def test_allocate_floating_ip(self):
"""Allocate a floating IP"""
result = True
cidr = '10.2.3.0/24'
floatingIpCidr = self.inputs.fip_pool
pool_name = 'pool1'
self.vpc1_cidr = '10.2.5.0/24'
self.vpc1_vn1_cidr = '10.2.5.0/25'
self.vpc1_fixture = self.useFixture(
VPCFixture(self.vpc1_cidr, connections=self.connections))
assert self.vpc1_fixture.verify_on_setup()
vpc_fixture = self.vpc1_fixture
assert vpc_fixture.verify_on_setup(), " VPC %s verification failed" % (
cidr)
self.logger.info(
'Adding rules to default SG of %s to reach public vm' %
(vpc_fixture.vpc_id))
default_sg_name = 'default'
rule1 = {
'protocol': 'icmp',
'direction': 'ingress',
'cidr': floatingIpCidr,
}
rule2 = {
'protocol': 'icmp',
'direction': 'egress',
'cidr': floatingIpCidr,
}
default_sg_id = vpc_fixture.get_security_group_id(default_sg_name)
if not (self.createSgRule(vpc_fixture, default_sg_id, rule1)
and self.createSgRule(vpc_fixture, default_sg_id, rule2)):
self.logger.error('Unable to create allow in SG %s ' %
(default_sg_name))
result = result and False
# create public VN for floating ip pool
ec2_base = EC2Base(logger=self.inputs.logger,
inputs=self.admin_inputs,
tenant=self.inputs.project_name)
public_vn_fixture = self.public_vn_obj.public_vn_fixture
assert public_vn_fixture.verify_on_setup(),\
"Public VN Fixture verification failed, Check logs"
# Assign floating IP. Internet GW is just dummy
ec2_base = EC2Base(logger=self.inputs.logger,
inputs=self.inputs,
tenant=vpc_fixture.vpc_id)
vpc_fip_fixture = self.useFixture(
VPCFIPFixture(public_vn_obj=self.public_vn_obj,
connections=self.connections,
ec2_base=ec2_base))
assert vpc_fip_fixture.verify_on_setup(
), "FIP pool verification failed, Pls check logs"
# Add rules in public VM's SG to reach the private VM"
self.set_sec_group_for_allow_all(self.inputs.stack_tenant, 'default')
fip_vm_fixture = self.useFixture(
VMFixture(connections=self.admin_connections,
vn_obj=public_vn_fixture.obj,
vm_name='fip_vm1'))
assert fip_vm_fixture.verify_on_setup(
), "VM verification in FIP VN failed"
assert fip_vm_fixture.wait_till_vm_is_up(),\
"VM verification in FIP VN failed"
self.vpc1_vn1_fixture = self.useFixture(
VPCVNFixture(self.vpc1_fixture,
subnet_cidr=self.vpc1_vn1_cidr,
connections=self.connections))
assert self.vpc1_vn1_fixture.verify_on_setup()
self.vpc1_vn1_vm1_fixture = self.useFixture(
VPCVMFixture(self.vpc1_vn1_fixture,
image_name='ubuntu',
connections=self.connections))
assert self.vpc1_vn1_vm1_fixture.verify_on_setup()
self.vpc1_vn1_vm1_fixture.c_vm_fixture.wait_till_vm_is_up()
vm1_fixture = self.vpc1_vn1_vm1_fixture
assert vm1_fixture.verify_on_setup(), "VPCVMFixture verification failed " \
"for VM %s" % (vm1_fixture.instance_id)
assert vm1_fixture.wait_till_vm_is_up(),\
"VM verification failed"
(fip, fip_alloc_id) = vpc_fip_fixture.create_and_assoc_fip(
vm1_fixture.instance_id)
if fip is None or fip_alloc_id is None:
self.logger.error('FIP creation and/or association failed! ')
result = result and False
if result:
self.addCleanup(vpc_fip_fixture.disassoc_and_delete_fip,
fip_alloc_id, fip)
assert vpc_fip_fixture.verify_fip(
fip), " FIP %s, %s verification failed" % (fip, fip_alloc_id)
assert vm1_fixture.c_vm_fixture.ping_with_certainty(
fip_vm_fixture.vm_ip), "Ping from FIP IP failed"
assert fip_vm_fixture.ping_with_certainty(
fip), "Ping to FIP IP failed"
return result
def config_basic(self, check_dm):
#mx config using device manager
#both dm_mx and use_device_manager knobs are required for DM
#this check is present in is_test_applicable
if check_dm:
if self.inputs.use_devicemanager_for_md5:
for i in range(len(self.inputs.dm_mx.values())):
router_params = self.inputs.dm_mx.values()[i]
if router_params['model'] == 'mx':
self.phy_router_fixture = self.useFixture(
PhysicalRouterFixture(
router_params['name'],
router_params['control_ip'],
model=router_params['model'],
vendor=router_params['vendor'],
asn=router_params['asn'],
ssh_username=router_params['ssh_username'],
ssh_password=router_params['ssh_password'],
mgmt_ip=router_params['control_ip'],
connections=self.connections))
physical_dev = self.vnc_lib.physical_router_read(
id=self.phy_router_fixture.phy_device.uuid)
physical_dev.set_physical_router_management_ip(
router_params['mgmt_ip'])
physical_dev._pending_field_updates
self.vnc_lib.physical_router_update(physical_dev)
else:
if self.inputs.ext_routers:
for i in range(len(
self.inputs.physical_routers_data.values())):
router_params = self.inputs.physical_routers_data.values(
)[i]
if router_params['model'] == 'mx':
cmd = []
cmd.append(
'set groups md5_tests routing-options router-id %s'
% router_params['mgmt_ip'])
cmd.append(
'set groups md5_tests routing-options route-distinguisher-id %s'
% router_params['mgmt_ip'])
cmd.append(
'set groups md5_tests routing-options autonomous-system %s'
% router_params['asn'])
cmd.append(
'set groups md5_tests protocols bgp group md5_tests type internal'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests multihop'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests local-address %s'
% router_params['mgmt_ip'])
cmd.append(
'set groups md5_tests protocols bgp group md5_tests hold-time 90'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests keep all'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests family inet-vpn unicast'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests family inet6-vpn unicast'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests family evpn signaling'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests family route-target'
)
cmd.append(
'set groups md5_tests protocols bgp group md5_tests local-as %s'
% router_params['asn'])
for node in self.inputs.bgp_control_ips:
cmd.append(
'set groups md5_tests protocols bgp group md5_tests neighbor %s peer-as %s'
% (node, router_params['asn']))
cmd.append('set apply-groups md5_tests')
mx_handle = NetconfConnection(
host=router_params['mgmt_ip'])
mx_handle.connect()
cli_output = mx_handle.config(stmts=cmd, timeout=120)
#ipv6 not supported for vcenter so skipping config
if self.inputs.orchestrator != 'vcenter':
vn61_name = "test_vnv6sr"
vn61_net = ['2001::101:0/120']
#vn1_fixture = self.config_vn(vn1_name, vn1_net)
vn61_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn61_name,
inputs=self.inputs,
subnets=vn61_net))
vn62_name = "test_vnv6dn"
vn62_net = ['2001::201:0/120']
#vn2_fixture = self.config_vn(vn2_name, vn2_net)
vn62_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn62_name,
inputs=self.inputs,
subnets=vn62_net))
vm61_name = 'source_vm'
vm62_name = 'dest_vm'
#vm1_fixture = self.config_vm(vn1_fixture, vm1_name)
#vm2_fixture = self.config_vm(vn2_fixture, vm2_name)
vm61_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn61_fixture.obj,
vm_name=vm61_name,
node_name=None,
image_name='cirros',
flavor='m1.tiny'))
vm62_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn62_fixture.obj,
vm_name=vm62_name,
node_name=None,
image_name='cirros',
flavor='m1.tiny'))
vm61_fixture.wait_till_vm_is_up()
vm62_fixture.wait_till_vm_is_up()
rule = [
{
'direction': '<>',
'protocol': 'any',
'source_network': vn61_name,
'src_ports': [0, -1],
'dest_network': vn62_name,
'dst_ports': [0, -1],
'simple_action': 'pass',
},
]
policy_name = 'allow_all'
policy_fixture = self.config_policy(policy_name, rule)
vn61_policy_fix = self.attach_policy_to_vn(policy_fixture,
vn61_fixture)
vn62_policy_fix = self.attach_policy_to_vn(policy_fixture,
vn62_fixture)
vn1 = "vn1"
vn2 = "vn2"
vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']}
rules = [
{
'direction': '<>',
'protocol': 'any',
'source_network': vn1,
'src_ports': [0, -1],
'dest_network': vn2,
'dst_ports': [0, -1],
'simple_action': 'pass',
},
]
self.logger.info("Configure the policy with allow any")
self.multi_vn_fixture = self.useFixture(
MultipleVNFixture(connections=self.connections,
inputs=self.inputs,
subnet_count=2,
vn_name_net=vn_s,
project_name=self.inputs.project_name))
vns = self.multi_vn_fixture.get_all_fixture_obj()
(self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
(self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]
self.config_policy_and_attach_to_vn(rules)
self.multi_vm_fixture = self.useFixture(
MultipleVMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vm_count_per_vn=1,
vn_objs=vns,
image_name='cirros',
flavor='m1.tiny'))
vms = self.multi_vm_fixture.get_all_fixture()
(self.vm1_name, self.vm1_fix) = vms[0]
(self.vm2_name, self.vm2_fix) = vms[1]
def test_sec_group_basic(self):
"""
