def check(self):
super(zstack_kvm_vm_dns_checker, self).check()
vm = self.test_obj.vm
test_lib.lib_install_testagent_to_vr(vm)
host = test_lib.lib_get_vm_host(vm)
test_lib.lib_install_testagent_to_host(host)
test_lib.lib_set_vm_host_l2_ip(vm)
default_l3_uuid = vm.defaultL3NetworkUuid
vr = test_lib.lib_find_vr_by_pri_l3(default_l3_uuid)
nic = test_lib.lib_get_vm_nic_by_vr(vm, vr)
test_util.test_logger("Begin to check [vm:] %s DNS setting" % vm.uuid)
if not 'DNS' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
test_util.test_logger(
'Checker result: SKIP DNS checker, since VM [VR:] %s does not provide DNS service. '
% vr.uuid)
return self.judge(self.exp_result)
command = 'cat /etc/resolv.conf'
cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(
host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm),
test_lib.lib_get_vm_password(vm), command, self.exp_result)
if not cmd_result:
test_util.test_logger(
'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.'
% (vm.uuid, host.name))
return self.judge(False)
vr_guest_ip = test_lib.lib_find_vr_private_ip(vr)
if isinstance(cmd_result, str) and vr_guest_ip in cmd_result:
test_util.test_logger(
'Checker result: VR [IP:] %s is SUCCESSFULLY set in guest [vm:] %s /etc/resolv.conf. '
% (vr_guest_ip, vm.uuid))
else:
test_util.test_logger(
'Checker result: VR [IP:] %s is NOT set in guest [vm:] %s /etc/resolv.conf'
% (vr_guest_ip, vm.uuid))
return self.judge(False)
l3_inv = test_lib.lib_get_l3_by_uuid(default_l3_uuid)
if l3_inv.domainName:
if not l3_inv.domainName in cmd_result:
test_util.test_logger(
'Checker result: L3: %s, Domain Name: %s is NOT set in guest [vm:] %s /etc/resolv.conf'
% (l3_inv.uuid, l3_inv.domainName, vm.uuid))
return self.judge(False)
else:
test_util.test_logger(
'Checker result: L3: %s, Domain Name: %s is set in guest [vm:] %s /etc/resolv.conf'
% (l3_inv.uuid, l3_inv.domainName, vm.uuid))
return self.judge(True)
def test():
test_util.test_dsc(
'Create vrouter vm and check if the second public nic attached to vrouter'
)
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vr1 = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
cond = res_ops.gen_query_conditions('name', '=', 'l3_user_defined_vlan1')
second_public_l3network_uuid = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].uuid
net_ops.attach_l3(second_public_l3network_uuid, vr1_uuid)
#Attach second public network to vrouter
cond = res_ops.gen_query_conditions('uuid', '=', vr1_uuid)
vr1_vm = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
second_public_l3network_attached = False
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
second_public_l3network_attached = True
if not second_public_l3network_attached:
net_ops.attach_l3(second_public_l3network_uuid, vr1_uuid)
#Get vr1 nic_uuid on second public network
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
vr1_second_pub_nic_uuid = ''
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
vr1_second_pub_nic_uuid = vm_nic.uuid
vm1.destroy()
net_ops.destroy_vrouter(vr1_uuid)
test_util.test_pass('The Second Public Nic Is Attached To Vrouter')
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
vm1.destroy()
net_ops.destroy_vrouter(vr1_uuid)
test_util.test_fail('The Second Public Nic Does Not Attached To Vrouter')
def check(self):
super(zstack_kvm_vm_dns_checker, self).check()
vm = self.test_obj.vm
test_lib.lib_install_testagent_to_vr(vm)
host = test_lib.lib_get_vm_host(vm)
test_lib.lib_install_testagent_to_host(host)
test_lib.lib_set_vm_host_l2_ip(vm)
default_l3_uuid = vm.defaultL3NetworkUuid
vr = test_lib.lib_find_vr_by_pri_l3(default_l3_uuid)
nic = test_lib.lib_get_vm_nic_by_vr(vm, vr)
test_util.test_logger("Begin to check [vm:] %s DNS setting" % vm.uuid)
if not 'DNS' in test_lib.lib_get_l3_service_type(nic.l3NetworkUuid):
test_util.test_logger('Checker result: SKIP DNS checker, since VM [VR:] %s does not provide DNS service. ' % vr.uuid)
return self.judge(self.exp_result)
command = 'cat /etc/resolv.conf'
cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), command, self.exp_result)
if not cmd_result:
test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name))
return self.judge(False)
vr_guest_ip = test_lib.lib_find_vr_private_ip(vr)
if isinstance(cmd_result, str) and vr_guest_ip in cmd_result:
test_util.test_logger('Checker result: VR [IP:] %s is SUCCESSFULLY set in guest [vm:] %s /etc/resolv.conf. ' % (vr_guest_ip, vm.uuid))
else:
test_util.test_logger('Checker result: VR [IP:] %s is NOT set in guest [vm:] %s /etc/resolv.conf' % (vr_guest_ip, vm.uuid))
return self.judge(False)
l3_inv = test_lib.lib_get_l3_by_uuid(default_l3_uuid)
