def check_eip_icmp(self, expected_result): vip_ip = self.test_obj.get_vip().ip eip = self.test_obj.get_eip().get_eip() try: if not self.allowed_vr: test_util.test_warn( "Not find suitable VR vm to do test testing. Please make sure there are at least 3 VR VMs are exist for EIP testing." ) test_lib.lib_check_ping(self.allowed_vr, vip_ip) except: if expected_result: test_util.test_logger( "Unexpected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) return False else: if self.allowed_vr: test_util.test_logger( "Expected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) else: test_util.test_logger( "can not do test, due to missing allowed vr. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) if expected_result: test_util.test_logger( "Expected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid)) else: test_util.test_logger( "Unexpected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid)) return True
def test(): flavor = case_flavor[os.environ.get('CASE_FLAVOR')] test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format( flavor['vm1l3'], flavor['vm2l3'])) vm1, vm2 = [ test_stub.create_vm_with_random_offering( vm_name='vpc_vm_{}'.format(name), l3_name=name) for name in (flavor['vm1l3'], flavor['vm2l3']) ] [test_obj_dict.add_vm(vm) for vm in (vm1, vm2)] [vm.check() for vm in (vm1, vm2)] vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr_list[0].inv) vip_list = [] for vm in (vm1, vm2): test_util.test_dsc("Create vip for vm {}".format(vm.get_vm().name)) vip = test_stub.create_vip('vip_{}'.format(vm.get_vm().name), vr_pub_nic.l3NetworkUuid) test_obj_dict.add_vip(vip) vip_list.append(vip) test_util.test_dsc("Create eip for vm {}".format(vm.get_vm().name)) eip = test_stub.create_eip('eip_{}'.format(vm.get_vm().name), vip_uuid=vip.get_vip().uuid) vip.attach_eip(eip) eip.attach(vm.get_vm().vmNics[0].uuid, vm) vip.check() vm.check() for vm in (vm1, vm2): vm.check() vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] vip1, vip2 = vip_list test_util.test_dsc("test two vm EIP connectivity") test_stub.run_command_in_vm(vm1_inv, 'iptables -F') test_stub.run_command_in_vm(vm2_inv, 'iptables -F') test_lib.lib_check_ping(vm1_inv, vip2.get_vip().ip) test_lib.lib_check_ping(vm2_inv, vip1.get_vip().ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vip1.get_vip().ip, vip2.get_vip().ip, ["22"], [], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vip2.get_vip().ip, vip1.get_vip().ip, ["22"], [], vm1_inv) test_lib.lib_error_cleanup(test_obj_dict) test_stub.remove_all_vpc_vrouter()
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [os.environ['secondZStackCidrs']]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [os.environ['firstZStackCidrs']]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [os.environ['secondZStackCidrs']]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [os.environ['firstZStackCidrs']]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1.delete() if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def check_icmp_connection_to_public_ip(vm1, pub_ip='223.5.5.5', expected_result='PASS'): vm1_inv = vm1.get_vm() if expected_result is 'PASS': test_lib.lib_check_ping(vm1_inv, pub_ip) elif expected_result is 'FAIL': with test_lib.expected_failure("ping from vm1 to public ", Exception): test_lib.lib_check_ping(vm1_inv, pub_ip) else: test_util.test_fail('The expected result should either PASS or FAIL')
def test(): test_util.test_dsc('Create test vm1 and check') vm1 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm1) test_util.test_dsc('Create test vm2 and check') vm2 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() vrs = test_lib.lib_find_vr_by_vm(vm1.vm) if len(vrs) != 1: test_util.test_logger( 'more than 1 VR are found for vm1: %s. Will test the 1st one: %s.' % (vm1.vm.uuid, vr.uuid)) vr = vrs[0] vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr) if not test_lib.lib_check_testagent_status(vr_mgmt_ip): test_util.test_fail( 'vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. ' % vr.uuid) test_lib.lib_install_testagent_to_vr_with_vr_vm(vr) #Need to put the vr restart into thread. Since vr reboot API is a sync API. thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid, )) thread.start() #check vr vr service port if not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 120): test_util.test_fail( 'vr: %s is not shutdown in 120 seconds. Fail to reboot it. ' % vr.uuid) if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120): test_util.test_fail( 'vr: %s is not startup in 120 seconds. Fail to reboot it. ' % vr.uuid) #avoid of possible apt conflicting between install testagent and appliancevm #time.sleep(60) vm1.check() vm2.check() test_util.test_dsc('Ping from vm1 to vm2.') test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip) vm1.destroy() vm2.destroy() test_util.test_pass( 'Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success' )
def check(self): super(vip_icmp_checker, self).check() test_result = True vip = self.test_obj.get_vip() vipIp = vip.ip vip_l3_uuid = vip.l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: [vip:] %s [IP:] %s is not pingable from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid)) test_result = False else: test_util.test_logger("Successful ping [vip:] %s [IP:] %s from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid)) return self.judge(test_result)
def check(self): super(vip_icmp_checker, self).check() test_result = True vip = self.test_obj.get_vip() vipIp = vip.ip vip_l3_uuid = vip.l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: [vip:] %s [IP:] %s is not pingable from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid)) test_result = False else: test_util.test_logger("Successful ping [vip:] %s [IP:] %s from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid)) return self.judge(test_result)