Description: Test basic SG features
1. Security group create and delete
2. Create security group with custom rules and then update it for tcp
3. Launch VM with custom created security group and verify
4. Remove secuity group association with VM
5. Add back custom security group to VM and verify
6. Try to delete security group with association to VM. It should fail.
7. Test with ping, which should fail
8. Test with TCP which should pass
9. Update the rules to allow icmp, ping should pass now.
"""
secgrp_name = get_random_name('test_sec_group')
(prefix,
prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{
'direction':
'>',
'protocol':
'udp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 8000,
'end_port': 8000
}],
'src_ports': [{
'start_port': 9000,
'end_port': 9000
}],
'src_addresses': [{
'security_group': 'local'
}],
}]
#Create the SG
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
#Delete the SG
self.delete_sec_group(sg_fixture)
#Create SG again and update the rules
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
secgrp_id = sg_fixture.secgrp_id
vn_net = get_random_cidrs(self.inputs.get_af())
(prefix, prefix_len) = vn_net[0].split('/')
rule = [{
'protocol':
'tcp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_addresses': [{
'security_group': 'local'
}],
}, {
'protocol':
'tcp',
'src_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'dst_addresses': [{
'security_group': 'local'
}],
}]
#Update the rules
sg_fixture.replace_rules(rule)
#Create VN and VMs
vn_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
inputs=self.inputs,
subnets=vn_net))
assert vn_fixture.verify_on_setup()
img_name = self.inputs.get_ci_image() or 'ubuntu-traffic'
#cannot use set_security_group in vro ,so remove default sg before adding new sg
if self.inputs.vro_based:
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small'))
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small'))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
vm1_fixture.remove_security_group(secgrp='default')
vm2_fixture.remove_security_group(secgrp='default')
vm1_fixture.add_security_group(secgrp_id)
vm2_fixture.add_security_group(secgrp_id)
else:
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Remove secuity group association with VM and verify
self.logger.info("Remove security group %s from VM %s", secgrp_name,
vm1_fixture.vm_name)
vm1_fixture.remove_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
if result:
assert False, "Security group %s is not removed from VM %s" % (
secgrp_name, vm1_fixture.vm_name)
#Add back security group to VM and verify
vm1_fixture.add_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Try to delete security group with back ref
self.logger.info("Try deleting the security group %s with back ref.",
secgrp_name)
try:
if sg_fixture.option == 'openstack':
sg_fixture.quantum_h.delete_security_group(
sg_fixture.secgrp_id)
else:
sg_fixture.cleanUp()
except Exception as msg:
self.logger.info(msg)
self.logger.info(
"Not able to delete the security group with back ref as expected"
)
else:
try:
secgroup = self.vnc_lib.security_group_read(
fq_name=sg_fixture.secgrp_fq_name)
self.logger.info(
"Not able to delete the security group with back ref as expected"
)
except NoIdError:
errmsg = "Security group deleted, when it is attached to a VM."
self.logger.error(errmsg)
assert False, errmsg
#Ping test, should fail
assert vm1_fixture.ping_with_certainty(ip=vm2_fixture.vm_ip,
expectation=False)
self.logger.info("Ping FAILED as expected")
#TCP test, should pass
nc_options = '' if self.inputs.get_af() == 'v4' else '-6'
assert vm1_fixture.nc_file_transfer(vm2_fixture, nc_options=nc_options)
proto = '1' if self.inputs.get_af() == 'v4' else '58'
rule = [{
'protocol':
proto,
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_addresses': [{
'security_group': 'local'
}],
}, {
'protocol':
proto,
'src_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'dst_addresses': [{
'security_group': 'local'
}],
}]
#Update the rules
sg_fixture.replace_rules(rule)
#Ping should pass now
assert vm1_fixture.ping_with_certainty(ip=vm2_fixture.vm_ip,
expectation=True)
def config_v2_svc_chain(self, stack_name):
template = self.get_template(template_name=stack_name)
env = self.get_env(env_name=stack_name)
stack_name = get_random_name(stack_name)
self.nova_h.get_image(env['parameters']['image'])
self.nova_h.get_flavor(env['parameters']['flavor'])
for k in [
'service_template_properties_image_name',
'service_template1_properties_image_name',
'service_template2_properties_image_name', 'svm1_image'
]:
if k in env['parameters']:
self.nova_h.get_image(env['parameters'][k])
svc_pt_hs = self.config_heat_obj(stack_name, template, env)
stack = svc_pt_hs.heat_client_obj
op = stack.stacks.get(stack_name).outputs
time.sleep(5)
for output in op:
if output['output_key'] == 'left_VM_ID':
left_vm_id = output['output_value']
elif output['output_key'] == 'left_VM1_ID':
left_vm1_id = output['output_value']
elif output['output_key'] == 'left_VM2_ID':
left_vm2_id = output['output_value']
elif output['output_key'] == 'right_VM_ID':
right_vm_id = output['output_value']
elif output['output_key'] == 'right_VM1_ID':
right_vm1_id = output['output_value']
elif output['output_key'] == 'right_VM2_ID':
right_vm2_id = output['output_value']
elif output['output_key'] == 'left_vn_FQDN':
left_vn_fqdn = output['output_value']
elif output['output_key'] == 'right_vn_FQDN':
right_vn_fqdn = output['output_value']
elif output['output_key'] == 'si_fqdn':
si_fqdn = output['output_value']
elif output['output_key'] == 'si2_fqdn':
si2_fqdn = output['output_value']
si2_fqdn = ":".join(si2_fqdn)
elif output['output_key'] == 'left_VM1_IP_ADDRESS':
left_vm1_ip_address = output['output_value']
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix = left_vm1_ip_address
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len = "32"
elif output['output_key'] == 'right_VM1_IP_ADDRESS':
right_vm1_ip_address = output['output_value']
network_policy_entries_policy_rule_dst_addresses_subnet_ip_prefix = right_vm1_ip_address
network_policy_entries_policy_rule_dst_addresses_subnet_ip_prefix_len = "32"
#Update the policy
si_fqdn = ":".join(si_fqdn)
left_vn_fqdn = ":".join(left_vn_fqdn)
right_vn_fqdn = ":".join(right_vn_fqdn)
if 'multi' in stack_name:
self.update_stack(
svc_pt_hs,
