def disable_snat(): LOG.fixture_step("Disable SNAT on tenant router") try: network_helper.set_router_gateway(enable_snat=False) finally: LOG.fixture_step("Revert primary tenant to {}".format(primary_tenant['tenant'])) Tenant.set_primary(primary_tenant)
def router_info(request): global result_ result_ = False LOG.fixture_step( "Disable SNAT and update router to DVR if not already done.") router_id = network_helper.get_tenant_router() network_helper.set_router_gateway(router_id, enable_snat=False) is_dvr = network_helper.get_router_values(router_id, fields='distributed', auth_info=Tenant.get('admin'))[0] def teardown(): post_dvr = network_helper.get_router_values( router_id, fields='distributed', auth_info=Tenant.get('admin'))[0] if post_dvr != is_dvr: network_helper.set_router_mode(router_id, distributed=is_dvr) request.addfinalizer(teardown) if not is_dvr: network_helper.set_router_mode(router_id, distributed=True, enable_on_failure=False) result_ = True return router_id
def test_snat_reset_router_ext_gateway(snat_setups): """ Test VM external access after evacuation. Args: snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip. Test Setups: - Find a tenant router that is dvr or non-dvr based on the parameter - Enable SNAT on tenant router - boot a vm and attach a floating ip - Ping vm from NatBox Test Steps: - Ping outside from VM - Clear router gateway - Verify vm cannot be ping'd from NatBox - Set router gateway - Verify vm can be ping'd from NatBox - Verify vm can ping outside Test Teardown: - Delete the created vm (module) - Disable SNAT on router (module) """ vm_, fip = snat_setups LOG.tc_step("Ping vm management net ip from NatBox") vm_helper.ping_vms_from_natbox(vm_, use_fip=False) # vm_helper.ping_vms_from_natbox(vm_, use_fip=True) LOG.tc_step("Ping outside from VM".format(vm_)) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Disassociate floatingip from vm and verify it's successful.") network_helper.unset_floating_ip(floating_ip=fip, port=True) # assert not network_helper.get_floating_ip_info(fip=fip, field='fixed_ip_address'), \ # "Floating ip {} still attached to fixed ip".format(fip) LOG.tc_step("Clear router gateway and verify vm cannot be ping'd from NatBox") fixed_ip = network_helper.get_router_ext_gateway_info()['external_fixed_ips'][0]['ip_address'] network_helper.clear_router_gateway(check_first=False) ping_res = vm_helper.ping_vms_from_natbox(vm_, fail_ok=True, use_fip=False)[0] assert ping_res is False, "VM can still be ping'd from outside after clearing router gateway." LOG.tc_step("Set router gateway with the same fixed ip") network_helper.set_router_gateway(clear_first=False, fixed_ips=fixed_ip, enable_snat=True) LOG.tc_step("Verify SNAT is enabled by default after setting router gateway.") assert network_helper.get_router_ext_gateway_info()['enable_snat'], "SNAT is not enabled by default." LOG.tc_step("Associate floating ip to vm") network_helper.associate_floating_ip_to_vm(floating_ip=fip, vm_id=vm_) LOG.tc_step("Verify vm can ping to and be ping'd from outside") vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, fail_ok=False) vm_helper.ping_ext_from_vm(vm_, use_fip=True)
def _set_external_gatewayway_info(router_id, ext_gateway_subnet, gateway_ip, is_dvr): LOG.info("External Gateway Subnet Id: {}".format(ext_gateway_subnet)) LOG.info("Router {} external subnet id {}".format(router_id, ext_gateway_subnet)) network_helper.set_router_gateway(router_id=router_id, clear_first=False, fixed_ips=gateway_ip, enable_snat=False) network_helper.set_router_mode(router_id=router_id, distributed=is_dvr)
def router_info(request): LOG.fixture_step("Enable snat on tenant router") router_id = network_helper.get_tenant_router() network_helper.set_router_gateway(router_id, enable_snat=True) def teardown(): LOG.fixture_step("Disable snat on tenant router") network_helper.set_router_gateway(router_id, enable_snat=False) request.addfinalizer(teardown) return router_id
def test_snat_evacuate_vm(snat_setups, snat): """ Test VM external access after evacuation. Args: snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip. snat (bool): whether or not to enable SNAT on router Test Setups (module): - Find a tenant router that is dvr or non-dvr based on the parameter - Enable SNAT on tenant router - boot a vm and attach a floating ip - Ping vm from NatBox Test Steps: - Ping VM from NatBox - Reboot vm host - Verify vm is evacuated to other host - Verify vm can still ping outside Test Teardown: - Delete the created vm (module) - Disable snat (module) """ vm_ = snat_setups[0] snat = True if snat == 'snat_enabled' else False LOG.tc_step("Update tenant router external gateway to set