def test(): flavor = case_flavor[os.environ.get('CASE_FLAVOR')] test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) time.sleep(120) #waiting for vrouter boot up for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(flavor['vm1l3'], flavor['vm2l3'])) vm1, vm2 = [test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(name), l3_name=name) for name in (flavor['vm1l3'], flavor['vm2l3'])] [test_obj_dict.add_vm(vm) for vm in (vm1,vm2)] [vm.check() for vm in (vm1,vm2)] vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr_list[0].inv) vip_list = [] for vm in (vm1, vm2): test_util.test_dsc("Create vip for vm {}".format(vm.get_vm().name)) vip = test_stub.create_vip('vip_{}'.format(vm.get_vm().name), vr_pub_nic.l3NetworkUuid) test_obj_dict.add_vip(vip) vip_list.append(vip) test_util.test_dsc("Create eip for vm {}".format(vm.get_vm().name)) eip = test_stub.create_eip('eip_{}'.format(vm.get_vm().name), vip_uuid=vip.get_vip().uuid) vip.attach_eip(eip) eip.attach(vm.get_vm().vmNics[0].uuid, vm) time.sleep(10) #waiting for eip attach to vm vip.check() vm.check() for vm in (vm1, vm2): vm.check() vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] vip1, vip2 = vip_list test_util.test_dsc("test two vm EIP connectivity") test_stub.run_command_in_vm(vm1_inv, 'iptables -F') test_stub.run_command_in_vm(vm2_inv, 'iptables -F') test_lib.lib_check_ping(vm1_inv, vip2.get_vip().ip) test_lib.lib_check_ping(vm2_inv, vip1.get_vip().ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vip1.get_vip().ip, vip2.get_vip().ip, ["22"], [], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vip2.get_vip().ip, vip1.get_vip().ip, ["22"], [], vm1_inv)
def test(): global test_obj_dict test_util.test_dsc('Create test vm1 and check') vm1 = test_stub.create_user_vlan_vm() test_obj_dict.add_vm(vm1) vm1.check() test_util.test_dsc('Create test vm2 and check') vm2 = test_stub.create_user_vlan_vm() test_obj_dict.add_vm(vm2) vm2.check() test_util.test_dsc('Ping from vm1 to vm2.') test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip) vm1.destroy() vm2.destroy() test_util.test_pass('Create VirtualRouter VM Test with snat ping between two VMs Success')
def test(): global test_obj_dict test_util.test_dsc('Create test vm1 and check') vm1 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm1) vm1.check() test_util.test_dsc('Create test vm2 and check') vm2 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm2) vm2.check() test_util.test_dsc('Ping from vm1 to vm2.') test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip) vm1.destroy() vm2.destroy() test_util.test_pass('Create vlan VirtualRouter VM Test with snat ping between two VMs Success')
def check_icmp_between_vms(vm1, vm2, expected_result='PASS'): vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] if expected_result is 'PASS': test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) elif expected_result is 'FAIL': with test_lib.expected_failure("ping from vm1 to vm2", Exception): test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) with test_lib.expected_failure('ping from vm2 to vm1', Exception): test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) else: test_util.test_fail('The expected result should either PASS or FAIL')
def check_icmp_between_vms(vm1, vm2, expected_result='PASS'): vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] if expected_result is 'PASS': test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) elif expected_result is 'FAIL': with test_lib.expected_failure("ping from vm1 to vm2", Exception): test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) with test_lib.expected_failure('ping from vm2 to vm1', Exception): test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) else: test_util.test_fail('The expected result should either PASS or FAIL')
def check(self): super(zstack_kvm_sg_icmp_ingress_checker, self).check() test_result = True nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid test_util.test_dsc('Check ICMP ingress rules') if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: #test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr) test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr) target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid) if rules: if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid)) test_result = False else: if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid)) print_iptables(test_vm) return self.judge(test_result)
def check(self): super(zstack_vcenter_pf_vip_icmp_checker, self).check() test_result = True pf_rule = self.test_obj.get_port_forwarding() vip_uuid = pf_rule.vipUuid cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid) vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) else: test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid)) return self.judge(test_result)
def check(self): super(zstack_kvm_pf_vip_icmp_checker, self).check() test_result = True pf_rule = self.test_obj.get_port_forwarding() vip_uuid = pf_rule.vipUuid cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid) vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0] try: test_lib.lib_check_ping(any_vr, vipIp) except: test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid)) test_result = False if test_result != self.exp_result: return self.judge(test_result) else: test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid)) return self.judge(test_result)
def check(self): super(zstack_vcenter_sg_icmp_ingress_checker, self).check() test_result = True nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid test_util.test_dsc('Check ICMP ingress rules') if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr) target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid) if rules: if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid)) test_result = False else: if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid)) print_iptables(test_vm) return self.judge(test_result)
def test(): test_util.test_dsc('Create test vm1 and check') vm1 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm1) test_util.test_dsc('Create test vm2 and check') vm2 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() vrs = test_lib.lib_find_vr_by_vm(vm1.vm) if len(vrs) != 1: test_util.test_logger('more than 1 VR are found for vm1: %s. Will test the 1st one: %s.' % (vm1.vm.uuid, vr.uuid)) vr = vrs[0] vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr) if not test_lib.lib_check_testagent_status(vr_mgmt_ip): test_util.test_fail('vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. ' % vr.uuid) test_lib.lib_install_testagent_to_vr_with_vr_vm(vr) #Need to put the vr restart into thread. Since vr reboot API is a sync API. thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid,)) thread.start() #check vr vr service port if not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 60): test_util.test_fail('vr: %s is not shutdown in 60 seconds. Fail to reboot it. ' % vr.uuid) if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120): test_util.test_fail('vr: %s is not startup in 120 seconds. Fail to reboot it. ' % vr.uuid) #avoid of possible apt conflicting between install testagent and appliancevm #time.sleep(60) vm1.check() vm2.check() test_util.test_dsc('Ping from vm1 to vm2.') test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip) vm1.destroy() vm2.destroy() test_util.test_pass('Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success')
