def test_08_add_TCP_PF_Rule_In_VPN(self): """ Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN """ # Steps for verification # 1. Enable vpn on SourceNAT IP address # 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed # Should not conflict with UPD ports used for VPN vm_res = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id, listall=True) self.assertEqual( validateList(vm_res)[0], PASS, "Failed to list virtual machine") network_id = vm_res[0].nic[0].networkid src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, associatednetworkid=network_id) self.assertEqual( validateList(src_nat_list)[0], PASS, "Failed to list source nat ip address") ip = src_nat_list[0] try: vpn = Vpn.create( self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, ) self.assertIsNotNone(vpn, "Failed to create remote access vpn") except Exception as e: self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e) #Create PF rule with TCP ports 500,4500 and 1701 self.services['natrule']['protocol'] = "TCP" for port in [500, 4500, 1701]: self.services['natrule']['privateport'] = port self.services['natrule']['publicport'] = port try: nat = NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], ip.id) self.assertIsNotNone( nat, "Failed to add PF rule with tcp parts matching vpn") except Exception as e: self.fail( "Creating PF rule for TCP port %s in VPN failed : %s" % (port, e)) return
def create_VPN(self, public_ip): """Creates VPN for the network""" self.debug("Creating VPN with public IP: %s" % public_ip.ipaddress.id) try: # Assign VPN to Public IP vpn = Vpn.create( self.apiclient, self.public_ip.ipaddress.id, account=self.account.name, domainid=self.account.domainid ) self.debug("Verifying the remote VPN access") vpns = Vpn.list(self.apiclient, publicipid=public_ip.ipaddress.id, listall=True) self.assertEqual(isinstance(vpns, list), True, "List VPNs shall return a valid response") return vpn except Exception as e: self.fail("Failed to create remote VPN access: %s" % e)
def create_VPN(self, public_ip): """Creates VPN for the network""" self.debug("Creating VPN with public IP: %s" % public_ip.ipaddress.id) try: # Assign VPN to Public IP vpn = Vpn.create(self.apiclient, self.public_ip.ipaddress.id, account=self.account.name, domainid=self.account.domainid) self.debug("Verifying the remote VPN access") vpns = Vpn.list(self.apiclient, publicipid=public_ip.ipaddress.id, listall=True) self.assertEqual(isinstance(vpns, list), True, "List VPNs shall return a valid response") return vpn except Exception as e: self.fail("Failed to create remote VPN access: %s" % e)
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" self.logger.debug("Starting test: test_01_vpc_remote_access_vpn") # 0) Get the default network offering for VPC self.logger.debug("Retrieving default VPC offering") networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len( networkOffering) > 0, "No VPC based network offering") # 1) Create VPC vpcOffering = VpcOffering.list(self.apiclient, name="Default VPC offering") self.assert_(vpcOffering is not None and len( vpcOffering) > 0, "No VPC offerings found") vpc = None try: vpc = VPC.create( apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) except Exception as e: self.fail(e) finally: self.assert_(vpc is not None, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) try: # 2) Create network in VPC ntwk = Network.create( apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug( "Network %s created in VPC %s" % (ntwk.id, vpc.id)) try: # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor ) self.assert_(vm is not None, "VM failed to deploy") self.assert_(vm.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) except Exception as e: self.fail(e) finally: self.logger.debug("Deployed virtual machine: OK") try: # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id ) ip = src_nat_list[0] except Exception as e: self.fail(e) finally: self.logger.debug("Acquired public ip address: OK") try: vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"] ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpnUser = None # 5) Add VPN user for VPC try: vpnUser = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"] ) except Exception as e: self.fail(e) finally: self.assertIsNotNone( vpnUser, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc try: # 9) Disable VPN for VPC vpn.delete(self.apiclient) except Exception as e: self.fail(e) finally: self.logger.debug("Deleted the Remote Access VPN: OK")