change_sets=[['left_vn_fqdn', left_vn_fqdn],
['right_vn_fqdn', right_vn_fqdn],
['service_instance1_fq_name', si_fqdn],
['service_instance2_fq_name', si2_fqdn]])
else:
if 'cidr' in stack_name:
if 'src_cidr' in stack_name:
self.update_stack(
svc_pt_hs,
change_sets=
[['left_vn_fqdn', left_vn_fqdn],
['right_vn_fqdn', right_vn_fqdn],
['service_instance_fq_name', si_fqdn],
[
'network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix',
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix
],
[
'network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len',
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len
]])
else:
self.update_stack(
svc_pt_hs,
change_sets=[['left_vn_fqdn', left_vn_fqdn],
['right_vn_fqdn', right_vn_fqdn],
['service_instance_fq_name', si_fqdn]])
if 'cidr' in stack_name:
if 'src_cidr' in stack_name:
# 2 VMs in the left_vn
left_vm1 = VMFixture(connections=self.connections,
uuid=left_vm1_id,
image_name='cirros')
left_vm1.read()
left_vm1.verify_on_setup()
left_vm2 = VMFixture(connections=self.connections,
uuid=left_vm2_id,
image_name='cirros')
left_vm2.read()
left_vm2.verify_on_setup()
# One VM in the right_vn
right_vm = VMFixture(connections=self.connections,
uuid=right_vm_id,
image_name='cirros')
right_vm.read()
right_vm.verify_on_setup()
# Ping from left_vm1 to right_vm should pass
assert left_vm1.ping_with_certainty(right_vm.vm_ip,
expectation=True)
# Ping from left_vm2 to right_vm should fail
assert left_vm2.ping_with_certainty(right_vm.vm_ip,
expectation=False)
else:
left_vm = VMFixture(connections=self.connections,
uuid=left_vm_id,
image_name='cirros')
left_vm.read()
left_vm.verify_on_setup()
right_vm = VMFixture(connections=self.connections,
uuid=right_vm_id,
image_name='cirros')
right_vm.read()
right_vm.verify_on_setup()
assert left_vm.ping_with_certainty(right_vm.vm_ip,
expectation=True)
def config_basic(self):
vn61_name = "test_vnv6sr"
vn61_net = ['2001::101:0/120']
vn61_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn61_name,
inputs=self.inputs,
subnets=vn61_net))
vn62_name = "test_vnv6dn"
vn62_net = ['2001::201:0/120']
vn62_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn62_name,
inputs=self.inputs,
subnets=vn62_net))
vm61_name = 'source_vm'
vm62_name = 'dest_vm'
vm61_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn61_fixture.obj,
vm_name=vm61_name,
node_name=None,
image_name='cirros',
flavor='m1.tiny'))
vm62_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn62_fixture.obj,
vm_name=vm62_name,
node_name=None,
image_name='cirros',
flavor='m1.tiny'))
vm61_fixture.wait_till_vm_is_up()
vm62_fixture.wait_till_vm_is_up()
rule = [
{
'direction': '<>',
'protocol': 'any',
'source_network': vn61_name,
'src_ports': [0, -1],
'dest_network': vn62_name,
'dst_ports': [0, -1],
'simple_action': 'pass',
},
]
policy_name = 'allow_all'
policy_fixture = self.config_policy(policy_name, rule)
vn61_policy_fix = self.attach_policy_to_vn(policy_fixture,
vn61_fixture)
vn62_policy_fix = self.attach_policy_to_vn(policy_fixture,
vn62_fixture)
vn1 = "vn1"
vn2 = "vn2"
vn_s = {'vn1': '10.1.1.0/24', 'vn2': ['20.1.1.0/24']}
rules = [
{
'direction': '<>',
'protocol': 'any',
'source_network': vn1,
'src_ports': [0, -1],
'dest_network': vn2,
'dst_ports': [0, -1],
'simple_action': 'pass',
},
]
self.logger.info("Configure the policy with allow any")
self.multi_vn_fixture = self.useFixture(
MultipleVNFixture(connections=self.connections,
inputs=self.inputs,
subnet_count=2,
vn_name_net=vn_s,
project_name=self.inputs.project_name))
vns = self.multi_vn_fixture.get_all_fixture_obj()
(self.vn1_name, self.vn1_fix) = self.multi_vn_fixture._vn_fixtures[0]
(self.vn2_name, self.vn2_fix) = self.multi_vn_fixture._vn_fixtures[1]
self.config_policy_and_attach_to_vn(rules)
self.multi_vm_fixture = self.useFixture(
MultipleVMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vm_count_per_vn=1,
vn_objs=vns,
image_name='cirros',
flavor='m1.tiny'))
vms = self.multi_vm_fixture.get_all_fixture()
(self.vm1_name, self.vm1_fix) = vms[0]
(self.vm2_name, self.vm2_fix) = vms[1]
def setup_common_objects(self, inputs, connections):
self.inputs = inputs
self.connections = connections
self.base_rel = get_release()
(self.vn11_name, self.vn11_subnets) = ("vn11", ["192.168.1.0/24"])
(self.vn22_name, self.vn22_subnets) = ("vn22", ["192.168.2.0/24"])
(self.fip_vn_name, self.fip_vn_subnets) = ("fip_vn", ['200.1.1.0/24'])
(self.vn11_vm1_name, self.vn11_vm2_name, self.vn11_vm3_name,
self.vn11_vm4_name) = ('vn11_vm1', 'vn11_vm2', 'vn11_vm3', 'vn11_vm4')
self.vn22_vm1_name = 'vn22_vm1'
self.vn22_vm2_name = 'vn22_vm2'
self.fvn_vm1_name = 'fvn_vm1'
# Configure 3 VNs, 2 of them vn11, vn22 and 1 fip_vn
self.vn11_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections, inputs=self.inputs, vn_name=self.vn11_name, subnets=self.vn11_subnets))
assert self.vn11_fixture.verify_on_setup()
self.vn22_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections, inputs=self.inputs, vn_name=self.vn22_name, subnets=self.vn22_subnets))
self.fvn_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name, connections=self.connections,
inputs=self.inputs, vn_name=self.fip_vn_name, subnets=self.fip_vn_subnets))
# Configure 4 VMs in VN11, 2 VM in VN22, and 1 VM in FVN
self.vn11_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm1_name, image_name='ubuntu'))
self.vn11_vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm2_name, image_name='ubuntu'))
self.vn11_vm3_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm3_name, image_name='ubuntu'))
self.vn11_vm4_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn11_fixture.obj, vm_name=self.vn11_vm4_name, image_name='ubuntu'))
self.vn22_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm1_name, image_name='ubuntu'))
self.vn22_vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.vn22_fixture.obj, vm_name=self.vn22_vm2_name, image_name='ubuntu'))
self.fvn_vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections, vn_obj=self.fvn_fixture.obj, vm_name=self.fvn_vm1_name, image_name='ubuntu'))
# Adding Policy between vn11 and vn22 ######
assert self.vn11_fixture.verify_on_setup()
assert self.vn22_fixture.verify_on_setup()
rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'any', 'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy_name = 'p1'
self.policy_fixture = self.useFixture(
PolicyFixture(
