def check_eip_icmp(self, expected_result):
vip_ip = self.test_obj.get_vip().ip
eip = self.test_obj.get_eip().get_eip()
try:
if not self.allowed_vr:
test_util.test_warn(
"Not find suitable VR vm to do test testing. Please make sure there are at least 3 VR VMs are exist for EIP testing."
)
test_lib.lib_check_ping(self.allowed_vr, vip_ip)
except:
if expected_result:
test_util.test_logger(
"Unexpected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. "
% (eip.uuid, vip_ip, self.allowed_vr.uuid))
return False
else:
if self.allowed_vr:
test_util.test_logger(
"Expected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. "
% (eip.uuid, vip_ip, self.allowed_vr.uuid))
else:
test_util.test_logger(
"can not do test, due to missing allowed vr. " %
(eip.uuid, vip_ip, self.allowed_vr.uuid))
if expected_result:
test_util.test_logger(
"Expected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s"
% (eip.uuid, vip_ip, self.allowed_vr.uuid))
else:
test_util.test_logger(
"Unexpected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s"
% (eip.uuid, vip_ip, self.allowed_vr.uuid))
return True
def test():
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(
flavor['vm1l3'], flavor['vm2l3']))
vm1, vm2 = [
test_stub.create_vm_with_random_offering(
vm_name='vpc_vm_{}'.format(name), l3_name=name)
for name in (flavor['vm1l3'], flavor['vm2l3'])
]
[test_obj_dict.add_vm(vm) for vm in (vm1, vm2)]
[vm.check() for vm in (vm1, vm2)]
vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr_list[0].inv)
vip_list = []
for vm in (vm1, vm2):
test_util.test_dsc("Create vip for vm {}".format(vm.get_vm().name))
vip = test_stub.create_vip('vip_{}'.format(vm.get_vm().name),
vr_pub_nic.l3NetworkUuid)
test_obj_dict.add_vip(vip)
vip_list.append(vip)
test_util.test_dsc("Create eip for vm {}".format(vm.get_vm().name))
eip = test_stub.create_eip('eip_{}'.format(vm.get_vm().name),
vip_uuid=vip.get_vip().uuid)
vip.attach_eip(eip)
eip.attach(vm.get_vm().vmNics[0].uuid, vm)
vip.check()
vm.check()
for vm in (vm1, vm2):
vm.check()
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
vip1, vip2 = vip_list
test_util.test_dsc("test two vm EIP connectivity")
test_stub.run_command_in_vm(vm1_inv, 'iptables -F')
test_stub.run_command_in_vm(vm2_inv, 'iptables -F')
test_lib.lib_check_ping(vm1_inv, vip2.get_vip().ip)
test_lib.lib_check_ping(vm2_inv, vip1.get_vip().ip)
test_lib.lib_check_ports_in_a_command(vm1_inv,
vip1.get_vip().ip,
vip2.get_vip().ip, ["22"], [],
vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv,
vip2.get_vip().ip,
vip1.get_vip().ip, ["22"], [],
vm1_inv)
test_lib.lib_error_cleanup(test_obj_dict)
test_stub.remove_all_vpc_vrouter()
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [os.environ['secondZStackCidrs']])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [os.environ['firstZStackCidrs']])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [os.environ['secondZStackCidrs']])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [os.environ['firstZStackCidrs']])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1.delete()
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def check_icmp_connection_to_public_ip(vm1, pub_ip='223.5.5.5', expected_result='PASS'):
vm1_inv = vm1.get_vm()
if expected_result is 'PASS':
test_lib.lib_check_ping(vm1_inv, pub_ip)
elif expected_result is 'FAIL':
with test_lib.expected_failure("ping from vm1 to public ", Exception):
test_lib.lib_check_ping(vm1_inv, pub_ip)
else:
test_util.test_fail('The expected result should either PASS or FAIL')
def test():
test_util.test_dsc('Create test vm1 and check')
vm1 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm1)
test_util.test_dsc('Create test vm2 and check')
vm2 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
vrs = test_lib.lib_find_vr_by_vm(vm1.vm)
if len(vrs) != 1:
test_util.test_logger(
'more than 1 VR are found for vm1: %s. Will test the 1st one: %s.'
% (vm1.vm.uuid, vr.uuid))
vr = vrs[0]
vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr)
if not test_lib.lib_check_testagent_status(vr_mgmt_ip):
test_util.test_fail(
'vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. '
% vr.uuid)
test_lib.lib_install_testagent_to_vr_with_vr_vm(vr)
#Need to put the vr restart into thread. Since vr reboot API is a sync API.
thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid, ))
thread.start()
#check vr vr service port
if not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 120):
test_util.test_fail(
'vr: %s is not shutdown in 120 seconds. Fail to reboot it. ' %
vr.uuid)
if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120):
test_util.test_fail(
'vr: %s is not startup in 120 seconds. Fail to reboot it. ' %
vr.uuid)
#avoid of possible apt conflicting between install testagent and appliancevm
#time.sleep(60)
vm1.check()
vm2.check()
test_util.test_dsc('Ping from vm1 to vm2.')
