listRouters to show router as Running # Get router details associated for that account routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.debug("Stopping router ID: %s" % router.id) # Stop the router cmd = stopRouter.stopRouterCmd() cmd.id = router.id self.apiclient.stopRouter(cmd) routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) router = routers[0] self.assertEqual( router.state, 'Stopped', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.vm_1, self.services["natrule"], public_ip.id ) self.debug("Starting router ID: %s" % router.id) # Start the router cmd = startRouter.startRouterCmd() cmd.id = router.id self.apiclient.startRouter(cmd) routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) # NAT Rule should be in Active state after router start nat_rules = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) try: self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress) self.vm_1.get_ssh_client( ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"]) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (nat_rule.ipaddress, e) ) return
def test_router_dhcp_opts(self): """Check that the /etc/dhcpopts.txt has entries for the""" self.logger.debug("Starting test_router_dhcphosts...") routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, networkid=self.network1.id ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) network1_router = routers[0] routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, networkid=self.network2.id ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) network2_router = routers[0] self.assertEqual( network1_router.state, 'Running', "Check list router response for router state" ) self.assertEqual( network2_router.state, 'Running', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id, associatednetworkid=self.network1.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) network1_public_ip = public_ips[0] public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id, associatednetworkid=self.network2.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) network2_public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create( self.apiclient, ipaddressid=network1_public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create( self.apiclient, self.vm_1, self.services["natrule1"], network1_public_ip.id ) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create( self.apiclient, ipaddressid=network2_public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create( self.apiclient, self.vm_2, self.services["natrule2"], network2_public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule1.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule2.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) self.logger.debug("Testing DHCP options for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router) self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router) return
def test_router_dhcphosts(self): """Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs""" self.logger.debug("Starting test_router_dhcphosts...") routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create( self.apiclient, self.vm_1, self.services["natrule1"], public_ip.id ) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create( self.apiclient, self.vm_2, self.services["natrule2"], public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule1.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule2.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) self.logger.debug("Testing SSH to VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_ssh_command(self.vm_1, nat_rule1, "natrule1") self.test_ssh_command(self.vm_2, nat_rule2, "natrule2") self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphosts(self.vm_1, router) self.test_dhcphosts(self.vm_2, router) self.logger.debug("Deleting and Expunging VM %s with ip %s" % (self.vm_1.id, self.vm_1.nic[0].ipaddress)) self.vm_1.delete(self.apiclient) self.logger.debug("Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50") self.vm_1 = VirtualMachine.create(self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.service_offering.id, networkids=[str(self.network.id)], ipaddress="10.1.1.50") self.cleanup.append(self.vm_1) self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id)) self.test_dhcphosts(self.vm_1, router) self.test_dhcphosts(self.vm_2, router) return
def test_isolate_network_FW_PF_default_routes(self): """Stop existing router, add a PF rule and check we can access the VM """ self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...") routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.vm_1, self.services["natrule"], public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) result = 'failed' try: ssh_command = "ping -c 3 8.8.8.8" self.logger.debug("SSH into VM with IP: %s" % nat_rule.ipaddress) ssh = self.vm_1.get_ssh_client(ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5) result = str(ssh.execute(ssh_command)) self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received"))) except: self.fail("Failed to SSH into VM - %s" % (nat_rule.ipaddress)) self.assertEqual( result.count("3 packets received"), 1, "Ping to outside world from VM should be successful" ) return