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 1) Create VPC vpc_offering = VpcOffering.list(self.apiclient, isdefault=True) self.assertTrue(vpc_offering is not None and len(vpc_offering) > 0, "No VPC offerings found") vpc = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpc_offering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) self.assertIsNotNone(vpc, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) self.cleanup.append(vpc) # 2) Create network in VPC ntwk = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=self.network_offerings[0].id, zoneid=self.zone.id, vpcid=vpc.id) self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) self.cleanup.append(ntwk) # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor) self.assertIsNotNone(vm, "VM failed to deploy") self.assertEquals(vm.state, 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) self.logger.debug("Deployed virtual machine: OK") self.cleanup.append(vm) # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id) ip = src_nat_list[0] self.logger.debug("Acquired public ip address: OK") vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"]) self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpn_user = None # 5) Add VPN user for VPC vpn_user = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"]) self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc # 9) Disable VPN for VPC vpn.delete(self.apiclient) self.logger.debug("Deleted the Remote Access VPN: OK")
def test_08_add_TCP_PF_Rule_In_VPN(self): """ Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN """ # Steps for verification # 1. Enable vpn on SourceNAT IP address # 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed # Should not conflict with UPD ports used for VPN vm_res = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id, listall=True ) self.assertEqual( validateList(vm_res)[0], PASS, "Failed to list virtual machine" ) network_id = vm_res[0].nic[0].networkid src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, associatednetworkid=network_id ) self.assertEqual( validateList(src_nat_list)[0], PASS, "Failed to list source nat ip address" ) ip = src_nat_list[0] try: vpn = Vpn.create( self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, ) self.assertIsNotNone( vpn, "Failed to create remote access vpn" ) except Exception as e: self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e) #Create PF rule with TCP ports 500,4500 and 1701 self.services['natrule']['protocol']="TCP" for port in [500, 4500, 1701]: self.services['natrule']['privateport'] = port self.services['natrule']['publicport'] = port try: nat = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ip.id ) self.assertIsNotNone( nat, "Failed to add PF rule with tcp parts matching vpn" ) except Exception as e: self.fail("Creating PF rule for TCP port %s in VPN failed : %s" % (port, e)) return
def test_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 0) Get the default network offering for VPC self.logger.debug("Retrieving default VPC offering") networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC vpcOffering = VpcOffering.list(self.apiclient, isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering) > 0, "No VPC offerings found") try: vpc = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) except Exception as e: self.fail(e) finally: self.assert_(vpc is not None, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) try: # 2) Create network in VPC ntwk = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) try: # 3) Deploy a vm vm = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) self.assert_(vm is not None, "VM failed to deploy") self.assert_(vm.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) except Exception as e: self.fail(e) finally: self.logger.debug("Deployed virtual machine: OK") try: # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id) ip = src_nat_list[0] except Exception as e: self.fail(e) finally: self.logger.debug("Acquired public ip address: OK") try: vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"]) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpnUser = None # 5) Add VPN user for VPC try: vpnUser = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"]) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpnUser, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") #TODO: Add an actual remote vpn connection test from a remote vpc try: # 9) Disable VPN for VPC vpn.delete(self.apiclient) except Exceptio as e: self.fail(e) finally: self.logger.debug("Deleted the Remote Access VPN: OK")
