def test_network_services_VPC_CreatePF(self):
""" Test Create VPC PF rules on acquired public ip when VpcVirtualRouter is Running
"""
# Validate the following
# 1. Create a VPC with cidr - 10.1.1.1/16
# 2. Create a Network offering - NO1 with all supported services
# 3. Add network1(10.1.1.1/24) using N01 to this VPC.
# 4. Deploy vm1 in network1.
# 5. Use the Create PF rule for vm in network1.
# 6. Successfully ssh into the Guest VM using the PF rule
network_1 = self.create_network(self.services["network_offering"])
vm_1 = self.deployvm_in_network(network_1)
self.public_ip_range = PublicIpRange.create(
self.apiclient,
self.services["publiciprange"]
)
self.cleanup.append(self.public_ip_range)
logger.debug("Dedicating Public IP range to the account");
dedicate_public_ip_range_response = PublicIpRange.dedicate(
self.apiclient,
self.public_ip_range.vlan.id,
account=self.account.name,
domainid=self.account.domainid
)
public_ip_1 = self.acquire_publicip(network_1)
self.create_StaticNatRule_For_VM( vm_1, public_ip_1, network_1)
self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=False)
self.public_ip_range.release(self.apiclient)
self.cleanup.remove(self.public_ip_range)
return
def test_iptable_rules(self):
"""Test iptable rules in case we have IP associated with a network which is in
different pubic IP range from that of public IP range that has source NAT IP.
When IP is associated we should see a rule '-i eth3 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT' in FORWARD table.
When IP is dis-associated we should see a rule in the FORWARD table is deleted.
"""
# Validate the following:
# 1. Create a new public IP range and dedicate to a account
# 2. Acquire a IP from new public range
# 3. Create a firewall rule to open up the port, so that IP is associated with network
# 5. Login to VR and verify routing tables, there should be Table_eth3
# 6. Delete firewall rule, since its last IP, routing table Table_eth3 should be deleted
self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"]
self.public_ip_range = PublicIpRange.create(
self.apiclient,
self.services["extrapubliciprange"]
)
self.cleanup.append(self.public_ip_range)
logger.debug("Dedicating Public IP range to the account");
dedicate_public_ip_range_response = PublicIpRange.dedicate(
self.apiclient,
self.public_ip_range.vlan.id,
account=self.account.name,
domainid=self.account.domainid
)
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT and firewall rules
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
firewall_rule = FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.cleanup.append(firewall_rule)
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
router = routers[0]
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(
self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t filter -L FORWARD -v',
hypervisor=self.hypervisor
)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list),
True,
"Check for list hosts response return valid data"
)
host = hosts[0]
host.user = self.hostConfig['username']
host.passwd = self.hostConfig['password']
try:
result = get_process_status(
host.ipaddress,
22,
host.user,
host.passwd,
router.linklocalip,
'iptables -t filter -L FORWARD -v'
)
except KeyError:
self.skipTest(
"Provide a marvin config file with host\
credentials to run %s" %
self._testMethodName)
logger.debug("iptables -t filter -L FORWARD -v: %s" % result)
res = str(result)
self.assertEqual(
res.count("eth3 eth0 anywhere anywhere state RELATED,ESTABLISHED"),
1,
"Check to ensure there is a iptable rule to accept the RELATED,ESTABLISHED traffic"
)
firewall_rule.delete(self.apiclient)
self.cleanup.remove(firewall_rule)
def test_static_nat_on_ip_from_non_src_nat_ip_range(self):
"""Test for static nat on a IP which is in pubic IP range different
from public IP range that has source NAT IP associated with network
"""
# Validate the following:
# 1. Create a new public IP range and dedicate to a account
# 2. Acquire a IP from new public range
# 3. Enable static NAT on acquired IP from new range
# 4. Create a firewall rule to open up the port
# 5. Test SSH works to the VM
self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"]
self.public_ip_range = PublicIpRange.create(
self.apiclient,
self.services["extrapubliciprange"]
)
self.cleanup.append(self.public_ip_range)
logger.debug("Dedicating Public IP range to the account");
dedicate_public_ip_range_response = PublicIpRange.dedicate(
self.apiclient,
self.public_ip_range.vlan.id,
account=self.account.name,
domainid=self.account.domainid
)
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT and firewall rules
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
fwr = FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.cleanup.append(fwr)
# Create Static NAT rule
StaticNATRule.enable(
self.apiclient,
ip_address.ipaddress.id,
self.virtual_machine.id,
self.defaultNetworkId
)
try:
logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
ip_address.ipaddress.ipaddress