SNAT to {}".format(snat)) network_helper.set_router_gateway(enable_snat=snat) time.sleep(30) vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=True) host = vm_helper.get_vm_host(vm_) LOG.tc_step("Ping VM from NatBox".format(vm_)) vm_helper.ping_vms_from_natbox(vm_, use_fip=False) # vm_helper.ping_vms_from_natbox(vm_, use_fip=True) LOG.tc_step("Evacuate vm") vm_helper.evacuate_vms(host=host, vms_to_check=vm_) LOG.tc_step("Verify vm can still ping outside") vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat, timeout=VMTimeout.DHCP_RETRY) vm_helper.ping_ext_from_vm(vm_, use_fip=True) host_helper.wait_for_hosts_ready(hosts=host) vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=False) if snat: vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=True)
def snat_setups(request): find_dvr = 'True' if request.param == 'distributed' else 'False' primary_tenant = Tenant.get_primary() other_tenant = Tenant.get_secondary() for auth_info in [primary_tenant, other_tenant]: tenant_router = network_helper.get_tenant_router(auth_info=auth_info) is_dvr_router = network_helper.get_router_values(router_id=tenant_router, fields='distributed')[0] if find_dvr == str(is_dvr_router): LOG.fixture_step("Setting primary tenant to {}".format(common.get_tenant_name(auth_info))) Tenant.set_primary(auth_info) break else: skip("No {} router found on system.".format(request.param)) LOG.fixture_step("Update router to enable SNAT") network_helper.set_router_gateway(enable_snat=True) # Check snat is handled by the keyword def disable_snat(): LOG.fixture_step("Disable SNAT on tenant router") try: network_helper.set_router_gateway(enable_snat=False) finally: LOG.fixture_step("Revert primary tenant to {}".format(primary_tenant['tenant'])) Tenant.set_primary(primary_tenant) request.addfinalizer(disable_snat) LOG.fixture_step("Boot a VM from volume") vm_id = vm_helper.boot_vm(name='snat', reuse_vol=False, cleanup='module')[1] if system_helper.is_avs(): LOG.fixture_step("Attempt to ping from NatBox and ensure if fails") ping_res = vm_helper.wait_for_vm_pingable_from_natbox(vm_id, timeout=60, fail_ok=True, use_fip=False) assert ping_res is False, "VM can still be ping'd from outside after SNAT enabled without floating ip." LOG.fixture_step("Create a floating ip and associate it to VM") floatingip = network_helper.create_floating_ip(cleanup='module')[1] network_helper.associate_floating_ip_to_vm(floatingip, vm_id) LOG.fixture_step("Ping vm's floating ip from NatBox and ensure it's reachable") vm_helper.wait_for_vm_pingable_from_natbox(vm_id, timeout=60, use_fip=True) return vm_id, floatingip
def teardown(): LOG.fixture_step("Disable snat on tenant router") network_helper.set_router_gateway(router_id, enable_snat=False)
def test_snat_vm_actions(snat_setups, snat): """ Test VM external access over VM launch, live-migration, cold-migration, pause/unpause, etc Args: snat_setups (tuple): returns vm id and fip. Enable snat, create vm and attach floating ip. Test Setups (module): - Find a tenant router that is dvr or non-dvr based on the parameter - Enable SNAT on tenant router - boot a vm and attach a floating ip - Ping vm from NatBox Test Steps: - Enable/Disable SNAT based on snat param - Ping from VM to 8.8.8.8 - wget <lab_fip> to VM - scp from NatBox to VM - Live-migrate the VM and verify ping from VM - Cold-migrate the VM and verify ping from VM - Pause and un-pause the VM and verify ping from VM - Suspend and resume the VM and verify ping from VM - Stop and start the VM and verify ping from VM - Reboot the VM and verify ping from VM Test Teardown: - Enable snat for next test in the same module (function) - Delete the created vm (module) - Disable snat (module) """ vm_ = snat_setups[0] snat = True if snat == 'snat_enabled' else False LOG.tc_step("Update tenant router external gateway to set SNAT to {}".format(snat)) network_helper.set_router_gateway(enable_snat=snat) # Allow router update to complete, since we've seen cases where ping vm pass but ssh fail time.sleep(30) vm_helper.wait_for_vm_pingable_from_natbox(vm_, timeout=60, use_fip=snat) LOG.tc_step("Ping from VM {} to 8.8.8.8".format(vm_)) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("wget to VM {}".format(vm_)) with vm_helper.ssh_to_vm_from_natbox(vm_id=vm_, use_fip=True) as vm_ssh: vm_ssh.exec_cmd('wget google.ca', fail_ok=False) LOG.tc_step("scp from NatBox to VM {}".format(vm_)) vm_fip = network_helper.get_external_ips_for_vms(vms=vm_)[0] natbox_ssh = NATBoxClient.get_natbox_client() natbox_ssh.scp_on_source(source_path='test', dest_user='******', dest_ip=vm_fip, dest_path='/tmp/', dest_password='******', timeout=30) LOG.tc_step("Live-migrate the VM and