def test(): global new_offering_uuid test_util.test_dsc('Test VM 2nic outbound & inbound bandwidth QoS by 1MB') #unit is KB net_bandwidth = 1 * 1024 vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName')) l3_net_uuid2 = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetworkName1')).uuid test_obj_dict.add_vm(vm1) vm1.check() vm1_inv = vm1.get_vm() test_stub.make_ssh_no_password(vm1_inv) vm1_ip = vm1_inv.vmNics[0].ip vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName')) test_obj_dict.add_vm(vm2) vm2.check() vm2_inv = vm2.get_vm() vm2_ip = vm2_inv.vmNics[0].ip test_stub.make_ssh_no_password(vm2_inv) test_stub.copy_key_file(vm1_inv) test_stub.copy_key_file(vm2_inv) test_stub.create_test_file(vm1_inv, net_bandwidth) test_stub.create_test_file(vm2_inv, net_bandwidth) vm1.add_nic(l3_net_uuid2) vm2.add_nic(l3_net_uuid2) ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null' cmd = "pkill dhclient" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) cmd = "dhclient eth0 eth1" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) #l3_name = os.environ.get('l3VlanNetworkName1') #l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid #test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip, net_bandwidth) # Set a single nic to smaller bandwidth vm_nic = test_lib.lib_get_vm_nic_by_l3(vm1.vm, l3_net_uuid2) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024/2) cmd = '%s %s "ping %s -c 10"' %(ssh_cmd, vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip) ping_ret=1 while ping_ret: ping_ret = os.system(cmd) test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip, net_bandwidth/2) #l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid #test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip, net_bandwidth) #vm_ops.delete_instance_offering(new_offering_uuid) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network 2nd nic QoS Test Pass')
def test(): global new_offering_uuid test_util.test_dsc('Test VM 2nic outbound & inbound bandwidth QoS by 1MB') #unit is KB net_bandwidth = 2 * 1024 vm1 = test_stub.create_vm(vm_name='vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName')) l3_net_uuid2 = test_lib.lib_get_l3_by_name( os.environ.get('l3VlanNetworkName1')).uuid test_obj_dict.add_vm(vm1) vm1.check() vm1_inv = vm1.get_vm() test_stub.make_ssh_no_password(vm1_inv) vm1_ip = vm1_inv.vmNics[0].ip vm2 = test_stub.create_vm(vm_name='vm_net_inbound_outbound_qos', l3_name=os.environ.get('l3PublicNetworkName')) test_obj_dict.add_vm(vm2) vm2.check() vm2_inv = vm2.get_vm() vm2_ip = vm2_inv.vmNics[0].ip test_stub.make_ssh_no_password(vm2_inv) test_stub.copy_key_file(vm1_inv) test_stub.copy_key_file(vm2_inv) test_stub.create_test_file(vm1_inv, net_bandwidth) test_stub.create_test_file(vm2_inv, net_bandwidth) vm1.add_nic(l3_net_uuid2) vm2.add_nic(l3_net_uuid2) # Set a single nic to smaller bandwidth vm_nic = test_lib.lib_get_vm_nic_by_l3(vm1.vm, l3_net_uuid2) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth * 8 * 1024 / 2) vm1.stop() vm2.stop() vm1.start() vm2.start() ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null' cmd = "pkill dhclient" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) cmd = "dhclient eth0 eth1" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) test_stub.test_scp_outbound_speed( vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid2).ip, net_bandwidth / 2) #vm_ops.delete_instance_offering(new_offering_uuid) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network 2nd nic QoS Test Pass')
