def test():
global new_offering_uuid
test_util.test_dsc('Test VM 2nic outbound & inbound bandwidth QoS by 1MB')
#unit is KB
net_bandwidth = 1 * 1024
vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName'))
l3_net_uuid2 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetworkName1')).uuid
test_obj_dict.add_vm(vm1)
vm1.check()
vm1_inv = vm1.get_vm()
test_stub.make_ssh_no_password(vm1_inv)
vm1_ip = vm1_inv.vmNics[0].ip
vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName'))
test_obj_dict.add_vm(vm2)
vm2.check()
vm2_inv = vm2.get_vm()
vm2_ip = vm2_inv.vmNics[0].ip
test_stub.make_ssh_no_password(vm2_inv)
test_stub.copy_key_file(vm1_inv)
test_stub.copy_key_file(vm2_inv)
test_stub.create_test_file(vm1_inv, net_bandwidth)
test_stub.create_test_file(vm2_inv, net_bandwidth)
vm1.add_nic(l3_net_uuid2)
vm2.add_nic(l3_net_uuid2)
ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null'
cmd = "pkill dhclient"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
cmd = "dhclient eth0 eth1"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
#l3_name = os.environ.get('l3VlanNetworkName1')
#l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
#test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip, net_bandwidth)
# Set a single nic to smaller bandwidth
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm1.vm, l3_net_uuid2)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024/2)
cmd = '%s %s "ping %s -c 10"' %(ssh_cmd, vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip)
ping_ret=1
while ping_ret:
ping_ret = os.system(cmd)
test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip, net_bandwidth/2)
#l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid
#test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip, net_bandwidth)
#vm_ops.delete_instance_offering(new_offering_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network 2nd nic QoS Test Pass')
def test():
global new_offering_uuid
test_util.test_dsc('Test VM 2nic outbound & inbound bandwidth QoS by 1MB')
#unit is KB
net_bandwidth = 2 * 1024
vm1 = test_stub.create_vm(vm_name='vm_net_inbound_outbound_qos',
l3_name=os.environ.get('l3PublicNetworkName'))
l3_net_uuid2 = test_lib.lib_get_l3_by_name(
os.environ.get('l3VlanNetworkName1')).uuid
test_obj_dict.add_vm(vm1)
vm1.check()
vm1_inv = vm1.get_vm()
test_stub.make_ssh_no_password(vm1_inv)
vm1_ip = vm1_inv.vmNics[0].ip
vm2 = test_stub.create_vm(vm_name='vm_net_inbound_outbound_qos',
l3_name=os.environ.get('l3PublicNetworkName'))
test_obj_dict.add_vm(vm2)
vm2.check()
vm2_inv = vm2.get_vm()
vm2_ip = vm2_inv.vmNics[0].ip
test_stub.make_ssh_no_password(vm2_inv)
test_stub.copy_key_file(vm1_inv)
test_stub.copy_key_file(vm2_inv)
test_stub.create_test_file(vm1_inv, net_bandwidth)
test_stub.create_test_file(vm2_inv, net_bandwidth)
vm1.add_nic(l3_net_uuid2)
vm2.add_nic(l3_net_uuid2)
# Set a single nic to smaller bandwidth
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm1.vm, l3_net_uuid2)
vm_ops.set_vm_nic_qos(vm_nic.uuid,
outboundBandwidth=net_bandwidth * 8 * 1024 / 2)
vm1.stop()
vm2.stop()
vm1.start()
vm2.start()
ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null'
cmd = "pkill dhclient"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
cmd = "dhclient eth0 eth1"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
test_stub.test_scp_outbound_speed(
vm1_ip,
test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip,
net_bandwidth / 2)
#vm_ops.delete_instance_offering(new_offering_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network 2nd nic QoS Test Pass')
def test():
global new_offering_uuid
test_util.test_dsc('Test change VM network bandwidth QoS by 1MB')
vm = test_stub.create_vm(vm_name = 'vm_net_qos')
vm.check()
l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid
test_obj_dict.add_vm(vm)
net_bandwidth = 512
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024/2)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth/2)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2)
vm_ops.del_vm_nic_qos(vm_nic.uuid, 'out')
time.sleep(1)
if test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2, raise_exception=False):
test_util.test_fail('VM network Outbound is not expected to be limited after qos setting is deleted')
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_primarystorage_vm(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
if hasattr(vm_config, 'hostRef'):
host = get_deploy_host(vm_config.hostRef.text_, deploy_config)
if not hasattr(host, 'port_') or host.port_ == '22':
host_port = '22'
else:
host_port = host.port_
else:
host_port = '22'
for primaryStorageRef in xmlobject.safe_list(vm_config.primaryStorageRef):
print primaryStorageRef.text_
for zone in xmlobject.safe_list(deploy_config.zones.zone):
if primaryStorageRef.type_ == 'nfs':
for nfsPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.nfsPrimaryStorage):
if primaryStorageRef.text_ == nfsPrimaryStorage.name_:
test_util.test_logger('[vm:] %s setup nfs service.' % (vm_ip))
# TODO: multiple NFS PS may refer to same host's different DIR
nfsPath = nfsPrimaryStorage.url_.split(':')[1]
cmd = "echo '%s *(rw,sync,no_root_squash)' > /etc/exports" % (nfsPath)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port))
cmd = "mkdir -p %s && service rpcbind restart && service nfs restart" % (nfsPath)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port))
cmd = "iptables -w 20 -I INPUT -p tcp -m tcp --dport 2049 -j ACCEPT && iptables -w 20 -I INPUT -p udp -m udp --dport 2049 -j ACCEPT"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port))
return
def test():
global test_obj_dict
test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip
target_ip_prefix = '10.10.10.'
test_util.test_dsc("Create security groups.")
for i in range(sg_num):
target_ip = '%s%s' % (target_ip_prefix, str(1+i))
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, target_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, target_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, target_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, target_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, target_ip)
sg = test_stub.create_sg()
test_obj_dict.add_sg(sg.security_group.uuid)
sg.add_rule([rule1, rule2, rule3, rule4, rule5])
sg_vm.attach(sg, [vm_nics])
time.sleep(3)
#need regularlly clean up log files in virtual router when doing stress test
test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm)
#clean up all vm and sg
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('Create/Destroy VM with VR successfully')
def setup_primarystorage_vm(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
host = get_host(vm_config, deploy_config)
if not hasattr(host, 'port_') or host.port_ == '22':
host.port_ = '22'
for primaryStorageRef in xmlobject.safe_list(vm_config.primaryStorageRef):
print primaryStorageRef.text_
for zone in xmlobject.safe_list(deploy_config.zones.zone):
if primaryStorageRef.type_ == 'nfs':
for nfsPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.nfsPrimaryStorage):
if primaryStorageRef.text_ == nfsPrimaryStorage.name_:
test_util.test_logger('[vm:] %s setup nfs service.' % (vm_ip))
# TODO: multiple NFS PS may refer to same host's different DIR
nfsPath = nfsPrimaryStorage.url_.split(':')[1]
cmd = "echo '%s *(rw,sync,no_root_squash)' > /etc/exports" % (nfsPath)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
cmd = "mkdir -p %s && service rpcbind restart && service nfs restart" % (nfsPath)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
cmd = "iptables -w 20 -I INPUT -p tcp -m tcp --dport 2049 -j ACCEPT && iptables -w 20 -I INPUT -p udp -m udp --dport 2049 -j ACCEPT"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
return
elif primaryStorageRef.type_ == 'ceph':
for cephPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.cephPrimaryStorage):
if primaryStorageRef.text_ == cephPrimaryStorage.name_:
test_util.test_logger('[vm:] %s setup ceph service.' % (vm_ip))
ssh.scp_file("%s/%s" % (os.environ.get('woodpecker_root_path'), '/tools/setup_ceph_nodes.sh'), '/tmp/setup_ceph_nodes.sh', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, port=host.port_)
cmd = "bash -ex /tmp/setup_ceph_nodes.sh"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
#nfsPath = nfsPrimaryStorage.url_.split(':')[1]
return
def test():
global new_offering_uuid
test_util.test_dsc('Test change VM network bandwidth QoS by 1MB')
vm = test_stub.create_vm(vm_name='vm_net_qos')
l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid
test_obj_dict.add_vm(vm)
net_bandwidth = 512 * 1024
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth / 2)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth / 2)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_mn_host_vm(vm_inv, vm_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
vm_nic = os.environ.get('nodeNic')
vm_netmask = os.environ.get('nodeNetMask')
vm_gateway = os.environ.get('nodeGateway')
cmd = '/usr/local/bin/zs-network-setting -b %s %s %s %s' % (vm_nic, vm_ip, vm_netmask, vm_gateway)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
def test():
global new_offering_uuid
test_util.test_dsc('Test change VM network bandwidth QoS by 1MB')
vm = test_stub.create_vm(vm_name = 'vm_net_qos')
l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid
test_obj_dict.add_vm(vm)
net_bandwidth = 512 * 1024
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth/2)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth/2)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network QoS change instance offering Test Pass')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
sg_vm = test_sg_vm_header.ZstackTestSgVm()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.add_stub_vm(l3_uuid, vm2)
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1")
vm1.stop()
#remove vm1 nic from sg1
test_util.test_dsc("Remove nic from security group 1 to stopped vm1.")