if l3_inv.domainName:
if not l3_inv.domainName in cmd_result:
test_util.test_logger('Checker result: L3: %s, Domain Name: %s is NOT set in guest [vm:] %s /etc/resolv.conf' % (l3_inv.uuid, l3_inv.domainName, vm.uuid))
return self.judge(False)
else:
test_util.test_logger('Checker result: L3: %s, Domain Name: %s is set in guest [vm:] %s /etc/resolv.conf' % (l3_inv.uuid, l3_inv.domainName, vm.uuid))
return self.judge(True)
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc(
"Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm3)
vm4 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm4)
vm5 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm5)
vm1.check()
vm2.check()
vm3.check()
vm4.check()
vm5.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg4 = test_stub.create_sg()
test_obj_dict.add_sg(sg4.security_group.uuid)
sg5 = test_stub.create_sg()
test_obj_dict.add_sg(sg5.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
vm1_ip = vm1.vm.vmNics[0].ip
vm2_ip = vm2.vm.vmNics[0].ip
vm3_ip = vm3.vm.vmNics[0].ip
vm4_ip = vm4.vm.vmNics[0].ip
vm5_ip = vm5.vm.vmNics[0].ip
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
nic_uuid3 = vm3.vm.vmNics[0].uuid
nic_uuid4 = vm4.vm.vmNics[0].uuid
nic_uuid5 = vm5.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
vm3_nics = (nic_uuid3, vm3)
vm4_nics = (nic_uuid4, vm4)
vm5_nics = (nic_uuid5, vm5)
vm_group1_nics = [vm1_nics, vm2_nics]
vm_group2_nics = [vm3_nics, vm4_nics]
#vms_nics = vm_group1_nics + vm_group1_nics + [vm5_nics]
vms_nics = vm_group1_nics + vm_group2_nics
test_util.test_dsc("Open some ports in 5 VMs for testing.")
for vm in vm1, vm2, vm3, vm4, vm5:
test_lib.lib_open_vm_listen_ports(vm.vm, test_stub.target_ports)
rule_ai1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.INGRESS, vr_internal_ip)
rule_ae1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm5_ip)
rule_v3i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm3_ip)
rule_v3e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm3_ip)
rule_v3e_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.EGRESS, vm3_ip)
rule_v3i_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm3_ip)
rule_v4i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm4_ip)
rule_v4e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm4_ip)
rule_v1i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule_v1e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm1_ip)
rule_v2i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
rule_v2e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
rule_v1i_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm1_ip)
rule_v1e_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.EGRESS, vm1_ip)
sg1.add_rule([rule_ai1, rule_ae1])
sg2.add_rule([rule_v3i_2, rule_v4i_2, rule_v3e_2, rule_v4e_2])
sg3.add_rule([rule_v1i_2, rule_v2i_2, rule_v1e_2, rule_v2e_2])
sg4.add_rule([rule_v1i_3, rule_v1e_3])
sg5.add_rule([rule_v3e_3, rule_v3i_3])
sg_vm.add_stub_vm(l3_uuid, vm5)
sg_vm.check()
##add all vm1 vm2 vm3 vm4 vm5 to sg1.
test_util.test_dsc("Add all VMs to security group 1.")
test_util.test_dsc("Allowed ingress and egress [ports:] %s" %
test_stub.rule1_ports)
sg_vm.attach(sg1, vms_nics)
#add vm1 vm2 to SG2.
test_util.test_dsc("Add VM1 and VM2 to SG2.")
test_util.test_dsc("Allowed ingress [ports:] %s from VM3 and VM4" %
test_stub.rule2_ports)
test_util.test_dsc("Allowed egress [ports:] %s to VM3 and VM4" %
test_stub.rule2_ports)
test_util.test_dsc(
"Since VM1/VM2 are in same SG group, VM1/VM2 can connect rule2 ports :%s each other."
% test_stub.rule2_ports)
sg_vm.attach(sg2, vm_group1_nics)
sg_vm.check()
test_util.test_dsc(
"Since VM3/VM4 didn't open rule2 ports for VM1/VM2, VM1/VM2 can't connect to VM3/VM4 rule2 ports :%s."
% test_stub.rule2_ports)
test_lib.lib_check_vm_ports(
vm3.vm, vm1.vm, test_stub.rule1_ports,
(test_stub.rule2_ports + test_stub.rule3_ports +
test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm3.vm, vm2.vm, test_stub.rule1_ports,
(test_stub.rule2_ports + test_stub.rule3_ports +
test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm4.vm, vm1.vm, test_stub.rule1_ports,
(test_stub.rule2_ports + test_stub.rule3_ports +
test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm4.vm, vm2.vm, test_stub.rule1_ports,
(test_stub.rule2_ports + test_stub.rule3_ports +
test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_group_ports(
vm1.vm, [vm3.vm, vm4.vm], test_stub.rule1_ports,
(test_stub.rule2_ports + test_stub.rule3_ports +
test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_util.test_dsc("Add rule2 ports to VM3 and VM4.")