policy_name=policy_name, rules_list=rules, inputs=self.inputs,
connections=self.connections))
policy_fq_name = [self.policy_fixture.policy_fq_name]
self.vn11_fixture.bind_policies(
policy_fq_name, self.vn11_fixture.vn_id)
self.addCleanup(self.vn11_fixture.unbind_policies,
self.vn11_fixture.vn_id, [self.policy_fixture.policy_fq_name])
self.vn22_fixture.bind_policies(
policy_fq_name, self.vn22_fixture.vn_id)
self.addCleanup(self.vn22_fixture.unbind_policies,
self.vn22_fixture.vn_id, [self.policy_fixture.policy_fq_name])
# Adding Floating ip ###
assert self.fvn_fixture.verify_on_setup()
fip_pool_name = 'some-pool1'
self.fip_fixture = self.useFixture(
FloatingIPFixture(
project_name=self.inputs.project_name, inputs=self.inputs,
connections=self.connections, pool_name=fip_pool_name, vn_id=self.fvn_fixture.vn_id))
self.vn11_vm1_fixture.verify_on_setup()
self.vn11_vm1_fixture.wait_till_vm_is_up()
self.fip_id = self.fip_fixture.create_and_assoc_fip(
self.fvn_fixture.vn_id, self.vn11_vm1_fixture.vm_id)
self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id)
assert self.fip_fixture.verify_fip(
self.fip_id, self.vn11_vm1_fixture, self.fvn_fixture)
self.vn22_vm1_fixture.verify_on_setup()
self.vn22_vm1_fixture.wait_till_vm_is_up()
self.fip_id1 = self.fip_fixture.create_and_assoc_fip(
self.fvn_fixture.vn_id, self.vn22_vm1_fixture.vm_id)
assert self.fip_fixture.verify_fip(
self.fip_id1, self.vn22_vm1_fixture, self.fvn_fixture)
self.addCleanup(self.fip_fixture.disassoc_and_delete_fip, self.fip_id1)
# Adding the service chaining resources for firewall ###
si_count = 1
svc_scaling = False
max_inst = 1
svc_mode = 'in-network'
flavor = 'm1.medium'
self.vn1_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn1"
self.vn1_name = "in_network_vn1"
self.vn1_subnets = ['10.1.1.0/24']
self.vm1_name = 'in_network_vm1'
self.vn2_fq_name = "default-domain:" + self.inputs.project_name + ":in_network_vn2"
self.vn2_name = "in_network_vn2"
self.vn2_subnets = ['20.2.2.0/24']
self.vm2_name = 'in_network_vm2'
self.action_list = []
self.if_list = [['management', False], ['left', True], ['right', True]]
self.st_name = 'in_net_svc_template_1'
si_prefix = 'in_net_svc_instance_'
self.policy_name = 'policy_in_network'
self.vn1_fixture = self.config_vn(self.vn1_name, self.vn1_subnets)
self.vn2_fixture = self.config_vn(self.vn2_name, self.vn2_subnets)
self.st_fixture, self.si_fixtures = self.config_st_si(
self.st_name, si_prefix, si_count, svc_scaling, max_inst,
project=self.inputs.project_name, left_vn_fixture=self.vn1_fixture,
right_vn_fixture=self.vn2_fixture, svc_mode=svc_mode, flavor=flavor)
self.action_list = self.chain_si(si_count, si_prefix, self.inputs.project_name)
self.rules = [
{
'direction': '<>',
'protocol': 'any',
'source_network': self.vn1_name,
'src_ports': [0, -1],
'dest_network': self.vn2_name,
'dst_ports': [0, -1],
'simple_action': None,
'action_list': {'apply_service': self.action_list}
},
]
self.policy_fixtures = self.config_policy(self.policy_name, self.rules)
self.vn1_policy_fix = self.attach_policy_to_vn(
self.policy_fixtures, self.vn1_fixture)
self.vn2_policy_fix = self.attach_policy_to_vn(
self.policy_fixtures, self.vn2_fixture)
self.vm1_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name)
self.vm2_fixture = self.config_vm(vn_fix=self.vn1_fixture, vm_name=self.vm1_name)
#self.vm1_fixture.verify_on_setup()
#self.vm2_fixture.verify_on_setup()
self.vm1_fixture.wait_till_vm_is_up()
self.vm2_fixture.wait_till_vm_is_up()
result, msg = self.validate_vn(self.vn1_name, project_name=self.inputs.project_name)
assert result, msg
result, msg = self.validate_vn(self.vn2_name, project_name=self.inputs.project_name)
assert result, msg
# non-admin tenant config
result = True
msg = []
self.topo_obj = sdn_topo_with_multi_project()
self.setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, self.topo_obj))
out = self.setup_obj.sdn_topo_setup()
self.assertEqual(out['result'], True, out['msg'])
if out['result'] == True:
self.topo_objs, self.config_topo, vm_fip_info = out['data']
def test_policy_protocol_summary(self):
''' Test to validate that when policy is created with multiple rules that can be summarized by protocol
'''
proj_name = self.inputs.project_name
vn1_name = 'vn40'
vn1_subnets = ['10.1.1.0/24']
policy1_name = 'policy1'
policy2_name = 'policy2'
rules2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'source_network': vn1_name,
'dest_network': vn1_name,
},
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn1_name,
},
]
rules1 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'source_network': vn1_name,
'dest_network': vn1_name,
},
]
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=rules1,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(policy_name=policy2_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=[policy1_fixture.policy_obj]))
assert vn1_fixture.verify_on_setup()
vn1_vm1_name = 'vm1'
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn1_fixture.obj,
vm_name=vn1_vm1_name))
assert vm1_fixture.verify_on_setup()
inspect_h = self.agent_inspect[vm1_fixture.vm_node_ip]
vn_fq_name = inspect_h.get_vna_vn(domain='default-domain',
project=proj_name,
vn_name=vn1_name)['name']
vna_acl1 = inspect_h.get_vna_acl_by_vn(vn_fq_name)
policy1_fixture.verify_policy_in_api_server()
if vn1_fixture.policy_objs:
policy_fq_names = [
self.quantum_h.get_policy_fq_name(x)
for x in vn1_fixture.policy_objs
]
policy_fq_name2 = self.quantum_h.get_policy_fq_name(
policy2_fixture.policy_obj)
policy_fq_names.append(policy_fq_name2)
vn1_fixture.bind_policies(policy_fq_names, vn1_fixture.vn_id)
vna_acl2 = inspect_h.get_vna_acl_by_vn(vn_fq_name)
out = policy_test_utils.compare_args('policy_rules',
vna_acl1['entries'],
vna_acl2['entries'])
if out:
self.logger.info(
"policy rules are not matching with expected %s and actual %s"
% (vna_acl1['entries'], vna_acl2['entries']))
self.assertIsNone(out, "policy compare failed")
return True
def test_policy_with_multi_vn_in_vm(self):
''' Test to validate policy action in VM with vnic's in multiple VN's with different policies.
Test flow: vm1 in vn1 and vn2; vm3 in vn3. policy to allow traffic from vn2 to vn3 and deny from vn1 to vn3.
Default route for vm1 in vn1, which has no reachability to vn3 - verify traffic - should fail.
Add specific route to direct vn3 traffic through vn2 - verify traffic - should pass.