def test_02_network_off_with_conserve_mode(self): """Test Network offering with Conserve mode ON and VR - All services """ # Validate the following # 1. Create a Network from the above network offering and deploy a VM. # 2. On source NAT ipaddress, we should be allowed to add a LB rules # 3. On source NAT ipaddress, we should be allowed to add a PF rules # 4. On source NAT ipaddress, we should be allowed to add a Firewall # rules # 5. On an ipaddress that has Lb rules, we should be allowed to # program PF rules. # 6. We should be allowed to program multiple PF rules on the same Ip # address on different public ports. # 7. We should be allowed to program multiple LB rules on the same Ip # address for different public port ranges. # 8. On source NAT ipaddress, we should be allowed to Enable VPN # access. # Create a network offering with all virtual router services enabled self.debug( "Creating n/w offering with all services in VR & conserve mode:off" ) self.network_offering = NetworkOffering.create( self.api_client, self.services["network_offering"], conservemode=True ) self.cleanup.append(self.network_offering) self.debug("Created n/w offering with ID: %s" % self.network_offering.id) # Enable Network offering self.network_offering.update(self.apiclient, state='Enabled') # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) self.network = Network.create( self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id ) self.debug("Created network with ID: %s" % self.network.id) self.debug("Deploying VM in account: %s" % self.account.name) # Spawn an instance in that network virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(self.network.id)] ) self.debug("Deployed VM in network: %s" % self.network.id) src_nat_list = PublicIPAddress.list( self.apiclient, associatednetworkid=self.network.id, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, ) self.assertEqual( isinstance(src_nat_list, list), True, "List Public IP should return a valid source NAT" ) self.assertNotEqual( len(src_nat_list), 0, "Length of response from listPublicIp should not be 0" ) src_nat = src_nat_list[0] self.debug("Trying to create LB rule on source NAT IP: %s" % src_nat.ipaddress) # Create Load Balancer rule with source NAT lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], ipaddressid=src_nat.id, accountid=self.account.name ) self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress) lb_rules = LoadBalancerRule.list( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_rules, list), True, "List lb rules should return a valid lb rules" ) self.assertNotEqual( len(lb_rules), 0, "Length of response from listLbRules should not be 0" ) self.debug( "Trying to create a port forwarding rule in source NAT: %s" % src_nat.ipaddress) #Create NAT rule nat_rule = NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=src_nat.id ) self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress) nat_rules = NATRule.list( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "List NAT should return a valid port forwarding rules" ) self.assertNotEqual( len(nat_rules), 0, "Length of response from listLbRules should not be 0" ) self.debug("Creating firewall rule on source NAT: %s" % src_nat.ipaddress) #Create Firewall rule on source NAT fw_rule = FireWallRule.create( self.apiclient, ipaddressid=src_nat.id, protocol='TCP', cidrlist=[self.services["fw_rule"]["cidr"]], startport=self.services["fw_rule"]["startport"], endport=self.services["fw_rule"]["endport"] ) self.debug("Created firewall rule: %s" % fw_rule.id) fw_rules = FireWallRule.list( self.apiclient, id=fw_rule.id ) self.assertEqual( isinstance(fw_rules, list), True, "List fw rules should return a valid firewall rules" ) self.assertNotEqual( len(fw_rules), 0, "Length of fw rules response should not be zero" ) self.debug("Associating public IP for network: %s" % self.network.id) public_ip = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=self.network.id ) self.debug("Associated %s with network %s" % ( public_ip.ipaddress, self.network.id )) self.debug("Creating PF rule for IP address: %s" % public_ip.ipaddress) NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=public_ip.ipaddress.id ) self.debug("Trying to create LB rule on IP with NAT: %s" % public_ip.ipaddress) # Create Load Balancer rule on IP already having NAT rule lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name ) self.debug("Creating PF rule with public port: 66") nat_rule = NATRule.create( self.apiclient, virtual_machine, self.services["natrule_port_66"], ipaddressid=public_ip.ipaddress.id ) # Check if NAT rule created successfully nat_rules = NATRule.list( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "List NAT rules should return valid list" ) self.debug("Creating LB rule with public port: 2221") lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule_port_2221"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name ) # Check if NAT rule created successfully lb_rules = LoadBalancerRule.list( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_rules, list), True, "List LB rules should return valid list" ) # User should be able to enable VPN on source NAT self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress) # Assign VPN to source NAT Vpn.create( self.apiclient, src_nat.id, account=self.account.name, domainid=self.account.domainid ) vpns = Vpn.list( self.apiclient, publicipid=src_nat.id, listall=True, ) self.assertEqual( isinstance(vpns, list), True, "List VPNs should return a valid VPN list" ) self.assertNotEqual( len(vpns), 0, "Length of list VPN response should not be zero" ) return