def check_eip_icmp(self, expected_result): vip_ip = self.test_obj.get_vip().ip eip = self.test_obj.get_eip().get_eip() try: if not self.allowed_vr: test_util.test_warn("Not find suitable VR vm to do test testing. Please make sure there are at least 3 VR VMs are exist for EIP testing.") test_lib.lib_check_ping(self.allowed_vr, vip_ip) except: if expected_result: test_util.test_logger("Unexpected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) return False else: if self.allowed_vr: test_util.test_logger("Expected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) else: test_util.test_logger("can not do test, due to missing allowed vr. " % (eip.uuid, vip_ip, self.allowed_vr.uuid)) if expected_result: test_util.test_logger("Expected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid)) else: test_util.test_logger("Unexpected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid)) return True
def test(): global vr_type test_util.test_dsc('Create test vm1 and check') vm1 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm1) test_util.test_dsc('Create test vm2 and check') vm2 = test_stub.create_vlan_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() vr_type = res_ops.query_resource( res_ops.VIRTUALROUTER_VM)[0].applianceVmType test_util.test_logger("vr type is %s" % (vr_type)) #vrs = test_lib.lib_find_vr_by_vm(vm1.vm) vrs = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm) vr = vrs[0] if len(vrs) != 1: test_util.test_logger( 'more than 1 VR are found for vm1: %s. Will test the 1st one: %s.' % (vm1.vm.uuid, vr.uuid)) vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr) vr_reboot_record_org = check_vr_reboot_record_line(vr_mgmt_ip) test_lib.lib_install_testagent_to_vr_with_vr_vm(vr) if not test_lib.lib_check_testagent_status(vr_mgmt_ip): test_util.test_fail( 'vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. ' % vr.uuid) #Need to put the vr restart into thread. Since vr reboot API is a sync API. thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid, )) thread.start() #check vr vr service port cond = res_ops.gen_query_conditions('resourceUuid', '=', vr.uuid) cond = res_ops.gen_query_conditions('tag', '=', "ha::NeverStop", cond) if res_ops.query_resource(res_ops.SYSTEM_TAG, cond) and res_ops.query_resource( res_ops.SYSTEM_TAG, cond)[0]: time.sleep(30) elif not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 120): test_util.test_fail( 'vr: %s is not shutdown in 120 seconds. Fail to reboot it. ' % vr.uuid) if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120): test_util.test_fail( 'vr: %s is not startup in 120 seconds. Fail to reboot it. ' % vr.uuid) vr_reboot_record_new = check_vr_reboot_record_line(vr_mgmt_ip) if vr_reboot_record_new == vr_reboot_record_org: test_util.test_fail("not find vr reboot record increased.") #avoid of possible apt conflicting between install testagent and appliancevm #time.sleep(60) vm1.check() vm2.check() test_util.test_dsc('Ping from vm1 to vm2.') test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip) vm1.destroy() vm2.destroy() test_util.test_pass( 'Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success' )
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs], ike_auth_algorithm="md5") os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs], ike_auth_algorithm="md5") os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) vip1.delete() test_obj_dict1.rm_vip(vip1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) vip2.delete() test_obj_dict2.rm_vip(vip2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 global ipsec3 global ipsec4 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr test_util.test_dsc('Create test vm in mevoco2') vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4')) test_obj_dict2.add_vm(vm3) vm3.check() pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3) third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip1.get_vip().uuid, [third_zstack_cidrs]) vip1_uuid = vip1.get_vip().uuid vip1_db = test_lib.lib_get_vip_by_uuid(vip1_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) ipsec4 = ipsec_ops.create_ipsec_connection('ipsec4', pri_l3_uuid3, vip1.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) ipsec_ops.delete_ipsec_connection(ipsec3.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) if test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) ipsec_ops.delete_ipsec_connection(ipsec4.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
# vm binding security group sg_vm.attach(sg, [(vm.get_vm().vmNics[0].uuid, vm)]) sg_vm.check() # change vm_ip cmd = 'ifconfig eth0 %s' %new_vm_ip try: rsp = test_lib.lib_execute_ssh_cmd(vm_ip, 'root', 'password', cmd, 90) except: pass # vm2 ping vm test_lib.lib_check_ping(vm2.get_vm(), new_vm_ip) sg_vm.delete_sg(sg) sg_vm.check() test_obj_dict.rm_sg(sg.security_group.uuid) vm.destroy() vm2.destroy() sg_vm.check() test_obj_dict.rm_vm(vm) test_obj_dict.rm_vm(vm2) con_ops.change_global_config('vm', 'cleanTraffic', ct_original) test_util.test_pass('Test Success') #Will be called only if exception happens in test(). def error_cleanup():
def check(self): super(zstack_vcenter_sg_icmp_internal_vms_checker, self).check() #only check ingress icmp. if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid): test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid) return self.judge(self.exp_result) test_result = True test_util.test_dsc('Check ICMP rules between attached VMs') nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid) nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid) l3_uuid = nic.l3NetworkUuid if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid) return self.judge(self.exp_result) target_ip = nic.ip allowed_src_nic_list = [] temp_allowed_src_nic_list = [] denied_nic_list = [] for sg in nic_sg_list: same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid)) if len(same_l3_nic_list) < 2 : test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid) continue #if source vm's udp and tcp engress rules exist, while icmp ingress # rule does not exist, the src vm egress icmp should be denied. #minus current nic. nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid]) for nic_uuid in nic_list_temp: source_nic_egress_icmp_rules = \ self.test_obj.get_nic_icmp_egress_rules(nic_uuid) if not source_nic_egress_icmp_rules: if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \ self.test_obj.get_nic_udp_egress_rules(nic_uuid): if not nic_uuid in denied_nic_list: denied_nic_list.append(nic_uuid) else: if not nic_uuid in temp_allowed_src_nic_list: temp_allowed_src_nic_list.append(nic_uuid) else: for rule in source_nic_egress_icmp_rules: if target_ip in rule.allowedCidr: if not nic_uuid in allowed_src_nic_list: allowed_src_nic_list.append(nic_uuid) break else: if not nic_uuid in denied_nic_list: denied_nic_list.append(nic_uuid) for nic_uuid in list(denied_nic_list): if nic_uuid in allowed_src_nic_list: denied_nic_list.remove(nic_uuid) for nic_uuid in temp_allowed_src_nic_list: if not nic_uuid in denied_nic_list and \ not nic_uuid in allowed_src_nic_list: allowed_src_nic_list.append(nic_uuid) allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list) denied_vm_list = get_all_running_vms_by_nics(denied_nic_list) for src_vm in allowed_vm_list: if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid)) test_result = False for src_vm in denied_vm_list: if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True): test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid)) test_result = False else: test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid)) test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid) print_iptables(dst_vm) return self.judge(test_result)
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip l3_uuid1 = test_lib.lib_get_l3_by_name( os.environ.get('l3PublicNetworkName')).uuid pri_l3_uuid1 = test_lib.lib_get_l3_by_name( os.environ.get('l3VlanNetworkName1')).uuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip pri_l3_uuid2 = test_lib.lib_get_l3_by_name( os.environ.get('l3VlanDNATNetworkName')).uuid cond = res_ops.gen_query_conditions('name', '=', 'virtual-router-vm') l3_uuid2 = res_ops.query_resource(res_ops.VR_OFFERING, cond)[0].publicNetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def check(self): super(zstack_kvm_sg_icmp_internal_vms_checker, self).check() #only check ingress icmp. if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid): test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid) return self.judge(self.exp_result) test_result = True test_util.test_dsc('Check ICMP rules between attached VMs') nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid) nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid) l3_uuid = nic.l3NetworkUuid if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid) return self.judge(self.exp_result) target_ip = nic.ip allowed_src_nic_list = [] temp_allowed_src_nic_list = [] denied_nic_list = [] for sg in nic_sg_list: same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid)) if len(same_l3_nic_list) < 2 : test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid) continue #if source vm's udp and tcp engress rules exist, while icmp ingress # rule does not exist, the src vm egress icmp should be denied. #minus current nic. nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid]) for nic_uuid in nic_list_temp: source_nic_egress_icmp_rules = \ self.test_obj.get_nic_icmp_egress_rules(nic_uuid) if not source_nic_egress_icmp_rules: if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \ self.test_obj.get_nic_udp_egress_rules(nic_uuid): if not nic_uuid in denied_nic_list: denied_nic_list.append(nic_uuid) else: if not nic_uuid in temp_allowed_src_nic_list: temp_allowed_src_nic_list.append(nic_uuid) else: for rule in source_nic_egress_icmp_rules: if target_ip in rule.allowedCidr: if not nic_uuid in allowed_src_nic_list: allowed_src_nic_list.append(nic_uuid) break else: if not nic_uuid in denied_nic_list: denied_nic_list.append(nic_uuid) for nic_uuid in list(denied_nic_list): if nic_uuid in allowed_src_nic_list: denied_nic_list.remove(nic_uuid) for nic_uuid in temp_allowed_src_nic_list: if not nic_uuid in denied_nic_list and \ not nic_uuid in allowed_src_nic_list: allowed_src_nic_list.append(nic_uuid) allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list) denied_vm_list = get_all_running_vms_by_nics(denied_nic_list) for src_vm in allowed_vm_list: if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid)) test_result = False for src_vm in denied_vm_list: if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True): test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid)) test_result = False else: test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid)) test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid) print_iptables(dst_vm) return self.judge(test_result)
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() vm_nic1 = vm1.get_vm().vmNics[0] vm_nic1_uuid = vm_nic1.uuid vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm3) vm3.check() vm_nic3 = vm3.get_vm().vmNics[0] vm_nic3_uuid = vm_nic3.uuid pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.create_vip('vip for multi-services', l3_uuid1) vip_uuid = vip1.get_vip().uuid cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create PF in mevoco1') l3_name = os.environ.get('l3NoVlanNetworkName1') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) l3_name = os.environ.get('l3VlanNetworkName4') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr) pf_creation_opt1 = PfRule.generate_pf_rule_option( vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid) test_pf1 = zstack_pf_header.ZstackTestPortForwarding() test_pf1.set_creation_option(pf_creation_opt1) test_pf1.create() vip1.attach_pf(test_pf1) vip1.check() test_pf1.attach(vm_nic1_uuid, vm1) vip1.check() test_util.test_dsc('Create LB in mevoco1') lb = zstack_lb_header.ZstackTestLoadBalancer() lb.create('create lb test', vip1.get_vip().uuid) test_obj_dict1.add_load_balancer(lb) vip1.attach_lb(lb) lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port=222, lbi_port=22) lbl = lb.create_listener(lb_creation_option) lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid]) lb.check() vip1.check() test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) # delete ipsec os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" not in vip1_db.useFor # delete PF test_pf1.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "PortForwarding" not in vip1_db.useFor # delete LB lb.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert vip1_db.useFor is None test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) vip2.delete() test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1.delete() test_util.test_pass('Create multiple service with 1 snat IP Success')