def test_02_port_fwd_on_non_src_nat(self): """Test for port forwarding on non source NAT""" # Validate the following: # 1. listPortForwardingRules should not return the deleted rule anymore # 2. attempt to do ssh should now fail ip_address = PublicIPAddress.create( self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["virtual_machine"] ) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ip_address.ipaddress.id ) # Validate the following: # 1. listPortForwardingRules should not return the deleted rule anymore # 2. attempt to do ssh should now fail list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned" ) try: logger.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, ip_address.ipaddress.ipaddress )) self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e) ) nat_rule.delete(self.apiclient) try: list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) except CloudstackAPIException: logger.debug("Nat Rule is deleted") # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): logger.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) SshClient( ip_address.ipaddress.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def test_01_port_fwd_on_src_nat(self): """Test for port forwarding on source NAT""" # Validate the following: # 1. listPortForwarding rules API should return the added PF rule # 2. attempt to do an ssh into the user VM through the sourceNAT src_nat_ip_addrs = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list" ) src_nat_ip_addr = src_nat_ip_addrs[0] # Check if VM is in Running state before creating NAT rule vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=src_nat_ip_addr.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], src_nat_ip_addr.id ) list_nat_rule_response = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(list_nat_rule_response, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(list_nat_rule_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( list_nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned" ) # SSH virtual machine to test port forwarding try: logger.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, src_nat_ip_addr.ipaddress )) self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress) vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) if vm_response[0].state != 'Running': self.fail( "State of VM : %s is not found to be Running" % str( self.virtual_machine.ipaddress)) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e) ) try: nat_rule.delete(self.apiclient) except Exception as e: self.fail("NAT Rule Deletion Failed: %s" % e) # NAT rule listing should fail as the nat rule does not exist with self.assertRaises(Exception): list_nat_rules(self.apiclient, id=nat_rule.id) # Check if the Public SSH port is inaccessible with self.assertRaises(Exception): logger.debug( "SSHing into VM with IP address %s after NAT rule deletion" % self.virtual_machine.ipaddress) SshClient( src_nat_ip_addr.ipaddress, self.virtual_machine.ssh_port, self.virtual_machine.username, self.virtual_machine.password, retries=2, delay=0 ) return
def test_isolate_network_password_server(self): """Check the password file in the Router VM""" self.logger.debug("Starting test_isolate_network_password_server...") routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create( self.apiclient, self.vm_1, self.services["natrule1"], public_ip.id ) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create( self.apiclient, self.vm_2, self.services["natrule2"], public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule1.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule2.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) self.test_ssh_command(self.vm_1, nat_rule1, "natrule1") self.test_ssh_command(self.vm_2, nat_rule2, "natrule2") self.test_password_file_not_empty(self.vm_1, router) self.test_password_file_not_empty(self.vm_2, router) return
def test_02_isolate_network_FW_PF_default_routes_egress_false(self): """ Test redundant router internals """ self.logger.debug("Starting test_02_isolate_network_FW_PF_default_routes_egress_false...") self.logger.debug("Creating Network Offering with default egress FALSE") network_offering_egress_false = NetworkOffering.create(self.apiclient, self.services["network_offering_egress_false"], conservemode=True) network_offering_egress_false.update(self.apiclient, state='Enabled') self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_false.id) network = Network.create(self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=network_offering_egress_false.id, zoneid=self.zone.id) self.logger.debug("Deploying Virtual Machine on Network %s" % network.id) virtual_machine = VirtualMachine.create(self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.service_offering.id, networkids=[str(network.id)]) self.logger.debug("Deployed VM in network: %s" % network.id) self.cleanup.insert(0, network_offering_egress_false) self.cleanup.insert(0, network) self.cleanup.insert(0, virtual_machine) self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...") routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(routers, list), True, "Check for list routers response return valid data" ) self.assertNotEqual( len(routers), 0, "Check list router response" ) router = routers[0] self.assertEqual( router.state, 'Running', "Check list router response for router state" ) public_ips = list_publicIP( self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id ) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data" ) public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id) FireWallRule.create( self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id) # Create NAT rule nat_rule = NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], public_ip.id ) nat_rules = list_nat_rules( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data" ) self.assertEqual( nat_rules[0].state, 'Active', "Check list port forwarding rules" ) expected = 0 ssh_command = "ping -c 3 8.8.8.8" check_string = " 0% packet loss" result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual( result, expected, "Ping to outside world from VM should NOT be successful" ) expected = 0 ssh_command = "wget -t 1 -T 1 www.google.com" check_string = "HTTP request sent, awaiting response... 200 OK" result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual( result, expected, "Attempt to retrieve google.com index page should NOT be successful" ) EgressFireWallRule.create( self.apiclient, networkid=network.id, protocol=self.services["egress_80"]["protocol"], startport=self.services["egress_80"]["startport"], endport=self.services["egress_80"]["endport"], cidrlist=self.services["egress_80"]["cidrlist"] ) expected = 1 ssh_command = "wget -t 1 -T 5 www.google.com" check_string = "HTTP request sent, awaiting response... 200 OK" result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self) self.assertEqual( result, expected, "Attempt to retrieve google.com index page should be successful once rule is added!" ) return