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 1) Create VPC vpc = VPC.create( api_client=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=self.vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) self.assertIsNotNone(vpc, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) self.cleanup.append(vpc) # 2) Create network in VPC ntwk = Network.create( api_client=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=self.network_offering.id, zoneid=self.zone.id, vpcid=vpc.id ) self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) self.cleanup.append(ntwk) # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.virtual_machine_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor ) self.assertIsNotNone(vm, "VM failed to deploy") self.assertEquals(vm.state, 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) self.logger.debug("Deployed virtual machine: OK") self.cleanup.append(vm) # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id ) ip = src_nat_list[0] self.logger.debug("Acquired public ip address: OK") vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"] ) self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpn_user = None # 5) Add VPN user for VPC vpn_user = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"] ) self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc # 9) Disable VPN for VPC vpn.delete(self.apiclient) self.logger.debug("Deleted the Remote Access VPN: OK")
def setUpClass(cls): cloudstackTestClient = super( TestMultipleVPNAccessonVPC, cls ).getClsTestClient() cls.debug("Obtain the Admin's API Client") cls.api_client = cloudstackTestClient.getApiClient() cls.debug("Get the dictionary information that will be used during CCP tests, from test_data.py present on the Client") cls.services = cloudstackTestClient.getParsedTestDataConfig() if cls.services is None: cls.debug("Services Object is None") raise Exception("Services Object is None") cls.debug("Procure the CloudStack Setup configuration Information") with open(cls.services["config_path"], 'rb') as fp: cls.pullconfig = json.load(fp) cls.debug("Update 'remote.access.vpn.client.iprange','remote.access.vpn.user.limit','max.account.primary.storage','max.account.public.ips','max.account.user.vms','max.account.volumes','max.account.cpus', Global Configuration Parameters") update_vpn_client_iprange = Configurations.update( cls.api_client, name="remote.access.vpn.client.iprange", value="10.1.2.1-10.1.2.120") cls.debug("'remote.access.vpn.client.iprange' Global Configuration Parameter Updated Successfully") update_vpn_user_limit = Configurations.update( cls.api_client, name="remote.access.vpn.user.limit", value=str(int(cls.services["vpnclient_count"]*2)) ) cls.debug("'remote.access.vpn.user.limit' Global Configuration Parameter Updated Successfully") update_max_account_primary_stg_limit = Configurations.update( cls.api_client, name="max.account.primary.storage", value=str(int(cls.services["vpnclient_count"]*20 + 100)) ) cls.debug("'max.account.primary.storage' Global Configuration Parameter Updated Successfully") update_max_account_public_ips_limit = Configurations.update( cls.api_client, name="max.account.public.ips", value=str(int(cls.services["vpnclient_count"]*2 + 10)) ) cls.debug("'max.account.public.ips' Global Configuration Parameter Updated Successfully") update_max_account_user_vms_limit = Configurations.update( cls.api_client, name="max.account.user.vms", value=str(int(cls.services["vpnclient_count"]*2)) ) cls.debug("'max.account.user.vms' Global Configuration Parameter Updated Successfully") update_max_account_volumes_limit = Configurations.update( cls.api_client, name="max.account.volumes", value=str(int(cls.services["vpnclient_count"]*2)) ) cls.debug("'max.account.volumes' Global Configuration Parameter Updated Successfully") update_max_account_cpus_limit = Configurations.update( cls.api_client, name="max.account.cpus", value=str(int(cls.services["vpnclient_count"]*2)) ) cls.debug("'max.account.cpus' Global Configuration Parameter Updated Successfully") cls.debug("Restart the Management Server") TestMultipleVPNAccessonVPC.restart_mgmt_server(cls.services["config_path"]) cls.debug("Completed restarting the Management Server") cls.debug("Wait for 120 seconds...") time.sleep(120) cls.debug("End of 120 seconds wait time....") # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone( cls.api_client, zone_name = cls.services["zone_vpn"]["name"]) cls.debug("Use an Existing 'Tiny Instance' Service Offering on the Setup") list_service_offerings = [] list_service_offerings = list_service_offering( cls.api_client, keyword="Tiny Instance", ) cls._cleanup = [] if list_service_offerings