test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip)
vm1.destroy()
vm2.destroy()
test_util.test_pass(
'Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success'
)
def check(self):
super(vip_icmp_checker, self).check()
test_result = True
vip = self.test_obj.get_vip()
vipIp = vip.ip
vip_l3_uuid = vip.l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: [vip:] %s [IP:] %s is not pingable from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid))
test_result = False
else:
test_util.test_logger("Successful ping [vip:] %s [IP:] %s from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid))
return self.judge(test_result)
def check(self):
super(vip_icmp_checker, self).check()
test_result = True
vip = self.test_obj.get_vip()
vipIp = vip.ip
vip_l3_uuid = vip.l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: [vip:] %s [IP:] %s is not pingable from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid))
test_result = False
else:
test_util.test_logger("Successful ping [vip:] %s [IP:] %s from [vm:] %s " % (vip.uuid, vipIp, any_vr.uuid))
return self.judge(test_result)
def test():
flavor = case_flavor[os.environ.get('CASE_FLAVOR')]
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
time.sleep(120) #waiting for vrouter boot up
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(flavor['vm1l3'], flavor['vm2l3']))
vm1, vm2 = [test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(name), l3_name=name) for name in (flavor['vm1l3'], flavor['vm2l3'])]
[test_obj_dict.add_vm(vm) for vm in (vm1,vm2)]
[vm.check() for vm in (vm1,vm2)]
vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr_list[0].inv)
vip_list = []
for vm in (vm1, vm2):
test_util.test_dsc("Create vip for vm {}".format(vm.get_vm().name))
vip = test_stub.create_vip('vip_{}'.format(vm.get_vm().name), vr_pub_nic.l3NetworkUuid)
test_obj_dict.add_vip(vip)
vip_list.append(vip)
test_util.test_dsc("Create eip for vm {}".format(vm.get_vm().name))
eip = test_stub.create_eip('eip_{}'.format(vm.get_vm().name), vip_uuid=vip.get_vip().uuid)
vip.attach_eip(eip)
eip.attach(vm.get_vm().vmNics[0].uuid, vm)
time.sleep(10) #waiting for eip attach to vm
vip.check()
vm.check()
for vm in (vm1, vm2):
vm.check()
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
vip1, vip2 = vip_list
test_util.test_dsc("test two vm EIP connectivity")
test_stub.run_command_in_vm(vm1_inv, 'iptables -F')
test_stub.run_command_in_vm(vm2_inv, 'iptables -F')
test_lib.lib_check_ping(vm1_inv, vip2.get_vip().ip)
test_lib.lib_check_ping(vm2_inv, vip1.get_vip().ip)
test_lib.lib_check_ports_in_a_command(vm1_inv, vip1.get_vip().ip,
vip2.get_vip().ip, ["22"], [], vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv, vip2.get_vip().ip,
vip1.get_vip().ip, ["22"], [], vm1_inv)
def test():
global test_obj_dict
test_util.test_dsc('Create test vm1 and check')
vm1 = test_stub.create_user_vlan_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
test_util.test_dsc('Create test vm2 and check')
vm2 = test_stub.create_user_vlan_vm()
test_obj_dict.add_vm(vm2)
vm2.check()
test_util.test_dsc('Ping from vm1 to vm2.')
test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Create VirtualRouter VM Test with snat ping between two VMs Success')
def test():
global test_obj_dict
test_util.test_dsc('Create test vm1 and check')
vm1 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm1)
vm1.check()
test_util.test_dsc('Create test vm2 and check')
vm2 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm2)
vm2.check()
test_util.test_dsc('Ping from vm1 to vm2.')
test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Create vlan VirtualRouter VM Test with snat ping between two VMs Success')
def check_icmp_between_vms(vm1, vm2, expected_result='PASS'):
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
if expected_result is 'PASS':
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
elif expected_result is 'FAIL':
with test_lib.expected_failure("ping from vm1 to vm2", Exception):
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
with test_lib.expected_failure('ping from vm2 to vm1', Exception):
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
else:
test_util.test_fail('The expected result should either PASS or FAIL')
def check_icmp_between_vms(vm1, vm2, expected_result='PASS'):
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
if expected_result is 'PASS':
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
elif expected_result is 'FAIL':
with test_lib.expected_failure("ping from vm1 to vm2", Exception):
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
with test_lib.expected_failure('ping from vm2 to vm1', Exception):
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
else:
test_util.test_fail('The expected result should either PASS or FAIL')
def check(self):
super(zstack_kvm_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
#test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
def check(self):
super(zstack_vcenter_pf_vip_icmp_checker, self).check()
test_result = True
pf_rule = self.test_obj.get_port_forwarding()
vip_uuid = pf_rule.vipUuid
cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid)
vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip
vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
else:
test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid))
return self.judge(test_result)
def check(self):
super(zstack_kvm_pf_vip_icmp_checker, self).check()
test_result = True
pf_rule = self.test_obj.get_port_forwarding()
vip_uuid = pf_rule.vipUuid
cond = res_ops.gen_query_conditions('uuid', '=', vip_uuid)
vipIp = res_ops.query_resource(res_ops.VIP, cond)[0].ip
vip_l3_uuid = test_lib.lib_get_vip_by_uuid(pf_rule.vipUuid).l3NetworkUuid
any_vr = test_lib.lib_find_vr_by_l3_uuid(vip_l3_uuid)[0]
try:
test_lib.lib_check_ping(any_vr, vipIp)
except:
test_util.test_logger("Catch exception: Port Forwarding [rule:] %s is not pingable from [vm:] %s " % (pf_rule.uuid, any_vr.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
else:
test_util.test_logger("Port Forwarding [rule:] %s is pingable from [vm:] %s" % (pf_rule.uuid, any_vr.uuid))
return self.judge(test_result)
def check(self):
super(zstack_vcenter_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
def test():
test_util.test_dsc('Create test vm1 and check')
vm1 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm1)
test_util.test_dsc('Create test vm2 and check')
vm2 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
vrs = test_lib.lib_find_vr_by_vm(vm1.vm)
if len(vrs) != 1:
test_util.test_logger('more than 1 VR are found for vm1: %s. Will test the 1st one: %s.' % (vm1.vm.uuid, vr.uuid))
vr = vrs[0]
vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr)
if not test_lib.lib_check_testagent_status(vr_mgmt_ip):
test_util.test_fail('vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. ' % vr.uuid)
test_lib.lib_install_testagent_to_vr_with_vr_vm(vr)
#Need to put the vr restart into thread. Since vr reboot API is a sync API.
thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid,))
thread.start()
#check vr vr service port
if not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 60):
test_util.test_fail('vr: %s is not shutdown in 60 seconds. Fail to reboot it. ' % vr.uuid)
if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120):
test_util.test_fail('vr: %s is not startup in 120 seconds. Fail to reboot it. ' % vr.uuid)
#avoid of possible apt conflicting between install testagent and appliancevm
#time.sleep(60)
vm1.check()
vm2.check()
test_util.test_dsc('Ping from vm1 to vm2.')