def test(): global mevoco1_ip global mevoco2_ip global mevoco3_ip global ipsec11 global ipsec12 global ipsec2 global ipsec3 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] mevoco3_ip = os.environ['thirdZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vip11 = test_stub.create_vip('ipsec1_vip', l3_uuid1) #vip12 = test_stub.create_vip('ipsec1_vip', l3_uuid1) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip test_util.test_dsc('Create test vm in mevoco3') vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3')) test_obj_dict2.add_vm(vm3) vm3.check() pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid3)[0] l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3) third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr cond = res_ops.gen_query_conditions('l3Network.uuid', '=', pri_l3_uuid3) cond = res_ops.gen_query_conditions('vmInstanceUuid', '=', vr3.uuid, cond) vr3_pri_ip = res_ops.query_resource(res_ops.VM_NIC, cond)[0].ip cmd = 'route del default; route add default gw %s' %vr3_pri_ip os.system("sshpass -p 'password' ssh root@%s '%s'" %(vm3.vm.vmNics[0].ip, cmd)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec11 = ipsec_ops.create_ipsec_connection('ipsec11', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip11.get_vip().uuid, [second_zstack_cidrs]) #ipsec12 = ipsec_ops.create_ipsec_connection('ipsec12', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip12.get_vip().uuid, [third_zstack_cidrs]) ipsec12 = ipsec_ops.create_ipsec_connection('ipsec12', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip11.get_vip().uuid, [third_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip11.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip test_util.test_dsc('Create ipsec in mevoco3') #ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid3, vip12.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs]) ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid3, vip11.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco3[MN:%s]' % (mevoco1_ip, mevoco3_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco2[MN:%s] could not connect to vm in mevoco1[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco3[MN:%s] could not connect to vm in mevoco1[MN:%s]' % (mevoco3_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec11.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco3[MN:%s]' % (mevoco1_ip, mevoco3_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip ipsec_ops.delete_ipsec_connection(ipsec3.uuid) if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco3[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco3_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec12.uuid) test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm) test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100") rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) test_util.test_dsc( "Create SG rule2: allow connection from vm2 to port 9000~10000") rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) test_util.test_dsc( "Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing" ) rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule4: allow ICMP connection to VR") rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule5: allow icmp from vm2") rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule6: allow icmp to vm2") rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3, rule4]) sg2.add_rule([rule5]) sg3.add_rule([rule6]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip)) #add sg2 test_util.test_dsc("Add VM1 nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) test_util.test_dsc("remove rule5 from sg2") sg2.delete_rule([rule5]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg1.delete() test_obj_dict.rm_sg(sg1.security_group.uuid) sg2.delete() test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.check() sg3.delete() test_obj_dict.rm_sg(sg3.security_group.uuid) test_util.test_pass( 'Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test(): global route_table1_uuid global route_table2_uuid test_util.test_dsc('Check vm connection with vrouter route') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict.add_vm(vm1) vm1_ip = vm1.get_vm().vmNics[0].ip vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0] vr1_uuid = vr1.uuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1) l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid) l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3')) test_obj_dict.add_vm(vm2) vm2_ip = vm2.get_vm().vmNics[0].ip vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0] vr2_uuid = vr2.uuid vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2) vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2) l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid) l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr vm1.check() vm2.check() #Attach the network service to l3 network cond = res_ops.gen_query_conditions('type', '=', 'vrouter') service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER, cond)[0].uuid network_services_json = "{'%s':['VRouterRoute']}"% service_uuid net_ops.detach_network_service_from_l3network(l3network1_uuid, service_uuid) net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid) net_ops.detach_network_service_from_l3network(l3network2_uuid, service_uuid) net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid) #Create route table and route entry for each vrouter route_table1 = net_ops.create_vrouter_route_table('route_table1') route_table1_uuid = route_table1.uuid route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid, l3network2_cidr, vr2_pub_ip) route_table2 = net_ops.create_vrouter_route_table('route_table2') route_table2_uuid = route_table2.uuid