def enable_vpcs_localvpngateway(self, vpcs_data): for vpc_data in vpcs_data: vpc = get_vpc(api_client=self.api_client, name=self.dynamic_names['vpcs'][vpc_data['data']['name']]) if vpc_data['data']['vpnconnections']: self.logger.debug('>>> VPN LOCAL GATEWAY => Creating on VPC "%s"...', vpc_data['data']['name']) localvpngateway = Vpn.createVpnGateway(api_client=self.api_client, vpc=vpc) self.logger.debug('>>> VPN LOCAL GATEWAY => ID: %s => IP: %s => VPC: %s => Domain: %s', localvpngateway['id'], localvpngateway['publicip'], localvpngateway['vpcid'], localvpngateway['domainid'])
def enable_vpcs_localvpngateway(self, vpcs_data): for vpc_data in vpcs_data: vpc = get_vpc( api_client=self.api_client, name=self.dynamic_names['vpcs'][vpc_data['data']['name']]) if vpc_data['data']['vpnconnections']: self.logger.debug( '>>> VPN LOCAL GATEWAY => Creating on VPC "%s"...', vpc_data['data']['name']) localvpngateway = Vpn.createVpnGateway( api_client=self.api_client, vpc=vpc) self.logger.debug( '>>> VPN LOCAL GATEWAY => ID: %s => IP: %s => VPC: %s => Domain: %s', localvpngateway['id'], localvpngateway['publicip'], localvpngateway['vpcid'], localvpngateway['domainid'])
def test_01_redundant_vpc_site2site_vpn(self): """Test Site 2 Site VPN Across redundant VPCs""" self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn") # 0) Get the default network offering for VPC networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len( networkOffering) > 0, "No VPC based network offering") # Create and enable redundant VPC offering redundant_vpc_offering = self._create_vpc_offering( 'redundant_vpc_offering') self.assert_(redundant_vpc_offering is not None, "Failed to create redundant VPC Offering") redundant_vpc_offering.update(self.apiclient, state='Enabled') # Create VPC 1 vpc1 = None try: vpc1 = VPC.create( apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc1.vpn", vpcofferingid=redundant_vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) except Exception as e: self.fail(e) finally: self.assert_(vpc1 is not None, "VPC1 creation failed") self.logger.debug("VPC1 %s created" % vpc1.id) # Create VPC 2 vpc2 = None try: vpc2 = VPC.create( apiclient=self.apiclient, services=self.services["vpc2"], networkDomain="vpc2.vpn", vpcofferingid=redundant_vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid ) except Exception as e: self.fail(e) finally: self.assert_(vpc2 is not None, "VPC2 creation failed") self.logger.debug("VPC2 %s created" % vpc2.id) default_acl = NetworkACLList.list( self.apiclient, name="default_allow")[0] # Create network in VPC 1 ntwk1 = None try: ntwk1 = Network.create( apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc1.id, aclid=default_acl.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk1, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id)) # Create network in VPC 2 ntwk2 = None try: ntwk2 = Network.create( apiclient=self.apiclient, services=self.services["network_2"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc2.id, aclid=default_acl.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk2, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id)) # Deploy a vm in network 2 vm1 = None try: vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.compute_offering.id, networkids=ntwk1.id, hypervisor=self.hypervisor ) except Exception as e: self.fail(e) finally: self.assert_(vm1 is not None, "VM failed to deploy") self.assert_(vm1.state == 'Running', "VM is not running") self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id)) # Deploy a vm in network 2 vm2 = None try: vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.compute_offering.id, networkids=ntwk2.id, hypervisor=self.hypervisor ) except Exception as e: self.fail(e) finally: self.assert_(vm2 is not None, "VM failed to deploy") self.assert_(vm2.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id)) # 4) Enable Site-to-Site VPN for VPC vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) self.assert_( vpn1_response is not None, "Failed to enable VPN Gateway 1") self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) self.assert_( vpn2_response is not None, "Failed to enable VPN Gateway 2") self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) # 5) Add VPN Customer gateway info src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc1.id ) ip1 = src_nat_list[0] src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc2.id ) ip2 = src_nat_list[0] services = self.services["vpncustomergateway"] customer1_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id) self.logger.debug(vars(customer1_response)) customer2_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id) self.logger.debug(vars(customer2_response)) # 6) Connect two VPCs vpnconn1_response = Vpn.createVpnConnection( self.apiclient, customer1_response.id, vpn2_response['id'], True) self.debug("VPN passive connection created for VPC %s" % vpc2.id) vpnconn2_response = Vpn.createVpnConnection( self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) self.assertEqual( vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") # acquire an extra ip