test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success')
def check_eip_icmp(self, expected_result):
vip_ip = self.test_obj.get_vip().ip
eip = self.test_obj.get_eip().get_eip()
try:
if not self.allowed_vr:
test_util.test_warn("Not find suitable VR vm to do test testing. Please make sure there are at least 3 VR VMs are exist for EIP testing.")
test_lib.lib_check_ping(self.allowed_vr, vip_ip)
except:
if expected_result:
test_util.test_logger("Unexpected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid))
return False
else:
if self.allowed_vr:
test_util.test_logger("Expected Result: catch failure when checking EIP: %s ICMP for target ip: %s from [vm:] %s. " % (eip.uuid, vip_ip, self.allowed_vr.uuid))
else:
test_util.test_logger("can not do test, due to missing allowed vr. " % (eip.uuid, vip_ip, self.allowed_vr.uuid))
if expected_result:
test_util.test_logger("Expected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid))
else:
test_util.test_logger("Unexpected Result: Ping successfully checking EIP: %s ICMP for target ip: %s from [vm:] %s" % (eip.uuid, vip_ip, self.allowed_vr.uuid))
return True
def test():
global vr_type
test_util.test_dsc('Create test vm1 and check')
vm1 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm1)
test_util.test_dsc('Create test vm2 and check')
vm2 = test_stub.create_vlan_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
vr_type = res_ops.query_resource(
res_ops.VIRTUALROUTER_VM)[0].applianceVmType
test_util.test_logger("vr type is %s" % (vr_type))
#vrs = test_lib.lib_find_vr_by_vm(vm1.vm)
vrs = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)
vr = vrs[0]
if len(vrs) != 1:
test_util.test_logger(
'more than 1 VR are found for vm1: %s. Will test the 1st one: %s.'
% (vm1.vm.uuid, vr.uuid))
vr_mgmt_ip = test_lib.lib_find_vr_mgmt_ip(vr)
vr_reboot_record_org = check_vr_reboot_record_line(vr_mgmt_ip)
test_lib.lib_install_testagent_to_vr_with_vr_vm(vr)
if not test_lib.lib_check_testagent_status(vr_mgmt_ip):
test_util.test_fail(
'vr: %s is not reachable, since can not reach its test agent. Give up test and test failure. '
% vr.uuid)
#Need to put the vr restart into thread. Since vr reboot API is a sync API.
thread = threading.Thread(target=vm_ops.reboot_vm, args=(vr.uuid, ))
thread.start()
#check vr vr service port
cond = res_ops.gen_query_conditions('resourceUuid', '=', vr.uuid)
cond = res_ops.gen_query_conditions('tag', '=', "ha::NeverStop", cond)
if res_ops.query_resource(res_ops.SYSTEM_TAG,
cond) and res_ops.query_resource(
res_ops.SYSTEM_TAG, cond)[0]:
time.sleep(30)
elif not test_lib.lib_wait_target_down(vr_mgmt_ip, '7272', 120):
test_util.test_fail(
'vr: %s is not shutdown in 120 seconds. Fail to reboot it. ' %
vr.uuid)
if not test_lib.lib_wait_target_up(vr_mgmt_ip, '7272', 120):
test_util.test_fail(
'vr: %s is not startup in 120 seconds. Fail to reboot it. ' %
vr.uuid)
vr_reboot_record_new = check_vr_reboot_record_line(vr_mgmt_ip)
if vr_reboot_record_new == vr_reboot_record_org:
test_util.test_fail("not find vr reboot record increased.")
#avoid of possible apt conflicting between install testagent and appliancevm
#time.sleep(60)
vm1.check()
vm2.check()
test_util.test_dsc('Ping from vm1 to vm2.')
test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip)
vm1.destroy()
vm2.destroy()
test_util.test_pass(
'Create vlan VirtualRouter VM (and reboot VR after VM created) Test with snat ping between two VMs Success'
)
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs], ike_auth_algorithm="md5")
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs], ike_auth_algorithm="md5")
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
vip1.delete()
test_obj_dict1.rm_vip(vip1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
vip2.delete()
test_obj_dict2.rm_vip(vip2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
global ipsec3
global ipsec4
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
test_util.test_dsc('Create test vm in mevoco2')
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4'))
test_obj_dict2.add_vm(vm3)
vm3.check()
pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid
vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid
vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3)
third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs])
ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip1.get_vip().uuid, [third_zstack_cidrs])
vip1_uuid = vip1.get_vip().uuid
vip1_db = test_lib.lib_get_vip_by_uuid(vip1_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
ipsec4 = ipsec_ops.create_ipsec_connection('ipsec4', pri_l3_uuid3, vip1.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
ipsec_ops.delete_ipsec_connection(ipsec3.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
if test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
ipsec_ops.delete_ipsec_connection(ipsec4.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
# vm binding security group
sg_vm.attach(sg, [(vm.get_vm().vmNics[0].uuid, vm)])
sg_vm.check()
# change vm_ip
cmd = 'ifconfig eth0 %s' %new_vm_ip
try:
rsp = test_lib.lib_execute_ssh_cmd(vm_ip, 'root', 'password', cmd, 90)
except:
pass
# vm2 ping vm
test_lib.lib_check_ping(vm2.get_vm(), new_vm_ip)
sg_vm.delete_sg(sg)
sg_vm.check()
test_obj_dict.rm_sg(sg.security_group.uuid)
vm.destroy()
vm2.destroy()
sg_vm.check()
test_obj_dict.rm_vm(vm)
test_obj_dict.rm_vm(vm2)
con_ops.change_global_config('vm', 'cleanTraffic', ct_original)
test_util.test_pass('Test Success')
#Will be called only if exception happens in test().
def error_cleanup():
def check(self):
super(zstack_vcenter_sg_icmp_internal_vms_checker, self).check()
#only check ingress icmp.