'''
vm1_name = 'vm_mine1'
vm2_name = 'vm_mine2'
vn1_name = 'vn221'
vn1_subnets = ['11.1.1.0/24']
vn2_name = 'vn222'
vn2_subnets = ['22.1.1.0/24']
vn3_gateway = '22.1.1.254'
vn3_name = 'vn223'
vn3_subnets = ['33.1.1.0/24']
rules1 = [
{
'direction': '>',
'simple_action': 'deny',
'protocol': 'icmp',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
rules2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': 'any',
'dest_network': 'any',
},
]
policy1_name = 'p1'
policy2_name = 'p2'
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=rules1,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(policy_name=policy2_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=[policy1_fixture.policy_obj]))
vn2_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets,
disable_gateway=True,
policy_objs=[policy2_fixture.policy_obj]))
vn3_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn3_name,
inputs=self.inputs,
subnets=vn3_subnets,
policy_objs=[policy2_fixture.policy_obj]))
assert vn1_fixture.verify_on_setup()
assert vn2_fixture.verify_on_setup()
assert vn3_fixture.verify_on_setup()
assert vn1_fixture.verify_vn_policy_in_api_server()
assert vn2_fixture.verify_vn_policy_in_api_server()
assert vn3_fixture.verify_vn_policy_in_api_server()
vm1_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_objs=[vn1_fixture.obj, vn2_fixture.obj],
vm_name=vm1_name,
project_name=self.inputs.project_name))
vm2_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_objs=[vn3_fixture.obj],
vm_name=vm2_name,
project_name=self.inputs.project_name))
assert vm1_fixture.verify_on_setup()
assert vm2_fixture.verify_on_setup()
self.nova_h.wait_till_vm_is_up(vm1_fixture.vm_obj)
self.nova_h.wait_till_vm_is_up(vm2_fixture.vm_obj)
# For multi-vn vm, configure ip address for 2nd interface
multivn_vm_ip_list = vm1_fixture.vm_ips
interfaces = vm1_fixture.get_vm_interface_list()
interface1 = vm1_fixture.get_vm_interface_list(
ip=multivn_vm_ip_list[0])[0]
interfaces.remove(interface1)
interface2 = interfaces[0]
if 'dual' == self.inputs.get_af():
intf_conf_cmd = "ifconfig %s inet6 add %s" % (
interface2, multivn_vm_ip_list[3])
else:
intf_conf_cmd = "ifconfig %s %s netmask 255.255.255.0" % (
interface2, multivn_vm_ip_list[1])
vm_cmds = (intf_conf_cmd, 'ifconfig -a')
for cmd in vm_cmds:
cmd_to_output = [cmd]
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[cmd]
for ip in multivn_vm_ip_list:
if ip not in output:
self.logger.error("IP %s not assigned to any eth intf of %s" %
(ip, vm1_fixture.vm_name))
assert False
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw of VM
self.logger.info(
"Ping from multi-vn vm to vm2, with no allow rule in the VN where default gw is part of, traffic should fail"
)
result = vm1_fixture.ping_with_certainty(expectation=False,
dst_vm_fixture=vm2_fixture)
assertEqual(result, True, "ping passed which is not expected")
# Configure VM to reroute traffic to interface belonging to different
# VN
self.logger.info(
"Direct traffic to gw which is part of VN with allow policy to destination VN, traffic should pass now"
)
cmd_to_output = []
if 'dual' == self.inputs.get_af():
cmd = ' route add -net %s netmask 255.255.255.0 gw %s dev %s' % (
vn3_subnets[0].split('/')[0], multivn_vm_ip_list[2],
interface2)
cmd_to_output.append(' ip -6 route add %s dev %s' %
(vn3_subnets[1], interface2))
else:
cmd = ' route add -net %s netmask 255.255.255.0 gw %s dev %s' % (
vn3_subnets[0].split('/')[0], multivn_vm_ip_list[1],
interface2)
cmd_to_output.append(cmd)
vm1_fixture.run_cmd_on_vm(cmds=cmd_to_output, as_sudo=True)
output = vm1_fixture.return_output_cmd_dict[cmd]
# Ping test from multi-vn vm to peer vn, result will be based on action
# defined in policy attached to VN which has the default gw for VM
self.logger.info(
"Ping from multi-vn vm to vm2, with allow rule in the VN where network gw is part of, traffic should pass"
)
result = vm1_fixture.ping_with_certainty(expectation=True,
dst_vm_fixture=vm2_fixture)
assertEqual(result, True, "ping failed which is not expected")
return True
def config_vm(self, vn_fix, vm_name, node_name=None, image_name='ubuntu-netperf', flavor='contrail_flavor_large'):
vm_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn_fix.obj, vm_name=vm_name, node_name=node_name, image_name=image_name, flavor=flavor))
return vm_fixture
if __name__ == "__main__":
import sys
from vn_test import VNFixture
from vm_test import VMFixture
# sys.settrace(tracefunc)
# obj = LBaasFixture(api_type='neutron', name='LB', connections=setup_test_infra(), network_id='4b39a2bd-4528-40e8-b848-28084e59c944', members={'vms': ['a72ad607-f1ca-44f2-b31e-e825a3f2d408'], 'address': ['192.168.1.10']}, vip_net_id='4b39a2bd-4528-40e8-b848-28084e59c944', protocol='TCP', port='22', healthmonitors=[{'delay':5, 'timeout':5, 'max_retries':5, 'probe_type':'PING'}])
conn = setup_test_infra()
vnfix = VNFixture(connections=conn)
vnfix.setUp()
vip_fix = VNFixture(connections=conn)
vip_fix.setUp()
fip_fix = VNFixture(connections=conn, router_external=True)
fip_fix.setUp()
subnet = vnfix.get_cidrs()[0]
vm_fix = VMFixture(connections=conn, vn_obj=vnfix.obj)
vm_fix.setUp()
obj = LBaasFixture(api_type='neutron',
name='LB',
connections=conn,
network_id=vnfix.uuid,
members={
'address': [get_random_ip(subnet)],
'vms': [vm_fix.vm_id]
},
vip_net_id=vip_fix.uuid,
fip_net_id=fip_fix.uuid,
protocol='TCP',
port='22',
healthmonitors=[{
'delay': 5,
def test_config_add_change_while_control_nodes_go_down(self):
"""Tests related to configuration add, change, and delete while switching from normal mode
to headless and back i.e. control nodes go down and come online."""
if len(self.inputs.compute_ips) < 2:
raise unittest.SkipTest("This test needs atleast 2 compute nodes.")
else:
self.logger.info(
"Required resources are in place to run the test.")
result = True
topology_class_name = None
self.compute_fixture_dict = {}
for each_compute in self.inputs.compute_ips:
self.compute_fixture_dict[each_compute] = self.useFixture(
ComputeNodeFixture(connections=self.connections,
node_ip=each_compute,
username=self.inputs.username,
password=self.inputs.password))
mode = self.compute_fixture_dict[
each_compute].get_agent_headless_mode()
if mode is False:
self.compute_fixture_dict[
each_compute].set_agent_headless_mode()
#
# Get config for test from topology
result = True
msg = []
if not topology_class_name:
topology_class_name = test_headless_vrouter_topo.sdn_headless_vrouter_topo
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
#
# Create a list of compute node IP's and pass it to topo if you want to pin
# a vm to a particular node
topo_obj = topology_class_name(
compute_node_list=self.inputs.compute_ips)
#
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
topo = {}
topo_objs = {}
config_topo = {}
setup_obj = self.useFixture(
sdnTopoSetupFixture(self.connections, topo_obj))
out = setup_obj.sdn_topo_setup()
self.assertEqual(out['result'], True, out['msg'])
if out['result']:
topo_objs, config_topo, vm_fip_info = out['data']
# Start Test
proj = config_topo.keys()
vms = config_topo[proj[0]]['vm'].keys()
src_vm = config_topo[proj[0]]['vm'][vms[0]]
dest_vm = config_topo[proj[0]]['vm'][vms[1]]
flow_cache_timeout = 180
# Setup Traffic.
stream = Stream(protocol="ip",
proto="icmp",
src=src_vm.vm_ip,
dst=dest_vm.vm_ip)
profile = ContinuousProfile(stream=stream, count=0, capfilter="icmp")
tx_vm_node_ip = src_vm.vm_node_ip
rx_vm_node_ip = dest_vm.vm_node_ip
tx_local_host = Host(tx_vm_node_ip, self.inputs.username,
self.inputs.password)
rx_local_host = Host(rx_vm_node_ip, self.inputs.username,
self.inputs.password)
send_host = Host(src_vm.local_ip, src_vm.vm_username,
src_vm.vm_password)
recv_host = Host(dest_vm.local_ip, dest_vm.vm_username,
dest_vm.vm_password)
sender = Sender("icmp", profile, tx_local_host, send_host,
self.inputs.logger)
receiver = Receiver("icmp", profile, rx_local_host, recv_host,
self.inputs.logger)
receiver.start()
sender.start()
self.logger.info("Waiting for 5 sec for traffic to be setup ...")
time.sleep(5)
#self.start_ping(src_vm, dest_vm)
flow_index_list = headless_vr_utils.get_flow_index_list(
self, src_vm, dest_vm)
headless_vr_utils.stop_all_control_services(self)
self.addCleanup(self.inputs.start_service,
'supervisor-control',
self.inputs.bgp_ips,
container='controller')
time.sleep(10)
headless_vr_utils.check_through_tcpdump(self, dest_vm, src_vm)
flow_index_list2 = headless_vr_utils.get_flow_index_list(
self, src_vm, dest_vm)
if set(flow_index_list) == set(flow_index_list2):
self.logger.info("Flow indexes have not changed.")
