def test_network_services_VPC_CreatePF(self): """ Test Create VPC PF rules on acquired public ip when VpcVirtualRouter is Running """ # Validate the following # 1. Create a VPC with cidr - 10.1.1.1/16 # 2. Create a Network offering - NO1 with all supported services # 3. Add network1(10.1.1.1/24) using N01 to this VPC. # 4. Deploy vm1 in network1. # 5. Use the Create PF rule for vm in network1. # 6. Successfully ssh into the Guest VM using the PF rule network_1 = self.create_network(self.services["network_offering"]) vm_1 = self.deployvm_in_network(network_1) self.public_ip_range = PublicIpRange.create( self.apiclient, self.services["publiciprange"] ) self.cleanup.append(self.public_ip_range) logger.debug("Dedicating Public IP range to the account"); dedicate_public_ip_range_response = PublicIpRange.dedicate( self.apiclient, self.public_ip_range.vlan.id, account=self.account.name, domainid=self.account.domainid ) public_ip_1 = self.acquire_publicip(network_1) self.create_StaticNatRule_For_VM( vm_1, public_ip_1, network_1) self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=False) self.public_ip_range.release(self.apiclient) self.cleanup.remove(self.public_ip_range) return
def test_iptable_rules(self): """Test iptable rules in case we have IP associated with a network which is in different pubic IP range from that of public IP range that has source NAT IP. When IP is associated we should see a rule '-i eth3 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT' in FORWARD table. When IP is dis-associated we should see a rule in the FORWARD table is deleted. """ # Validate the following: # 1. Create a new public IP range and dedicate to a account # 2. Acquire a IP from new public range # 3. Create a firewall rule to open up the port, so that IP is associated with network # 5. Login to VR and verify routing tables, there should be Table_eth3 # 6. Delete firewall rule, since its last IP, routing table Table_eth3 should be deleted self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"] self.public_ip_range = PublicIpRange.create( self.apiclient, self.services["extrapubliciprange"] ) self.cleanup.append(self.public_ip_range) logger.debug("Dedicating Public IP range to the account"); dedicate_public_ip_range_response = PublicIpRange.dedicate( self.apiclient, self.public_ip_range.vlan.id, account=self.account.name, domainid=self.account.domainid ) ip_address = PublicIPAddress.create( self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["virtual_machine"] ) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT and firewall rules vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH firewall_rule = FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.cleanup.append(firewall_rule) # Get the router details associated with account routers = list_routers( self.apiclient, account=self.account.name, domainid=self.account.domainid, ) router = routers[0] if (self.hypervisor.lower() == 'vmware' or self.hypervisor.lower() == 'hyperv'): result = get_process_status( self.apiclient.connection.mgtSvr, 22, self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, 'iptables -t filter -L FORWARD -v', hypervisor=self.hypervisor ) else: hosts = list_hosts( self.apiclient, id=router.hostid, ) self.assertEqual( isinstance(hosts, list), True, "Check for list hosts response return valid data" ) host = hosts[0] host.user = self.hostConfig['username'] host.passwd = self.hostConfig['password'] try: result = get_process_status( host.ipaddress, 22, host.user, host.passwd, router.linklocalip, 'iptables -t filter -L FORWARD -v' ) except KeyError: self.skipTest( "Provide a marvin config file with host\ credentials to run %s" % self._testMethodName) logger.debug("iptables -t filter -L FORWARD -v: %s" % result) res = str(result) self.assertEqual( res.count("eth3 eth0 anywhere anywhere state RELATED,ESTABLISHED"), 1, "Check to ensure there is a iptable rule to accept the RELATED,ESTABLISHED traffic" ) firewall_rule.delete(self.apiclient) self.cleanup.remove(firewall_rule)
def test_static_nat_on_ip_from_non_src_nat_ip_range(self): """Test for static nat on a IP which is in pubic IP range different from public IP range that has source NAT IP associated with network """ # Validate the following: # 1. Create a new public IP range and dedicate to a account # 2. Acquire a IP from new public range # 3. Enable static NAT on acquired IP from new range # 4. Create a firewall rule to open up the port # 5. Test SSH works to the VM self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"] self.public_ip_range = PublicIpRange.create( self.apiclient, self.services["extrapubliciprange"] ) self.cleanup.append(self.public_ip_range) logger.debug("Dedicating Public IP range to the account"); dedicate_public_ip_range_response = PublicIpRange.dedicate( self.apiclient, self.public_ip_range.vlan.id, account=self.account.name, domainid=self.account.domainid ) ip_address = PublicIPAddress.create( self.apiclient, self.account.name, self.zone.id, self.account.domainid, self.services["virtual_machine"] ) self.cleanup.append(ip_address) # Check if VM is in Running state before creating NAT and firewall rules vm_response = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) self.assertEqual( vm_response[0].state, 'Running', "VM state should be Running before creating a NAT rule." ) # Open up firewall port for SSH fwr = FireWallRule.create( self.apiclient, ipaddressid=ip_address.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.cleanup.append(fwr) # Create Static NAT rule StaticNATRule.enable( self.apiclient, ip_address.ipaddress.id, self.virtual_machine.id, self.defaultNetworkId ) try: logger.debug("SSHing into VM with IP address %s with NAT IP %s" % ( self.virtual_machine.ipaddress, ip_address.ipaddress.ipaddress )) self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress) except Exception as e: self.fail( "SSH Access failed for %s: %s" % (self.virtual_machine.ipaddress, e) ) StaticNATRule.disable( self.apiclient, ip_address.ipaddress.id, self.virtual_machine.id )