verify ping from VM") vm_helper.live_migrate_vm(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Cold-migrate the VM and verify ping from VM") vm_helper.cold_migrate_vm(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Pause and un-pause the VM and verify ping from VM") vm_helper.pause_vm(vm_) vm_helper.unpause_vm(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Suspend and resume the VM and verify ping from VM") vm_helper.suspend_vm(vm_) vm_helper.resume_vm(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Stop and start the VM and verify ping from VM") vm_helper.stop_vms(vm_) vm_helper.start_vms(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Reboot the VM and verify ping from VM") vm_helper.reboot_vm(vm_) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True) LOG.tc_step("Resize the vm to a flavor with 2 dedicated cpus and verify ping from VM") new_flv = nova_helper.create_flavor(name='ded', vcpus=2)[1] ResourceCleanup.add('flavor', new_flv, scope='module') nova_helper.set_flavor(new_flv, **{FlavorSpec.CPU_POLICY: 'dedicated'}) vm_helper.resize_vm(vm_, new_flv) vm_helper.wait_for_vm_pingable_from_natbox(vm_, use_fip=snat) vm_helper.ping_ext_from_vm(vm_, use_fip=True)
def enable_snat_teardown(): network_helper.set_router_gateway(enable_snat=True)
def refstack_setup(refstack_pre_check, request): LOG.fixture_step("Enable Swift if not already done") storage_helper.modify_swift(enable=True) LOG.fixture_step("Create tenants, users, and update quotas") compliance_helper.create_tenants_and_update_quotas(add_swift_role=True) LOG.fixture_step("Create test flavors") flavors = [] for i in range(2): flavor_id = nova_helper.create_flavor(name='refstack', vcpus=2, ram=2048, root_disk=2, cleanup='session')[1] nova_helper.set_flavor(flavor_id, **{FlavorSpec.CPU_POLICY: 'dedicated', FlavorSpec.MEM_PAGE_SIZE: 2048}) flavors.append(flavor_id) LOG.fixture_step("Get/create test images") images = [glance_helper.get_image_id_from_name()] image_id = glance_helper.create_image()[1] images.append(image_id) ResourceCleanup.add('image', image_id, scope='session') LOG.fixture_step("Setup public router if not already done.") external_net_id = network_helper.get_networks(external=True)[0] public_router = 'public-router0' pub_routers = network_helper.get_routers(name=public_router, auth_info=Tenant.get('admin')) if not pub_routers: LOG.info("Create public router and add interfaces") public_router_id = network_helper.create_router(name=public_router, project=Tenant.get('admin')['tenant'])[1] network_helper.set_router_gateway(router_id=public_router_id, external_net=external_net_id) internal_subnet = 'internal0-subnet0-1' gateway = '10.1.1.1' network_helper.set_subnet(subnet=internal_subnet, gateway=gateway) network_helper.add_router_interface(router=public_router_id, subnet=internal_subnet, auth_info=Tenant.get('admin')) keystone_pub = keystone_helper.get_endpoints(field='URL', interface='public', service_name='keystone')[0] keystone_pub_url = keystone_pub.split('/v')[0] + '/' keystone_pub_url = keystone_pub_url.replace(':', '\:').replace('/', '\/') params_dict = { 'image_ref': images[0], 'image_ref_alt': images[1], 'flavor_ref': flavors[0], 'flavor_ref_alt': flavors[1], 'public_network_id': external_net_id, 'uri': keystone_pub_url + 'v2.0', 'uri_v3': keystone_pub_url + 'v3', 'discoverable_apis': 'tempurl,container_quotas', 'container_sync': 'false', 'object_versioning': 'true', 'discoverability': 'false', } LOG.fixture_step("Update tempest.conf parameters on cumulus server: \n{}".format(params_dict)) with compliance_helper.ssh_to_compliance_server() as server_ssh: for key, val in params_dict.items(): server_ssh.exec_cmd('sed -i "s/^{} =.*/{} = {}/g" {}'.format(key, key, val, RefStack.TEMPEST_CONF), fail_ok=False) server_ssh.exec_cmd('grep {} {}'.format(val, RefStack.TEMPEST_CONF), fail_ok=False) compliance_helper.add_route_for_vm_access(server_ssh) def scp_logs(): LOG.info("scp test results files from refstack test host to local automation dir") dest_dir = os.path.join(ProjVar.get_var('LOG_DIR'), 'compliance') os.makedirs(dest_dir, exist_ok=True) localhost = LocalHostClient() localhost.connect() for item in RefStack.LOG_FILES: source_path = '{}/{}'.format(RefStack.TEST_HISTORY_DIR, item) localhost.scp_on_dest(source_ip=ComplianceCreds.get_host(), source_user=ComplianceCreds.get_user(), source_pswd=ComplianceCreds.get_password(), source_path=source_path, dest_path=dest_dir, timeout=300, cleanup=False) origin_name = ComplianceVar.get_var('REFSTACK_SUITE').rsplit(r'/', maxsplit=1)[-1] localhost.exec_cmd('mv {}/test-list.txt {}/{}'.format(dest_dir, dest_dir, origin_name)) request.addfinalizer(scp_logs)