route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid, l3network1_cidr, vr1_pub_ip) #Attach the route table to vrouter and check the network #net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid) net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid) #net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid) net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid) #Add vroute private ip to vm route cmd = 'ip r del default; ip r add default via %s' %vr1_private_ip rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180) cmd = 'ip r del default; ip r add default via %s' %vr2_private_ip rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180) if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vm2_ip)) if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm2.vm.uuid, vm1_ip)) #Dettach the route table to vrouter and check the network net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid) net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid) if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm1.vm.uuid, vm2_ip)) if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm2.vm.uuid, vm1_ip)) #Delete route entry and table, and distory vm net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid) net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid) net_ops.delete_vrouter_route_table(route_table1_uuid) net_ops.delete_vrouter_route_table(route_table2_uuid) vm1.destroy() vm2.destroy() test_util.test_pass('Check VRouter route Success')
def test(): test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) vr1, vr2 = vr_list test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(VLAN1_NAME, VXLAN1_NAME)) vm1 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME) test_obj_dict.add_vm(vm1) vm1.check() vm2 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VXLAN1_NAME), l3_name=VXLAN1_NAME) test_obj_dict.add_vm(vm2) vm2.check() cond = res_ops.gen_query_conditions('name', '=', os.environ.get(SECOND_PUB)) second_pub_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] test_util.test_dsc("Create vroute route for vpc1") cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VXLAN1_NAME)) vpc2_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] vpc2_l3_cdir = vpc2_l3.ipRanges[0].networkCidr vpc2_second_pub_ip = [nic.ip for nic in vr2.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid][0] route_table1 = net_ops.create_vrouter_route_table('vpc1') route_entry1 = net_ops.add_vrouter_route_entry(route_table1.uuid, vpc2_l3_cdir, vpc2_second_pub_ip) net_ops.attach_vrouter_route_table_to_vrouter(route_table1.uuid, vr1.inv.uuid) test_util.test_dsc("Create vroute route for vpc2") cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VLAN1_NAME)) vpc1_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] vpc1_l3_cdir = vpc1_l3.ipRanges[0].networkCidr vpc1_second_pub_ip = [nic.ip for nic in vr1.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid][0] route_table2 = net_ops.create_vrouter_route_table('vpc2') route_entry1 = net_ops.add_vrouter_route_entry(route_table2.uuid, vpc1_l3_cdir, vpc1_second_pub_ip) net_ops.attach_vrouter_route_table_to_vrouter(route_table2.uuid, vr2.inv.uuid) vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip, vm2_inv.vmNics[0].ip, ["22"], [], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip, vm1_inv.vmNics[0].ip, ["22"], [], vm1_inv) net_ops.detach_vrouter_route_table_from_vrouter(route_table1.uuid, vr1.inv.uuid) net_ops.detach_vrouter_route_table_from_vrouter(route_table2.uuid, vr2.inv.uuid) with test_lib.expected_failure('Check two vm pingable', Exception): test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) with test_lib.expected_failure('Check two vm pingable', Exception): test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip, vm2_inv.vmNics[0].ip, [], ["22"], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip, vm1_inv.vmNics[0].ip, [], ["22"], vm1_inv) test_lib.lib_error_cleanup(test_obj_dict) test_stub.remove_all_vpc_vrouter()
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip l3_uuid1 = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid pri_l3_uuid1 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetworkName1')).uuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip pri_l3_uuid2 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanDNATNetworkName')).uuid cond = res_ops.gen_query_conditions('name', '=', 'virtual-router-vm') l3_uuid2 = res_ops.query_resource(res_ops.VR_OFFERING, cond)[0].publicNetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm) test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100") rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) test_util.test_dsc("Create SG rule2: allow connection from vm2 to port 9000~10000") rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule4: allow ICMP connection to VR") rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule5: allow icmp from vm2") rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule6: allow icmp to vm2") rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3, rule4]) sg2.add_rule([rule5]) sg3.add_rule([rule6]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip)) #add sg2 test_util.test_dsc("Add VM1 nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) test_util.test_dsc("remove rule5 from sg2") sg2.delete_rule([rule5]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg1.delete() test_obj_dict.rm_sg(sg1.security_group.uuid) sg2.delete() test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.check() sg3.delete() test_obj_dict.rm_sg(sg3.security_group.uuid) test_util.test_pass('Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() vm_nic1 = vm1.get_vm().vmNics[0] vm_nic1_uuid = vm_nic1.uuid vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm3) vm3.check() vm_nic3 = vm3.get_vm().vmNics[0] vm_nic3_uuid = vm_nic3.uuid pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip) vip_uuid = vip1.get_vip().uuid cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create PF in mevoco1') l3_name = os.environ.get('l3NoVlanNetworkName1') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) l3_name = os.environ.get('l3VlanNetworkName4') vr = test_stub.create_vr_vm(test_obj_dict1, l3_name) vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr) pf_creation_opt1 = PfRule.generate_pf_rule_option(vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid) test_pf1 = zstack_pf_header.ZstackTestPortForwarding() test_pf1.set_creation_option(pf_creation_opt1) test_pf1.create() vip1.attach_pf(test_pf1) vip1.check() test_pf1.attach(vm_nic1_uuid, vm1) vip1.check() test_util.test_dsc('Create LB in mevoco1') lb = zstack_lb_header.ZstackTestLoadBalancer() lb.create('create lb test', vip1.get_vip().uuid) test_obj_dict1.add_load_balancer(lb) vip1.attach_lb(lb) lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port = 222, lbi_port = 22) lbl = lb.create_listener(lb_creation_option) lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid]) lb.check() vip1.check() test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs]) vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" in vip1_db.useFor assert vip1_db.useFor.count("IPsec") == 1 os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) # delete ipsec os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "IPsec" not in vip1_db.useFor # delete PF test_pf1.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "PortForwarding" not in vip1_db.useFor # delete LB lb.delete() vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid) assert "LoadBalancer" not in vip1_db.useFor test_lib.lib_error_cleanup(test_obj_dict1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) vip2.delete() test_lib.lib_error_cleanup(test_obj_dict2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create multiple service with 1 snat IP Success')
def test(): zstack_pri_name = os.environ['l3VlanDNATNetworkName'] zstack_image = os.environ['imageName_net'] zstack_vr_name = os.environ['virtualRouterOfferingName_s'] cond = res_ops.gen_query_conditions('name', '=', zstack_vr_name) zstack_vr_instance = res_ops.query_resource(res_ops.INSTANCE_OFFERING, cond)[0] cond = res_ops.gen_query_conditions('name', '=', zstack_pri_name) zstack_pri = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] zstack_pri_uuid = zstack_pri.uuid zstack_tag = "guestL3Network::" + zstack_pri_uuid tag_ops.create_system_tag("InstanceOfferingVO", zstack_vr_instance.uuid, zstack_tag) vcenter_pri_name = os.environ['l3vCenterNoVlanNetworkName'] vcenter_image = os.environ['image_dhcp_name'] vcenter_vr_name = os.environ['vCenterVirtualRouterOfferingName'] cond = res_ops.gen_query_conditions('name', '=', vcenter_vr_name) vcenter_vr_instance = res_ops.query_resource(res_ops.INSTANCE_OFFERING, cond)[0] cond = res_ops.gen_query_conditions('name', '=', vcenter_pri_name) vcenter_pri = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] vcenter_pri_uuid = vcenter_pri.uuid vcenter_tag = "guestL3Network::" + vcenter_pri_uuid tag_ops.create_system_tag("InstanceOfferingVO", vcenter_vr_instance.uuid, vcenter_tag) test_util.test_dsc('Create test vm') vm1 = test_stub.create_vm(vm_name='test_ipsec_1', image_name = zstack_image, l3_name=zstack_pri_name) test_obj_dict.add_vm(vm1) vm2 = test_stub.create_vm_in_vcenter(vm_name='test_ipsec_2', image_name = vcenter_image, l3_name=vcenter_pri_name) test_obj_dict.add_vm(vm2) time.sleep(50) test_util.test_dsc('Create 2 vip with 2 snat ip') pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vip1 = zstack_vip_header.ZstackTestVip() vip1.get_snat_ip_as_vip(vr1_pub_ip) vip1.isVcenter = True test_obj_dict.add_vip(vip1) pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2) vip2 = zstack_vip_header.ZstackTestVip() vip2.get_snat_ip_as_vip(vr2_pub_ip) vip2.isVcenter = True test_obj_dict.add_vip(vip2) test_util.test_dsc('Create ipsec with 2 vip') zstack_pri_cidr = zstack_pri.ipRanges[0].networkCidr vcenter_pri_cidr = vcenter_pri.ipRanges[0].networkCidr ipsec1 = ipsec_ops.create_ipsec_connection('zstack_vcenter', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [vcenter_pri_cidr]) ipsec2 = ipsec_ops.create_ipsec_connection('vcenter_zstack', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [zstack_pri_cidr]) #conditions = res_ops.gen_query_conditions('name', '=', 'test_ipsec_1') #vm1 = res_ops.query_resource(res_ops.VM_INSTANCE, conditions)[0] #conditions = res_ops.gen_query_conditions('name', '=', 'test_ipsec_2') #vm2 = res_ops.query_resource(res_ops.VM_INSTANCE, conditions)[0] if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail('vm1 in zstack could not connect to vm2 in vcenter with IPsec') if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail('vm2 in vcenter could not connect to vm1 in zstack with IPsec') ipsec_ops.delete_ipsec_connection(ipsec1.uuid) ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict) test_util.test_pass('Create Ipsec Success')
def test(): test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) vr1, vr2 = vr_list test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format( VLAN1_NAME, VXLAN1_NAME)) vm1 = test_stub.create_vm_with_random_offering( vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME) test_obj_dict.add_vm(vm1) vm1.check() vm2 = test_stub.create_vm_with_random_offering( vm_name='vpc_vm_{}'.format(VXLAN1_NAME), l3_name=VXLAN1_NAME) test_obj_dict.add_vm(vm2) vm2.check() cond = res_ops.gen_query_conditions('name', '=', os.environ.get(SECOND_PUB)) second_pub_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] test_util.test_dsc("Create vroute route for vpc1") cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VXLAN1_NAME)) vpc2_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] vpc2_l3_cdir = vpc2_l3.ipRanges[0].networkCidr vpc2_second_pub_ip = [ nic.ip for nic in vr2.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid ][0] route_table1 = net_ops.create_vrouter_route_table('vpc1') route_entry1 = net_ops.add_vrouter_route_entry(route_table1.uuid, vpc2_l3_cdir, vpc2_second_pub_ip) net_ops.attach_vrouter_route_table_to_vrouter(route_table1.uuid, vr1.inv.uuid) test_util.test_dsc("Create vroute route for vpc2") cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VLAN1_NAME)) vpc1_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0] vpc1_l3_cdir = vpc1_l3.ipRanges[0].networkCidr vpc1_second_pub_ip = [ nic.ip for nic in vr1.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid ][0] route_table2 = net_ops.create_vrouter_route_table('vpc2') route_entry1 = net_ops.add_vrouter_route_entry(route_table2.uuid, vpc1_l3_cdir, vpc1_second_pub_ip) net_ops.attach_vrouter_route_table_to_vrouter(route_table2.uuid, vr2.inv.uuid) vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)] test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip, vm2_inv.vmNics[0].ip, ["22"], [], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip, vm1_inv.vmNics[0].ip, ["22"], [], vm1_inv) net_ops.detach_vrouter_route_table_from_vrouter(route_table1.uuid, vr1.inv.uuid) net_ops.detach_vrouter_route_table_from_vrouter(route_table2.uuid, vr2.inv.uuid) with test_lib.expected_failure('Check two vm pingable', Exception): test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip) with test_lib.expected_failure('Check two vm pingable', Exception): test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip) test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip, vm2_inv.vmNics[0].ip, [], ["22"], vm2_inv) test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip, vm1_inv.vmNics[0].ip, [], ["22"], vm1_inv) test_lib.lib_error_cleanup(test_obj_dict) test_stub.remove_all_vpc_vrouter()