def test(): global new_offering_uuid test_util.test_dsc('Test change VM network bandwidth QoS by 1MB') vm = test_stub.create_vm(vm_name = 'vm_net_qos') vm.check() l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid test_obj_dict.add_vm(vm) net_bandwidth = 512 vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth*8*1024/2) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth/2) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2) vm_ops.del_vm_nic_qos(vm_nic.uuid, 'out') time.sleep(1) if test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2, raise_exception=False): test_util.test_fail('VM network Outbound is not expected to be limited after qos setting is deleted') test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_primarystorage_vm(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip if hasattr(vm_config, 'hostRef'): host = get_deploy_host(vm_config.hostRef.text_, deploy_config) if not hasattr(host, 'port_') or host.port_ == '22': host_port = '22' else: host_port = host.port_ else: host_port = '22' for primaryStorageRef in xmlobject.safe_list(vm_config.primaryStorageRef): print primaryStorageRef.text_ for zone in xmlobject.safe_list(deploy_config.zones.zone): if primaryStorageRef.type_ == 'nfs': for nfsPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.nfsPrimaryStorage): if primaryStorageRef.text_ == nfsPrimaryStorage.name_: test_util.test_logger('[vm:] %s setup nfs service.' % (vm_ip)) # TODO: multiple NFS PS may refer to same host's different DIR nfsPath = nfsPrimaryStorage.url_.split(':')[1] cmd = "echo '%s *(rw,sync,no_root_squash)' > /etc/exports" % (nfsPath) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port)) cmd = "mkdir -p %s && service rpcbind restart && service nfs restart" % (nfsPath) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port)) cmd = "iptables -w 20 -I INPUT -p tcp -m tcp --dport 2049 -j ACCEPT && iptables -w 20 -I INPUT -p udp -m udp --dport 2049 -j ACCEPT" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host_port)) return
def test(): global test_obj_dict test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm1.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip target_ip_prefix = '10.10.10.' test_util.test_dsc("Create security groups.") for i in range(sg_num): target_ip = '%s%s' % (target_ip_prefix, str(1+i)) rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, target_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, target_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, target_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, target_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, target_ip) sg = test_stub.create_sg() test_obj_dict.add_sg(sg.security_group.uuid) sg.add_rule([rule1, rule2, rule3, rule4, rule5]) sg_vm.attach(sg, [vm_nics]) time.sleep(3) #need regularlly clean up log files in virtual router when doing stress test test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm) #clean up all vm and sg test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('Create/Destroy VM with VR successfully')
def setup_primarystorage_vm(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip host = get_host(vm_config, deploy_config) if not hasattr(host, 'port_') or host.port_ == '22': host.port_ = '22' for primaryStorageRef in xmlobject.safe_list(vm_config.primaryStorageRef): print primaryStorageRef.text_ for zone in xmlobject.safe_list(deploy_config.zones.zone): if primaryStorageRef.type_ == 'nfs': for nfsPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.nfsPrimaryStorage): if primaryStorageRef.text_ == nfsPrimaryStorage.name_: test_util.test_logger('[vm:] %s setup nfs service.' % (vm_ip)) # TODO: multiple NFS PS may refer to same host's different DIR nfsPath = nfsPrimaryStorage.url_.split(':')[1] cmd = "echo '%s *(rw,sync,no_root_squash)' > /etc/exports" % (nfsPath) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) cmd = "mkdir -p %s && service rpcbind restart && service nfs restart" % (nfsPath) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) cmd = "iptables -w 20 -I INPUT -p tcp -m tcp --dport 2049 -j ACCEPT && iptables -w 20 -I INPUT -p udp -m udp --dport 2049 -j ACCEPT" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) return elif primaryStorageRef.type_ == 'ceph': for cephPrimaryStorage in xmlobject.safe_list(zone.primaryStorages.cephPrimaryStorage): if primaryStorageRef.text_ == cephPrimaryStorage.name_: test_util.test_logger('[vm:] %s setup ceph service.' % (vm_ip)) ssh.scp_file("%s/%s" % (os.environ.get('woodpecker_root_path'), '/tools/setup_ceph_nodes.sh'), '/tmp/setup_ceph_nodes.sh', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, port=host.port_) cmd = "bash -ex /tmp/setup_ceph_nodes.sh" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) #nfsPath = nfsPrimaryStorage.url_.split(':')[1] return