else:
self.logger.error(
"Flow indexes have changed. Test Failed, Exiting")
return False
receiver.stop()
sender.stop()
project1_instance = config_topo['project1']['project']['project1']
project1_instance.get_project_connections()
vnet2_instance = config_topo['project1']['vn']['vnet2']
# add VM to existing VN
VM22_fixture = self.useFixture(
VMFixture(
connections=project1_instance.project_connections['juniper'],
vn_obj=vnet2_instance.obj,
vm_name='VM22',
project_name=project1_instance.project_name))
# create new IPAM
ipam3_obj = self.useFixture(
IPAMFixture(project_obj=project1_instance, name='ipam3'))
ipam4_obj = self.useFixture(
IPAMFixture(project_obj=project1_instance, name='ipam4'))
# create new VN
VN3_fixture = self.useFixture(
VNFixture(
project_name=project1_instance.project_name,
connections=project1_instance.project_connections['juniper'],
vn_name='VN3',
inputs=project1_instance.inputs,
subnets=['10.3.1.0/24'],
ipam_fq_name=ipam3_obj.fq_name))
VN4_fixture = self.useFixture(
VNFixture(
project_name=project1_instance.project_name,
connections=project1_instance.project_connections['juniper'],
vn_name='VN4',
inputs=project1_instance.inputs,
subnets=['10.4.1.0/24'],
ipam_fq_name=ipam4_obj.fq_name))
# create policy
policy_name = 'policy34'
rules = []
rules = [{
'direction': '<>',
'protocol': 'icmp',
'dest_network': VN4_fixture.vn_fq_name,
'source_network': VN3_fixture.vn_fq_name,
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}, {
'direction': '<>',
'protocol': 'icmp',
'dest_network': VN3_fixture.vn_fq_name,
'source_network': VN4_fixture.vn_fq_name,
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}]
policy34_fixture = self.useFixture(
PolicyFixture(
policy_name=policy_name,
rules_list=rules,
inputs=project1_instance.inputs,
connections=project1_instance.project_connections['juniper'],
project_fixture=project1_instance))
# create VN to policy mapping in a dict of policy list.
vn_policys = {
VN3_fixture.vn_name: [policy_name],
VN4_fixture.vn_name: [policy_name]
}
# create a policy object list of policies to be attached to a vm
policy_obj_dict = {}
policy_obj_dict[VN3_fixture.vn_name] = [policy34_fixture.policy_obj]
policy_obj_dict[VN4_fixture.vn_name] = [policy34_fixture.policy_obj]
# vn fixture dictionary.
vn_obj_dict = {}
vn_obj_dict[VN3_fixture.vn_name] = VN3_fixture
vn_obj_dict[VN4_fixture.vn_name] = VN4_fixture
# attach policy to VN
VN3_policy_fixture = self.useFixture(
VN_Policy_Fixture(
connections=project1_instance.project_connections['juniper'],
vn_name=VN3_fixture.vn_name,
policy_obj=policy_obj_dict,
vn_obj=vn_obj_dict,
vn_policys=vn_policys[VN3_fixture.vn_name],
project_name=project1_instance.project_name))
VN4_policy_fixture = self.useFixture(
VN_Policy_Fixture(
connections=project1_instance.project_connections['juniper'],
vn_name=VN4_fixture.vn_name,
policy_obj=policy_obj_dict,
vn_obj=vn_obj_dict,
vn_policys=vn_policys[VN4_fixture.vn_name],
project_name=project1_instance.project_name))
# add VM to new VN
VM31_fixture = self.useFixture(
VMFixture(
connections=project1_instance.project_connections['juniper'],
vn_obj=VN3_fixture.obj,
vm_name='VM31',
project_name=project1_instance.project_name))
VM41_fixture = self.useFixture(
VMFixture(
connections=project1_instance.project_connections['juniper'],
vn_obj=VN4_fixture.obj,
vm_name='VM41',
project_name=project1_instance.project_name))
# verification routines.
test_flag = 0
if ((VN3_fixture.verify_vn_in_api_server())
and (VN3_fixture.verify_vn_not_in_agent())
and (VN3_fixture.verify_vn_policy_in_api_server()['result'])):
self.logger.info(
"Verification of VN3 PASSED while control nodes down.")
else:
self.logger.error(
"Verification of VN3 FAILED while control nodes down.")
test_flag = 1
if ((VN4_fixture.verify_vn_in_api_server())
and (VN4_fixture.verify_vn_not_in_agent())
and (VN4_fixture.verify_vn_policy_in_api_server()['result'])):
self.logger.info(
"Verification of VN4 PASSED while control nodes down.")
else:
self.logger.error(
"Verification of VN4 FAILED while control nodes down.")
test_flag = 1
if ((VM22_fixture.verify_vm_launched())
and (VM22_fixture.verify_vm_in_api_server())):
self.logger.info(
"Verification of VM22 PASSED while control nodes down.")
else:
self.logger.error(
"Verification of VM22 FAILED while control nodes down.")
test_flag = 1
if ((VM31_fixture.verify_vm_launched())
and (VM31_fixture.verify_vm_in_api_server())):
self.logger.info(
"Verification of VM31 PASSED while control nodes down.")
else:
self.logger.error(
"Verification of VM31 FAILED while control nodes down.")
test_flag = 1
if ((VM41_fixture.verify_vm_launched())
and (VM41_fixture.verify_vm_in_api_server())):
self.logger.info(
"Verification of VM41 PASSED while control nodes down.")
else:
self.logger.error(
"Verification of VM41 FAILED while control nodes down.")
test_flag = 1
# start all control services.
headless_vr_utils.start_all_control_services(self)
# if something went wrong in the controller down state bail out here.
if test_flag == 1:
self.logger.error(
"Verifications and Test failed while the controllers were down in \
headless state of agent. Check earlier error logs"
)
return False
# wait for 3 to 5 sec for configuration sync from control nodes to the
# agents.
time.sleep(5)
# wait till VM's are up.
VM22_fixture.wait_till_vm_is_up()
VM31_fixture.wait_till_vm_is_up()
VM41_fixture.wait_till_vm_is_up()
# verify vm config gets downloaded to the agents.
if ((VM22_fixture.verify_vm_in_agent())
and (VM31_fixture.verify_vm_in_agent())
and (VM41_fixture.verify_vm_in_agent())):
self.logger.info("VM verification on the agent PASSED")
else:
self.logger.error("VM verification on the agent FAILED")
return False
# check ping success between the two VM's
assert config_topo['project1']['vm']['VM11'].ping_with_certainty(
VM22_fixture.vm_ip, expectation=True)
assert VM31_fixture.ping_with_certainty(VM41_fixture.vm_ip,
expectation=True)
assert VM41_fixture.ping_with_certainty(VM31_fixture.vm_ip,
expectation=True)
# verification routines.
if ((VN3_fixture.verify_on_setup()) and (VN4_fixture.verify_on_setup())
and (VM22_fixture.verify_on_setup())
and (VM31_fixture.verify_on_setup())
and (VM41_fixture.verify_on_setup())):
self.logger.info(
"All verifications passed after controllers came up in headless agent mode"
)
else:
self.logger.error(
"Verifications FAILED after controllers came up in headless agent mode"
)
return False
return True
def test_sec_group_basic(self):
"""