))
self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
StaticNATRule.disable(
self.apiclient,
ip_address.ipaddress.id,
self.virtual_machine.id
)
def setUpClass(cls):
cls.testClient = super(
TestAcquireSpecifiedPublicIp,
cls).getClsTestClient()
cls.apiclient = cls.testClient.getApiClient()
cls.services = cls.testClient.getParsedTestDataConfig()
zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests())
cls.zone = Zone(zone.__dict__)
cls.template = get_template(cls.apiclient, cls.zone.id)
cls._cleanup = []
if str(cls.zone.securitygroupsenabled) == "True":
sys.exit(1)
cls.logger = logging.getLogger("TestAcquireSpecifiedPublicIp")
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
# Get Zone, Domain and templates
cls.domain = get_domain(cls.apiclient)
# Create new domain1
cls.domain1 = Domain.create(
cls.apiclient,
services=cls.services["acl"]["domain1"],
parentdomainid=cls.domain.id)
# Create account1
cls.account1 = Account.create(
cls.apiclient,
cls.services["acl"]["accountD1"],
domainid=cls.domain1.id
)
# Create domain2
cls.domain2 = Domain.create(
cls.apiclient,
services=cls.services["acl"]["domain2"],
parentdomainid=cls.domain.id)
# Create account2
cls.account2 = Account.create(
cls.apiclient,
cls.services["acl"]["accountD2"],
domainid=cls.domain2.id
)
cls.services["publiciprange"]["zoneid"] = cls.zone.id
cls.services["publiciprange"]["forvirtualnetwork"] = "true"
# Create public ip range 1
cls.services["publiciprange"]["vlan"] = get_free_vlan(
cls.apiclient,
cls.zone.id)[1]
random_subnet_number = random.randrange(10,20)
cls.services["publiciprange"]["gateway"] = "172.16." + \
str(random_subnet_number) + ".1"
cls.services["publiciprange"]["startip"] = "172.16." + \
str(random_subnet_number) + ".2"
cls.services["publiciprange"]["endip"] = "172.16." + \
str(random_subnet_number) + ".10"
cls.services["publiciprange"]["netmask"] = "255.255.255.0"
cls.public_ip_range1 = PublicIpRange.create(
cls.apiclient,
cls.services["publiciprange"]
)
PublicIpRange.dedicate(
cls.apiclient,
cls.public_ip_range1.vlan.id,
domainid=cls.account1.domainid
)
# Create public ip range 2
cls.services["publiciprange"]["vlan"] = get_free_vlan(
cls.apiclient,
cls.zone.id)[1]
cls.services["publiciprange"]["gateway"] = "172.16." + \
str(random_subnet_number + 1) + ".1"
cls.services["publiciprange"]["startip"] = "172.16." + \
str(random_subnet_number + 1) + ".2"
cls.services["publiciprange"]["endip"] = "172.16." + \
str(random_subnet_number + 1) + ".10"
cls.services["publiciprange"]["netmask"] = "255.255.255.0"
cls.public_ip_range2 = PublicIpRange.create(
cls.apiclient,
cls.services["publiciprange"]
)
PublicIpRange.dedicate(
cls.apiclient,
cls.public_ip_range2.vlan.id,
account=cls.account1.name,
domainid=cls.account1.domainid
)
# Create public ip range 3
cls.services["publiciprange"]["vlan"] = get_free_vlan(
cls.apiclient,
cls.zone.id)[1]
cls.services["publiciprange"]["gateway"] = "172.16." + \
str(random_subnet_number + 2) + ".1"
cls.services["publiciprange"]["startip"] = "172.16." + \
str(random_subnet_number + 2) + ".2"
cls.services["publiciprange"]["endip"] = "172.16." + \
str(random_subnet_number + 2) + ".10"
cls.services["publiciprange"]["netmask"] = "255.255.255.0"
cls.public_ip_range3 = PublicIpRange.create(
cls.apiclient,
cls.services["publiciprange"]
)
PublicIpRange.dedicate(
cls.apiclient,
cls.public_ip_range3.vlan.id,
domainid=cls.account2.domainid
)
# Create public ip range 4
cls.services["publiciprange"]["vlan"] = get_free_vlan(
cls.apiclient,
cls.zone.id)[1]
cls.services["publiciprange"]["gateway"] = "172.16." + \
str(random_subnet_number + 3) + ".1"
cls.services["publiciprange"]["startip"] = "172.16." + \
str(random_subnet_number + 3) + ".2"
cls.services["publiciprange"]["endip"] = "172.16." + \
str(random_subnet_number + 3) + ".10"
cls.services["publiciprange"]["netmask"] = "255.255.255.0"
cls.public_ip_range4 = PublicIpRange.create(
cls.apiclient,
cls.services["publiciprange"]
)
PublicIpRange.dedicate(
cls.apiclient,
cls.public_ip_range4.vlan.id,
account=cls.account2.name,
domainid=cls.account2.domainid
)
# Create public ip range 5
cls.services["publiciprange"]["vlan"] = get_free_vlan(
cls.apiclient,
cls.zone.id)[1]
cls.services["publiciprange"]["gateway"] = "172.16." + \
str(random_subnet_number + 4) + ".1"
cls.services["publiciprange"]["startip"] = "172.16." + \
str(random_subnet_number + 4) + ".2"
cls.services["publiciprange"]["endip"] = "172.16." + \
str(random_subnet_number + 4) + ".10"
cls.services["publiciprange"]["netmask"] = "255.255.255.0"
cls.public_ip_range5 = PublicIpRange.create(
cls.apiclient,
cls.services["publiciprange"]
)
cls._cleanup.append(cls.account1)
cls._cleanup.append(cls.domain1)
cls._cleanup.append(cls.account2)
cls._cleanup.append(cls.domain2)
cls._cleanup.append(cls.public_ip_range1)
cls._cleanup.append(cls.public_ip_range2)
cls._cleanup.append(cls.public_ip_range3)
cls._cleanup.append(cls.public_ip_range4)
cls._cleanup.append(cls.public_ip_range5)