def test(): global new_offering_uuid test_util.test_dsc('Test change VM network bandwidth QoS by 1MB') vm = test_stub.create_vm(vm_name='vm_net_qos') l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid test_obj_dict.add_vm(vm) net_bandwidth = 512 * 1024 vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth / 2) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth / 2) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_mn_host_vm(vm_inv, vm_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip vm_nic = os.environ.get('nodeNic') vm_netmask = os.environ.get('nodeNetMask') vm_gateway = os.environ.get('nodeGateway') cmd = '/usr/local/bin/zs-network-setting -b %s %s %s %s' % (vm_nic, vm_ip, vm_netmask, vm_gateway) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
def test(): global new_offering_uuid test_util.test_dsc('Test change VM network bandwidth QoS by 1MB') vm = test_stub.create_vm(vm_name = 'vm_net_qos') l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid test_obj_dict.add_vm(vm) net_bandwidth = 512 * 1024 vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth/2) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth/2) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth/2) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network QoS change instance offering Test Pass')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() sg_vm = test_sg_vm_header.ZstackTestSgVm() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3]) sg_vm.add_stub_vm(l3_uuid, vm2) #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() #remove vm1 nic from sg1 test_util.test_dsc("Remove nic from security group 1 to stopped vm1.") sg_vm.detach(sg1, nic_uuid) test_util.test_dsc("Start VM1") vm1.start() vm1.check() sg_vm.check() vm1.destroy() vm2.destroy() sg_vm.delete_sg(sg1) test_util.test_pass('Detach stopped VM NIC from Security Group Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() sg_vm = test_sg_vm_header.ZstackTestSgVm() test_obj_dict.set_sg_vm(sg_vm) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg1.add_rule([rule2]) sg1.add_rule([rule3]) sg_vm.check() nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid # nic_uuid3 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) # vm3_nics = (nic_uuid3, vm3) #test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1]) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) #sg_vm.attach(sg1, [vm1_nics, vm2_nics, vm3_nics]) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() sg_vm.delete_sg(sg1) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Delete Security Group with 2 attached NICs Success')
def test(): global test_obj_dict test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm1.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip target_ip_prefix = '10.10.10.' rule_list = [] for j in range(rule_num): target_ip = '%s%s' % (target_ip_prefix, str(1 + j)) rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, target_ip) rule_list.append(rule) sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg1.add_rule(rule_list) sg_vm.attach(sg1, [vm_nics]) rule_list = [] for j in range(rule_num): target_ip = '%s%s' % (target_ip_prefix, str(1 + j)) rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, target_ip) rule_list.append(rule) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg2.add_rule(rule_list) sg_vm.attach(sg2, [vm_nics]) sg1_rules = test_lib.lib_get_sg_rule(sg1.security_group.uuid) if len(sg1_rules) != 200: test_util.test_fail( "Did not find 200 SG rules for SG1: %s. We only catch %s rules" % (sg1.security_group.uuid, len(sg1_rules))) sg2_rules = test_lib.lib_get_sg_rule(sg2.security_group.uuid) if len(sg2_rules) != 200: test_util.test_fail( "Did not find 200 SG rules for SG2: %s. We only catch %s rules" % (sg2.security_group.uuid, len(sg2_rules))) time.sleep(3) #need regularlly clean up log files in virtual router when doing stress test test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm) #clean up all vm and sg test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('Create/Destroy VM with VR successfully')