Description: Test basic SG features
1. Security group create and delete
2. Create security group with custom rules and then update it for tcp
3. Launch VM with custom created security group and verify
4. Remove secuity group association with VM
5. Add back custom security group to VM and verify
6. Try to delete security group with association to VM. It should fail.
7. Test with ping, which should fail
8. Test with TCP which should pass
9. Update the rules to allow icmp, ping should pass now.
"""
secgrp_name = get_random_name('test_sec_group')
(prefix,
prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{
'direction':
'>',
'protocol':
'udp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 8000,
'end_port': 8000
}],
'src_ports': [{
'start_port': 9000,
'end_port': 9000
}],
'src_addresses': [{
'security_group': 'local'
}],
}]
#Create the SG
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
#Delete the SG
self.delete_sec_group(sg_fixture)
#Create SG again and update the rules
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
secgrp_id = sg_fixture.secgrp_id
vn_net = get_random_cidrs(self.inputs.get_af())
(prefix, prefix_len) = vn_net[0].split('/')
rule = [{
'protocol':
'tcp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_addresses': [{
'security_group': 'local'
}],
}, {
'protocol':
'tcp',
'src_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'dst_addresses': [{
'security_group': 'local'
}],
}]
#Update the rules
sg_fixture.replace_rules(rule)
#Create VN and VMs
vn_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
inputs=self.inputs,
subnets=vn_net))
assert vn_fixture.verify_on_setup()
img_name = os.environ['ci_image'] if os.environ.has_key(
'ci_image') else 'ubuntu-traffic'
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Remove secuity group association with VM and verify
self.logger.info("Remove security group %s from VM %s", secgrp_name,
vm1_fixture.vm_name)
vm1_fixture.remove_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
if result:
assert False, "Security group %s is not removed from VM %s" % (
secgrp_name, vm1_fixture.vm_name)
#Add back security group to VM and verify
vm1_fixture.add_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Try to delete security group with back ref
self.logger.info("Try deleting the security group %s with back ref.",
secgrp_name)
try:
if sg_fixture.option == 'openstack':
sg_fixture.quantum_h.delete_security_group(
sg_fixture.secgrp_id)
else:
sg_fixture.cleanUp()
except Exception, msg:
self.logger.info(msg)
self.logger.info(
"Not able to delete the security group with back ref as expected"
)
def test_policy_cidr_src_cidr_dst_cidr(self):
"""Test cases to test policy CIDR"""
"""Policy1 Rule :- source = CIDR-VM11, destination = CIDR-VM12."""
"""Policy2 Rule :- source = CIDR-VM11, destination = CIDR-VM21."""
result = True
# create Ipam and VN
self.setup_ipam_vn()
VN1_subnet = self.VN1_fixture.get_cidrs()[0]
VN2_subnet = self.VN2_fixture.get_cidrs()[0]
VN3_subnet = self.VN3_fixture.get_cidrs()[0]
# create VM
self.setup_vm()
self.VM12_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_obj=self.VN1_fixture.obj,
vm_name='VM12',
project_name=self.project.project_name))
self.VM12_fixture.wait_till_vm_is_up()
#Check initial connectivity without policies in place.
ret = self.VM11_fixture.ping_with_certainty(self.VM12_fixture.vm_ip, \
expectation=True)
if ret == True:
self.logger.info("ICMP traffic is allowed between VMs in same VN")
else:
result = False
self.logger.error(
"ICMP traffic is not allowed between VMs in same VN, which is wrong"
)
ret = self.VM11_fixture.ping_with_certainty(self.VM21_fixture.vm_ip, \
expectation=False)
if ret == True:
self.logger.info(
"ICMP traffic is not allowed between VMs accross VNs")
else:
result = False
self.logger.error(
"ICMP traffic is allowed between VMs accross VNs, which is wrong"
)
if result == False:
return result
#get the VM IP Addresses with 32 bit mask in cidr format.
vm11_ip = self.VM11_fixture.vm_ip + '/32'
vm12_ip = self.VM12_fixture.vm_ip + '/32'
vm21_ip = self.VM21_fixture.vm_ip + '/32'
# create policy
policy_name = 'policy1112'
rules = []
rules = [{
'direction': '<>',
'protocol': 'icmp',
'dest_subnet': vm12_ip,
'source_subnet': vm11_ip,
'dst_ports': 'any',
'simple_action': 'deny',
'src_ports': 'any'
}, {
'direction': '<>',
'protocol': 'any',
'dest_network': 'VN1',
'source_network': 'VN1',
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}]
policy1112_fixture = self.useFixture(
PolicyFixture(policy_name=policy_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
policy_name = 'policy1211'
rules = []
rules = [{
'direction': '<>',
'protocol': 'icmp',
'dest_subnet': vm11_ip,
'source_subnet': vm12_ip,
'dst_ports': 'any',
'simple_action': 'deny',
'src_ports': 'any'
}, {
'direction': '<>',
'protocol': 'any',
'dest_network': 'VN1',
'source_network': 'VN1',
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}]
policy1211_fixture = self.useFixture(
PolicyFixture(policy_name=policy_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
policy_name = 'policy1121'
rules = []
rules = [{
'direction': '<>',
'protocol': 'icmp',
'dest_subnet': vm21_ip,
'source_subnet': vm11_ip,
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}, {
'direction': '<>',
'protocol': 'any',
'dest_network': 'VN2',
'source_network': 'VN1',
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}]
policy1121_fixture = self.useFixture(
PolicyFixture(policy_name=policy_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
policy_name = 'policy2111'
rules = []
rules = [{
'direction': '<>',
'protocol': 'icmp',
'dest_subnet': vm11_ip,
'source_subnet': vm21_ip,
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}, {
'direction': '<>',
'protocol': 'any',
'dest_network': 'VN1',
'source_network': 'VN2',
'dst_ports': 'any',
'simple_action': 'pass',
'src_ports': 'any'
}]
policy2111_fixture = self.useFixture(
PolicyFixture(policy_name=policy_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
# attach policy to VN
VN1_policy_fixture = self.useFixture(
VN_Policy_Fixture(
connections=self.connections,
vn_name=self.VN1_fixture.vn_name,
policy_obj={self.VN1_fixture.vn_name : \
[policy1112_fixture.policy_obj, \
policy1211_fixture.policy_obj, \
policy1121_fixture.policy_obj]},
vn_obj={self.VN1_fixture.vn_name : self.VN1_fixture},
vn_policys=['policy1112','policy1211','policy1121'],
project_name=self.project.project_name))
VN2_policy_fixture = self.useFixture(
VN_Policy_Fixture(
connections=self.connections,
vn_name=self.VN2_fixture.vn_name,
policy_obj={self.VN2_fixture.vn_name : \
[policy2111_fixture.policy_obj]},
vn_obj={self.VN2_fixture.vn_name : self.VN2_fixture},
vn_policys=['policy2111'],
project_name=self.project.project_name))
#Test traffic with the policies having cidr as src and dst,
#attached to the respective networks.
ret = self.VM11_fixture.ping_with_certainty(self.VM12_fixture.vm_ip, \
expectation=False)
if ret == True:
cmd = "flow -l | grep %s -A1 | grep %s -A1 " % (
self.VM11_fixture.vm_ip, self.VM12_fixture.vm_ip)
cmd = cmd + "| grep 'Action:D(Policy)' | wc -l"
flow_record = self.inputs.run_cmd_on_server(
self.VM11_fixture.vm_node_ip, cmd, self.inputs.host_data[
self.VM11_fixture.vm_node_ip]['username'],
self.inputs.host_data[
self.VM11_fixture.vm_node_ip]['password'])
if flow_record > 0:
self.logger.info(
"ICMP traffic is not allowed between VM11 and VM12, by policy1112 and policy1211."
)
self.logger.info("Above test Passed.")
else:
result = False
self.logger.error(
"ICMP traffic is not allowed between VM11 and VM12, by policy1112 and policy1211."
)
self.logger.error("Above test Failed.")
else:
result = False
self.logger.error(
"ICMP traffic is not allowed between VM11 and VM12, by policy1112 and policy1211."
)
self.logger.error("Above test Failed.")
ret = False
flow_record = 0
ret = self.VM11_fixture.ping_with_certainty(self.VM21_fixture.vm_ip, \
expectation=True)
if ret == True:
cmd = "flow -l | grep %s -A1 | grep %s -A1 " % (
self.VM11_fixture.vm_ip, self.VM21_fixture.vm_ip)
cmd = cmd + "| grep 'Action:F' | wc -l"
flow_record = self.inputs.run_cmd_on_server(
self.VM11_fixture.vm_node_ip, cmd, self.inputs.host_data[
self.VM11_fixture.vm_node_ip]['username'],
self.inputs.host_data[
self.VM11_fixture.vm_node_ip]['password'])
if flow_record > 0:
self.logger.info(
"ICMP traffic is allowed between VM11 and VM21, by policy1121 and policy2111."
)
self.logger.info("Above test Passed.")
else:
result = False
self.logger.error(
"ICMP traffic is allowed between VM11 and VM21, by policy1121 and policy2111."