sg_vm.detach(sg1, nic_uuid)
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
sg_vm.check()
vm1.destroy()
vm2.destroy()
sg_vm.delete_sg(sg1)
test_util.test_pass('Detach stopped VM NIC from Security Group Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
sg_vm = test_sg_vm_header.ZstackTestSgVm()
test_obj_dict.set_sg_vm(sg_vm)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
sg1.add_rule([rule1])
sg1.add_rule([rule2])
sg1.add_rule([rule3])
sg_vm.check()
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
# nic_uuid3 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
# vm3_nics = (nic_uuid3, vm3)
#test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1])
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
#sg_vm.attach(sg1, [vm1_nics, vm2_nics, vm3_nics])
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
sg_vm.delete_sg(sg1)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
test_util.test_pass('Delete Security Group with 2 attached NICs Success')
def test():
global test_obj_dict
test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip
target_ip_prefix = '10.10.10.'
rule_list = []
for j in range(rule_num):
target_ip = '%s%s' % (target_ip_prefix, str(1 + j))
rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.INGRESS, target_ip)
rule_list.append(rule)
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg1.add_rule(rule_list)
sg_vm.attach(sg1, [vm_nics])
rule_list = []
for j in range(rule_num):
target_ip = '%s%s' % (target_ip_prefix, str(1 + j))
rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, target_ip)
rule_list.append(rule)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg2.add_rule(rule_list)
sg_vm.attach(sg2, [vm_nics])
sg1_rules = test_lib.lib_get_sg_rule(sg1.security_group.uuid)
if len(sg1_rules) != 200:
test_util.test_fail(
"Did not find 200 SG rules for SG1: %s. We only catch %s rules" %
(sg1.security_group.uuid, len(sg1_rules)))
sg2_rules = test_lib.lib_get_sg_rule(sg2.security_group.uuid)
if len(sg2_rules) != 200:
test_util.test_fail(
"Did not find 200 SG rules for SG2: %s. We only catch %s rules" %
(sg2.security_group.uuid, len(sg2_rules)))
time.sleep(3)
#need regularlly clean up log files in virtual router when doing stress test
test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm)
#clean up all vm and sg
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('Create/Destroy VM with VR successfully')
def setup_vm_console(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv,
vm_inv.defaultL3NetworkUuid).ip
cmd = "sed -i 's/quiet/quiet console=ttyS0/g' /etc/default/grub"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_,
True, 22)
cmd = "grub2-mkconfig -o /boot/grub2/grub.cfg"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_,
True, 22)
def test():
global new_offering_uuid
test_util.test_dsc('Test change VM network bandwidth QoS by 1MB')
vm = test_stub.create_vm(vm_name='vm_net_qos')
l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid
test_obj_dict.add_vm(vm)
net_bandwidth = 512
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid)
vm_ops.set_vm_nic_qos(vm_nic.uuid,
outboundBandwidth=net_bandwidth * 8 * 1024)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth)
vm_ops.set_vm_nic_qos(vm_nic.uuid,
outboundBandwidth=net_bandwidth * 8 * 1024 / 2)
vm.check()
time.sleep(1)
test_stub.make_ssh_no_password(vm.get_vm())
test_stub.create_test_file(vm.get_vm(), net_bandwidth / 2)
test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2)
vm_ops.del_vm_nic_qos(vm_nic.uuid, 'out')
time.sleep(1)
if test_stub.test_scp_vm_outbound_speed(vm.get_vm(),
net_bandwidth / 2,
raise_exception=False):
test_util.test_fail(
'VM network Outbound is not expected to be limited after qos setting is deleted'
)
vm.stop()
vm.start()
vm.check()
if test_stub.test_scp_vm_outbound_speed(vm.get_vm(),
net_bandwidth / 2,
raise_exception=False):
test_util.test_fail(
'VM network Outbound is not expected to be limited after qos setting is deleted even after reboot'
)
vm.reboot()
vm.check()
if test_stub.test_scp_vm_outbound_speed(vm.get_vm(),
net_bandwidth / 2,
raise_exception=False):
test_util.test_fail(
'VM network Outbound is not expected to be limited after qos setting is deleted even after reboot'
)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_vm_no_password(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
# ssh.scp_file(os.environ.get('scenarioPriKey'), '/root/.ssh/id_rsa', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_)
# ssh.scp_file(os.environ.get('scenarioPubKey'), '/root/.ssh/authorized_keys', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_)
ssh.scp_file('/home/id_rsa', '/root/.ssh/id_rsa', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_)
ssh.scp_file('/home/id_rsa.pub', '/root/.ssh/authorized_keys', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_)
cmd = 'chmod go-rwx /root/.ssh/authorized_keys /root/.ssh/id_rsa'
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
cmd = "sed -i 's/.*StrictHostKeyChecking.*$/StrictHostKeyChecking no/g' /etc/ssh/ssh_config"
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
def deploy_scenario(scenario_config, scenario_file, deploy_config):
zstack_management_ip = scenario_config.basicConfig.zstackManagementIp.text_
root_xml = etree.Element("deployerConfig")
vms_xml = etree.SubElement(root_xml, 'vms')
for host in xmlobject.safe_list(scenario_config.deployerConfig.hosts.host):
for vm in xmlobject.safe_list(host.vms.vm):
vm_creation_option = test_util.VmOption()
l3_uuid_list = []
default_l3_uuid = None
for l3network in xmlobject.safe_list(vm.l3Networks.l3Network):
if not default_l3_uuid:
default_l3_uuid = l3network.uuid_
l3_uuid_list.append(l3network.uuid_)
vm_creation_option.set_instance_offering_uuid(vm.vmInstranceOfferingUuid_)
vm_creation_option.set_l3_uuids(l3_uuid_list)
vm_creation_option.set_image_uuid(vm.imageUuid_)
vm_creation_option.set_name(vm.name_)
vm_creation_option.set_host_uuid(host.uuid_)
#vm_creation_option.set_data_disk_uuids(disk_offering_uuids)
#vm_creation_option.set_default_l3_uuid(default_l3_uuid)
#vm_creation_option.set_system_tags(system_tags)
#vm_creation_option.set_ps_uuid(ps_uuid)
#vm_creation_option.set_session_uuid(session_uuid)
vm_inv = create_vm(zstack_management_ip, vm_creation_option)
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, default_l3_uuid).ip
test_lib.lib_wait_target_up(vm_ip, '22', 120)
vm_xml = etree.SubElement(vms_xml, 'vm')
vm_xml.set('name', vm.name_)
vm_xml.set('ip', vm_ip)
vm_xml.set('uuid', vm_inv.uuid)
if xmlobject.has_element(vm, 'nodeRef'):
setup_node_vm(vm_inv, vm, deploy_config)
if xmlobject.has_element(vm, 'hostRef'):
setup_host_vm(vm_inv, vm, deploy_config)
vm_xml.set('managementIp', vm_ip)
if xmlobject.has_element(vm, 'backupStorageRef'):
volume_option = test_util.VolumeOption()
volume_option.set_name('debug_scenario')
for bs_ref in xmlobject.safe_list(vm.backupStorageRef):
if bs_ref.type_ == 'ceph':
disk_offering_uuid = bs_ref.offering_uuid_
volume_option.set_disk_offering_uuid(disk_offering_uuid)
volume_inv = create_volume_from_offering(zstack_management_ip, volume_option)
attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid)
break
setup_backupstorage_vm(vm_inv, vm, deploy_config)
if xmlobject.has_element(vm, 'primaryStorageRef'):
setup_primarystorage_vm(vm_inv, vm, deploy_config)
xml_string = etree.tostring(root_xml, 'utf-8')
xml_string = minidom.parseString(xml_string).toprettyxml(indent=" ")
open(scenario_file, 'w+').write(xml_string)
def check(self):
super(zstack_vcenter_sg_tcp_ingress_checker, self).check()
all_ports = port_header.all_ports
test_result = True
test_util.test_dsc('Check TCP ingress rules')
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr)
allowed_ports = []
for rule in rules:
rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort))
test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid))
for port in rule_allowed_ports:
if not port in allowed_ports:
allowed_ports.append(port)
if not allowed_ports:
#If no allowed port, it means all denied.