if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid):
test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid)
return self.judge(self.exp_result)
test_result = True
test_util.test_dsc('Check ICMP rules between attached VMs')
nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid)
return self.judge(self.exp_result)
target_ip = nic.ip
allowed_src_nic_list = []
temp_allowed_src_nic_list = []
denied_nic_list = []
for sg in nic_sg_list:
same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
if len(same_l3_nic_list) < 2 :
test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid)
continue
#if source vm's udp and tcp engress rules exist, while icmp ingress
# rule does not exist, the src vm egress icmp should be denied.
#minus current nic.
nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid])
for nic_uuid in nic_list_temp:
source_nic_egress_icmp_rules = \
self.test_obj.get_nic_icmp_egress_rules(nic_uuid)
if not source_nic_egress_icmp_rules:
if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \
self.test_obj.get_nic_udp_egress_rules(nic_uuid):
if not nic_uuid in denied_nic_list:
denied_nic_list.append(nic_uuid)
else:
if not nic_uuid in temp_allowed_src_nic_list:
temp_allowed_src_nic_list.append(nic_uuid)
else:
for rule in source_nic_egress_icmp_rules:
if target_ip in rule.allowedCidr:
if not nic_uuid in allowed_src_nic_list:
allowed_src_nic_list.append(nic_uuid)
break
else:
if not nic_uuid in denied_nic_list:
denied_nic_list.append(nic_uuid)
for nic_uuid in list(denied_nic_list):
if nic_uuid in allowed_src_nic_list:
denied_nic_list.remove(nic_uuid)
for nic_uuid in temp_allowed_src_nic_list:
if not nic_uuid in denied_nic_list and \
not nic_uuid in allowed_src_nic_list:
allowed_src_nic_list.append(nic_uuid)
allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list)
denied_vm_list = get_all_running_vms_by_nics(denied_nic_list)
for src_vm in allowed_vm_list:
if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
test_result = False
for src_vm in denied_vm_list:
if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid))
test_result = False
else:
test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid)
print_iptables(dst_vm)
return self.judge(test_result)
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
l3_uuid1 = test_lib.lib_get_l3_by_name(
os.environ.get('l3PublicNetworkName')).uuid
pri_l3_uuid1 = test_lib.lib_get_l3_by_name(
os.environ.get('l3VlanNetworkName1')).uuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
pri_l3_uuid2 = test_lib.lib_get_l3_by_name(
os.environ.get('l3VlanDNATNetworkName')).uuid
cond = res_ops.gen_query_conditions('name', '=', 'virtual-router-vm')
l3_uuid2 = res_ops.query_resource(res_ops.VR_OFFERING,
cond)[0].publicNetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1,
vip2.get_vip().ip, '123456',
vip1.get_vip().uuid,
[second_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2,
vip1.get_vip().ip, '123456',
vip2.get_vip().uuid,
[first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted'
% (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted'
% (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def check(self):
super(zstack_kvm_sg_icmp_internal_vms_checker, self).check()
#only check ingress icmp.
if not self.test_obj.get_nic_icmp_ingress_rules(self.nic_uuid):
test_util.test_logger("Skip SG internal ICMP test, since there isn't icmp ingress rules for nic: %s" % self.nic_uuid)
return self.judge(self.exp_result)
test_result = True
test_util.test_dsc('Check ICMP rules between attached VMs')
nic_sg_list = self.test_obj.get_sg_list_by_nic(self.nic_uuid)
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
dst_vm = test_lib.lib_get_vm_by_nic(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, test vm's IP address is not stable." % l3_uuid)
return self.judge(self.exp_result)
target_ip = nic.ip
allowed_src_nic_list = []
temp_allowed_src_nic_list = []
denied_nic_list = []
for sg in nic_sg_list:
same_l3_nic_list = list(sg.get_attached_nics_by_l3(l3_uuid))
if len(same_l3_nic_list) < 2 :
test_util.test_logger("Skip [l3:] %s ICMP internal VMs checking, since there is less 2 SG VMs in this l3." % l3_uuid)
continue
#if source vm's udp and tcp engress rules exist, while icmp ingress
# rule does not exist, the src vm egress icmp should be denied.
#minus current nic.
nic_list_temp = list_ops.list_minus(list(same_l3_nic_list), [nic.uuid])
for nic_uuid in nic_list_temp:
source_nic_egress_icmp_rules = \
self.test_obj.get_nic_icmp_egress_rules(nic_uuid)
if not source_nic_egress_icmp_rules:
if self.test_obj.get_nic_tcp_egress_rules(nic_uuid) or \
self.test_obj.get_nic_udp_egress_rules(nic_uuid):
if not nic_uuid in denied_nic_list:
denied_nic_list.append(nic_uuid)
else:
if not nic_uuid in temp_allowed_src_nic_list:
temp_allowed_src_nic_list.append(nic_uuid)
else:
for rule in source_nic_egress_icmp_rules:
if target_ip in rule.allowedCidr:
if not nic_uuid in allowed_src_nic_list:
allowed_src_nic_list.append(nic_uuid)
break
else:
if not nic_uuid in denied_nic_list:
denied_nic_list.append(nic_uuid)
for nic_uuid in list(denied_nic_list):
if nic_uuid in allowed_src_nic_list:
denied_nic_list.remove(nic_uuid)
for nic_uuid in temp_allowed_src_nic_list:
if not nic_uuid in denied_nic_list and \
not nic_uuid in allowed_src_nic_list:
allowed_src_nic_list.append(nic_uuid)
allowed_vm_list = get_all_running_vms_by_nics(allowed_src_nic_list)
denied_vm_list = get_all_running_vms_by_nics(denied_nic_list)
for src_vm in allowed_vm_list:
if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP rule checking to ping [vm:] %s from [vm:] %s' % (src_vm.uuid, dst_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] is FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
test_result = False
for src_vm in denied_vm_list:
if test_lib.lib_check_ping(src_vm, target_ip, no_exception=True):
test_util.test_logger('Unexpected Result: [Security Group] ICMP ping [vm:] %s from [vm:] %s successfully' % (src_vm.uuid, dst_vm.uuid))
test_result = False
else:
test_util.test_logger('Expected Result: [Security Group] FAIL to ping [vm:] %s from [vm:] %s when checking ICMP rule. ' % (src_vm.uuid, dst_vm.uuid))
test_util.test_logger('Check result: [Security Group] finishes ICMP connection testing from other attached VMs to target [vm:] %s in same SG.' % dst_vm.uuid)
print_iptables(dst_vm)
return self.judge(test_result)
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
