def create_network_acl_list(self, name, description, vpc):
self.debug("Adding NetworkACL list in VPC: %s" % vpc.id)
return NetworkACLList.create(self.api_client,
services={},
name=name,
description=description,
vpcid=vpc.id)
def test_vpcnetwork_nuage(self):
"""Test network VPC for Nuage"""
# 1) Create VPC with Nuage VPC offering
vpcOffering = VpcOffering.list(self.apiclient,
name="Nuage VSP VPC offering")
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"Nuage VPC offering not found")
vpc = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.networkacl",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid)
self.assert_(vpc is not None, "VPC creation failed")
# 2) Create ACL
aclgroup = NetworkACLList.create(apiclient=self.apiclient,
services={},
name="acl",
description="acl",
vpcid=vpc.id)
self.assertIsNotNone(aclgroup, "Failed to create NetworkACL list")
self.debug("Created a network ACL list %s" % aclgroup.name)
# 3) Create ACL Item
aclitem = NetworkACL.create(apiclient=self.apiclient,
services={},
protocol="TCP",
number="10",
action="Deny",
aclid=aclgroup.id,
cidrlist=["0.0.0.0/0"])
self.assertIsNotNone(aclitem, "Network failed to aclItem")
self.debug("Added a network ACL %s to ACL list %s" %
(aclitem.id, aclgroup.name))
# 4) Create network with ACL
nwNuage = Network.create(self.apiclient,
self.services["vpcnetwork"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc.id,
aclid=aclgroup.id,
gateway='10.1.0.1')
self.debug("Network %s created in VPC %s" % (nwNuage.id, vpc.id))
# 5) Deploy a vm
vm = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(nwNuage.id)])
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
def create_network_tier(self, name, vpcid, gateway, network_offering):
self.services["network"]["name"] = name
self.services["network"]["displaytext"] = name
default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0]
try:
network = Network.create(
apiclient=self.apiclient,
services=self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offering.id,
zoneid=self.zone.id,
vpcid=vpcid,
gateway=gateway,
netmask=self.services["network"]["netmask"],
aclid=default_acl.id
)
self.assertIsNotNone(network, "Network failed to create")
self.logger.debug(
"Created network %s in VPC %s" % (network.id, vpcid))
self.cleanup.insert(0, network)
return network
except Exception as e:
raise Exception("Create network failed: %s" % e)
def create_network_tier(self, name, vpcid, gateway, network_offering):
self.services["network"]["name"] = name
self.services["network"]["displaytext"] = name
default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0]
try:
network = Network.create(
apiclient=self.apiclient,
services=self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offering.id,
zoneid=self.zone.id,
vpcid=vpcid,
gateway=gateway,
netmask=self.services["network"]["netmask"],
aclid=default_acl.id
)
self.assertIsNotNone(network, "Network failed to create")
self.logger.debug(
"Created network %s in VPC %s" % (network.id, vpcid))
self.cleanup.insert(0, network)
return network
except Exception as e:
raise Exception("Create network failed: %s" % e)
def create_NetworkAclList(self, name, description, vpc):
self.debug("Adding NetworkACL list in VPC with ID - %s" % vpc.id)
return NetworkACLList.create(self.api_client,
services={},
name=name,
description=description,
vpcid=vpc.id
)
def define_custom_acl(self):
acl1 = NetworkACLList.create(self.api_client,
self.attributes['acls']['acl1'],
vpcid=self.vpc1.id)
NetworkACL.create(self.api_client,
self.attributes['acls']['acl1']['entries']['entry1'],
networkid=self.network1.id,
aclid=acl1.id)
try:
command = replaceNetworkACLList.replaceNetworkACLListCmd()
command.aclid = acl1.id
command.gatewayid = self.private_gateway1.id
response = self.api_client.replaceNetworkACLList(command)
except Exception as e:
raise Exception("Exception: %s" % e)
self.assertTrue(response.success)
self.logger.debug("Private Gateway '%s' ACL replaced",
self.private_gateway1.ipaddress)
acl2 = NetworkACLList.create(self.api_client,
self.attributes['acls']['acl2'],
vpcid=self.vpc2.id)
NetworkACL.create(self.api_client,
self.attributes['acls']['acl2']['entries']['entry2'],
networkid=self.network2.id,
aclid=acl2.id)
try:
command2 = replaceNetworkACLList.replaceNetworkACLListCmd()
command2.aclid = acl2.id
command2.gatewayid = self.private_gateway2.id
response2 = self.api_client.replaceNetworkACLList(command2)
except Exception as e:
raise Exception("Exception: %s" % e)
self.assertTrue(response2.success)
self.logger.debug("Private Gateway '%s' ACL replaced",
self.private_gateway2.ipaddress)
def define_custom_acl(self):
acl1 = NetworkACLList.create(self.api_client,
self.attributes['acls']['acl1'],
vpcid=self.vpc1.id)
NetworkACL.create(self.api_client,
self.attributes['acls']['acl1']['entries']['entry1'],
networkid=self.network1.id,
aclid=acl1.id)
try:
command = replaceNetworkACLList.replaceNetworkACLListCmd()
command.aclid = acl1.id
command.gatewayid = self.private_gateway1.id
response = self.api_client.replaceNetworkACLList(command)
except Exception as e:
raise Exception("Exception: %s" % e)
self.assertTrue(response.success)
self.logger.debug("Private Gateway '%s' ACL replaced", self.private_gateway1.ipaddress)
acl2 = NetworkACLList.create(self.api_client,
self.attributes['acls']['acl2'],
vpcid=self.vpc2.id)
NetworkACL.create(self.api_client,
self.attributes['acls']['acl2']['entries']['entry2'],
networkid=self.network2.id,
aclid=acl2.id)
try:
command2 = replaceNetworkACLList.replaceNetworkACLListCmd()
command2.aclid = acl2.id
command2.gatewayid = self.private_gateway2.id
response2 = self.api_client.replaceNetworkACLList(command2)
except Exception as e:
raise Exception("Exception: %s" % e)
self.assertTrue(response2.success)
self.logger.debug("Private Gateway '%s' ACL replaced", self.private_gateway2.ipaddress)
def deploy_acl(self, acl_data, vpc):
self.logger.debug('>>> ACL => Creating "%s"...', acl_data['name'])
acl = NetworkACLList.create(api_client=self.api_client,
data=acl_data,
vpc=vpc)
self.logger.debug('>>> ACL => ID: %s => Name: %s => VPC: %s',
acl.id, acl.name, acl.vpcid)
self.deploy_rules(acl_data['rules'], acl)
def deploy_acl(self, acl_data, vpc):
self.logger.debug('>>> ACL => Creating "%s"...', acl_data['name'])
acl = NetworkACLList.create(
api_client=self.api_client,
data=acl_data,
vpc=vpc
)
self.logger.debug('>>> ACL => ID: %s => Name: %s => VPC: %s', acl.id, acl.name, acl.vpcid)
self.deploy_rules(acl_data['rules'], acl)
def test_vpcnetwork_nuage(self):
"""Test network VPC for Nuage"""
# 1) Create VPC with Nuage VPC offering
vpcOffering = VpcOffering.list(self.apiclient,name="Nuage VSP VPC offering")
self.assert_(vpcOffering is not None and len(vpcOffering)>0, "Nuage VPC offering not found")
vpc = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.networkacl",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid
)
self.assert_(vpc is not None, "VPC creation failed")
# 2) Create ACL
aclgroup = NetworkACLList.create(apiclient=self.apiclient, services={}, name="acl", description="acl", vpcid=vpc.id)
self.assertIsNotNone(aclgroup, "Failed to create NetworkACL list")
self.debug("Created a network ACL list %s" % aclgroup.name)
# 3) Create ACL Item
aclitem = NetworkACL.create(apiclient=self.apiclient, services={},
protocol="TCP", number="10", action="Deny", aclid=aclgroup.id, cidrlist=["0.0.0.0/0"])
self.assertIsNotNone(aclitem, "Network failed to aclItem")
self.debug("Added a network ACL %s to ACL list %s" % (aclitem.id, aclgroup.name))
# 4) Create network with ACL
nwNuage = Network.create(
self.apiclient,
self.services["vpcnetwork"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc.id,
aclid=aclgroup.id,
gateway='10.1.0.1'
)
self.debug("Network %s created in VPC %s" %(nwNuage.id, vpc.id))
# 5) Deploy a vm
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(nwNuage.id)]
)
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" %(vm.id, vpc.id))
def define_custom_acl(self, acl_config, acl_entry_config):
acl = NetworkACLList.create(self.api_client,
self.attributes['acls'][acl_config],
vpcid=self.vpc1.id)
NetworkACL.create(self.api_client,
self.attributes['acls'][acl_config]['entries'][acl_entry_config],
networkid=self.network1.id,
aclid=acl.id)
self.define_acl(acl)
def define_custom_acl(self, acl_config, acl_entry_config):
acl = NetworkACLList.create(self.api_client,
self.attributes['acls'][acl_config],
vpcid=self.vpc1.id)
NetworkACL.create(self.api_client,
self.attributes['acls'][acl_config]['entries'][acl_entry_config],
networkid=self.network1.id,
aclid=acl.id)
self.define_acl(acl)
def deploy_network_acl_list(self, acl_list_name, acl_config, network=None, vpc=None):
if network:
networkid=network.id
if network.vpcid:
vpcid=network.vpcid
acl_list = NetworkACLList.create(self.api_client, name=acl_list_name, services=[], vpcid=vpcid, vpc=vpc)
NetworkACL.create(self.api_client,
acl_config,
networkid=networkid,
aclid=acl_list.id)
return acl_list
def deploy_network_acl_list(self,
acl_list_name,
acl_config,
network=None,
vpc=None):
if network:
networkid = network.id
if network.vpcid:
vpcid = network.vpcid
acl_list = NetworkACLList.create(self.api_client,
name=acl_list_name,
services=[],
vpcid=vpcid,
vpc=vpc)
NetworkACL.create(self.api_client,
acl_config,
networkid=networkid,
aclid=acl_list.id)
return acl_list
def test_vpc_site2site_vpn(self):
"""Test VPN in VPC"""
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient,
name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0,
"No VPC based network offering")
# 1) Create VPC offering
vpcOffering = VpcOffering.list(self.apiclient, isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"No VPC offerings found")
# Create VPC 1
try:
vpc1 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % (vpc1.id))
# Create VPC 2
try:
vpc2 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % (vpc2.id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC 1
try:
ntwk1 = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
try:
ntwk2 = Network.create(apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
try:
vm1 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk1.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
try:
vm2 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk2.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(vpn1_response is not None,
"Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(vpn2_response is not None,
"Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(self.apiclient,
customer1_response.id,
vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(self.apiclient,
customer2_response.id,
vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2.public_ip is not None,
"Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
try:
natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip,
ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(natrule is not None,
"Failed to create portforward for vm2")
time.sleep(10)
# setup ssh connection to vm2
ssh_client = self.get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_01_redundant_vpc_site2site_vpn(self):
"""Test Site 2 Site VPN Across redundant VPCs"""
self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn")
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(
networkOffering) > 0, "No VPC based network offering")
# Create and enable redundant VPC offering
redundant_vpc_offering = self._create_vpc_offering(