denied_ports = list(all_ports)
else:
denied_ports = list_ops.list_minus(all_ports, allowed_ports)
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
try:
test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid)
test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid))
test_result = False
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid)
print_iptables(test_vm)
return self.judge(test_result)
def test():
global new_offering_uuid
test_util.test_dsc(
'Test VM network outbound & inbound bandwidth QoS by 1MB')
#unit is KB
net_bandwidth = 1024
new_offering = test_lib.lib_create_instance_offering(net_outbound_bandwidth = net_bandwidth, \
net_inbound_bandwidth = net_bandwidth)
new_offering_uuid = new_offering.uuid
vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \
instance_offering_uuid = new_offering.uuid)
test_obj_dict.add_vm(vm1)
vm1.check()
vm1_inv = vm1.get_vm()
test_stub.make_ssh_no_password(vm1_inv)
vm1_ip = vm1_inv.vmNics[0].ip
vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \
instance_offering_uuid = new_offering.uuid)
test_obj_dict.add_vm(vm2)
vm2.check()
vm2_inv = vm2.get_vm()
vm2_ip = vm2_inv.vmNics[0].ip
test_stub.make_ssh_no_password(vm2_inv)
test_stub.copy_key_file(vm1_inv)
test_stub.copy_key_file(vm2_inv)
test_stub.create_test_file(vm1_inv, net_bandwidth)
test_stub.create_test_file(vm2_inv, net_bandwidth)
l3_name = os.environ.get('l3VlanNetworkName1')
l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
vm1.add_nic(l3_net_uuid)
vm2.add_nic(l3_net_uuid)
ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null'
cmd = "pkill dhclient"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
cmd = "dhclient eth0 eth1"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
test_stub.test_scp_outbound_speed(
vm1_ip,
test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip,
net_bandwidth)
vm_ops.delete_instance_offering(new_offering_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network Outbound QoS Test Pass')
def check(self):
super(zstack_kvm_sg_tcp_ingress_checker, self).check()
all_ports = port_header.all_ports
test_result = True
test_util.test_dsc('Check TCP ingress rules')
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr)
allowed_ports = []
for rule in rules:
rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort))
test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid))
for port in rule_allowed_ports:
if not port in allowed_ports:
allowed_ports.append(port)
if not allowed_ports:
#If no allowed port, it means all denied.
denied_ports = list(all_ports)
else:
denied_ports = list_ops.list_minus(all_ports, allowed_ports)
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
try:
test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid)
test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid))
test_result = False
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid)
print_iptables(test_vm)
return self.judge(test_result)
def test():
global test_obj_dict
test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip
target_ip_prefix = '10.10.10.'
rule_list = []
for j in range(rule_num):
target_ip = '%s%s' % (target_ip_prefix, str(1+j))
rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, target_ip)
rule_list.append(rule)
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg1.add_rule(rule_list)
sg_vm.attach(sg1, [vm_nics])
rule_list = []
for j in range(rule_num):
target_ip = '%s%s' % (target_ip_prefix, str(1+j))
rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, target_ip)
rule_list.append(rule)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg2.add_rule(rule_list)
sg_vm.attach(sg2, [vm_nics])
sg1_rules = test_lib.lib_get_sg_rule(sg1.security_group.uuid)
if len(sg1_rules) != 200:
test_util.test_fail("Did not find 200 SG rules for SG1: %s. We only catch %s rules" % (sg1.security_group.uuid, len(sg1_rules)))
sg2_rules = test_lib.lib_get_sg_rule(sg2.security_group.uuid)
if len(sg2_rules) != 200:
test_util.test_fail("Did not find 200 SG rules for SG2: %s. We only catch %s rules" % (sg2.security_group.uuid, len(sg2_rules)))
time.sleep(3)
#need regularlly clean up log files in virtual router when doing stress test
test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm)
#clean up all vm and sg
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('Create/Destroy VM with VR successfully')
def recover_after_host_vm_reboot(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network):
if hasattr(l3network, 'l2NetworkRef'):
for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef):
nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config)
if nic_name.find('.') >= 0:
vlan = nic_name.split('.')[1]
test_util.test_logger('[vm:] %s %s is created.' % (vm_ip, nic_name))
cmd = 'vconfig add %s %s' % (nic_name.split('.')[0], vlan)
try:
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
except:
pass
def setup_host_vm(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
cmd = 'hostnamectl set-hostname %s' % (vm_ip.replace('.', '-'))
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
udev_config = ''
nic_id = 0
for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network):
for vmnic in vm_inv.vmNics:
if vmnic.l3NetworkUuid == l3network.uuid_:
vmnic_mac = vmnic.mac
break
nic_name = None
if hasattr(l3network, 'l2NetworkRef'):
for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef):
nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config)
if nic_name.find('.') < 0:
break
if nic_name == None:
nic_name = "eth%s" % (nic_id)
nic_id += 1
udev_config = udev_config + '\\nACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{type}=="1", ATTR{address}=="%s", NAME="%s"' % (vmnic_mac, nic_name)
cmd = 'echo %s > /etc/udev/rules.d/70-persistent-net.rules' % (udev_config)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network):
if hasattr(l3network, 'l2NetworkRef'):
for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef):
nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config)
if nic_name.find('.') >= 0:
vlan = nic_name.split('.')[1]
test_util.test_logger('[vm:] %s %s is created.' % (vm_ip, nic_name))
cmd = 'vconfig add %s %s' % (nic_name.split('.')[0], vlan)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
host = get_deploy_host(vm_config.hostRef.text_, deploy_config)
if hasattr(host, 'port_') and host.port_ != '22':
cmd = "sed -i 's/#Port 22/Port %s/g' /etc/ssh/sshd_config && iptables -I INPUT -p tcp -m tcp --dport %s -j ACCEPT && service sshd restart" % (host.port_, host.port_)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
else:
host.port_ = '22'
if host.username_ != 'root':
cmd = 'adduser %s && echo -e %s\\\\n%s | passwd %s' % (host.username_, host.password_, host.password_, host.username_)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
cmd = "echo '%s ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" % (host.username_)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
def check(self):
super(zstack_kvm_vm_default_l3_checker, self).check()
vm = self.test_obj.vm
default_l3_uuid \
= self.test_obj.get_creation_option().get_default_l3_uuid()
if vm.defaultL3NetworkUuid != default_l3_uuid:
test_util.test_logger(
'Checker Fail: VM: %s setting default l3 uuid: %s is different with the one in database: %s'
% (vm.uuid, default_l3_uuid, vm.defaultL3NetworkUuid))
return self.judge(False)
for vm_nic in vm.vmNics:
if vm_nic.l3NetworkUuid == default_l3_uuid:
gateway = vm_nic.gateway
break
else:
test_util.test_logger(
'Checker Fail: Did not find default l3: %s is belonged to any VM: %s vmNics: %s'
% (default_l3_uuid, vm.uuid, vm.vmNics))
return self.judge(False)
test_lib.lib_install_testagent_to_vr(vm)
host = test_lib.lib_get_vm_host(vm)
test_lib.lib_install_testagent_to_host(host)
test_lib.lib_set_vm_host_l2_ip(vm)
nic = test_lib.lib_get_vm_nic_by_l3(vm, default_l3_uuid)
command = 'route|grep default'
cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(
host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm),
test_lib.lib_get_vm_password(vm), command, self.exp_result)
if not cmd_result:
test_util.test_logger(
'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.'