def setup_vm_console(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip cmd = "sed -i 's/quiet/quiet console=ttyS0/g' /etc/default/grub" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) cmd = "grub2-mkconfig -o /boot/grub2/grub.cfg" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
def test(): global new_offering_uuid test_util.test_dsc('Test change VM network bandwidth QoS by 1MB') vm = test_stub.create_vm(vm_name='vm_net_qos') l3_uuid = vm.get_vm().vmNics[0].l3NetworkUuid test_obj_dict.add_vm(vm) net_bandwidth = 512 vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.vm, l3_uuid) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth * 8 * 1024) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth=net_bandwidth * 8 * 1024 / 2) vm.check() time.sleep(1) test_stub.make_ssh_no_password(vm.get_vm()) test_stub.create_test_file(vm.get_vm(), net_bandwidth / 2) test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2) vm_ops.del_vm_nic_qos(vm_nic.uuid, 'out') time.sleep(1) if test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2, raise_exception=False): test_util.test_fail( 'VM network Outbound is not expected to be limited after qos setting is deleted' ) vm.stop() vm.start() vm.check() if test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2, raise_exception=False): test_util.test_fail( 'VM network Outbound is not expected to be limited after qos setting is deleted even after reboot' ) vm.reboot() vm.check() if test_stub.test_scp_vm_outbound_speed(vm.get_vm(), net_bandwidth / 2, raise_exception=False): test_util.test_fail( 'VM network Outbound is not expected to be limited after qos setting is deleted even after reboot' ) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network QoS change instance offering Test Pass')
def setup_vm_no_password(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip # ssh.scp_file(os.environ.get('scenarioPriKey'), '/root/.ssh/id_rsa', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_) # ssh.scp_file(os.environ.get('scenarioPubKey'), '/root/.ssh/authorized_keys', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_) ssh.scp_file('/home/id_rsa', '/root/.ssh/id_rsa', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_) ssh.scp_file('/home/id_rsa.pub', '/root/.ssh/authorized_keys', vm_ip, vm_config.imageUsername_, vm_config.imagePassword_) cmd = 'chmod go-rwx /root/.ssh/authorized_keys /root/.ssh/id_rsa' ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) cmd = "sed -i 's/.*StrictHostKeyChecking.*$/StrictHostKeyChecking no/g' /etc/ssh/ssh_config" ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22)
def deploy_scenario(scenario_config, scenario_file, deploy_config): zstack_management_ip = scenario_config.basicConfig.zstackManagementIp.text_ root_xml = etree.Element("deployerConfig") vms_xml = etree.SubElement(root_xml, 'vms') for host in xmlobject.safe_list(scenario_config.deployerConfig.hosts.host): for vm in xmlobject.safe_list(host.vms.vm): vm_creation_option = test_util.VmOption() l3_uuid_list = [] default_l3_uuid = None for l3network in xmlobject.safe_list(vm.l3Networks.l3Network): if not default_l3_uuid: default_l3_uuid = l3network.uuid_ l3_uuid_list.append(l3network.uuid_) vm_creation_option.set_instance_offering_uuid(vm.vmInstranceOfferingUuid_) vm_creation_option.set_l3_uuids(l3_uuid_list) vm_creation_option.set_image_uuid(vm.imageUuid_) vm_creation_option.set_name(vm.name_) vm_creation_option.set_host_uuid(host.uuid_) #vm_creation_option.set_data_disk_uuids(disk_offering_uuids) #vm_creation_option.set_default_l3_uuid(default_l3_uuid) #vm_creation_option.set_system_tags(system_tags) #vm_creation_option.set_ps_uuid(ps_uuid) #vm_creation_option.set_session_uuid(session_uuid) vm_inv = create_vm(zstack_management_ip, vm_creation_option) vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, default_l3_uuid).ip test_lib.lib_wait_target_up(vm_ip, '22', 120) vm_xml = etree.SubElement(vms_xml, 'vm') vm_xml.set('name', vm.name_) vm_xml.set('ip', vm_ip) vm_xml.set('uuid', vm_inv.uuid) if