test_util.test_dsc("Allowed ingress [ports:] %s from VM1/VM2 to VM3/VM4" %
(test_stub.rule1_ports + test_stub.rule2_ports))
test_util.test_dsc("Allowed egress [ports:] %s to VM1 and VM2" %
test_stub.rule2_ports)
sg_vm.attach(sg3, vm_group2_nics)
test_lib.lib_check_vm_group_ports(
vm4.vm, [vm1.vm, vm2.vm],
(test_stub.rule1_ports + test_stub.rule2_ports),
(test_stub.rule3_ports + test_stub.rule4_ports +
test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_group_ports(
vm2.vm, [vm3.vm, vm4.vm],
(test_stub.rule1_ports + test_stub.rule2_ports),
(test_stub.rule3_ports + test_stub.rule4_ports +
test_stub.rule5_ports + test_stub.denied_ports))
sg_vm.check()
test_util.test_dsc("Add VM3 and VM4 to SG4.")
test_util.test_dsc("Allowed ingress/egress [ports:] %s for VM1" %
test_stub.rule3_ports)
test_util.test_dsc(
"But due to VM1 didn't open related ports, connection will be denied for [ports:] %s from VM1 to VM3 "
% test_stub.rule3_ports)
test_util.test_dsc(
"The enabled connections for VM1/VM3 are still [ports:] %s " %
(test_stub.rule1_ports + test_stub.rule2_ports))
sg_vm.attach(sg4, vm_group2_nics)
test_lib.lib_check_vm_ports(
vm1.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports),
(test_stub.rule3_ports + test_stub.rule4_ports +
test_stub.rule5_ports + test_stub.denied_ports))
test_util.test_dsc(
"As VM3/VM4 are in same SG group, rule1+rule2+rule3 [ports:] %s are opened between VM4 and VM3 "
% (test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports))
sg_vm.check()
test_util.test_dsc("Add VM1 and VM2 to SG5.")
test_util.test_dsc("Allowed ingress/egress [ports:] %s for VM3" %
test_stub.rule3_ports)
test_util.test_dsc(
"Connection between VM1 and VM3, between VM1 and VM2, between VM3 and VM4 are enabled for [ports:] %s"
% (test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports))
sg_vm.attach(sg5, vm_group1_nics)
test_lib.lib_check_vm_ports(
vm1.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports),
(test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm3.vm, vm1.vm, (test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports),
(test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm4.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports),
(test_stub.rule4_ports + test_stub.rule5_ports +
test_stub.denied_ports))
test_util.test_dsc("Connection from VM2 to VM3 are enabled for [ports:]" %
(test_stub.rule1_ports + test_stub.rule2_ports +
test_stub.rule3_ports))
test_lib.lib_check_vm_ports(
vm2.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports),
(test_stub.rule3_ports + test_stub.rule4_ports +
test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(
vm4.vm, vm2.vm, (test_stub.rule1_ports + test_stub.rule2_ports),
(test_stub.rule3_ports + test_stub.rule4_ports +
test_stub.rule5_ports + test_stub.denied_ports))
#test_util.test_dsc("VM5 was not granted with rule2 and rule3 ports, so only rule1 [ports:] %s are allowned to connect to other VMs." % test_stub.rule1_ports)
#test_lib.lib_check_vm_ports(vm5.vm, vm3.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
#clean up.
for sg in sg1, sg2, sg3, sg4, sg5:
sg_vm.delete_sg(sg)
test_obj_dict.rm_sg(sg.security_group.uuid)
for vm in vm1, vm2, vm3, vm4, vm5:
vm.destroy()
test_obj_dict.rm_vm(vm)
test_util.test_pass(
'Security Group Vlan VirtualRouter VM complex testing with 2 Groups 5 VMs Test Success'
)
def test():
test_util.test_dsc('Create vrouter vm and check multi nics')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vm1_nic_uuid = vm1.get_vm().vmNics[0].uuid
vr1 = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
cond = res_ops.gen_query_conditions('uuid', '=', vr1_uuid)
vr_offering_mn_network_uuid = res_ops.query_resource(
res_ops.APPLIANCE_VM, cond)[0].managementNetworkUuid
vr1_pub_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM,
cond)[0].managementNetworkUuid
vr_offering_image_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM,
cond)[0].imageUuid
vr_offering_zone_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM,
cond)[0].zoneUuid
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get('l3PublicNetworkName'))
public_l3network_uuid = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].uuid
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get('l3NoVlanNetworkName1'))
second_public_l3network_uuid = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].uuid
second_public_l3network_cidr = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
#Attach second public network to vrouter
second_public_l3network_attached = False
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
second_public_l3network_attached = True
if not second_public_l3network_attached:
net_ops.attach_l3(second_public_l3network_uuid, vr1_uuid)
#Get vr1 nic_uuid on second public network
cond = res_ops.gen_query_conditions('uuid', '=', vr1_uuid)
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
vr1_second_pub_nic_uuid = ''
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
vr1_second_pub_nic_uuid = vm_nic.uuid
#Create new vrouter offering
vr_offering_name = "virtual_router_offering1"
vr_offering_cpu_num = 2
vr_offering_mem_size = 536870912 #512MB
vr_offering = net_ops.create_virtual_router_offering(
vr_offering_name, vr_offering_cpu_num, vr_offering_mem_size,