% (vm.uuid, host.name))
return self.judge(False)
if isinstance(cmd_result, str) and gateway in cmd_result:
test_util.test_logger(
'Checker result: gateway %s is SUCCESSFULLY set in guest [vm:] %s default router. '
% (gateway, vm.uuid))
return self.judge(True)
else:
test_util.test_logger(
'Checker result: gateway: %s is NOT set in guest [vm:] %s default router. The default route is : %s'
% (gateway, vm.uuid, cmd_result))
return self.judge(False)
def test():
global new_offering_uuid
test_util.test_dsc('Test VM network outbound & inbound bandwidth QoS by 1MB')
#unit is KB
net_bandwidth = 1024
new_offering = test_lib.lib_create_instance_offering(net_outbound_bandwidth = net_bandwidth, \
net_inbound_bandwidth = net_bandwidth)
new_offering_uuid = new_offering.uuid
vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \
instance_offering_uuid = new_offering.uuid)
test_obj_dict.add_vm(vm1)
vm1.check()
vm1_inv = vm1.get_vm()
test_stub.make_ssh_no_password(vm1_inv)
vm1_ip = vm1_inv.vmNics[0].ip
vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \
instance_offering_uuid = new_offering.uuid)
test_obj_dict.add_vm(vm2)
vm2.check()
vm2_inv = vm2.get_vm()
vm2_ip = vm2_inv.vmNics[0].ip
test_stub.make_ssh_no_password(vm2_inv)
test_stub.copy_key_file(vm1_inv)
test_stub.copy_key_file(vm2_inv)
test_stub.create_test_file(vm1_inv, net_bandwidth)
test_stub.create_test_file(vm2_inv, net_bandwidth)
l3_name = os.environ.get('l3VlanNetworkName1')
l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid
vm1.add_nic(l3_net_uuid)
vm2.add_nic(l3_net_uuid)
ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null'
cmd = "pkill dhclient"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
cmd = "dhclient eth0 eth1"
os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd))
os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd))
test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip, net_bandwidth)
vm_ops.delete_instance_offering(new_offering_uuid)
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('VM Network Outbound QoS Test Pass')
def setup_backupstorage_vm(vm_inv, vm_config, deploy_config):
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip
host = get_host(vm_config, deploy_config)
if not hasattr(host, 'port_') or host.port_ == '22':
host.port_ = '22'
for backupStorageRef in xmlobject.safe_list(vm_config.backupStorageRef):
print backupStorageRef.text_
if backupStorageRef.type_ == 'sftp':
for sftpBackupStorage in xmlobject.safe_list(deploy_config.backupStorages.sftpBackupStorage):
if backupStorageRef.text_ == sftpBackupStorage.name_:
# TODO: sftp may setup with non-root or non-default user/password port
test_util.test_logger('[vm:] %s setup sftp service.' % (vm_ip))
cmd = "mkdir -p %s" % (sftpBackupStorage.url_)
ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
return
def get_all_available_vr_ip(self):
vip = self.test_obj.get_vip()
l3_uuid = vip.l3NetworkUuid
vrs = test_lib.lib_find_vr_by_l3_uuid(l3_uuid)
eip_vm_vr_uuids = []
if self.vm_nic_uuid:
#target_vm's VRs should be excluded, otherwise the ip package will be routed to this VR directly.
vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid)
vr_l3_uuid = vm_nic.l3NetworkUuid
vr = test_lib.lib_find_vr_by_l3_uuid(vr_l3_uuid)[0]
eip_vm_vr_uuids.append(vr.uuid)
for vr in vrs:
vnic = test_lib.lib_get_vm_nic_by_l3(vr, l3_uuid)
if vr.uuid in eip_vm_vr_uuids:
continue
ip = vnic.ip
self.available_vr_dict[ip] = vr
def get_all_available_vr_ip(self):
vip = self.test_obj.get_vip()
l3_uuid = vip.l3NetworkUuid
vrs = test_lib.lib_find_vr_by_l3_uuid(l3_uuid)
eip_vm_vr_uuids = []
if self.vm_nic_uuid:
#target_vm's VRs should be excluded, otherwise the ip package will be routed to this VR directly.
vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid)
vr_l3_uuid = vm_nic.l3NetworkUuid
vr = test_lib.lib_find_vr_by_l3_uuid(vr_l3_uuid)[0]
eip_vm_vr_uuids.append(vr.uuid)
for vr in vrs:
vnic = test_lib.lib_get_vm_nic_by_l3(vr, l3_uuid)
if vr.uuid in eip_vm_vr_uuids:
continue
ip = vnic.ip
self.available_vr_dict[ip] = vr
def check(self):
super(zstack_kvm_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
#test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
def check(self):
super(zstack_vcenter_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
def test():
global test_obj_dict
test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
sg1.add_rule([rule1, rule2, rule3, rule4, rule5])
sg_vm.attach(sg1, [vm_nics])
time.sleep(3)
#need regularlly clean up log files in virtual router when doing stress test
test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm)
#clean up all vm and sg
test_lib.lib_robot_cleanup(test_obj_dict)
test_util.test_pass('Create/Destroy VM with VR successfully')
def check(self):
super(zstack_kvm_vm_default_l3_checker, self).check()
vm = self.test_obj.vm
default_l3_uuid \
= self.test_obj.get_creation_option().get_default_l3_uuid()
if vm.defaultL3NetworkUuid != default_l3_uuid:
test_util.test_logger('Checker Fail: VM: %s setting default l3 uuid: %s is different with the one in database: %s' % (vm.uuid, default_l3_uuid, vm.defaultL3NetworkUuid))
return self.judge(False)
for vm_nic in vm.vmNics:
if vm_nic.l3NetworkUuid == default_l3_uuid:
gateway = vm_nic.gateway
break
else:
test_util.test_logger('Checker Fail: Did not find default l3: %s is belonged to any VM: %s vmNics: %s' % (default_l3_uuid, vm.uuid, vm.vmNics))
return self.judge(False)
test_lib.lib_install_testagent_to_vr(vm)
host = test_lib.lib_get_vm_host(vm)
test_lib.lib_install_testagent_to_host(host)
test_lib.lib_set_vm_host_l2_ip(vm)
nic = test_lib.lib_get_vm_nic_by_l3(vm, default_l3_uuid)
command = 'route -n |grep ^0.0.0.0'
cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), command, self.exp_result)
if not cmd_result:
test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
return self.judge(False)
if isinstance(cmd_result, str) and gateway in cmd_result:
test_util.test_logger('Checker result: gateway %s is SUCCESSFULLY set in guest [vm:] %s default router. ' % (gateway, vm.uuid))
return self.judge(True)
else:
test_util.test_logger('Checker result: gateway: %s is NOT set in guest [vm:] %s default router. The default route is : %s' % (gateway, vm.uuid, cmd_result))
return self.judge(False)
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports))
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove nic from security group 1.")
sg_vm.detach(sg1, nic_uuid)
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add nic to security group 1 again.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add rule2, rule3 back to security group 1.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg1.add_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2
test_util.test_dsc("Add nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports)
sg_vm.attach(sg3, [vm_nics])
sg_vm.check()
#detach nic from sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports)
sg_vm.delete_sg(sg3)
sg_vm.check()
test_obj_dict.rm_sg(sg3.security_group.uuid)
#Cleanup
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.check()
vm2.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(VLAN1_NAME, VLAN2_NAME))
vm1 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME)
test_obj_dict.add_vm(vm1)
vm1.check()
vm2 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN2_NAME), l3_name=VLAN2_NAME)
test_obj_dict.add_vm(vm2)
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm2.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports))
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove nic from security group 1.")
sg_vm.detach(sg1, nic_uuid)
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add nic to security group 1 again.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add rule2, rule3 back to security group 1.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg1.add_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2
test_util.test_dsc("Add nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports)
sg_vm.attach(sg3, [vm_nics])
sg_vm.check()
#detach nic from sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports)
sg_vm.delete_sg(sg3)
sg_vm.check()
test_obj_dict.rm_sg(sg3.security_group.uuid)
#Cleanup
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.check()
vm2.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success')
test_lib.lib_error_cleanup(test_obj_dict)
test_stub.remove_all_vpc_vrouter()
def deploy_scenario(scenario_config, scenario_file, deploy_config):
vm_inv_lst = []
vm_cfg_lst = []
eip_lst = []
vip_lst = []
ocfs2smp_shareable_volume_is_created = False
zstack_management_ip = scenario_config.basicConfig.zstackManagementIp.text_
root_xml = etree.Element("deployerConfig")
vms_xml = etree.SubElement(root_xml, 'vms')
for host in xmlobject.safe_list(scenario_config.deployerConfig.hosts.host):
for vm in xmlobject.safe_list(host.vms.vm):
vm_creation_option = test_util.VmOption()
l3_uuid_list = []
default_l3_uuid = None
for l3network in xmlobject.safe_list(vm.l3Networks.l3Network):
if not default_l3_uuid:
default_l3_uuid = l3network.uuid_
l3_uuid_list.append(l3network.uuid_)
vm_creation_option.set_instance_offering_uuid(vm.vmInstranceOfferingUuid_)