vm_nic1 = vm1.get_vm().vmNics[0]
vm_nic1_uuid = vm_nic1.uuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm3)
vm3.check()
vm_nic3 = vm3.get_vm().vmNics[0]
vm_nic3_uuid = vm_nic3.uuid
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.create_vip('vip for multi-services', l3_uuid1)
vip_uuid = vip1.get_vip().uuid
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create PF in mevoco1')
l3_name = os.environ.get('l3NoVlanNetworkName1')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
l3_name = os.environ.get('l3VlanNetworkName4')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr)
pf_creation_opt1 = PfRule.generate_pf_rule_option(
vr_pub_ip,
protocol=inventory.TCP,
vip_target_rule=Port.rule4_ports,
private_target_rule=Port.rule4_ports,
vip_uuid=vip_uuid)
test_pf1 = zstack_pf_header.ZstackTestPortForwarding()
test_pf1.set_creation_option(pf_creation_opt1)
test_pf1.create()
vip1.attach_pf(test_pf1)
vip1.check()
test_pf1.attach(vm_nic1_uuid, vm1)
vip1.check()
test_util.test_dsc('Create LB in mevoco1')
lb = zstack_lb_header.ZstackTestLoadBalancer()
lb.create('create lb test', vip1.get_vip().uuid)
test_obj_dict1.add_load_balancer(lb)
vip1.attach_lb(lb)
lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port=222,
lbi_port=22)
lbl = lb.create_listener(lb_creation_option)
lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid])
lb.check()
vip1.check()
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1,
vip2.get_vip().ip, '123456',
vip1.get_vip().uuid,
[second_zstack_cidrs])
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2,
vip1.get_vip().ip, '123456',
vip2.get_vip().uuid,
[first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco2_ip, mevoco1_ip))
# delete ipsec
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted'
% (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted'
% (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" not in vip1_db.useFor
# delete PF
test_pf1.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "PortForwarding" not in vip1_db.useFor
# delete LB
lb.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert vip1_db.useFor is None
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
vip2.delete()
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1.delete()
test_util.test_pass('Create multiple service with 1 snat IP Success')
def test():
global mevoco1_ip
global mevoco2_ip
global mevoco3_ip
global ipsec11
global ipsec12
global ipsec2
global ipsec3
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
mevoco3_ip = os.environ['thirdZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vip11 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
#vip12 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip
test_util.test_dsc('Create test vm in mevoco3')
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3'))
test_obj_dict2.add_vm(vm3)
vm3.check()
pri_l3_uuid3 = vm3.vm.vmNics[0].l3NetworkUuid
vr3 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid3)[0]
l3_uuid3 = test_lib.lib_find_vr_pub_nic(vr3).l3NetworkUuid
vip3 = test_stub.create_vip('ipsec3_vip', l3_uuid3)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid3)
third_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
cond = res_ops.gen_query_conditions('l3Network.uuid', '=', pri_l3_uuid3)
cond = res_ops.gen_query_conditions('vmInstanceUuid', '=', vr3.uuid, cond)
vr3_pri_ip = res_ops.query_resource(res_ops.VM_NIC, cond)[0].ip
cmd = 'route del default; route add default gw %s' %vr3_pri_ip
os.system("sshpass -p 'password' ssh root@%s '%s'" %(vm3.vm.vmNics[0].ip, cmd))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec11 = ipsec_ops.create_ipsec_connection('ipsec11', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip11.get_vip().uuid, [second_zstack_cidrs])
#ipsec12 = ipsec_ops.create_ipsec_connection('ipsec12', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip12.get_vip().uuid, [third_zstack_cidrs])
ipsec12 = ipsec_ops.create_ipsec_connection('ipsec12', pri_l3_uuid1, vip3.get_vip().ip, '123456', vip11.get_vip().uuid, [third_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip11.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip
test_util.test_dsc('Create ipsec in mevoco3')
#ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid3, vip12.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs])
ipsec3 = ipsec_ops.create_ipsec_connection('ipsec3', pri_l3_uuid3, vip11.get_vip().ip, '123456', vip3.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco3[MN:%s]' % (mevoco1_ip, mevoco3_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco2[MN:%s] could not connect to vm in mevoco1[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip
if not test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco3[MN:%s] could not connect to vm in mevoco1[MN:%s]' % (mevoco3_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec11.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm3.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco3[MN:%s]' % (mevoco1_ip, mevoco3_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco3_ip
ipsec_ops.delete_ipsec_connection(ipsec3.uuid)
if test_lib.lib_check_ping(vm3.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco3[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco3_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec12.uuid)
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing"
)
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass(
'Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
global route_table1_uuid
global route_table2_uuid
test_util.test_dsc('Check vm connection with vrouter route')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3'))
test_obj_dict.add_vm(vm2)
vm2_ip = vm2.get_vm().vmNics[0].ip
vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0]
vr2_uuid = vr2.uuid
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2)
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid)
l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
vm1.check()
vm2.check()
#Attach the network service to l3 network
cond = res_ops.gen_query_conditions('type', '=', 'vrouter')
service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER, cond)[0].uuid
network_services_json = "{'%s':['VRouterRoute']}"% service_uuid
net_ops.detach_network_service_from_l3network(l3network1_uuid, service_uuid)
net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid)