is not None: cls.debug("Found an Existing 'Tiny Instance' Service Offering on the Setup") cls.service_offering = list_service_offerings[0] else: cls.debug("Create a service offering which will be used for VM deployments in this test") cls.service_offering = ServiceOffering.create( cls.api_client, cls.services["service_offering"] ) cls.debug("Add the created service offering to the _cleanup queue") cls._cleanup.append(cls.service_offering) try: cls.debug("Create or Use Existing Account to own the VPN Clients, which is used to test Remote VPN Access to VPC") cls.api_client_vpn_client_reg_user = cloudstackTestClient.getUserApiClient( UserName="******", DomainName="ROOT" ) list_vpn_client_regular_user = User.list( cls.api_client, username="******" ) cls.debug("Procure the Account Name and DomainID Information of the Regular Account") cls.vpn_client_reg_acct_name = list_vpn_client_regular_user[0].account cls.vpn_client_reg_domain_id = list_vpn_client_regular_user[0].domainid list_vpn_client_regular_user_acct = Account.list( cls.api_client, name = cls.vpn_client_reg_acct_name, listall = True ) cls._cleanup.append(Account(list_vpn_client_regular_user_acct[0].__dict__)) # Register a Template that already has VPN client installed on it. The template registered here # has extra scripts to facilitate automated operations to execute Test Cases. # Template has pre-configured configuration files required for the VPN Client operations. # The following files are present on the registered template. The location of the files are locations # on a VM deployed from this template # 1. "/tmp/ipsec.conf" # 2. "/tmp/ipsec.secrets" # 3. "/tmp/options.xl2tpd.client" # 4. "/tmp/xl2tpd.conf" # 5 "/tmp/vpnclient_services.sh" # 6. "/tmp/firstconn_expectscript.exp" # 7. "/tmp/secondconn_expectscript.exp" cls.debug("Use an Existing VPN Client Template on the Setup") list_vpn_client_templates = list_templates( cls.api_client_vpn_client_reg_user, keyword="VPNClient", templatefilter="featured", zoneid = cls.zone.id ) if list_vpn_client_templates is not None: cls.debug("Found an Existing VPN Client Template on the Setup") cls.template = list_vpn_client_templates[0] else: cls.debug("Register a Template that already has VPN client installed on it") cls.template = Template.register( cls.api_client, cls.services["vpn_template"], zoneid=cls.zone.id, hypervisor='XenServer' ) cls._cleanup.append(cls.template) cls.debug("Sleep for {0} seconds specified in the dictionary before checking for Template's Availability".format(cls.services["sleep"])) time.sleep(cls.services["sleep"]) cls.debug("Procure Timeout Value from the dictionary") timeout = cls.services["timeout"] while True: list_template_response = list_templates( cls.api_client_vpn_client_reg_user, templatefilter='featured', id=cls.template.id, ) if isinstance(list_template_response, list): break elif timeout == 0: raise Exception("List template failed!") time.sleep(5) timeout = timeout - 1 cls.debug("Verify template response to check whether template is present") if list_template_response is None: raise Exception("Check whether the VPN Client Template is available") template_response = list_template_response[0] if template_response.isready == False: raise Exception("Template state is not ready, it is %r" % template_response.isready) # Queue that holds all the VPN Client VMs Information cls.vpnclientvms = [] cls.debug("Deploy {0} VPN Clients in the account".format(int(cls.services["vpnclient_count"]))) for vm in xrange(0,int(cls.services["vpnclient_count"])): cls.debug("Deploy a new VM {0} in first account. This VM which will be configured as VPN Client".format(int(vm))) new_vpnclient_vm = VirtualMachine.create( cls.api_client_vpn_client_reg_user, cls.services["virtual_machine"], zoneid=cls.zone.id, serviceofferingid=cls.service_offering.id, templateid=cls.template.id, ) cls.debug("Add new VM {0} to the vpnclientvms Queue".format(int(vm))) cls.vpnclientvms.append(new_vpnclient_vm) cls.debug("Allow SSH Access to the new VPN Client VM {0}".format(int(vm))) new_vpnclient_vm.access_ssh_over_nat( cls.api_client_vpn_client_reg_user, cls.services, new_vpnclient_vm, allow_egress=True ) cls.debug("VM for VPNClient Access Got Created with Public IP Address %s" % new_vpnclient_vm.public_ip) cls.debug("Create or Use existing Account in which we deploy VPCs and test remote access to them from the First Account's VMs present on isolated Network") cls.api_client_vpn_server_reg_user = cloudstackTestClient.getUserApiClient( UserName="******", DomainName="ROOT" ) list_vpn_server_regular_user = User.list( cls.api_client, username="******" ) cls.debug("Procure the Account Name and DomainID Information of the Regular Account") cls.vpn_server_reg_acct_name = list_vpn_server_regular_user[0].account cls.vpn_server_reg_domain_id = list_vpn_server_regular_user[0].domainid list_vpn_server_regular_user_acct = Account.list( cls.api_client, name = cls.vpn_server_reg_acct_name, listall = True ) cls._cleanup.append(Account(list_vpn_server_regular_user_acct[0].