vm_creation_option.set_l3_uuids(l3_uuid_list)
vm_creation_option.set_image_uuid(vm.imageUuid_)
vm_creation_option.set_name(vm.name_)
vm_creation_option.set_host_uuid(host.uuid_)
#vm_creation_option.set_data_disk_uuids(disk_offering_uuids)
#vm_creation_option.set_default_l3_uuid(default_l3_uuid)
#vm_creation_option.set_system_tags(system_tags)
#vm_creation_option.set_ps_uuid(ps_uuid)
#vm_creation_option.set_session_uuid(session_uuid)
vm_inv = create_vm(zstack_management_ip, vm_creation_option)
vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, default_l3_uuid).ip
test_lib.lib_wait_target_up(vm_ip, '22', 120)
vm_xml = etree.SubElement(vms_xml, 'vm')
vm_xml.set('name', vm.name_)
vm_xml.set('uuid', vm_inv.uuid)
vm_xml.set('ip', vm_ip)
setup_vm_no_password(vm_inv, vm, deploy_config)
setup_vm_console(vm_inv, vm, deploy_config)
stop_vm(zstack_management_ip, vm_inv.uuid)
start_vm(zstack_management_ip, vm_inv.uuid)
test_lib.lib_wait_target_up(vm_ip, '22', 120)
ips_xml = etree.SubElement(vm_xml, 'ips')
for l3_uuid in l3_uuid_list:
ip_xml = etree.SubElement(ips_xml, 'ip')
ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3_uuid).ip
ip_xml.set('ip', ip)
#setup eip
if xmlobject.has_element(vm, 'eipRef'):
vm_nic = vm_inv.vm.vmNics[0]
vm_nic_uuid = vm_nic.uuid
for l3network in xmlobject.safe_list(vm.l3Networks.l3Network):
vip = test_stub.create_vip('scenario-auto-vip', l3network.uuid_)
vip_lst.append(vip)
eip = test_stub.create_eip(l3network.eipRef.text_, vip_uuid=vip.get_vip().uuid, vnic_uuid=vm_nic_uuid, vm_obj=vm_inv)
eip_lst.append(eip)
vip.attach_eip(eip)
vm_xml.set('ip', eip.get_eip().vipIp)
if xmlobject.has_element(vm, 'nodeRef'):
setup_node_vm(vm_inv, vm, deploy_config)
if xmlobject.has_element(vm, 'hostRef'):
setup_host_vm(vm_inv, vm, deploy_config)
vm_inv_lst.append(vm_inv)
vm_cfg_lst.append(vm)
vm_xml.set('managementIp', vm_ip)
if xmlobject.has_element(vm, 'mnHostRef'):
setup_mn_host_vm(vm_inv, vm)
if xmlobject.has_element(vm, 'backupStorageRef'):
volume_option = test_util.VolumeOption()
volume_option.set_name(os.environ.get('volumeName'))
for bs_ref in xmlobject.safe_list(vm.backupStorageRef):
if bs_ref.type_ == 'ceph':
disk_offering_uuid = bs_ref.offering_uuid_
volume_option.set_disk_offering_uuid(disk_offering_uuid)
volume_inv = create_volume_from_offering(zstack_management_ip, volume_option)
attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid)
break
if bs_ref.type_ == 'fusionstor':
disk_offering_uuid = bs_ref.offering_uuid_
volume_option.set_disk_offering_uuid(disk_offering_uuid)
volume_inv = create_volume_from_offering(zstack_management_ip, volume_option)
volume_inv1 = create_volume_from_offering(zstack_management_ip, volume_option)
volume_inv2 = create_volume_from_offering(zstack_management_ip, volume_option)
attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid)
attach_volume(zstack_management_ip, volume_inv1.uuid, vm_inv.uuid)
attach_volume(zstack_management_ip, volume_inv2.uuid, vm_inv.uuid)
break
setup_backupstorage_vm(vm_inv, vm, deploy_config)
if xmlobject.has_element(vm, 'primaryStorageRef'):
setup_primarystorage_vm(vm_inv, vm, deploy_config)
for ps_ref in xmlobject.safe_list(vm.primaryStorageRef):
if ps_ref.type_ == 'ocfs2smp':
if ocfs2smp_shareable_volume_is_created == False and hasattr(ps_ref, 'disk_offering_uuid_'):
ocfs2smp_disk_offering_uuid = ps_ref.disk_offering_uuid_
volume_option.set_disk_offering_uuid(ocfs2smp_disk_offering_uuid)
volume_option.set_system_tags(['ephemeral::shareable', 'capability::virtio-scsi'])
share_volume_inv = create_volume_from_offering(zstack_management_ip, volume_option)
ocfs2smp_shareable_volume_is_created = True
attach_volume(zstack_management_ip, share_volume_inv.uuid, vm_inv.uuid)
xml_string = etree.tostring(root_xml, 'utf-8')
xml_string = minidom.parseString(xml_string).toprettyxml(indent=" ")
open(scenario_file, 'w+').write(xml_string)
setup_ceph_storages(scenario_config, scenario_file, deploy_config)
setup_ocfs2smp_primary_storages(scenario_config, scenario_file, deploy_config, vm_inv_lst, vm_cfg_lst)
setup_fusionstor_storages(scenario_config, scenario_file, deploy_config)
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm3)
vm1.check()
vm2.check()
vm3.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
sg1.add_rule([rule1])
sg_vm.add_stub_vm(l3_uuid, vm3)
sg_vm.check()
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
#test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1])
test_util.test_dsc("Add vm 1 nic to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm1_nics])
sg_vm.check()
test_util.test_dsc("Detach security group 1 from vm1's l3 network.")
test_util.test_dsc("VM1 nic will be automatically removed from SG1")
sg_vm.detach_l3(sg1, l3_uuid)
sg_vm.check()
test_util.test_dsc("Add vm 1 & vm 2 nics to security group 1.")
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Detach security group 1 from vm1's l3 network. It will cause both vm1 and vm2 nics are detached from sg1.")
sg_vm.detach_l3(sg1, l3_uuid)
sg_vm.check()
#Reboot Vm1 and check sg again.
vm1.reboot()
vm1.check()
sg_vm.check()
test_util.test_dsc("Add vm 1 & vm 2 nics to security group 1.")
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Detach security group 1 from vm1's l3 network. It will cause both vm1 and vm2 nics are detached from sg1.")
sg_vm.detach_l3(sg1, l3_uuid)
sg_vm.check()
#delete sg1
test_util.test_dsc("Delete security group 1.")
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
#Cleanup
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
vm3.destroy()
test_obj_dict.rm_vm(vm3)
test_util.test_pass('Security Group Detach from L3 network with 2 VMs on virtual router Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
test_util.test_dsc("Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass('Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
global vm, session_uuid
global all_volume_offering_uuid, rw_volume_offering_uuid, instance_offering_uuid
global test_account_uuid
test_util.test_dsc('Test normal account change the qos network and volume ')
#create normal account
test_util.test_dsc('create normal account')
account_name = 'a'
account_pass = hashlib.sha512(account_name).hexdigest()
test_account = acc_ops.create_normal_account(account_name, account_pass)
test_account_uuid = test_account.uuid
test_account_session = acc_ops.login_by_account(account_name, account_pass)
#create disk offering
test_util.test_dsc('create disk offering')
name_all = 'all_disk_offering'
volume_bandwidth = 30*1024*1024
all_volume_offering = test_lib.lib_create_disk_offering(name = name_all, volume_bandwidth = volume_bandwidth)
all_volume_offering_uuid = all_volume_offering.uuid
name_rw = 'rw_disk_offering'
volume_read_bandwidth = 90*1024*1024
volume_write_bandwidth = 100*1024*1024
rw_volume_offering = test_lib.lib_create_disk_offering(name = name_rw, read_bandwidth = volume_read_bandwidth, write_bandwidth = volume_write_bandwidth)
rw_volume_offering_uuid = rw_volume_offering.uuid
#create instance offering
test_util.test_dsc('create instance offering')
read_bandwidth = 50*1024*1024
write_bandwidth = 60*1024*1024
net_outbound_bandwidth = 70*1024*1024
net_inbound_bandwidth = 80*1024*1024
new_instance_offering = test_lib.lib_create_instance_offering(read_bandwidth = read_bandwidth, write_bandwidth=write_bandwidth, net_outbound_bandwidth = net_outbound_bandwidth, net_inbound_bandwidth = net_inbound_bandwidth)
instance_offering_uuid = new_instance_offering.uuid
#share admin resoure to normal account
test_util.test_dsc('share admin resoure to normal account')
test_stub.share_admin_resource([test_account_uuid])
acc_ops.share_resources([test_account_uuid], [all_volume_offering_uuid, rw_volume_offering_uuid])
#create vm with 2 data volumes
test_util.test_dsc('create vm with volumes qos by normal account a')
l3net_uuid = res_ops.get_resource(res_ops.L3_NETWORK, session_uuid = test_account_session)[0].uuid
cond = res_ops.gen_query_conditions('platform', '=', 'Linux')
image_uuid = res_ops.query_resource(res_ops.IMAGE, cond, session_uuid = test_account_session)[0].uuid
vm_creation_option = test_util.VmOption()
vm_creation_option.set_instance_offering_uuid(instance_offering_uuid)
vm_creation_option.set_image_uuid(image_uuid)
vm_creation_option.set_l3_uuids([l3net_uuid])
vm = test_stub.create_vm_with_volume(vm_creation_option = vm_creation_option, data_volume_uuids = [all_volume_offering_uuid, rw_volume_offering_uuid], session_uuid = test_account_session)
vm_inv = vm.get_vm()
# get the nic uuid
test_util.test_dsc('get the vm_nic')
l3_uuid = vm_inv.vmNics[0].l3NetworkUuid
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3_uuid)
# get the volume uuid
test_util.test_dsc('get the vm data volumes')
cond1 = res_ops.gen_query_conditions("diskOfferingUuid", '=', all_volume_offering_uuid)
cond2 = res_ops.gen_query_conditions("diskOfferingUuid", '=', rw_volume_offering_uuid)
all_volume_uuid = res_ops.query_resource(res_ops.VOLUME, cond1)[0].uuid
rw_volume_uuid = res_ops.query_resource(res_ops.VOLUME, cond2)[0].uuid
#set root disk qos
test_util.test_dsc('set read*2, read/2, write*2, write/2 and del the root disk read and write qos')
try:
vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = read_bandwidth*2, mode = 'read', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del the root disk read qos')
try:
vm_ops.del_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, mode = 'read', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = read_bandwidth/2, mode = 'read', session_uuid = test_account_session)
test_util.test_dsc('set 2 times the root disk write qos')
try:
vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = write_bandwidth*2, mode = 'write', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del the root disk write qos')
try:
vm_ops.del_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, mode = 'write', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('set below the root disk write qos')
vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = write_bandwidth/2, mode = 'write', session_uuid = test_account_session)
#set data disk all_volume_uuid qos
test_util.test_dsc('set read*2, read/2, write*2, write/2 and del the volume1 disk read and write qos')
try:
vm_ops.set_vm_disk_qos(all_volume_uuid, volumeBandwidth = volume_bandwidth*2, session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del the data volume qos')
try:
vm_ops.del_vm_disk_qos(all_volume_uuid, session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
vm_ops.set_vm_disk_qos(all_volume_uuid, volumeBandwidth = volume_bandwidth/2, session_uuid = test_account_session)
#set data disk rw_volume_uuid write qos
test_util.test_dsc('set 2 times the data rw_volume_uuid write qos')
try:
vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_write_bandwidth*2, mode = 'write', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del the data rw_volume_uuid write qos')
try:
vm_ops.del_vm_disk_qos(rw_volume_uuid, mode = 'write', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_write_bandwidth/2, mode = 'write', session_uuid = test_account_session)
#set data disk rw_volume_uuid read qos
test_util.test_dsc('set 2 times the data rw_volume_uuid read qos')
try:
vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_read_bandwidth*2, mode = 'read', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del the data rw_volume_uuid read qos')
try:
vm_ops.del_vm_disk_qos(rw_volume_uuid, mode = 'read', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_read_bandwidth/2, mode = 'read', session_uuid = test_account_session)
# set the vm nic qos
test_util.test_dsc('set higher than net out and in ')
try:
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth*2, inboundBandwidth = net_inbound_bandwidth*2, session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('set higher than net out and equal in ')
try:
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth*2, inboundBandwidth = net_inbound_bandwidth, session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del net in ')
try:
vm_ops.del_vm_nic_qos(vm_nic.uuid, direction = 'in', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('del net out ')
try:
vm_ops.del_vm_nic_qos(vm_nic.uuid, direction = 'out', session_uuid = test_account_session)
except:
print "Test results were in line with expectations"
pass
test_util.test_dsc('set equal net out and in ')
try:
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth, inboundBandwidth = net_inbound_bandwidth, session_uuid = test_account_session)
#except:
except Exception as e:
test_util.test_logger(e)
test_util.test_dsc('set below net out and in ')
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth/2, inboundBandwidth = net_inbound_bandwidth/2, session_uuid = test_account_session)
vm.check()
vm.destroy(test_account_session)
vm.check()
vol_ops.delete_disk_offering(all_volume_offering_uuid)
vol_ops.delete_disk_offering(rw_volume_offering_uuid)
vol_ops.delete_volume(all_volume_uuid, test_account_session)
vol_ops.delete_volume(rw_volume_uuid, test_account_session)
acc_ops.delete_account(test_account_uuid)
vm_ops.delete_instance_offering(instance_offering_uuid)
test_util.test_pass('Create VM Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm3)
vm1.check()
vm2.check()
vm3.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.add_stub_vm(l3_uuid, vm3)
sg_vm.check()
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
#vm_nics = [nic_uuid1, nic_uuid2]
#test_util.test_dsc("Create SG rule0: allow connection from vr to port 0~100. This is for enabling ssh connection from vr")
#rule0 = inventory.SecurityGroupRuleAO()
#rule0.allowedCidr = '%s/32' % vr_internal_ip
#rule0.protocol = inventory.TCP
#rule0.startPort = 0
#rule0.endPort = 100
#rule0.type = inventory.INGRESS
#test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1])
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Remove nic from security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports)
sg_vm.detach(sg1, nic_uuid1)
sg_vm.detach(sg1, nic_uuid2)
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add nic to security group 1 again.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg2.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2 to vm1
test_util.test_dsc("Add vm1 nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ingress ports for vm1 from vm3: %s" % tmp_allowed_ports)
test_util.test_dsc("Allowed ingress ports for vm1 from vm3: %s" % test_stub.rule1_ports)
test_util.test_dsc("Allowed ingress ports for vm2: %s" % test_stub.rule1_ports)
sg_vm.attach(sg2, [vm1_nics])
sg_vm.check()
#add sg2 to vm2
test_util.test_dsc("Add vm2 nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ingress ports for vm1/vm2: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm2_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add vm1/vm2 nics to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg3, [vm1_nics, vm2_nics])
sg_vm.check()
#remove sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid1)
sg_vm.detach(sg2, nic_uuid2)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg_vm.delete_sg(sg3)
test_obj_dict.rm_sg(sg3.security_group.uuid)
sg_vm.check()
#Cleanup
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
vm3.destroy()
test_obj_dict.rm_vm(vm3)
test_util.test_pass('Security Group Vlan VirtualRouter 2 VMs Group Ingress Test Success')
def test():
test_util.test_logger("start check vm lifecycle")
test_util.test_logger("create public ip billing")
bill_ip = test_stub.PublicIpBilling()
ipin = threading.Thread(target=bill_ip.create_resource_type(),\
args=(bill_ip.get_resourceName()))
bill_ip.set_resourceName("pubIpVmNicBandwidthOut")
ipout = threading.Thread(target=bill_ip.create_resource_type(),\
args=(bill_ip.get_resourceName()))
ipin.start()
ipout.start()
test_util.test_logger("create vm instance")
global vm
vm = test_stub.create_vm_billing("test_vmm", test_stub.set_vm_resource()[0], None,\
test_stub.set_vm_resource()[1], test_stub.set_vm_resource()[2])
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.get_vm(), test_stub.set_vm_resource()[2])
test_util.test_logger("set vm nic bandwidth")
net_bandwidth = 10*1024*1024
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_bandwidth, inboundBandwidth = net_bandwidth)
time.sleep(1)
test_util.test_logger("verify calculate if right is")
if bill_ip.get_price_total().total < 100:
test_util.test_fail("test billing fail, bill is %s ,less than 100" %(bill_ip.get_price_total().total))
test_util.test_logger("stop vm instance")
vm.stop()
bill_ip.compare("stop")
test_util.test_logger("destory vm instance")
vm.destroy()
bill_ip.compare("destory")
test_util.test_logger("recover vm instance")
vm.recover()
vm.start()
bill_ip.compare("recover")
test_util.test_logger("get host total and primarystorge type")
Host_uuid = test_stub.get_resource_from_vmm(res_ops.HOST,vm.get_vm().zoneUuid,vm.get_vm().hostUuid)
PrimaryFlag = test_stub.get_resource_from_vmm(res_ops.PRIMARY_STORAGE,vm.get_vm().zoneUuid)
if Host_uuid and PrimaryFlag == 0:
test_util.test_logger("migration vm instance")
prices = bill_ip.get_price_total()
vm.migrate(Host_uuid)
prices1 = bill_ip.get_price_total()
if prices1.total > prices.total:
bill_ip.compare("migration")
else:
test_util.test_fail("test bill fail, maybe can not calculate when vm live migration")
BackStorageFlag = test_stub.get_resource_from_vmm(res_ops.BACKUP_STORAGE)
if BackStorageFlag == 1:
clone = vm.clone(["clone-1"])
vm.clean()
bill_ip.compare("clone")
clone[0].clean()
else:
test_util.test_logger("clean vm instance")
vm.clean()
bill_ip.compare("clean")
test_util.test_logger("delete public ip resource")
resourcePrices = test_stub.query_resource_price()
for resource_price in resourcePrices:
test_stub.delete_price(resource_price.uuid)
test_util.test_pass("check vm lifecycle with public ip billing pass")
def test():
vm1 = test_stub.create_vr_vm('migrate_vm1', 'imageName_net',
'l3VlanNetwork3')
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_vr_vm('migrate_vm2', 'imageName_net',
'l3VlanNetwork3')
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_vr_vm('migrate_vm3', 'imageName_net',
'l3VlanNetwork3')
test_obj_dict.add_vm(vm3)
vm1.check()
vm2.check()
vm3.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
if not test_lib.lib_find_vr_by_vm(vm1.vm)[0]:
test_util.test_skip("skip the test for no vr found in the env.")