xmlobject.has_element(vm, 'nodeRef'): setup_node_vm(vm_inv, vm, deploy_config) if xmlobject.has_element(vm, 'hostRef'): setup_host_vm(vm_inv, vm, deploy_config) vm_xml.set('managementIp', vm_ip) if xmlobject.has_element(vm, 'backupStorageRef'): volume_option = test_util.VolumeOption() volume_option.set_name('debug_scenario') for bs_ref in xmlobject.safe_list(vm.backupStorageRef): if bs_ref.type_ == 'ceph': disk_offering_uuid = bs_ref.offering_uuid_ volume_option.set_disk_offering_uuid(disk_offering_uuid) volume_inv = create_volume_from_offering(zstack_management_ip, volume_option) attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid) break setup_backupstorage_vm(vm_inv, vm, deploy_config) if xmlobject.has_element(vm, 'primaryStorageRef'): setup_primarystorage_vm(vm_inv, vm, deploy_config) xml_string = etree.tostring(root_xml, 'utf-8') xml_string = minidom.parseString(xml_string).toprettyxml(indent=" ") open(scenario_file, 'w+').write(xml_string)
def check(self): super(zstack_vcenter_sg_tcp_ingress_checker, self).check() all_ports = port_header.all_ports test_result = True test_util.test_dsc('Check TCP ingress rules') nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr) allowed_ports = [] for rule in rules: rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort)) test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid)) for port in rule_allowed_ports: if not port in allowed_ports: allowed_ports.append(port) if not allowed_ports: #If no allowed port, it means all denied. denied_ports = list(all_ports) else: denied_ports = list_ops.list_minus(all_ports, allowed_ports) test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: try: test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid) test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports) except: traceback.print_exc(file=sys.stdout) test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid)) test_result = False else: test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid) print_iptables(test_vm) return self.judge(test_result)
def test(): global new_offering_uuid test_util.test_dsc( 'Test VM network outbound & inbound bandwidth QoS by 1MB') #unit is KB net_bandwidth = 1024 new_offering = test_lib.lib_create_instance_offering(net_outbound_bandwidth = net_bandwidth, \ net_inbound_bandwidth = net_bandwidth) new_offering_uuid = new_offering.uuid vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \ instance_offering_uuid = new_offering.uuid) test_obj_dict.add_vm(vm1) vm1.check() vm1_inv = vm1.get_vm() test_stub.make_ssh_no_password(vm1_inv) vm1_ip = vm1_inv.vmNics[0].ip vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \ instance_offering_uuid = new_offering.uuid) test_obj_dict.add_vm(vm2) vm2.check() vm2_inv = vm2.get_vm() vm2_ip = vm2_inv.vmNics[0].ip test_stub.make_ssh_no_password(vm2_inv) test_stub.copy_key_file(vm1_inv) test_stub.copy_key_file(vm2_inv) test_stub.create_test_file(vm1_inv, net_bandwidth) test_stub.create_test_file(vm2_inv, net_bandwidth) l3_name = os.environ.get('l3VlanNetworkName1') l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid vm1.add_nic(l3_net_uuid) vm2.add_nic(l3_net_uuid) ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null' cmd = "pkill dhclient" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) cmd = "dhclient eth0 eth1" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) test_stub.test_scp_outbound_speed( vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip, net_bandwidth) vm_ops.delete_instance_offering(new_offering_uuid) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network Outbound QoS Test Pass')