net_ops.detach_network_service_from_l3network(l3network2_uuid, service_uuid)
net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid)
#Create route table and route entry for each vrouter
route_table1 = net_ops.create_vrouter_route_table('route_table1')
route_table1_uuid = route_table1.uuid
route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid, l3network2_cidr, vr2_pub_ip)
route_table2 = net_ops.create_vrouter_route_table('route_table2')
route_table2_uuid = route_table2.uuid
route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid, l3network1_cidr, vr1_pub_ip)
#Attach the route table to vrouter and check the network
#net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid)
#net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid)
#Add vroute private ip to vm route
cmd = 'ip r del default; ip r add default via %s' %vr1_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180)
cmd = 'ip r del default; ip r add default via %s' %vr2_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180)
if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vm2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm2.vm.uuid, vm1_ip))
#Dettach the route table to vrouter and check the network
net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm1.vm.uuid, vm2_ip))
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm2.vm.uuid, vm1_ip))
#Delete route entry and table, and distory vm
net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid)
net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid)
net_ops.delete_vrouter_route_table(route_table1_uuid)
net_ops.delete_vrouter_route_table(route_table2_uuid)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Check VRouter route Success')
def test():
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
vr1, vr2 = vr_list
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(VLAN1_NAME, VXLAN1_NAME))
vm1 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME)
test_obj_dict.add_vm(vm1)
vm1.check()
vm2 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VXLAN1_NAME), l3_name=VXLAN1_NAME)
test_obj_dict.add_vm(vm2)
vm2.check()
cond = res_ops.gen_query_conditions('name', '=', os.environ.get(SECOND_PUB))
second_pub_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
test_util.test_dsc("Create vroute route for vpc1")
cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VXLAN1_NAME))
vpc2_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
vpc2_l3_cdir = vpc2_l3.ipRanges[0].networkCidr
vpc2_second_pub_ip = [nic.ip for nic in vr2.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid][0]
route_table1 = net_ops.create_vrouter_route_table('vpc1')
route_entry1 = net_ops.add_vrouter_route_entry(route_table1.uuid, vpc2_l3_cdir, vpc2_second_pub_ip)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1.uuid, vr1.inv.uuid)
test_util.test_dsc("Create vroute route for vpc2")
cond = res_ops.gen_query_conditions('name', '=', os.environ.get(VLAN1_NAME))
vpc1_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
vpc1_l3_cdir = vpc1_l3.ipRanges[0].networkCidr
vpc1_second_pub_ip = [nic.ip for nic in vr1.inv.vmNics if nic.l3NetworkUuid == second_pub_l3.uuid][0]
route_table2 = net_ops.create_vrouter_route_table('vpc2')
route_entry1 = net_ops.add_vrouter_route_entry(route_table2.uuid, vpc1_l3_cdir, vpc1_second_pub_ip)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2.uuid, vr2.inv.uuid)
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip,
vm2_inv.vmNics[0].ip, ["22"], [], vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip,
vm1_inv.vmNics[0].ip, ["22"], [], vm1_inv)
net_ops.detach_vrouter_route_table_from_vrouter(route_table1.uuid, vr1.inv.uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2.uuid, vr2.inv.uuid)
with test_lib.expected_failure('Check two vm pingable', Exception):
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
with test_lib.expected_failure('Check two vm pingable', Exception):
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip,
vm2_inv.vmNics[0].ip, [], ["22"], vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip,
vm1_inv.vmNics[0].ip, [], ["22"], vm1_inv)
test_lib.lib_error_cleanup(test_obj_dict)
test_stub.remove_all_vpc_vrouter()
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
l3_uuid1 = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid
pri_l3_uuid1 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetworkName1')).uuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
pri_l3_uuid2 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanDNATNetworkName')).uuid
cond = res_ops.gen_query_conditions('name', '=', 'virtual-router-vm')
l3_uuid2 = res_ops.query_resource(res_ops.VR_OFFERING, cond)[0].publicNetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
test_util.test_dsc("Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass('Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
vm_nic1 = vm1.get_vm().vmNics[0]
vm_nic1_uuid = vm_nic1.uuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm3)
vm3.check()
vm_nic3 = vm3.get_vm().vmNics[0]
vm_nic3_uuid = vm_nic3.uuid
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = test_stub.get_snat_ip_as_vip(vr1_pub_ip)
vip_uuid = vip1.get_vip().uuid
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create PF in mevoco1')
l3_name = os.environ.get('l3NoVlanNetworkName1')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
l3_name = os.environ.get('l3VlanNetworkName4')
vr = test_stub.create_vr_vm(test_obj_dict1, l3_name)
vr_pub_ip = test_lib.lib_find_vr_pub_ip(vr)
pf_creation_opt1 = PfRule.generate_pf_rule_option(vr_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule4_ports, private_target_rule=Port.rule4_ports, vip_uuid=vip_uuid)
test_pf1 = zstack_pf_header.ZstackTestPortForwarding()
test_pf1.set_creation_option(pf_creation_opt1)
test_pf1.create()
vip1.attach_pf(test_pf1)
vip1.check()
test_pf1.attach(vm_nic1_uuid, vm1)
vip1.check()
test_util.test_dsc('Create LB in mevoco1')
lb = zstack_lb_header.ZstackTestLoadBalancer()
lb.create('create lb test', vip1.get_vip().uuid)
test_obj_dict1.add_load_balancer(lb)
vip1.attach_lb(lb)
lb_creation_option = test_lib.lib_create_lb_listener_option(lbl_port = 222, lbi_port = 22)
lbl = lb.create_listener(lb_creation_option)
lbl.add_nics([vm_nic1_uuid, vm_nic3_uuid])
lb.check()
vip1.check()
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [second_zstack_cidrs])
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" in vip1_db.useFor
