def test_spoofguard_with_ping_between_servers_on_same_network(self):
username, password = self.get_image_userpass()
image = self.get_server_image()
flavor = self.get_server_flavor()
port_client = self.manager.ports_client
self.green = self.setup_vm_environment(self.manager, 'green', True)
security_groups = [{'name': self.green['security_group']['id']}]
# Boot instance vm2
keypair = self.create_keypair()
self.keypairs[keypair['name']] = keypair
key_name = keypair['name']
t_serv2 = self.create_server_on_network(
self.green['network'],
security_groups,
key_name=key_name,
image=image,
flavor=flavor,
name=self.green['network']['name'])
self.check_server_connected(t_serv2)
t_floatingip2 = self.create_floatingip_for_server(
t_serv2, client_mgr=self.manager)
msg = ("Associate t_floatingip[%s] to server[%s]" %
(t_floatingip2, t_serv2['name']))
self._check_floatingip_connectivity(t_floatingip2,
t_serv2,
should_connect=True,
msg=msg)
public_ip_vm_1 = self.green['fip1']['floating_ip_address']
public_ip_vm_2 = t_floatingip2['floating_ip_address']
private_ip_vm_1 = \
self.green['fip1']['fixed_ip_address']
private_ip_vm_2 = \
t_floatingip2['fixed_ip_address']
private_key_1 = self._get_server_key(self.green['serv1'])
client1 = remote_client.RemoteClient(public_ip_vm_1,
username=username,
pkey=private_key_1,
password=password)
private_key_2 = self._get_server_key(t_serv2)
client2 = remote_client.RemoteClient(public_ip_vm_2,
username=username,
pkey=private_key_2,
password=password)
self.assertEqual(True, dmgr.is_reachable(client1, private_ip_vm_2),
"Destination is reachable")
port1_id = self.green['fip1']['port_id']
# Update vm1 port to disbale port security
port_client.update_port(port_id=port1_id,
port_security_enabled='false',
security_groups=[])
time.sleep(constants.NSX_BACKEND_TIME_INTERVAL)
self.compute_security_group_rules_client.\
delete_security_group_rule(self.green['rule_id'])
time.sleep(constants.NSX_BACKEND_TIME_INTERVAL)
self.assertEqual(False, dmgr.is_reachable(client1, private_ip_vm_2),
"Destination is not reachable")
self.assertEqual(True, dmgr.is_reachable(client2, private_ip_vm_1),
"Destination is reachable")
def host_can_reach_ips(self, host_id, host_ssh, ip_type, ip_list):
for dest_ip in ip_list:
reachable = dmgr.is_reachable(host_ssh, dest_ip,
time_out=self.conn_timeout)
msg = (self.exc_msg +
("\n *FAILURE* VM[%s] cannot PING %s[%s]" %
(host_id, ip_type, dest_ip)))
if not reachable:
reachable = dmgr.is_reachable(host_ssh, dest_ip,
time_out=self.conn_timeout)
dmgr.STEPINTO_DEBUG_IF_TRUE(not reachable)
self.assertTrue(reachable, msg)
self.log_exc_msg(
(" VM[%s] can PING %s[%s]" % (host_id, ip_type, dest_ip)))
def validate_all_servers_private_address_are_reachable(self,
ssh_client,
ip_addresses):
for ip_addr in ip_addresses:
msg = "VM private address[%s] is not reachable." % ip_addr
reachable = dmgr.is_reachable(ssh_client, ip_addr)
self.assertTrue(reachable, msg)
def run_servers_connectivity_test(self, servers):
# select one from the servers
net_id_list = servers.keys()
net_id = net_id_list[0]
other_net_id_list = net_id_list[1:]
username, password = self.get_image_userpass()
nsv = self.tp_svrs[net_id]
serv = nsv['server']
floatingip = self.create_floatingip_for_server(serv,
client_mgr=self.manager)
msg = ("Associate floatingip[%s] to server[%s]" %
(floatingip, serv['name']))
self._check_floatingip_connectivity(floatingip,
serv,
should_connect=True,
msg=msg)
serv_fip = floatingip['floating_ip_address']
dmgr.rm_sshkey(serv_fip)
ssh_client = dmgr.get_remote_client_by_password(
serv_fip, username, password)
not_reachable_list = []
for nid in other_net_id_list:
o_svr = servers[nid]['server']
o_net = servers[nid]['network']
o_ipaddr = self.get_server_fixed_ip(o_svr, o_net)
reachable = dmgr.is_reachable(ssh_client, o_ipaddr)
if not reachable:
not_reachable_list.append(o_ipaddr)
self.assertTrue(
len(not_reachable_list) == 0,
("Following Servers are not reachable: %s" % not_reachable_list))
def run_servers_connectivity_test(self, servers):
# select one from the servers
net_id_list = servers.keys()
net_id = net_id_list[0]
other_net_id_list = net_id_list[1:]
username, password = self.get_image_userpass()
nsv = self.servers[net_id]
serv = nsv['server']
floatingip = self.create_floatingip_for_server(
serv, client_mgr=self.admin_manager)
msg = ("Associate floatingip[%s] to server[%s]"
% (floatingip, serv['name']))
self._check_floatingip_connectivity(
floatingip, serv, should_connect=True, msg=msg)
serv_fip = floatingip.floating_ip_address
dmgr.rm_sshkey(serv_fip)
ssh_client = dmgr.get_remote_client_by_password(
serv_fip, username, password)
not_reachable_list = []
for nid in other_net_id_list:
o_svr = servers[nid]['server']
o_net = servers[nid]['network']
o_ipaddr = self.get_server_fixed_ip(o_svr, o_net)
reachable = dmgr.is_reachable(ssh_client, o_ipaddr)
if not reachable:
not_reachable_list.append(o_ipaddr)
self.assertTrue(
len(not_reachable_list) == 0,
("Following Servers are not reachable: %s" % not_reachable_list))