vr_offering_image_uuid, vr_offering_zone_uuid,
vr_offering_mn_network_uuid, second_public_l3network_uuid)
vr_offering_uuid = vr_offering.uuid
cond = res_ops.gen_query_conditions('name', '=',
os.environ.get('l3VlanNetworkName4'))
user_defined_l3network_uuid = res_ops.query_resource(
res_ops.L3_NETWORK, cond)[0].uuid
#Attach Virtual Router Offering
tag = tag_ops.create_system_tag(
'InstanceOfferingVO', vr_offering_uuid,
'guestL3Network::%s' % user_defined_l3network_uuid)
#Create vms for each public network eip attach
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
vm2_ip = vm2.get_vm().vmNics[0].ip
vm2_nic_uuid = vm2.get_vm().vmNics[0].uuid
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4'))
vm3_ip = vm3.get_vm().vmNics[0].ip
vm3_nic_uuid = vm3.get_vm().vmNics[0].uuid
l3network3_uuid = vm3.get_vm().vmNics[0].l3NetworkUuid
#Create eip for each vms, vm1 has 2 eip on each public network
vip11 = test_stub.create_vip('vm1_vip1', public_l3network_uuid)
vip11_uuid = vip11.get_vip().uuid
eip11 = test_stub.create_eip('vm1_eip1', vip11_uuid, vm_obj=vm1)
vip11.attach_eip(eip11)
eip11_pub_ip = eip11.get_eip().vipIp
vip11.check()
eip11.attach(vm1_nic_uuid, vm1)
vip12 = test_stub.create_vip('vm1_vip2', second_public_l3network_uuid)
vip12_uuid = vip12.get_vip().uuid
eip12 = test_stub.create_eip('vm1_eip2', vip12_uuid, vm_obj=vm1)
vip12.attach_eip(eip12)
eip12_pub_ip = eip12.get_eip().vipIp
vip12.check()
eip12.attach(vm1_nic_uuid, vm1)
vip2 = test_stub.create_vip('vm2_vip', public_l3network_uuid)
vip2_uuid = vip2.get_vip().uuid
eip2 = test_stub.create_eip('vm2_eip', vip2_uuid, vm_obj=vm2)
vip2.attach_eip(eip2)
eip2_pub_ip = eip2.get_eip().vipIp
vip2.check()
eip2.attach(vm2_nic_uuid, vm2)
vip3 = test_stub.create_vip('vm3_vip', second_public_l3network_uuid)
vip3_uuid = vip3.get_vip().uuid
eip3 = test_stub.create_eip('vm3_eip', vip3_uuid, vm_obj=vm3)
vip3.attach_eip(eip3)
eip3_pub_ip = eip3.get_eip().vipIp
vip3.check()
eip3.attach(vm3_nic_uuid, vm3)
#Check if the network is able to ping with eip
user_name = "root"
user_password = "******"
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'" %
(user_password, user_name, vm1_ip, eip2_pub_ip))
if rsp_ping != 0:
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
test_util.test_fail(
'Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.'
% (vm1_ip, eip2_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'" %
(user_password, user_name, vm1_ip, eip3_pub_ip))
if rsp_ping != 0:
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
test_util.test_fail(
'Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.'
% (vm1_ip, eip3_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'" %
(user_password, user_name, vm2_ip, eip11_pub_ip))
if rsp_ping != 0:
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
test_util.test_fail(
'Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.'
% (vm2_ip, eip11_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'" %
(user_password, user_name, vm3_ip, eip12_pub_ip))
if rsp_ping != 0:
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
test_util.test_fail(
'Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.'
% (vm3_ip, eip12_pub_ip))
#Delete vips and vr offering
vip11.delete()
vip12.delete()
vip2.delete()
vip3.delete()
vm_ops.delete_instance_offering(vr_offering_uuid)
#Dettach the route table to vrouter and second public nework
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
vm1.destroy()
vm2.destroy()
vm3.destroy()
net_ops.destroy_vrouter(vr1_uuid)
test_util.test_pass('Check Multi Nics Success')
def test():
global route_table1_uuid
global route_table2_uuid
test_util.test_dsc('Check vm connection with vrouter route')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3'))
test_obj_dict.add_vm(vm2)
vm2_ip = vm2.get_vm().vmNics[0].ip
vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0]
vr2_uuid = vr2.uuid
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2)
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid)
l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
vm1.check()
vm2.check()
#Attach the network service to l3 network
cond = res_ops.gen_query_conditions('type', '=', 'vrouter')
service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER, cond)[0].uuid
network_services_json = "{'%s':['VRouterRoute']}"% service_uuid
net_ops.detach_network_service_from_l3network(l3network1_uuid, service_uuid)
net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid)
net_ops.detach_network_service_from_l3network(l3network2_uuid, service_uuid)
net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid)
#Create route table and route entry for each vrouter
route_table1 = net_ops.create_vrouter_route_table('route_table1')
route_table1_uuid = route_table1.uuid
route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid, l3network2_cidr, vr2_pub_ip)
route_table2 = net_ops.create_vrouter_route_table('route_table2')
route_table2_uuid = route_table2.uuid
route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid, l3network1_cidr, vr1_pub_ip)
#Attach the route table to vrouter and check the network
#net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid)
#net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid)
#Add vroute private ip to vm route
cmd = 'ip r del default; ip r add default via %s' %vr1_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180)