def test_delete_account(self): """Test for delete account""" # Validate the Following # 1. after account.cleanup.interval (global setting) # time all the PF/LB rules should be deleted # 2. verify that list(LoadBalancer/PortForwarding)Rules # API does not return any rules for the account # 3. The domR should have been expunged for this account self.account.delete(self.apiclient) interval = list_configurations( self.apiclient, name='account.cleanup.interval' ) self.assertEqual( isinstance(interval, list), True, "Check if account.cleanup.interval config present" ) # Sleep to ensure that all resources are deleted time.sleep(int(interval[0].value)) # ListLoadBalancerRules should not list # associated rules with deleted account # Unable to find account testuser1 in domain 1 : Exception try: list_lb_rules( self.apiclient, account=self.account.name, domainid=self.account.domainid ) except CloudstackAPIException: self.debug("Port Forwarding Rule is deleted") # ListPortForwardingRules should not # list associated rules with deleted account try: list_nat_rules( self.apiclient, account=self.account.name, domainid=self.account.domainid ) except CloudstackAPIException: self.debug("NATRule is deleted") # Retrieve router for the user account try: routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( routers, None, "Check routers are properly deleted." ) except CloudstackAPIException: self.debug("Router is deleted") except Exception as e: raise Exception( "Encountered %s raised while fetching routers for account: %s" % (e, self.account.name)) return
def test_01_RouterStopCreatePF(self): """Test router stop create port forwarding """ # validate the following # 1. wait for router to start, guest network to be implemented and # VM to report Running # 2. stopRouter for this account # 3. wait for listRouters to report Router as 'Stopped' # 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid # 5. createPortForwardingRule (ipaddressid from step 5.) # a. for port 22 (ssh) for user VM deployed in step 1. # b. public port 22 , private port 22 # 6. startRouter stopped for this account # 7. wait for listRouters to show router as Running # Get router details associated for that account routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, ) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") router = routers[0] self.debug("Stopping router ID: %s" % router.id) # Stop the router cmd = stopRouter.stopRouterCmd() cmd.id = router.id self.apiclient.stopRouter(cmd) routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, ) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") router = routers[0] self.assertEqual(router.state, 'Stopped', "Check list router response for router state") public_ips = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") public_ip = public_ips[0] # Open up firewall port for SSH FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"]) self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule = NATRule.create(self.apiclient, self.vm_1, self.services["natrule"], public_ip.id) self.debug("Starting router ID: %s" % router.id) # Start the router cmd = startRouter.startRouterCmd() cmd.id = router.id self.apiclient.startRouter(cmd) routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") router = routers[0] self.assertEqual(router.state, 'Running', "Check list router response for router state") # NAT Rule should be in Active state after router start nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") try: self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress) self.vm_1.get_ssh_client( ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"]) except Exception as e: self.fail("SSH Access failed for %s: %s" % (nat_rule.ipaddress, e)) return
def test_isolate_network_password_server(self): """Check the password file in the Router VM""" self.logger.debug("Starting test_isolate_network_password_server...") routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data") self.assertNotEqual(len(routers), 0, "Check list router response") router = routers[0] self.assertEqual(router.state, 'Running', "Check list router response for router state") public_ips = list_publicIP(self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id) self.assertEqual( isinstance(public_ips, list), True, "Check for list public IPs response return valid data") public_ip = public_ips[0] self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id) FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule1"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule1"]["publicport"], endport=self.services["natrule1"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id) # Create NAT rule nat_rule1 = NATRule.create(self.apiclient, self.vm_1, self.services["natrule1"], public_ip.id) self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id) FireWallRule.create(self.apiclient, ipaddressid=public_ip.id, protocol=self.services["natrule2"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule2"]["publicport"], endport=self.services["natrule2"]["publicport"]) self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id) # Create NAT rule nat_rule2 = NATRule.create(self.apiclient, self.vm_2, self.services["natrule2"], public_ip.id) nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id) self.assertEqual( isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data") self.assertEqual(nat_rules[0].state, 'Active', "Check list port forwarding rules") self.test_ssh_command(self.vm_1, nat_rule1, "natrule1") self.test_ssh_command(self.vm_2, nat_rule2, "natrule2") self.test_password_file_not_empty(self.vm_1, router) self.test_password_file_not_empty(self.vm_2, router) return