)
self.logger.error("Above test Failed.")
else:
result = False
self.logger.error(
"ICMP traffic is allowed between VM11 and VM21, by policy1121 and policy2111."
)
self.logger.error("Above test Failed.")
if result == False:
return result
return result
def config_v2_svc_chain(self, stack_name):
svc_pt_hs = self.config_heat_obj(stack_name)
stack = svc_pt_hs.heat_client_obj
op = stack.stacks.get(stack_name).outputs
time.sleep(5)
for output in op:
if output['output_key'] == 'left_VM_ID':
left_vm_id = output['output_value']
elif output['output_key'] == 'left_VM1_ID':
left_vm1_id = output['output_value']
elif output['output_key'] == 'left_VM2_ID':
left_vm2_id = output['output_value']
elif output['output_key'] == 'right_VM_ID':
right_vm_id = output['output_value']
elif output['output_key'] == 'right_VM1_ID':
right_vm1_id = output['output_value']
elif output['output_key'] == 'right_VM2_ID':
right_vm2_id = output['output_value']
elif output['output_key'] == 'left_vn_FQDN':
left_vn_fqdn = output['output_value']
elif output['output_key'] == 'right_vn_FQDN':
right_vn_fqdn = output['output_value']
elif output['output_key'] == 'si_fqdn':
si_fqdn = output['output_value']
elif output['output_key'] == 'si2_fqdn':
si2_fqdn = output['output_value']
si2_fqdn=":".join(si2_fqdn)
elif output['output_key'] == 'left_VM1_IP_ADDRESS':
left_vm1_ip_address = output['output_value']
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix = "left_vn"+":"+left_vm1_ip_address
network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len = "32"
elif output['output_key'] == 'right_VM1_IP_ADDRESS':
right_vm1_ip_address = output['output_value']
network_policy_entries_policy_rule_dst_addresses_subnet_ip_prefix = "right_vn"+":"+right_vm1_ip_address
network_policy_entries_policy_rule_dst_addresses_subnet_ip_prefix_len = "32"
#Update the policy
si_fqdn=":".join(si_fqdn)
left_vn_fqdn=":".join(left_vn_fqdn)
right_vn_fqdn=":".join(right_vn_fqdn)
if 'multi' in stack_name:
self.update_stack(svc_pt_hs, change_sets=[['left_vn_fqdn', left_vn_fqdn], ['right_vn_fqdn', right_vn_fqdn], ['service_instance1_fq_name', si_fqdn], ['service_instance2_fq_name', si2_fqdn]])
else:
if 'cidr' in stack_name:
if 'src_cidr' in stack_name:
self.update_stack(svc_pt_hs, change_sets=[['left_vn_fqdn', left_vn_fqdn], ['right_vn_fqdn', right_vn_fqdn], ['service_instance_fq_name', si_fqdn], ['network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix', network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix], ['network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len', network_policy_entries_policy_rule_src_addresses_subnet_ip_prefix_len]])
else:
self.update_stack(svc_pt_hs, change_sets=[['left_vn_fqdn', left_vn_fqdn], ['right_vn_fqdn', right_vn_fqdn], ['service_instance_fq_name', si_fqdn]])
if 'cidr' in stack_name:
if 'src_cidr' in stack_name:
# 2 VMs in the left_vn
left_vm1 = VMFixture(connections=self.connections,uuid = left_vm1_id, image_name = 'cirros-0.3.0-x86_64-uec')
left_vm1.read()
left_vm1.verify_on_setup()
left_vm2 = VMFixture(connections=self.connections,uuid = left_vm2_id, image_name = 'cirros-0.3.0-x86_64-uec')
left_vm2.read()
left_vm2.verify_on_setup()
# One VM in the right_vn
right_vm = VMFixture(connections=self.connections,uuid = right_vm_id, image_name = 'cirros-0.3.0-x86_64-uec')
right_vm.read()
right_vm.verify_on_setup()
# Ping from left_vm1 to right_vm should pass
assert left_vm1.ping_with_certainty(right_vm.vm_ip, expectation=True)
# Ping from left_vm2 to right_vm should fail
assert left_vm2.ping_with_certainty(right_vm.vm_ip, expectation=False)
else:
left_vm = VMFixture(connections=self.connections,uuid = left_vm_id, image_name = 'cirros-0.3.0-x86_64-uec')
left_vm.read()
left_vm.verify_on_setup()
right_vm = VMFixture(connections=self.connections,uuid = right_vm_id, image_name = 'cirros-0.3.0-x86_64-uec')
right_vm.read()
right_vm.verify_on_setup()
assert left_vm.ping_with_certainty(right_vm.vm_ip, expectation=True)
def test_allocate_floating_ip(self):
"""Allocate a floating IP
1.Create an FIP pool for VN -public under admin and launch an instance
2.Launch instance under VPC
3.Associate FIP to thie instance
4.Ping test to and from FIP """
self.res.verify_common_objects()
result = True
cidr = '10.2.3.0/24'
floatingIpCidr = '10.2.60.0/24'
pool_name = 'pool1'
vpc_fixture = self.res.vpc1_fixture
assert vpc_fixture.verify_on_setup(), " VPC %s verification failed" % (
cidr)
self.logger.info(
'Adding rules to default SG of %s to reach public vm' %
(vpc_fixture.vpc_id))
default_sg_name = 'default'
rule1 = {
'protocol': 'icmp',
'direction': 'ingress',
'cidr': floatingIpCidr,
}
rule2 = {
'protocol': 'icmp',
'direction': 'egress',
'cidr': floatingIpCidr,
}
default_sg_id = vpc_fixture.get_security_group_id(default_sg_name)
if not (self.createSgRule(vpc_fixture, default_sg_id, rule1)
and self.createSgRule(vpc_fixture, default_sg_id, rule2)):
self.logger.error('Unable to create allow in SG %s ' %
(default_sg_name))
result = result and False
# create public VN for floating ip pool
ec2_base = EC2Base(logger=self.inputs.logger,
inputs=self.inputs,
tenant=self.inputs.project_name)
fip_vn_fixture = self.useFixture(
VNFixture(connections=self.connections,
inputs=self.inputs,
vn_name='public',
subnets=[floatingIpCidr]))
# Add rules in public VM's SG to reach the private VM"
self.set_sec_group_for_allow_all('admin', 'default')
assert fip_vn_fixture.verify_on_setup(
), "FIP VN Fixture verification failed, Check logs"
fip_vm_fixture = self.useFixture(
VMFixture(connections=self.connections,
vn_obj=fip_vn_fixture.obj,
vm_name='fip_vm1'))
assert fip_vm_fixture.verify_on_setup(
), "VM verification in FIP VN failed"
assert fip_vm_fixture.wait_till_vm_is_up(),\
"VM verification in FIP VN failed"
vm1_fixture = self.res.vpc1_vn1_vm1_fixture
assert vm1_fixture.verify_on_setup(), "VPCVMFixture verification failed " \
"for VM %s" % (vm1_fixture.instance_id)
assert vm1_fixture.wait_till_vm_is_up(),\
"VM verification failed"
fip_fixture = self.useFixture(
VPCFIPFixture(fip_vn_fixture=fip_vn_fixture,
connections=self.connections,
pool_name=pool_name,
ec2_base=ec2_base))
assert fip_fixture.verify_on_setup(
), "FIP pool verification failed, Pls check logs"
(fip, fip_alloc_id) = fip_fixture.create_and_assoc_fip(
vm1_fixture.instance_id)
if fip is None or fip_alloc_id is None:
self.logger.error('FIP creation and/or association failed! ')
result = result and False
if result:
self.addCleanup(fip_fixture.disassoc_and_delete_fip, fip_alloc_id,
fip)
assert fip_fixture.verify_fip(
fip), " FIP %s, %s verification failed" % (fip, fip_alloc_id)
assert vm1_fixture.c_vm_fixture.ping_with_certainty(
fip_vm_fixture.vm_ip), "Ping from FIP IP failed"
assert fip_vm_fixture.ping_with_certainty(
fip), "Ping to FIP IP failed"
return result