cmd = 'ip r del default; ip r add default via %s' %vr2_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180)
if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vm2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm2.vm.uuid, vm1_ip))
#Dettach the route table to vrouter and check the network
net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm1.vm.uuid, vm2_ip))
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.' % (vm2.vm.uuid, vm1_ip))
#Delete route entry and table, and distory vm
net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid)
net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid)
net_ops.delete_vrouter_route_table(route_table1_uuid)
net_ops.delete_vrouter_route_table(route_table2_uuid)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Check VRouter route Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm3 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm3)
vm4 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm4)
vm5 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm5)
vm1.check()
vm2.check()
vm3.check()
vm4.check()
vm5.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg4 = test_stub.create_sg()
test_obj_dict.add_sg(sg4.security_group.uuid)
sg5 = test_stub.create_sg()
test_obj_dict.add_sg(sg5.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
vm1_ip = vm1.vm.vmNics[0].ip
vm2_ip = vm2.vm.vmNics[0].ip
vm3_ip = vm3.vm.vmNics[0].ip
vm4_ip = vm4.vm.vmNics[0].ip
vm5_ip = vm5.vm.vmNics[0].ip
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
nic_uuid1 = vm1.vm.vmNics[0].uuid
nic_uuid2 = vm2.vm.vmNics[0].uuid
nic_uuid3 = vm3.vm.vmNics[0].uuid
nic_uuid4 = vm4.vm.vmNics[0].uuid
nic_uuid5 = vm5.vm.vmNics[0].uuid
vm1_nics = (nic_uuid1, vm1)
vm2_nics = (nic_uuid2, vm2)
vm3_nics = (nic_uuid3, vm3)
vm4_nics = (nic_uuid4, vm4)
vm5_nics = (nic_uuid5, vm5)
vm_group1_nics = [vm1_nics, vm2_nics]
vm_group2_nics = [vm3_nics, vm4_nics]
#vms_nics = vm_group1_nics + vm_group1_nics + [vm5_nics]
vms_nics = vm_group1_nics + vm_group2_nics
test_util.test_dsc("Open some ports in 5 VMs for testing.")
for vm in vm1,vm2,vm3,vm4,vm5:
test_lib.lib_open_vm_listen_ports(vm.vm, test_stub.target_ports)
rule_ai1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vr_internal_ip)
rule_ae1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm5_ip)
rule_v3i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule_v3e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule_v3e_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm3_ip)
rule_v3i_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip)
rule_v4i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm4_ip)
rule_v4e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm4_ip)
rule_v1i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm1_ip)
rule_v1e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm1_ip)
rule_v2i_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
rule_v2e_2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
rule_v1i_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm1_ip)
rule_v1e_3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm1_ip)
sg1.add_rule([rule_ai1, rule_ae1])
sg2.add_rule([rule_v3i_2, rule_v4i_2, rule_v3e_2, rule_v4e_2])
sg3.add_rule([rule_v1i_2, rule_v2i_2, rule_v1e_2, rule_v2e_2])
sg4.add_rule([rule_v1i_3, rule_v1e_3])
sg5.add_rule([rule_v3e_3, rule_v3i_3])
sg_vm.add_stub_vm(l3_uuid, vm5)
sg_vm.check()
##add all vm1 vm2 vm3 vm4 vm5 to sg1.
test_util.test_dsc("Add all VMs to security group 1.")
test_util.test_dsc("Allowed ingress and egress [ports:] %s" % test_stub.rule1_ports)
sg_vm.attach(sg1, vms_nics)
#add vm1 vm2 to SG2.
test_util.test_dsc("Add VM1 and VM2 to SG2.")
test_util.test_dsc("Allowed ingress [ports:] %s from VM3 and VM4" % test_stub.rule2_ports)
test_util.test_dsc("Allowed egress [ports:] %s to VM3 and VM4" % test_stub.rule2_ports)
test_util.test_dsc("Since VM1/VM2 are in same SG group, VM1/VM2 can connect rule2 ports :%s each other." % test_stub.rule2_ports)
sg_vm.attach(sg2, vm_group1_nics)
sg_vm.check()
test_util.test_dsc("Since VM3/VM4 didn't open rule2 ports for VM1/VM2, VM1/VM2 can't connect to VM3/VM4 rule2 ports :%s." % test_stub.rule2_ports)
test_lib.lib_check_vm_ports(vm3.vm, vm1.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm3.vm, vm2.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm4.vm, vm1.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm4.vm, vm2.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_group_ports(vm1.vm, [vm3.vm, vm4.vm], test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_util.test_dsc("Add rule2 ports to VM3 and VM4.")
test_util.test_dsc("Allowed ingress [ports:] %s from VM1/VM2 to VM3/VM4" % (test_stub.rule1_ports + test_stub.rule2_ports))
test_util.test_dsc("Allowed egress [ports:] %s to VM1 and VM2" % test_stub.rule2_ports)
sg_vm.attach(sg3, vm_group2_nics)
test_lib.lib_check_vm_group_ports(vm4.vm, [vm1.vm, vm2.vm], (test_stub.rule1_ports + test_stub.rule2_ports), (test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_group_ports(vm2.vm, [vm3.vm, vm4.vm], (test_stub.rule1_ports + test_stub.rule2_ports), (test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
sg_vm.check()
test_util.test_dsc("Add VM3 and VM4 to SG4.")