def setUpClass(cls): cls.testClient = super( TestAcquireSpecifiedPublicIp, cls).getClsTestClient() cls.apiclient = cls.testClient.getApiClient() cls.services = cls.testClient.getParsedTestDataConfig() zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) cls.zone = Zone(zone.__dict__) cls.template = get_template(cls.apiclient, cls.zone.id) cls._cleanup = [] if str(cls.zone.securitygroupsenabled) == "True": sys.exit(1) cls.logger = logging.getLogger("TestAcquireSpecifiedPublicIp") cls.stream_handler = logging.StreamHandler() cls.logger.setLevel(logging.DEBUG) cls.logger.addHandler(cls.stream_handler) # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) # Create new domain1 cls.domain1 = Domain.create( cls.apiclient, services=cls.services["acl"]["domain1"], parentdomainid=cls.domain.id) # Create account1 cls.account1 = Account.create( cls.apiclient, cls.services["acl"]["accountD1"], domainid=cls.domain1.id ) # Create domain2 cls.domain2 = Domain.create( cls.apiclient, services=cls.services["acl"]["domain2"], parentdomainid=cls.domain.id) # Create account2 cls.account2 = Account.create( cls.apiclient, cls.services["acl"]["accountD2"], domainid=cls.domain2.id ) cls.services["publiciprange"]["zoneid"] = cls.zone.id cls.services["publiciprange"]["forvirtualnetwork"] = "true" # Create public ip range 1 cls.services["publiciprange"]["vlan"] = get_free_vlan( cls.apiclient, cls.zone.id)[1] random_subnet_number = random.randrange(10,20) cls.services["publiciprange"]["gateway"] = "172.16." + \ str(random_subnet_number) + ".1" cls.services["publiciprange"]["startip"] = "172.16." + \ str(random_subnet_number) + ".2" cls.services["publiciprange"]["endip"] = "172.16." + \ str(random_subnet_number) + ".10" cls.services["publiciprange"]["netmask"] = "255.255.255.0" cls.public_ip_range1 = PublicIpRange.create( cls.apiclient, cls.services["publiciprange"] ) PublicIpRange.dedicate( cls.apiclient, cls.public_ip_range1.vlan.id, domainid=cls.account1.domainid ) # Create public ip range 2 cls.services["publiciprange"]["vlan"] = get_free_vlan( cls.apiclient, cls.zone.id)[1] cls.services["publiciprange"]["gateway"] = "172.16." + \ str(random_subnet_number + 1) + ".1" cls.services["publiciprange"]["startip"] = "172.16." + \ str(random_subnet_number + 1) + ".2" cls.services["publiciprange"]["endip"] = "172.16." + \ str(random_subnet_number + 1) + ".10" cls.services["publiciprange"]["netmask"] = "255.255.255.0" cls.public_ip_range2 = PublicIpRange.create( cls.apiclient, cls.services["publiciprange"] ) PublicIpRange.dedicate( cls.apiclient, cls.public_ip_range2.vlan.id, account=cls.account1.name, domainid=cls.account1.domainid ) # Create public ip range 3 cls.services["publiciprange"]["vlan"] = get_free_vlan( cls.apiclient, cls.zone.id)[1] cls.services["publiciprange"]["gateway"] = "172.16." + \ str(random_subnet_number + 2) + ".1" cls.services["publiciprange"]["startip"] = "172.16." + \ str(random_subnet_number + 2) + ".2" cls.services["publiciprange"]["endip"] = "172.16." + \ str(random_subnet_number + 2) + ".10" cls.services["publiciprange"]["netmask"] = "255.255.255.0" cls.public_ip_range3 = PublicIpRange.create( cls.apiclient, cls.services["publiciprange"] ) PublicIpRange.dedicate( cls.apiclient, cls.public_ip_range3.vlan.id, domainid=cls.account2.domainid ) # Create public ip range 4 cls.services["publiciprange"]["vlan"] = get_free_vlan( cls.apiclient, cls.zone.id)[1] cls.services["publiciprange"]["gateway"] = "172.16." + \ str(random_subnet_number + 3) + ".1" cls.services["publiciprange"]["startip"] = "172.16." + \ str(random_subnet_number + 3) + ".2" cls.services["publiciprange"]["endip"] = "172.16." + \ str(random_subnet_number + 3) + ".10" cls.services["publiciprange"]["netmask"] = "255.255.255.0" cls.public_ip_range4 = PublicIpRange.create( cls.apiclient, cls.services["publiciprange"] ) PublicIpRange.dedicate( cls.apiclient, cls.public_ip_range4.vlan.id, account=cls.account2.name, domainid=cls.account2.domainid ) # Create public ip range 5 cls.services["publiciprange"]["vlan"] = get_free_vlan( cls.apiclient, cls.zone.id)[1] cls.services["publiciprange"]["gateway"] = "172.16." + \ str(random_subnet_number + 4) + ".1" cls.services["publiciprange"]["startip"] = "172.16." + \ str(random_subnet_number + 4) + ".2" cls.services["publiciprange"]["endip"] = "172.16." + \ str(random_subnet_number + 4) + ".10" cls.services["publiciprange"]["netmask"] = "255.255.255.0" cls.public_ip_range5 = PublicIpRange.create( cls.apiclient, cls.services["publiciprange"] ) cls._cleanup.append(cls.account1) cls._cleanup.append(cls.domain1) cls._cleanup.append(cls.account2) cls._cleanup.append(cls.domain2) cls._cleanup.append(cls.public_ip_range1) cls._cleanup.append(cls.public_ip_range2) cls._cleanup.append(cls.public_ip_range3) cls._cleanup.append(cls.public_ip_range4) cls._cleanup.append(cls.public_ip_range5)