assert vip1_db.useFor.count("IPsec") == 1
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' % (mevoco2_ip, mevoco1_ip))
# delete ipsec
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted' % (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail('vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted' % (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "IPsec" not in vip1_db.useFor
# delete PF
test_pf1.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "PortForwarding" not in vip1_db.useFor
# delete LB
lb.delete()
vip1_db = test_lib.lib_get_vip_by_uuid(vip_uuid)
assert "LoadBalancer" not in vip1_db.useFor
test_lib.lib_error_cleanup(test_obj_dict1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
vip2.delete()
test_lib.lib_error_cleanup(test_obj_dict2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create multiple service with 1 snat IP Success')
def test():
zstack_pri_name = os.environ['l3VlanDNATNetworkName']
zstack_image = os.environ['imageName_net']
zstack_vr_name = os.environ['virtualRouterOfferingName_s']
cond = res_ops.gen_query_conditions('name', '=', zstack_vr_name)
zstack_vr_instance = res_ops.query_resource(res_ops.INSTANCE_OFFERING, cond)[0]
cond = res_ops.gen_query_conditions('name', '=', zstack_pri_name)
zstack_pri = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
zstack_pri_uuid = zstack_pri.uuid
zstack_tag = "guestL3Network::" + zstack_pri_uuid
tag_ops.create_system_tag("InstanceOfferingVO", zstack_vr_instance.uuid, zstack_tag)
vcenter_pri_name = os.environ['l3vCenterNoVlanNetworkName']
vcenter_image = os.environ['image_dhcp_name']
vcenter_vr_name = os.environ['vCenterVirtualRouterOfferingName']
cond = res_ops.gen_query_conditions('name', '=', vcenter_vr_name)
vcenter_vr_instance = res_ops.query_resource(res_ops.INSTANCE_OFFERING, cond)[0]
cond = res_ops.gen_query_conditions('name', '=', vcenter_pri_name)
vcenter_pri = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
vcenter_pri_uuid = vcenter_pri.uuid
vcenter_tag = "guestL3Network::" + vcenter_pri_uuid
tag_ops.create_system_tag("InstanceOfferingVO", vcenter_vr_instance.uuid, vcenter_tag)
test_util.test_dsc('Create test vm')
vm1 = test_stub.create_vm(vm_name='test_ipsec_1', image_name = zstack_image, l3_name=zstack_pri_name)
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_vm_in_vcenter(vm_name='test_ipsec_2', image_name = vcenter_image, l3_name=vcenter_pri_name)
test_obj_dict.add_vm(vm2)
time.sleep(50)
test_util.test_dsc('Create 2 vip with 2 snat ip')
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vip1 = zstack_vip_header.ZstackTestVip()
vip1.get_snat_ip_as_vip(vr1_pub_ip)
vip1.isVcenter = True
test_obj_dict.add_vip(vip1)
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
vip2 = zstack_vip_header.ZstackTestVip()
vip2.get_snat_ip_as_vip(vr2_pub_ip)
vip2.isVcenter = True
test_obj_dict.add_vip(vip2)
test_util.test_dsc('Create ipsec with 2 vip')
zstack_pri_cidr = zstack_pri.ipRanges[0].networkCidr
vcenter_pri_cidr = vcenter_pri.ipRanges[0].networkCidr
ipsec1 = ipsec_ops.create_ipsec_connection('zstack_vcenter', pri_l3_uuid1, vip2.get_vip().ip, '123456', vip1.get_vip().uuid, [vcenter_pri_cidr])
ipsec2 = ipsec_ops.create_ipsec_connection('vcenter_zstack', pri_l3_uuid2, vip1.get_vip().ip, '123456', vip2.get_vip().uuid, [zstack_pri_cidr])
#conditions = res_ops.gen_query_conditions('name', '=', 'test_ipsec_1')
#vm1 = res_ops.query_resource(res_ops.VM_INSTANCE, conditions)[0]
#conditions = res_ops.gen_query_conditions('name', '=', 'test_ipsec_2')
#vm2 = res_ops.query_resource(res_ops.VM_INSTANCE, conditions)[0]
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail('vm1 in zstack could not connect to vm2 in vcenter with IPsec')
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail('vm2 in vcenter could not connect to vm1 in zstack with IPsec')
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict)
test_util.test_pass('Create Ipsec Success')
def test():
test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc")
for vpc_name in vpc_name_list:
vr_list.append(test_stub.create_vpc_vrouter(vpc_name))
for vr, l3_list in izip(vr_list, vpc_l3_list):
test_stub.attach_l3_to_vpc_vr(vr, l3_list)
vr1, vr2 = vr_list
test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(
VLAN1_NAME, VXLAN1_NAME))
vm1 = test_stub.create_vm_with_random_offering(
vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME)
test_obj_dict.add_vm(vm1)
vm1.check()
vm2 = test_stub.create_vm_with_random_offering(
vm_name='vpc_vm_{}'.format(VXLAN1_NAME), l3_name=VXLAN1_NAME)
test_obj_dict.add_vm(vm2)
vm2.check()
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get(SECOND_PUB))
second_pub_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
test_util.test_dsc("Create vroute route for vpc1")
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get(VXLAN1_NAME))
vpc2_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
vpc2_l3_cdir = vpc2_l3.ipRanges[0].networkCidr
vpc2_second_pub_ip = [
nic.ip for nic in vr2.inv.vmNics
if nic.l3NetworkUuid == second_pub_l3.uuid
][0]
route_table1 = net_ops.create_vrouter_route_table('vpc1')
route_entry1 = net_ops.add_vrouter_route_entry(route_table1.uuid,
vpc2_l3_cdir,
vpc2_second_pub_ip)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1.uuid,
vr1.inv.uuid)
test_util.test_dsc("Create vroute route for vpc2")
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get(VLAN1_NAME))
vpc1_l3 = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0]
vpc1_l3_cdir = vpc1_l3.ipRanges[0].networkCidr
vpc1_second_pub_ip = [
nic.ip for nic in vr1.inv.vmNics
if nic.l3NetworkUuid == second_pub_l3.uuid
][0]
route_table2 = net_ops.create_vrouter_route_table('vpc2')
route_entry1 = net_ops.add_vrouter_route_entry(route_table2.uuid,
vpc1_l3_cdir,
vpc1_second_pub_ip)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2.uuid,
vr2.inv.uuid)
vm1_inv, vm2_inv = [vm.get_vm() for vm in (vm1, vm2)]
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip,
vm2_inv.vmNics[0].ip, ["22"], [],
vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip,
vm1_inv.vmNics[0].ip, ["22"], [],
vm1_inv)
net_ops.detach_vrouter_route_table_from_vrouter(route_table1.uuid,
vr1.inv.uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2.uuid,
vr2.inv.uuid)
with test_lib.expected_failure('Check two vm pingable', Exception):
test_lib.lib_check_ping(vm1_inv, vm2_inv.vmNics[0].ip)