test_util.test_dsc("Allowed ingress/egress [ports:] %s for VM1" % test_stub.rule3_ports)
test_util.test_dsc("But due to VM1 didn't open related ports, connection will be denied for [ports:] %s from VM1 to VM3 " % test_stub.rule3_ports)
test_util.test_dsc("The enabled connections for VM1/VM3 are still [ports:] %s " % (test_stub.rule1_ports + test_stub.rule2_ports))
sg_vm.attach(sg4, vm_group2_nics)
test_lib.lib_check_vm_ports(vm1.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports), (test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_util.test_dsc("As VM3/VM4 are in same SG group, rule1+rule2+rule3 [ports:] %s are opened between VM4 and VM3 " % (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports))
sg_vm.check()
test_util.test_dsc("Add VM1 and VM2 to SG5.")
test_util.test_dsc("Allowed ingress/egress [ports:] %s for VM3" % test_stub.rule3_ports)
test_util.test_dsc("Connection between VM1 and VM3, between VM1 and VM2, between VM3 and VM4 are enabled for [ports:] %s" % (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports))
sg_vm.attach(sg5, vm_group1_nics)
test_lib.lib_check_vm_ports(vm1.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports), (test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm3.vm, vm1.vm, (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports), (test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm4.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports), (test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_util.test_dsc("Connection from VM2 to VM3 are enabled for [ports:]" % (test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports))
test_lib.lib_check_vm_ports(vm2.vm, vm3.vm, (test_stub.rule1_ports + test_stub.rule2_ports), (test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
test_lib.lib_check_vm_ports(vm4.vm, vm2.vm, (test_stub.rule1_ports + test_stub.rule2_ports), (test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
#test_util.test_dsc("VM5 was not granted with rule2 and rule3 ports, so only rule1 [ports:] %s are allowned to connect to other VMs." % test_stub.rule1_ports)
#test_lib.lib_check_vm_ports(vm5.vm, vm3.vm, test_stub.rule1_ports, (test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports + test_stub.denied_ports))
#clean up.
for sg in sg1,sg2,sg3,sg4,sg5:
sg_vm.delete_sg(sg)
test_obj_dict.rm_sg(sg.security_group.uuid)
for vm in vm1,vm2,vm3,vm4,vm5:
vm.destroy()
test_obj_dict.rm_vm(vm)
test_util.test_pass('Security Group Vlan VirtualRouter VM complex testing with 2 Groups 5 VMs Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc(
"Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP,
inventory.EGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc(
"Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing"
)
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP,
inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" %
(test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass(
'Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
'''
Test image requirements:
1. have nc to check the network port
2. have "nc" to open any port
3. it doesn't include a default firewall
VR image is a good candiate to be the guest image.
'''
global test_obj_dict
test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.")
vm1 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm1)
vm2 = test_stub.create_sg_vm()
test_obj_dict.add_vm(vm2)
vm1.check()
vm2.check()
test_util.test_dsc("Create security groups.")
sg1 = test_stub.create_sg()
test_obj_dict.add_sg(sg1.security_group.uuid)
sg2 = test_stub.create_sg()
test_obj_dict.add_sg(sg2.security_group.uuid)
sg3 = test_stub.create_sg()
test_obj_dict.add_sg(sg3.security_group.uuid)
sg_vm = test_sg_vm_header.ZstackTestSgVm()
sg_vm.check()
nic_uuid = vm1.vm.vmNics[0].uuid
vm_nics = (nic_uuid, vm1)
l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid
vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip
vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm)
test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100")
rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip)
test_util.test_dsc("Create SG rule2: allow connection from vm2 to port 9000~10000")
rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing")
rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule4: allow ICMP connection to VR")
rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip)
test_util.test_dsc("Create SG rule5: allow icmp from vm2")
rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip)
test_util.test_dsc("Create SG rule6: allow icmp to vm2")
rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip)
sg1.add_rule([rule1, rule2, rule3, rule4])
sg2.add_rule([rule5])
sg3.add_rule([rule6])
sg_vm.check()
sg_vm.add_stub_vm(l3_uuid, vm2)
sg_vm.check()
#add sg1
test_util.test_dsc("Add VM1 nic to security group 1.")
sg_vm.attach(sg1, [vm_nics])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip))
#add sg2
test_util.test_dsc("Add VM1 nic to security group 2.")
sg_vm.attach(sg2, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
#add sg3
test_util.test_dsc("Add nic to security group 3 to stopped vm1.")