'redundant_vpc_offering')
self.assert_(redundant_vpc_offering is not None,
"Failed to create redundant VPC Offering")
redundant_vpc_offering.update(self.apiclient, state='Enabled')
# Create VPC 1
vpc1 = None
try:
vpc1 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % vpc1.id)
# Create VPC 2
vpc2 = None
try:
vpc2 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % vpc2.id)
default_acl = NetworkACLList.list(
self.apiclient, name="default_allow")[0]
# Create network in VPC 1
ntwk1 = None
try:
ntwk1 = Network.create(
apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
ntwk2 = None
try:
ntwk2 = Network.create(
apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
vm1 = None
try:
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk1.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
vm2 = None
try:
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk2.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(
vpn1_response is not None, "Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(
vpn2_response is not None, "Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id
)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id
)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(
self.apiclient, customer1_response.id, vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, customer2_response.id, vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(
vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
natrule = None
try:
natrule = self._create_natrule(
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(
natrule is not None, "Failed to create portforward for vm2")
time.sleep(20)
# setup ssh connection to vm2
ssh_client = self._get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=` i `)
vpc_n = VPC.create(apiclient=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=` i `)
ntwk_n = Network.create(
apiclient=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offerings[0].id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" %
(i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default')
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" %
(i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response,
"Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" %
(i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC" + ` i `, ip.ipaddress,
vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(
0, customer_response
) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug(
"VPN customer gateway added for VPC%d %s enabled" %
(i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(
self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True,
"Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id,
vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" %
(i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, vpn_cust_gw_list[i].id,
vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" %
(0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug(
"Setup SSH connection to last VM created (%d) to ensure availability for ping tests"
% maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(
ssh_max_client,
"Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug(
"Setup SSH connection to first VM created (0) to ensure availability for ping tests"
)
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(
int(packet_loss), 0,
"Ping towards vm" + ` i ` + "did not succeed")
self.logger.debug("Ping from vm0 to vm%d did succeed" % i)
else:
self.fail("Failed to setup ssh connection to %s" %
vm_list[0].public_ip)
return
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=`i`)
vpc_n = VPC.create(
api_client=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=`i`)
ntwk_n = Network.create(
api_client=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id
)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.virtual_machine_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default'
)
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id
)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC" + `i`, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(0, customer_response) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug("VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
passiveVpn = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
time.sleep(15)
self.logger.debug("Resetting VPN connection with id %s" % (passiveVpn['id']))
Vpn.resetVpnConnection(self.apiclient, passiveVpn['id'])
# Ping to put tunnel up
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress)[0]
self.logger.debug("Ping from vm0 to vm%d to make sure tunnel is up." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
self.logger.debug("Waiting for the VPN with id %s to connect" % (passiveVpn['id']))
max_retries = 30
retries = 0
while retries < max_retries:
vpnconn2_response = Vpn.listVpnConnection(self.apiclient, listall=True, id=passiveVpn['id'])
if len(vpnconn2_response) > 0 and vpnconn2_response[0].state.lower() == 'connected':
break
retries += 1
time.sleep(2)
self.assertLess(retries, max_retries, "Failed to reconnect VPN with id %s" % (passiveVpn['id']))
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug("Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug("Setup SSH connection to first VM created (0) to ensure availability for ping tests")
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(int(packet_loss), 0, " Ping towards vm" + `i` + " did not succeed")
self.logger.debug("SUCCESS! Ping from vm0 to vm%d succeeded." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
return
def get_network_acl_list(self, name=None, id=None):
return NetworkACLList(
get_network_acl(api_client=self.api_client, name=name,
id=id).__dict__)