def check(self): super(zstack_kvm_sg_tcp_ingress_checker, self).check() all_ports = port_header.all_ports test_result = True test_util.test_dsc('Check TCP ingress rules') nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: test_util.test_warn('Did not find test stub vm for [nic:] %s. Skip TCP ingress port checking for this nic.' % self.nic_uuid) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip rules = self.test_obj.get_nic_tcp_ingress_rule_by_addr(self.nic_uuid, target_addr) allowed_ports = [] for rule in rules: rule_allowed_ports = port_header.get_ports(port_header.get_port_rule(rule.startPort)) test_util.test_logger('[SG:] %s [ingress rule]: %s allow to access [nic:] %s [ports]: %s from [vm:] %s' % (rule.securityGroupUuid, rule.uuid, self.nic_uuid, rule_allowed_ports, stub_vm.uuid)) for port in rule_allowed_ports: if not port in allowed_ports: allowed_ports.append(port) if not allowed_ports: #If no allowed port, it means all denied. denied_ports = list(all_ports) else: denied_ports = list_ops.list_minus(all_ports, allowed_ports) test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: try: test_lib.lib_open_vm_listen_ports(test_vm, all_ports, l3_uuid) test_lib.lib_check_vm_ports_in_a_command(stub_vm, test_vm, allowed_ports, denied_ports) except: traceback.print_exc(file=sys.stdout) test_util.test_logger('Check result: [Security Group] meets failure when checking TCP ingress rule for [vm:] %s [nic:] %s. ' % (test_vm.uuid, self.nic_uuid)) test_result = False else: test_util.test_warn('Test [vm:] %s is not running. Skip SG TCP ingress connection checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] finishes TCP ingress testing for [nic:] %s' % self.nic_uuid) print_iptables(test_vm) return self.judge(test_result)
def test(): global test_obj_dict test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm1.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip target_ip_prefix = '10.10.10.' rule_list = [] for j in range(rule_num): target_ip = '%s%s' % (target_ip_prefix, str(1+j)) rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, target_ip) rule_list.append(rule) sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg1.add_rule(rule_list) sg_vm.attach(sg1, [vm_nics]) rule_list = [] for j in range(rule_num): target_ip = '%s%s' % (target_ip_prefix, str(1+j)) rule = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, target_ip) rule_list.append(rule) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg2.add_rule(rule_list) sg_vm.attach(sg2, [vm_nics]) sg1_rules = test_lib.lib_get_sg_rule(sg1.security_group.uuid) if len(sg1_rules) != 200: test_util.test_fail("Did not find 200 SG rules for SG1: %s. We only catch %s rules" % (sg1.security_group.uuid, len(sg1_rules))) sg2_rules = test_lib.lib_get_sg_rule(sg2.security_group.uuid) if len(sg2_rules) != 200: test_util.test_fail("Did not find 200 SG rules for SG2: %s. We only catch %s rules" % (sg2.security_group.uuid, len(sg2_rules))) time.sleep(3) #need regularlly clean up log files in virtual router when doing stress test test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm) #clean up all vm and sg test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('Create/Destroy VM with VR successfully')
def recover_after_host_vm_reboot(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network): if hasattr(l3network, 'l2NetworkRef'): for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef): nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config) if nic_name.find('.') >= 0: vlan = nic_name.split('.')[1] test_util.test_logger('[vm:] %s %s is created.' % (vm_ip, nic_name)) cmd = 'vconfig add %s %s' % (nic_name.split('.')[0], vlan) try: ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) except: pass
def setup_host_vm(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip cmd = 'hostnamectl set-hostname %s' % (vm_ip.replace('.', '-')) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) udev_config = '' nic_id = 0 for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network): for vmnic in vm_inv.vmNics: if vmnic.l3NetworkUuid == l3network.uuid_: vmnic_mac = vmnic.mac break nic_name = None if hasattr(l3network, 'l2NetworkRef'): for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef): nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config) if nic_name.find('.') < 0: break if nic_name == None: nic_name = "eth%s" % (nic_id) nic_id += 1 udev_config = udev_config + '\\nACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{type}=="1", ATTR{address}=="%s", NAME="%s"' % (vmnic_mac, nic_name) cmd = 'echo %s > /etc/udev/rules.d/70-persistent-net.rules' % (udev_config) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) for l3network in xmlobject.safe_list(vm_config.l3Networks.l3Network): if hasattr(l3network, 'l2NetworkRef'): for l2networkref in xmlobject.safe_list(l3network.l2NetworkRef): nic_name = get_ref_l2_nic_name(l2networkref.text_, deploy_config) if nic_name.find('.') >= 0: vlan = nic_name.split('.')