def test(): global mevoco1_ip global mevoco2_ip global ipsec1 global ipsec2 test_util.test_skip( 'According issue #2720, the similar issue are won\'t fix ') mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] mevoco2_ip = os.environ['secondZStackMnIp'] test_util.test_dsc('Create test vm in mevoco1') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict1.add_vm(vm1) vm1.check() pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0] l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1) first_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create test vm in mevoco2') vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName')) test_obj_dict2.add_vm(vm2) vm2.check() pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0] l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2) cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2) second_zstack_cidrs = res_ops.query_resource( res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_dsc('Create ipsec in mevoco1') ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs], pfs="dh-group2") os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs], pfs="dh-group5") os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] even pfs is different' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] even pfs is different' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_util.test_dsc('Create ipsec in mevoco2') ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs]) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip): test_util.test_fail( 'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip ipsec_ops.delete_ipsec_connection(ipsec1.uuid) if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True): test_util.test_fail( 'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip)) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_lib.lib_error_cleanup(test_obj_dict1) vip1.delete() test_obj_dict1.rm_vip(vip1) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip ipsec_ops.delete_ipsec_connection(ipsec2.uuid) test_lib.lib_error_cleanup(test_obj_dict2) vip2.delete() test_obj_dict2.rm_vip(vip2) os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip test_util.test_pass('Create Ipsec Success')
def test(): global route_table1_uuid global route_table2_uuid test_util.test_dsc('Check vm connection with vrouter route') vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1')) test_obj_dict.add_vm(vm1) vm1_ip = vm1.get_vm().vmNics[0].ip vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0] vr1_uuid = vr1.uuid vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1) l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid) l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3')) test_obj_dict.add_vm(vm2) vm2_ip = vm2.get_vm().vmNics[0].ip vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0] vr2_uuid = vr2.uuid vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2) vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2) l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid) l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr vm1.check() vm2.check() #Attach the network service to l3 network cond = res_ops.gen_query_conditions('type', '=', 'vrouter') service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER, cond)[0].uuid network_services_json = "{'%s':['VRouterRoute']}" % service_uuid net_ops.detach_network_service_from_l3network(l3network1_uuid, service_uuid) net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid) net_ops.detach_network_service_from_l3network(l3network2_uuid, service_uuid) net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid) #Create route table and route entry for each vrouter route_table1 = net_ops.create_vrouter_route_table('route_table1') route_table1_uuid = route_table1.uuid route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid, l3network2_cidr, vr2_pub_ip) route_table2 = net_ops.create_vrouter_route_table('route_table2') route_table2_uuid = route_table2.uuid route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid, l3network1_cidr, vr1_pub_ip) #Attach the route table to vrouter and check the network #net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid) net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid) #net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid) net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid) #Add vroute private ip to vm route cmd = 'ip r del default; ip r add default via %s' % vr1_private_ip rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180) cmd = 'ip r del default; ip r add default via %s' % vr2_private_ip rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180) if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vm2_ip)) if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm2.vm.uuid, vm1_ip)) #Dettach the route table to vrouter and check the network net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid) net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid) if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm1.vm.uuid, vm2_ip)) if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm2.vm.uuid, vm1_ip)) #Delete route entry and table, and distory vm net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid) net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid) net_ops.delete_vrouter_route_table(route_table1_uuid) net_ops.delete_vrouter_route_table(route_table2_uuid) vm1.destroy() vm2.destroy() test_util.test_pass('Check VRouter route Success')