address to use to ssh into vm2 try: vm2.public_ip = PublicIPAddress.create( apiclient=self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, services=self.services, networkid=ntwk2.id, vpcid=vpc2.id) except Exception as e: self.fail(e) finally: self.assert_( vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") # Create port forward to be able to ssh into vm2 natrule = None try: natrule = self._create_natrule( vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) except Exception as e: self.fail(e) finally: self.assert_( natrule is not None, "Failed to create portforward for vm2") time.sleep(20) # setup ssh connection to vm2 ssh_client = self._get_ssh_client(vm2, self.services, 10) if ssh_client: # run ping test packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assert_(int(packet_loss) == 0, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_vpc_site2site_vpn(self): """Test VPN in VPC""" # 0) Get the default network offering for VPC networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC offering vpcOffering = VpcOffering.list(self.apiclient, isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering) > 0, "No VPC offerings found") # Create VPC 1 try: vpc1 = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc1.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) except Exception as e: self.fail(e) finally: self.assert_(vpc1 is not None, "VPC1 creation failed") self.logger.debug("VPC1 %s created" % (vpc1.id)) # Create VPC 2 try: vpc2 = VPC.create(apiclient=self.apiclient, services=self.services["vpc2"], networkDomain="vpc2.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid) except Exception as e: self.fail(e) finally: self.assert_(vpc2 is not None, "VPC2 creation failed") self.logger.debug("VPC2 %s created" % (vpc2.id)) default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] # Create network in VPC 1 try: ntwk1 = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc1.id, aclid=default_acl.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk1, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id)) # Create network in VPC 2 try: ntwk2 = Network.create(apiclient=self.apiclient, services=self.services["network_2"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc2.id, aclid=default_acl.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk2, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id)) # Deploy a vm in network 2 try: vm1 = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=ntwk1.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) except Exception as e: self.fail(e) finally: self.assert_(vm1 is not None, "VM failed to deploy") self.assert_(vm1.state == 'Running', "VM is not running") self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id)) # Deploy a vm in network 2 try: vm2 = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=ntwk2.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) except Exception as e: self.fail(e) finally: self.assert_(vm2 is not None, "VM failed to deploy") self.assert_(vm2.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id)) # 4) Enable Site-to-Site VPN for VPC vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) self.assert_(vpn1_response is not None, "Failed to enable VPN Gateway 1") self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) self.assert_(vpn2_response is not None, "Failed to enable VPN Gateway 2") self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) # 5) Add VPN Customer gateway info src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc1.id) ip1 = src_nat_list[0] src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc2.id) ip2 = src_nat_list[0] services = self.services["vpncustomergateway"] customer1_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id) self.logger.debug(vars(customer1_response)) customer2_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id) self.logger.debug(vars(customer2_response)) # 6) Connect two VPCs vpnconn1_response = Vpn.createVpnConnection(self.apiclient, customer1_response.id, vpn2_response['id'], True) self.debug("VPN passive connection created for VPC %s" % vpc2.id) vpnconn2_response = Vpn.createVpnConnection(self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") # acquire an extra ip address to use to ssh into vm2 try: vm2.public_ip = PublicIPAddress.create( apiclient=self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, services=self.services, networkid=ntwk2.id, vpcid=vpc2.id) except Exception as e: self.fail(e) finally: self.assert_(vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") # Create port forward to be able to ssh into vm2 try: natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) except Exception as e: self.fail(e) finally: self.assert_(natrule is not None, "Failed to create portforward for vm2") time.sleep(10) # setup ssh connection to vm2 ssh_client = self.get_ssh_client(vm2, self.services, 10) if ssh_client: # run ping test packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assert_(int(packet_loss) == 0, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3): # Number of VPNs (to test) is number_of_VPCs - 1 # By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs maxnumVM = num_VPCs - 1 # Create VPC i vpc_list = [] for i in range(num_VPCs): # Generate VPC (mostly subnet) info vpcservice_n = copy.deepcopy(self.services["vpcN"]) for key in vpcservice_n.keys(): vpcservice_n[key] = vpcservice_n[key].format(N=`i`) vpc_n = VPC.create( api_client=self.apiclient, services=vpcservice_n, networkDomain="vpc%d.vpn" % i, vpcofferingid=vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i) vpc_list.append(vpc_n) self.cleanup.append(vpc_n) self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id)) default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] # Create network in VPC i ntwk_list = [] for i in range(num_VPCs): # Generate network (mostly subnet) info ntwk_info_n = copy.deepcopy(self.services["network_N"]) for key in ntwk_info_n.keys(): ntwk_info_n[key] = ntwk_info_n[key].format(N=`i`) ntwk_n = Network.create( api_client=self.apiclient, services=ntwk_info_n, accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id, vpcid=vpc_list[i].id, aclid=default_acl.id ) self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i) self.cleanup.append(ntwk_n) ntwk_list.append(ntwk_n) self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id)) # Deploy a vm in network i vm_list = [] vm_n = None for i in range(num_VPCs): vm_n = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.virtual_machine_offering.id, networkids=[ntwk_list[i].id], hypervisor=self.hypervisor, mode='advanced' if (i == 0) or (i == maxnumVM) else 'default' ) self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i) self.cleanup.append(vm_n) vm_list.append(vm_n) self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id)) self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i) # 4) Enable Site-to-Site VPN for VPC vpn_response_list = [] for i in range(num_VPCs): vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id) self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i) vpn_response_list.append(vpn_response) self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id)) # 5) Add VPN Customer gateway info vpn_cust_gw_list = [] services = self.services["vpncustomergateway"] for i in range(num_VPCs): src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc_list[i].id ) ip = src_nat_list[0] customer_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC" + `i`, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id) self.cleanup.insert(0, customer_response) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections) vpn_cust_gw_list.append(customer_response) self.logger.debug("VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id)) # Before the next step ensure the last VPC is up and running # Routers in the right state? self.assertEqual(self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.") # 6) Connect VPCi with VPC0 for i in range(num_VPCs)[1:]: passiveVpn = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True) self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id)) vpnconn2_response = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id']) self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id)) self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i) self.logger.debug("VPN connected between VPC0 and VPC%d" % i) time.sleep(15) self.logger.debug("Resetting VPN connection with id %s" % (passiveVpn['id'])) Vpn.resetVpnConnection(self.apiclient, passiveVpn['id']) # Ping to put tunnel up ssh_client = vm_list[0].get_ssh_client(retries=10) self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0") if ssh_client: # run ping test for i in range(num_VPCs)[1:]: packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress)[0] self.logger.debug("Ping from vm0 to vm%d to make sure tunnel is up." % i) else: self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip) self.logger.debug("Waiting for the VPN with id %s to connect" % (passiveVpn['id'])) max_retries = 30 retries = 0 while retries < max_retries: vpnconn2_response = Vpn.listVpnConnection(self.apiclient, listall=True, id=passiveVpn['id']) if len(vpnconn2_response) > 0 and vpnconn2_response[0].state.lower() == 'connected': break retries += 1 time.sleep(2) self.assertLess(retries, max_retries, "Failed to reconnect VPN with id %s" % (passiveVpn['id'])) # First the last VM # setup ssh connection to vm maxnumVM self.logger.debug("Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM) ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20) self.assertIsNotNone(ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM) self.logger.debug("Setup SSH connection to first VM created (0) to ensure availability for ping tests") ssh_client = vm_list[0].get_ssh_client(retries=10) self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0") if ssh_client: # run ping test for i in range(num_VPCs)[1:]: packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assertEquals(int(packet_loss), 0, " Ping towards vm" + `i` + " did not succeed") self.logger.debug("SUCCESS! Ping from vm0 to vm%d succeeded." % i) else: self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip) return