with test_lib.expected_failure('Check two vm pingable', Exception):
test_lib.lib_check_ping(vm2_inv, vm1_inv.vmNics[0].ip)
test_lib.lib_check_ports_in_a_command(vm1_inv, vm1_inv.vmNics[0].ip,
vm2_inv.vmNics[0].ip, [], ["22"],
vm2_inv)
test_lib.lib_check_ports_in_a_command(vm2_inv, vm2_inv.vmNics[0].ip,
vm1_inv.vmNics[0].ip, [], ["22"],
vm1_inv)
test_lib.lib_error_cleanup(test_obj_dict)
test_stub.remove_all_vpc_vrouter()
def test():
global mevoco1_ip
global mevoco2_ip
global ipsec1
global ipsec2
test_util.test_skip(
'According issue #2720, the similar issue are won\'t fix ')
mevoco1_ip = os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP']
mevoco2_ip = os.environ['secondZStackMnIp']
test_util.test_dsc('Create test vm in mevoco1')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict1.add_vm(vm1)
vm1.check()
pri_l3_uuid1 = vm1.vm.vmNics[0].l3NetworkUuid
vr1 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid1)[0]
l3_uuid1 = test_lib.lib_find_vr_pub_nic(vr1).l3NetworkUuid
vip1 = test_stub.create_vip('ipsec1_vip', l3_uuid1)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid1)
first_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create test vm in mevoco2')
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
test_obj_dict2.add_vm(vm2)
vm2.check()
pri_l3_uuid2 = vm2.vm.vmNics[0].l3NetworkUuid
vr2 = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid2)[0]
l3_uuid2 = test_lib.lib_find_vr_pub_nic(vr2).l3NetworkUuid
vip2 = test_stub.create_vip('ipsec2_vip', l3_uuid2)
cond = res_ops.gen_query_conditions('uuid', '=', pri_l3_uuid2)
second_zstack_cidrs = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_dsc('Create ipsec in mevoco1')
ipsec1 = ipsec_ops.create_ipsec_connection('ipsec1',
pri_l3_uuid1,
vip2.get_vip().ip,
'123456',
vip1.get_vip().uuid,
[second_zstack_cidrs],
pfs="dh-group2")
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2',
pri_l3_uuid2,
vip1.get_vip().ip,
'123456',
vip2.get_vip().uuid,
[first_zstack_cidrs],
pfs="dh-group5")
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] even pfs is different'
% (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] even pfs is different'
% (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_util.test_dsc('Create ipsec in mevoco2')
ipsec2 = ipsec_ops.create_ipsec_connection('ipsec2', pri_l3_uuid2,
vip1.get_vip().ip, '123456',
vip2.get_vip().uuid,
[first_zstack_cidrs])
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
if not test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if not test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip):
test_util.test_fail(
'vm in mevoco1[MN:%s] could not connect to vm in mevoco2[MN:%s]' %
(mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
ipsec_ops.delete_ipsec_connection(ipsec1.uuid)
if test_lib.lib_check_ping(vm1.vm, vm2.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco1[MN:%s] could still connect to vm in mevoco2[MN:%s] after Ipsec is deleted'
% (mevoco1_ip, mevoco2_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
if test_lib.lib_check_ping(vm2.vm, vm1.vm.vmNics[0].ip, no_exception=True):
test_util.test_fail(
'vm in mevoco2[MN:%s] could still connect to vm in mevoco1[MN:%s] after Ipsec is deleted'
% (mevoco2_ip, mevoco1_ip))
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_lib.lib_error_cleanup(test_obj_dict1)
vip1.delete()
test_obj_dict1.rm_vip(vip1)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco2_ip
ipsec_ops.delete_ipsec_connection(ipsec2.uuid)
test_lib.lib_error_cleanup(test_obj_dict2)
vip2.delete()
test_obj_dict2.rm_vip(vip2)
os.environ['ZSTACK_BUILT_IN_HTTP_SERVER_IP'] = mevoco1_ip
test_util.test_pass('Create Ipsec Success')
def test():
global route_table1_uuid
global route_table2_uuid
test_util.test_dsc('Check vm connection with vrouter route')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3'))
test_obj_dict.add_vm(vm2)
vm2_ip = vm2.get_vm().vmNics[0].ip
vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0]
vr2_uuid = vr2.uuid
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2)
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid)
l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
vm1.check()
vm2.check()
#Attach the network service to l3 network
cond = res_ops.gen_query_conditions('type', '=', 'vrouter')
service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER,
cond)[0].uuid
network_services_json = "{'%s':['VRouterRoute']}" % service_uuid
net_ops.detach_network_service_from_l3network(l3network1_uuid,
service_uuid)
net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid)
net_ops.detach_network_service_from_l3network(l3network2_uuid,
service_uuid)
net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid)
#Create route table and route entry for each vrouter
route_table1 = net_ops.create_vrouter_route_table('route_table1')
route_table1_uuid = route_table1.uuid
route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid,
l3network2_cidr, vr2_pub_ip)
route_table2 = net_ops.create_vrouter_route_table('route_table2')
route_table2_uuid = route_table2.uuid
route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid,
l3network1_cidr, vr1_pub_ip)
#Attach the route table to vrouter and check the network
#net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid)
#net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid)
#Add vroute private ip to vm route
cmd = 'ip r del default; ip r add default via %s' % vr1_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180)
cmd = 'ip r del default; ip r add default via %s' % vr2_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180)
if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.vm.uuid, vm2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm2.vm.uuid, vm1_ip))
#Dettach the route table to vrouter and check the network
net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid,
vr1_uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid,
vr2_uuid)
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.'
% (vm1.vm.uuid, vm2_ip))
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.'
% (vm2.vm.uuid, vm1_ip))
#Delete route entry and table, and distory vm
net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid)
net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid)
net_ops.delete_vrouter_route_table(route_table1_uuid)
net_ops.delete_vrouter_route_table(route_table2_uuid)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Check VRouter route Success')