sg_vm.attach(sg3, [vm_nics])
test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports))
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
test_util.test_dsc("remove rule5 from sg2")
sg2.delete_rule([rule5])
sg_vm.check()
if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True):
test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip))
vm1.destroy()
test_obj_dict.rm_vm(vm1)
vm2.destroy()
test_obj_dict.rm_vm(vm2)
sg_vm.check()
sg1.delete()
test_obj_dict.rm_sg(sg1.security_group.uuid)
sg2.delete()
test_obj_dict.rm_sg(sg2.security_group.uuid)
sg_vm.check()
sg3.delete()
test_obj_dict.rm_sg(sg3.security_group.uuid)
test_util.test_pass('Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test():
test_util.test_dsc('Create vrouter vm and check multi nics')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vm1_nic_uuid = vm1.get_vm().vmNics[0].uuid
vr1 = test_lib.lib_find_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
cond = res_ops.gen_query_conditions('uuid', '=', vr1_uuid)
vr_offering_mn_network_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].managementNetworkUuid
vr1_pub_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].managementNetworkUuid
vr_offering_image_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].imageUuid
vr_offering_zone_uuid = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].zoneUuid
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
cond = res_ops.gen_query_conditions('name', '=', os.environ.get('l3PublicNetworkName'))
public_l3network_uuid = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].uuid
cond = res_ops.gen_query_conditions('name', '=', os.environ.get('l3NoVlanNetworkName1'))
second_public_l3network_uuid = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].uuid
second_public_l3network_cidr = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].ipRanges[0].networkCidr
#Attach second public network to vrouter
second_public_l3network_attached = False
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
second_public_l3network_attached = True
if not second_public_l3network_attached:
net_ops.attach_l3(second_public_l3network_uuid, vr1_uuid)
#Get vr1 nic_uuid on second public network
cond = res_ops.gen_query_conditions('uuid', '=', vr1_uuid)
vr1_nics = res_ops.query_resource(res_ops.APPLIANCE_VM, cond)[0].vmNics
vr1_second_pub_nic_uuid = ''
for vm_nic in vr1_nics:
if vm_nic.l3NetworkUuid == second_public_l3network_uuid:
vr1_second_pub_nic_uuid = vm_nic.uuid
#Create new vrouter offering
vr_offering_name = "virtual_router_offering1"
vr_offering_cpu_num = 2
vr_offering_mem_size = 536870912 #512MB
vr_offering = net_ops.create_virtual_router_offering(vr_offering_name, vr_offering_cpu_num, vr_offering_mem_size, vr_offering_image_uuid, vr_offering_zone_uuid, vr_offering_mn_network_uuid, second_public_l3network_uuid)
vr_offering_uuid = vr_offering.uuid
cond = res_ops.gen_query_conditions('name', '=', os.environ.get('l3VlanNetworkName4'))
user_defined_l3network_uuid = res_ops.query_resource(res_ops.L3_NETWORK, cond)[0].uuid
#Attach Virtual Router Offering
tag = tag_ops.create_system_tag('InstanceOfferingVO',vr_offering_uuid, 'guestL3Network::%s' % user_defined_l3network_uuid)
#Create vms for each public network eip attach
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanDNATNetworkName'))
vm2_ip = vm2.get_vm().vmNics[0].ip
vm2_nic_uuid = vm2.get_vm().vmNics[0].uuid
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
vm3 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName4'))
vm3_ip = vm3.get_vm().vmNics[0].ip
vm3_nic_uuid = vm3.get_vm().vmNics[0].uuid
l3network3_uuid = vm3.get_vm().vmNics[0].l3NetworkUuid
#Create eip for each vms, vm1 has 2 eip on each public network
vip11 = test_stub.create_vip('vm1_vip1', public_l3network_uuid)
vip11_uuid = vip11.get_vip().uuid
eip11 = test_stub.create_eip('vm1_eip1', vip11_uuid, vm_obj=vm1)
vip11.attach_eip(eip11)
eip11_pub_ip = eip11.get_eip().vipIp
vip11.check()
eip11.attach(vm1_nic_uuid, vm1)
vip12 = test_stub.create_vip('vm1_vip2', second_public_l3network_uuid)
vip12_uuid = vip12.get_vip().uuid
eip12 = test_stub.create_eip('vm1_eip2', vip12_uuid, vm_obj=vm1)
vip12.attach_eip(eip12)
eip12_pub_ip = eip12.get_eip().vipIp
vip12.check()
eip12.attach(vm1_nic_uuid, vm1)
vip2 = test_stub.create_vip('vm2_vip', public_l3network_uuid)
vip2_uuid = vip2.get_vip().uuid
eip2 = test_stub.create_eip('vm2_eip', vip2_uuid, vm_obj=vm2)
vip2.attach_eip(eip2)
eip2_pub_ip = eip2.get_eip().vipIp
vip2.check()
eip2.attach(vm2_nic_uuid, vm2)
vip3 = test_stub.create_vip('vm3_vip', second_public_l3network_uuid)
vip3_uuid = vip3.get_vip().uuid
eip3 = test_stub.create_eip('vm3_eip', vip3_uuid, vm_obj=vm3)
vip3.attach_eip(eip3)
eip3_pub_ip = eip3.get_eip().vipIp
vip3.check()
eip3.attach(vm3_nic_uuid, vm3)
time.sleep(40) #waiting for eip binding
#Check if the network is able to ping with eip
user_name = "root"
user_password = "******"
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'"%(user_password, user_name, vm1_ip, eip2_pub_ip))
if rsp_ping != 0:
test_util.test_fail('Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.' % (vm1_ip, eip2_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'"%(user_password, user_name, vm1_ip, eip3_pub_ip))
if rsp_ping != 0:
test_util.test_fail('Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.' % (vm1_ip, eip3_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'"%(user_password, user_name, vm2_ip, eip11_pub_ip))
if rsp_ping != 0:
test_util.test_fail('Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.' % (vm2_ip, eip11_pub_ip))
rsp_ping = os.system("sshpass -p '%s' ssh %s@%s 'ping -c 4 %s'"%(user_password, user_name, vm3_ip, eip12_pub_ip))
if rsp_ping != 0:
test_util.test_fail('Exception: [vm ip:] %s ping [Eip:] %s fail. But it should ping successfully.' % (vm3_ip, eip12_pub_ip))
#Delete vips and vr offering
vip11.delete()
vip12.delete()
vip2.delete()
vip3.delete()
vm_ops.delete_instance_offering(vr_offering_uuid)
#Dettach the route table to vrouter and second public nework
if vr1_second_pub_nic_uuid != '':
net_ops.detach_l3(vr1_second_pub_nic_uuid)
vm1.destroy()
vm2.destroy()
vm3.destroy()
net_ops.destroy_vrouter(vr1_uuid)
test_util.test_pass('Check Multi Nics Success')
def test():
global route_table1_uuid
global route_table2_uuid
test_util.test_dsc('Check vm connection with vrouter route')
vm1 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName1'))
test_obj_dict.add_vm(vm1)
vm1_ip = vm1.get_vm().vmNics[0].ip
vr1 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm1.vm)[0]
vr1_uuid = vr1.uuid
vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1)
vr1_private_ip = test_lib.lib_find_vr_private_ip(vr1)
l3network1_uuid = vm1.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network1_uuid)
l3network1_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
vm2 = test_stub.create_vlan_vm(os.environ.get('l3VlanNetworkName3'))
test_obj_dict.add_vm(vm2)
vm2_ip = vm2.get_vm().vmNics[0].ip
vr2 = test_lib.lib_find_flat_dhcp_vr_by_vm(vm2.vm)[0]
vr2_uuid = vr2.uuid
vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2)
vr2_private_ip = test_lib.lib_find_vr_private_ip(vr2)
l3network2_uuid = vm2.get_vm().vmNics[0].l3NetworkUuid
cond = res_ops.gen_query_conditions('uuid', '=', l3network2_uuid)
l3network2_cidr = res_ops.query_resource(res_ops.L3_NETWORK,
cond)[0].ipRanges[0].networkCidr
vm1.check()
vm2.check()
#Attach the network service to l3 network
cond = res_ops.gen_query_conditions('type', '=', 'vrouter')
service_uuid = res_ops.query_resource(res_ops.NETWORK_SERVICE_PROVIDER,
cond)[0].uuid
network_services_json = "{'%s':['VRouterRoute']}" % service_uuid
net_ops.detach_network_service_from_l3network(l3network1_uuid,
service_uuid)
net_ops.attach_network_service_to_l3network(l3network1_uuid, service_uuid)
net_ops.detach_network_service_from_l3network(l3network2_uuid,
service_uuid)
net_ops.attach_network_service_to_l3network(l3network2_uuid, service_uuid)
#Create route table and route entry for each vrouter
route_table1 = net_ops.create_vrouter_route_table('route_table1')
route_table1_uuid = route_table1.uuid
route_entry1 = net_ops.add_vrouter_route_entry(route_table1_uuid,
l3network2_cidr, vr2_pub_ip)
route_table2 = net_ops.create_vrouter_route_table('route_table2')
route_table2_uuid = route_table2.uuid
route_entry2 = net_ops.add_vrouter_route_entry(route_table2_uuid,
l3network1_cidr, vr1_pub_ip)
#Attach the route table to vrouter and check the network
#net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid, vr1_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table1_uuid, vr1_uuid)
#net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid, vr2_uuid)
net_ops.attach_vrouter_route_table_to_vrouter(route_table2_uuid, vr2_uuid)
#Add vroute private ip to vm route
cmd = 'ip r del default; ip r add default via %s' % vr1_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm1_ip, 'root', 'password', cmd, 180)
cmd = 'ip r del default; ip r add default via %s' % vr2_private_ip
rsp = test_lib.lib_execute_ssh_cmd(vm2_ip, 'root', 'password', cmd, 180)
if not test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm1.vm.uuid, vm2_ip))
if not test_lib.lib_check_ping(vm1.vm, vm1_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.'
% (vm2.vm.uuid, vm1_ip))
#Dettach the route table to vrouter and check the network
net_ops.detach_vrouter_route_table_from_vrouter(route_table1_uuid,
vr1_uuid)
net_ops.detach_vrouter_route_table_from_vrouter(route_table2_uuid,
vr2_uuid)
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.'
% (vm1.vm.uuid, vm2_ip))
if test_lib.lib_check_ping(vm1.vm, vm2_ip, no_exception=True):
test_util.test_fail(
'Exception: [vm:] %s ping [vr:] %s successfully. But it should ping fail because the route table is detached.'
% (vm2.vm.uuid, vm1_ip))
#Delete route entry and table, and distory vm
net_ops.delete_vrouter_route_entry(route_entry1.uuid, route_table1_uuid)
net_ops.delete_vrouter_route_entry(route_entry2.uuid, route_table2_uuid)
net_ops.delete_vrouter_route_table(route_table1_uuid)
net_ops.delete_vrouter_route_table(route_table2_uuid)
vm1.destroy()
vm2.destroy()
test_util.test_pass('Check VRouter route Success')