__dict__)) cls.debug("Use an Existing 'VPC off-' Service Offering on the Setup") list_available_vpc_offerings = list_vpc_offerings( cls.api_client, keyword="VPC off-", ) if list_available_vpc_offerings is not None: cls.debug("Found an Existing 'VPC off-' Service Offering on the Setup") cls.vpc_offering = VpcOffering(list_available_vpc_offerings[0].__dict__) else: cls.debug("Creating a VPC offering..") cls.vpc_offering = VpcOffering.create( cls.api_client, cls.services["vpc_offering"] ) # Add the created VPC Offering to __cleanup queue cls._cleanup.append(cls.vpc_offering) # Enable to created VPC Offering inorder to deploy VPCs with it cls.debug("Enabling the VPC offering created") cls.vpc_offering.update(cls.api_client, state='Enabled') cls.debug("Enabled the VPC Offering") # Create a VPC for the second account cls.debug("Creating a VPC in the account: %s" % cls.vpn_server_reg_acct_name) cls.firstvpc = VPC.create( cls.api_client_vpn_server_reg_user, cls.services["vpc_remote_vpn"], vpcofferingid=cls.vpc_offering.id, zoneid=cls.zone.id ) cls.debug("Use an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup") list_available_network_offerings = list_network_offerings( cls.api_client, keyword="NET_OFF-RemoteAccessVPNTest-", ) if list_available_network_offerings is not None: cls.debug("Found an Existing 'NET_OFF-RemoteAccessVPNTest-' Network Offering on the Setup") cls.network_off = NetworkOffering(list_available_network_offerings[0].__dict__) else: cls.debug('Create NetworkOffering for Networks in VPC') cls.services["vpc_network_offering"]["name"] = "NET_OFF-RemoteAccessVPNTest-"+ random_gen() cls.network_off = NetworkOffering.create( cls.api_client, cls.services["vpc_network_offering"], conservemode=False ) # Add the created Network Offering to __cleanup queue cls._cleanup.append(cls.network_off) # Enable Network offering cls.network_off.update(cls.api_client, state='Enabled') cls.debug('Created and Enabled NetworkOffering') cls.services["network"]["name"] = "NETWORK-" + random_gen() # Create First Network Tier in the First VPC created for second account using the network offering created above. cls.debug('Adding Network=%s' % cls.services["network"]) cls.firstnetworktier = Network.create( cls.api_client_vpn_server_reg_user, cls.services["network"], networkofferingid=cls.network_off.id, zoneid=cls.zone.id, gateway=cls.services["firstnetwork_tier"]["gateway"], netmask=cls.services["firstnetwork_tier"]["netmask"], vpcid=cls.firstvpc.id ) cls.debug("Created network with ID: %s" % cls.firstnetworktier.id) # Create Ingress and Egress NetworkACL rules for First Network Tier in the First VPC created for second account. cls.debug("Adding NetworkACL rules to make Network accessible for all Protocols and all CIDRs ") NetworkACL.create( cls.api_client_vpn_server_reg_user, cls.services["all_rule"], networkid=cls.firstnetworktier.id, traffictype='Ingress' ) NetworkACL.create( cls.api_client_vpn_server_reg_user, cls.services["all_rule"], networkid=cls.firstnetworktier.id, traffictype='Egress' ) listFirstVPC = VPC.list( cls.api_client_vpn_server_reg_user, id=cls.firstvpc.id ) cls.debug("Information about the VPC: {0}".format(str(listFirstVPC))) cls.debug("Obtain the source nat IP Address of the first VPC.") cls.listFirstVPCPublicIpAddress = list_publicIP( cls.api_client_vpn_server_reg_user, issourcenat="true", vpcid=listFirstVPC[0].id, listall="true" ) cls.debug("Information about the VPC's Source NAT IP Address: {0}".format(str(cls.listFirstVPCPublicIpAddress))) cls.debug("Enable Remote Access VPN on the source nat Public IP Address of the first VPC") cls.FirstVPNonFirstVPC = Vpn.create( cls.api_client_vpn_server_reg_user, cls.listFirstVPCPublicIpAddress[0].id ) cls.debug("Successfully Created First VPN on VPC with preshared key:"+ cls.FirstVPNonFirstVPC.presharedkey) cls.listfirstNetworkTier = list_networks( cls.api_client_vpn_server_reg_user, id=cls.firstnetworktier.id, listall=True ) cls.debug("Create a VM using the default template on the First Network Tier in the First VPC of the Second Account") cls.vm1 = VirtualMachine.create( cls.api_client_vpn_server_reg_user, cls.services["virtual_machine"], zoneid=cls.zone.id, serviceofferingid=cls.service_offering.id, templateid=cls.template.id, networkids=[str(cls.firstnetworktier.id)] ) cls.debug("First VM deployed in the first Network Tier") except Exception as e: cleanup_resources(cls.api_client, cls._cleanup) printex = traceback.format_exc() cls.debug("Exception Occurred : {0}".format(printex)) raise Exception("Warning: Exception during Setting Up the Test Suite Configuration : %s" % e) return