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.INGRESS, vm3_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm3_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm3_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg_vm.add_stub_vm(l3_uuid, vm3)
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.attach(sg2, [vm1_nics, vm2_nics])
test_stub.migrate_vm_to_random_host(vm1)
test_stub.migrate_vm_to_random_host(vm2)
test_stub.migrate_vm_to_random_host(vm3)
vm1.check()
vm2.check()
vm3.check()
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
vm3.destroy()
test_obj_dict.rm_vm(vm3)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
test_util.test_pass('Migrate SG VM Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(
VLAN1_NAME, VLAN2_NAME))
vm1 = test_stub.create_vm_with_random_offering(
vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME)
test_obj_dict.add_vm(vm1)
vm1.check()
vm2 = test_stub.create_vm_with_random_offering(
vm_name='vpc_vm_{}'.format(VLAN2_NAME), l3_name=VLAN2_NAME)
test_obj_dict.add_vm(vm2)
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm2.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports))
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove nic from security group 1.")
sg_vm.detach(sg1, nic_uuid)
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add nic to security group 1 again.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add rule2, rule3 back to security group 1.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg1.add_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2
test_util.test_dsc("Add nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" %
tmp_allowed_ports)
sg_vm.attach(sg3, [vm_nics])
sg_vm.check()
#detach nic from sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" %
tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports)
sg_vm.delete_sg(sg3)
sg_vm.check()
test_obj_dict.rm_sg(sg3.security_group.uuid)
#Cleanup
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.check()
vm2.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success')
test_lib.lib_error_cleanup(test_obj_dict)
test_stub.remove_all_vpc_vrouter()
def test():
cond = res_ops.gen_query_conditions('system', '=', 'false')
imageUuid = res_ops.query_resource_fields(res_ops.IMAGE, cond)[0].uuid
cond = res_ops.gen_query_conditions('type', '=', 'UserVm')
instanceOfferingUuid = res_ops.query_resource_fields(res_ops.INSTANCE_OFFERING, cond)[0].uuid
cond = res_ops.gen_query_conditions('name', '=', 'public network')
l3NetworkUuids = res_ops.query_resource_fields(res_ops.L3_NETWORK, cond)[0].uuid
vm_name = 'vm-1'
create_bill(1, "pubIpVmNicBandwidthIn", "s", "m")
resourcePrices = query_resource_price()
for resource_price in resourcePrices:
delete_price(resource_price.uuid)
##parallel create bill
counter = 0
for i in range(0, 200):
ipin = threading.Thread(target=create_bill, args=(i, "pubIpVmNicBandwidthIn", "s", "k"))
ipout = threading.Thread(target=create_bill, args=(i, "pubIpVmNicBandwidthOut", "m", "m"))
vipin = threading.Thread(target=create_bill, args=(i, "pubIpVipBandwidthIn", "h", "g"))
vipout = threading.Thread(target=create_bill, args=(i, "pubIpVipBandwidthOut", "d", "m"))
while threading.active_count() > 10:
time.sleep(3)
ipin.start()
ipout.start()
vipin.start()
vipout.start()
#Delete all price
resourcePrices = query_resource_price()
##wait 15s for all prices created
i = 0
while len(resourcePrices) != 800:
print len(resourcePrices)
time.sleep(3)
if i > 5:
test_util.test_fail("Fail to create 800 prices")
i = i + 1
resourcePrices = query_resource_price()
#Delete all price
for resource_price in resourcePrices:
delete_price(resource_price.uuid)
ipin = threading.Thread(target=create_bill, args=(10, "pubIpVmNicBandwidthIn", "s", "m"))
ipout = threading.Thread(target=create_bill, args=(10, "pubIpVmNicBandwidthOut", "s", "m"))
vipin = threading.Thread(target=create_bill, args=(10, "pubIpVipBandwidthIn", "s", "m"))
vipout = threading.Thread(target=create_bill, args=(10, "pubIpVipBandwidthOut", "s", "m"))
ipin.start()
ipout.start()
vipin.start()
vipout.start()
net_bandwidth = 10*1024*1024
vm = create_vm(vm_name, imageUuid, None,instanceOfferingUuid, l3NetworkUuids)
vm_inv = vm.get_vm()
vm_nic = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3NetworkUuids)
vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_bandwidth, inboundBandwidth = net_bandwidth)
cond = res_ops.gen_query_conditions('name', '=', 'admin')
time.sleep(1)
admin_uuid = res_ops.query_resource_fields(res_ops.ACCOUNT, cond)[0].uuid
prices = bill_ops.calculate_account_spending(admin_uuid)
if prices.total < 180:
test_util.test_fail("test billing fail, bill is lesser than 180 after vm nic qos set")
#Delete vm nic qos
vm_ops.del_vm_nic_qos(vm_nic.uuid, "in")
vm_ops.del_vm_nic_qos(vm_nic.uuid, "out")
time.sleep(1)
# Total cost should not grow up
price1 = bill_ops.calculate_account_spending(admin_uuid)
time.sleep(2)
price2 = bill_ops.calculate_account_spending(admin_uuid)
if price1.total != price2.total:
test_util.test_fail("test billing fail, bill still grows up after deleting vm nic qos. price1 total: %s, price2 total: %s" % (price1.total, price2.total))
#Delete vm nic resource price
price_ipin = query_resource_price(resource_name = "pubIpVmNicBandwidthIn")[0]
price_ipout = query_resource_price(resource_name = "pubIpVmNicBandwidthOut")[0]
delete_price(price_ipin.uuid)
delete_price(price_ipout.uuid)
#make sure vm nic resource price has been deleted
price_ipin = query_resource_price(resource_name = "pubIpVmNicBandwidthIn")
price_ipout = query_resource_price(resource_name = "pubIpVmNicBandwidthOut")
if len(price_ipin) > 0 or len(price_ipout)> 0:
test_util.test_fail("Fail to clean vm nic resource price. length of pubIpVmNicBandwidthIn: %d, length of pubIpVmNicBandwidthOut: %d" %(len(price_ipin), len(price_ipout)))
# price.total should be 0, after the prices are deleted
prices = bill_ops.calculate_account_spending(admin_uuid)
if prices.total != 0:
test_util.test_fail("test billing fail, bill is not 0. Bill is: %s" % (prices.total))
#create vip qos
vip = test_stub.create_vip("test_vip_qos_price", l3NetworkUuids)
vip_uuid = vip.get_vip().uuid
vip_qos = net_ops.set_vip_qos(vip_uuid=vip_uuid, inboundBandwidth = net_bandwidth, outboundBandwidth = net_bandwidth)
time.sleep(1)
prices = bill_ops.calculate_account_spending(admin_uuid)
if prices.total < 180:
print prices.total
test_util.test_fail("test billing fail, bill is lesser than 180 after vip qos set")
#Delete vip qos
net_ops.delete_vip_qos(vip_uuid)
time.sleep(1)
# Total cost should not grow up
price1 = bill_ops.calculate_account_spending(admin_uuid)
time.sleep(2)
price2 = bill_ops.calculate_account_spending(admin_uuid)
if price1.total != price2.total:
test_util.test_fail("test billing fail, bill still grows up after deleting vip qos. price1 total: %s, price2 total: %s" % (price1.total, price2.total))
#Delete vip resource price
price_vipin = query_resource_price(resource_name = "pubIpVipBandwidthIn")[0]
price_vipout = query_resource_price(resource_name = "pubIpVipBandwidthOut")[0]
delete_price(price_vipin.uuid)
delete_price(price_vipout.uuid)
#make sure vm nic resource price has been deleted
price_vipin = query_resource_price(resource_name = "pubIpVipBandwidthIn")
price_vipout = query_resource_price(resource_name = "pubIpVipBandwidthOut")
if len(price_vipin) > 0 or len(price_vipout)> 0:
test_util.test_fail("Fail to clean vip resource price. length of pubIpVipBandwidthIn: %d, length of pubIpVipBandwidthOut: %d" %(len(price_vipin), len(price_vipout)))
# price.total should be 0, after the prices are deleted
prices = bill_ops.calculate_account_spending(admin_uuid)
if prices.total != 0:
test_util.test_fail("test billing fail, bill is not 0. Bill is: %s" % (prices.total))
test_util.test_pass("test billing pass")
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
#test_util.test_dsc("Create SG rule6: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
#rule6 = inventory.SecurityGroupRuleAO()
#rule6.allowedCidr = '%s/32' % vr_internal_ip
#rule6.protocol = inventory.TCP
#rule6.startPort = 0
#rule6.endPort = 65535
#rule6.type = inventory.INGRESS
#test_util.test_dsc("Create SG rule7: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
#rule7 = inventory.SecurityGroupRuleAO()
#rule7.allowedCidr = '%s/32' % vr_internal_ip
#rule7.protocol = inventory.ICMP
#rule7.startPort = -1
#rule7.endPort = -1
#rule7.type = inventory.EGRESS
#test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6, rule7])
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1")
vm1.stop()
sg_vm.check()
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2 to stopped vm1.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports(rules1 + rule2 + rule3): %s" % tmp_allowed_ports)
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1 again")
vm1.stop()
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1 again")
vm1.stop()
sg_vm.check()
test_util.test_dsc("remove rule2 from sg2 and rule4 from sg3")
sg2.delete_rule([rule2])
sg3.delete_rule([rule4])
sg_vm.check()
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg_vm.delete_sg(sg3)
test_obj_dict.rm_sg(sg3.security_group.uuid)
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
test_util.test_pass('Security Group Vlan VirtualRouter VM Add/Remove rules to stopped VM Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
#test_util.test_dsc("Create SG rule6: allow connection from vr to port 0~65535")
#rule6 = inventory.SecurityGroupRuleAO()
#rule6.allowedCidr = '%s/32' % vr_internal_ip
#rule6.protocol = inventory.TCP
#rule6.startPort = 0
#rule6.endPort = 65535
#rule6.type = inventory.INGRESS
#test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6])
#add sg1
test_util.test_dsc("Attach security group 1 to [nic:] %s L3." % nic_uuid)
test_util.test_dsc("Add nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#add sg2
test_util.test_dsc("Attach security group 2 to [nic:] %s L3." % nic_uuid)
test_util.test_dsc("Add nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Attach security group 3 to [nic:] %s L3." % nic_uuid)
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg3, [vm_nics])
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1")
vm1.stop()
sg_vm.check()
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
test_util.test_dsc("Restart VM1")
vm1.reboot()
vm1.check()
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
test_util.test_dsc("Destroy VM1. All its SG rules should be removed.")
vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm)
vm1.destroy()
test_obj_dict.rm_vm(vm1)
if linux.wait_callback_success(do_check, (vm1.vm, "vnic%s.0-in" % vm_internalId), 5, 0.2):
test_util.test_logger('[vm:] %s SG INGRESS rules are removed, after it is destroyed.' % vm1.vm.uuid)
else:
test_util.test_fail('[vm:] %s SG INGRESS rules are not removed, after it is destroyed 5 seconds. ' % vm1.vm.uuid)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.delete_sg(sg3)
test_obj_dict.rm_sg(sg3.security_group.uuid)
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
test_util.test_pass('Security Group Vlan VirtualRouter VM Start/Stop/Reboot/Destroy Test Success')
def test():
vm1 = test_stub.create_vr_vm('migrate_vm1', 'imageName_s', 'l3VlanNetwork3')
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_vr_vm('migrate_vm2', 'imageName_s', 'l3VlanNetwork3')
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_vr_vm('migrate_vm3', 'imageName_s', 'l3VlanNetwork3')
test_obj_dict.add_vm(vm3)
vm1.check()
vm2.check()
vm3.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg_vm.add_stub_vm(l3_uuid, vm3)
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.attach(sg2, [vm1_nics, vm2_nics])
test_stub.migrate_vm_to_random_host(vm1)
test_stub.migrate_vm_to_random_host(vm2)
test_stub.migrate_vm_to_random_host(vm3)
vm1.check()
vm2.check()
vm3.check()
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
vm3.destroy()
test_obj_dict.rm_vm(vm3)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
test_util.test_pass('Migrate SG VM Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
sg_vm = test_sg_vm_header.ZstackTestSgVm()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.add_stub_vm(l3_uuid, vm2)
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1")
vm1.stop()
#remove vm1 nic from sg1
test_util.test_dsc("Remove nic from security group 1 to stopped vm1.")
sg_vm.detach(sg1, nic_uuid)
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
sg_vm.check()
vm1.destroy()
vm2.destroy()
sg_vm.delete_sg(sg1)
test_util.test_pass(
'Detach stopped VM NIC from Security Group Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm)
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.UDP,
inventory.INGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP,
inventory.INGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.UDP,
inventory.EGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.UDP,
inventory.EGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.UDP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#
test_util.test_dsc("Remove nic from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports)
sg_vm.detach(sg1, nic_uuid)
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add nic to security group 1 again.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#can't directly remove rule1, as it will block vr ssh connection.
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2
test_util.test_dsc("Add nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" %
tmp_allowed_ports)
sg_vm.attach(sg3, [vm_nics])
sg_vm.check()
#detach nic from sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" %
tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports)
sg_vm.delete_sg(sg3)
sg_vm.check()
test_obj_dict.rm_sg(sg3.security_group.uuid)
#Cleanup
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
test_util.test_pass(
'Security Group UDP Vlan VirtualRouter VMs Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing"
)
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass(
'Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm3)
vm1.check()
vm2.check()
vm3.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.add_stub_vm(l3_uuid, vm3)
sg_vm.check()
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
#vm_nics = [nic_uuid1, nic_uuid2]
test_util.test_dsc("Add nic to security group 1.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Remove nic from security group 1.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports)
sg_vm.detach(sg1, nic_uuid1)
sg_vm.detach(sg1, nic_uuid2)
sg_vm.check()
test_util.test_dsc("Remove rule1 from security group 1.")
sg1.delete_rule([rule1])
test_util.test_dsc("Add nic to security group 1 again.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports)
sg_vm.attach(sg1, [vm1_nics, vm2_nics])
sg_vm.check()
test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports)
sg1.add_rule([rule1, rule2, rule3])
sg_vm.check()
#can't directly remove rule1, as it will block vr ssh connection.
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Add rule2, rule3 back to security group 1.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports)
sg1.add_rule([rule2, rule3])
sg_vm.check()
test_util.test_dsc("Remove rule2/3 from security group 1.")
test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports)
sg1.delete_rule([rule2, rule3])
sg_vm.check()
#add sg2 to vm1
test_util.test_dsc("Add vm 1 nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed egress ports for vm1 to vm3: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm1_nics])
sg_vm.check()
#add sg2 to vm2
test_util.test_dsc("Add vm 2 nic to security group 2.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed egress ports for vm1 and vm2: %s" % tmp_allowed_ports)
sg_vm.attach(sg2, [vm2_nics])
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports)
sg_vm.attach(sg3, [vm1_nics, vm2_nics])
sg_vm.check()
#remove sg2
test_util.test_dsc("Remove security group 2 for nic.")
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports)
sg_vm.detach(sg2, nic_uuid1)
sg_vm.detach(sg2, nic_uuid2)
sg_vm.check()
#delete sg3
test_util.test_dsc("Delete security group 3.")
test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports)
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
sg_vm.check()
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
vm3.destroy()
test_obj_dict.rm_vm(vm3)
test_util.test_pass('Security Group Vlan VirtualRouter 2 VMs Group Egress Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1])
sg2.add_rule([rule1, rule2, rule3])
sg3.add_rule([rule3, rule4, rule5])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
#test_util.test_dsc("Create SG rule6: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
#rule6 = inventory.SecurityGroupRuleAO()
#rule6.allowedCidr = '%s/32' % vr_internal_ip
#rule6.protocol = inventory.TCP
#rule6.startPort = 0
#rule6.endPort = 65535
#rule6.type = inventory.INGRESS
#test_util.test_dsc("Create SG rule7: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
#rule7 = inventory.SecurityGroupRuleAO()
#rule7.allowedCidr = '%s/32' % vr_internal_ip
#rule7.protocol = inventory.ICMP
#rule7.startPort = -1
#rule7.endPort = -1
#rule7.type = inventory.EGRESS
#test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6, rule7])
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1")
vm1.stop()
sg_vm.check()
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2 to stopped vm1.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports
test_util.test_dsc("Allowed ports(rules1 + rule2 + rule3): %s" %
tmp_allowed_ports)
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1 again")
vm1.stop()
sg_vm.check()
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
#shutdown vm1
test_util.test_dsc("Shutdown VM1 again")
vm1.stop()
sg_vm.check()
test_util.test_dsc("remove rule2 from sg2 and rule4 from sg3")
sg2.delete_rule([rule2])
sg3.delete_rule([rule4])
sg_vm.check()
test_util.test_dsc("Start VM1")
vm1.start()
vm1.check()
tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule5_ports
test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports)
sg_vm.check()
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg_vm.delete_sg(sg3)
test_obj_dict.rm_sg(sg3.security_group.uuid)
sg_vm.delete_sg(sg2)
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.delete_sg(sg1)
test_obj_dict.rm_sg(sg1.security_group.uuid)
test_util.test_pass(
'Security Group Vlan VirtualRouter VM Add/Remove rules to stopped VM Test Success'
)