[1] test_util.test_logger('[vm:] %s %s is created.' % (vm_ip, nic_name)) cmd = 'vconfig add %s %s' % (nic_name.split('.')[0], vlan) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) host = get_deploy_host(vm_config.hostRef.text_, deploy_config) if hasattr(host, 'port_') and host.port_ != '22': cmd = "sed -i 's/#Port 22/Port %s/g' /etc/ssh/sshd_config && iptables -I INPUT -p tcp -m tcp --dport %s -j ACCEPT && service sshd restart" % (host.port_, host.port_) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, 22) else: host.port_ = '22' if host.username_ != 'root': cmd = 'adduser %s && echo -e %s\\\\n%s | passwd %s' % (host.username_, host.password_, host.password_, host.username_) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) cmd = "echo '%s ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" % (host.username_) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_))
def check(self): super(zstack_kvm_vm_default_l3_checker, self).check() vm = self.test_obj.vm default_l3_uuid \ = self.test_obj.get_creation_option().get_default_l3_uuid() if vm.defaultL3NetworkUuid != default_l3_uuid: test_util.test_logger( 'Checker Fail: VM: %s setting default l3 uuid: %s is different with the one in database: %s' % (vm.uuid, default_l3_uuid, vm.defaultL3NetworkUuid)) return self.judge(False) for vm_nic in vm.vmNics: if vm_nic.l3NetworkUuid == default_l3_uuid: gateway = vm_nic.gateway break else: test_util.test_logger( 'Checker Fail: Did not find default l3: %s is belonged to any VM: %s vmNics: %s' % (default_l3_uuid, vm.uuid, vm.vmNics)) return self.judge(False) test_lib.lib_install_testagent_to_vr(vm) host = test_lib.lib_get_vm_host(vm) test_lib.lib_install_testagent_to_host(host) test_lib.lib_set_vm_host_l2_ip(vm) nic = test_lib.lib_get_vm_nic_by_l3(vm, default_l3_uuid) command = 'route|grep default' cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry( host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), command, self.exp_result) if not cmd_result: test_util.test_logger( 'Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name)) return self.judge(False) if isinstance(cmd_result, str) and gateway in cmd_result: test_util.test_logger( 'Checker result: gateway %s is SUCCESSFULLY set in guest [vm:] %s default router. ' % (gateway, vm.uuid)) return self.judge(True) else: test_util.test_logger( 'Checker result: gateway: %s is NOT set in guest [vm:] %s default router. The default route is : %s' % (gateway, vm.uuid, cmd_result)) return self.judge(False)
def test(): global new_offering_uuid test_util.test_dsc('Test VM network outbound & inbound bandwidth QoS by 1MB') #unit is KB net_bandwidth = 1024 new_offering = test_lib.lib_create_instance_offering(net_outbound_bandwidth = net_bandwidth, \ net_inbound_bandwidth = net_bandwidth) new_offering_uuid = new_offering.uuid vm1 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \ instance_offering_uuid = new_offering.uuid) test_obj_dict.add_vm(vm1) vm1.check() vm1_inv = vm1.get_vm() test_stub.make_ssh_no_password(vm1_inv) vm1_ip = vm1_inv.vmNics[0].ip vm2 = test_stub.create_vm(vm_name = 'vm_net_inbound_outbound_qos', \ instance_offering_uuid = new_offering.uuid) test_obj_dict.add_vm(vm2) vm2.check() vm2_inv = vm2.get_vm() vm2_ip = vm2_inv.vmNics[0].ip test_stub.make_ssh_no_password(vm2_inv) test_stub.copy_key_file(vm1_inv) test_stub.copy_key_file(vm2_inv) test_stub.create_test_file(vm1_inv, net_bandwidth) test_stub.create_test_file(vm2_inv, net_bandwidth) l3_name = os.environ.get('l3VlanNetworkName1') l3_net_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid vm1.add_nic(l3_net_uuid) vm2.add_nic(l3_net_uuid) ssh_cmd = 'ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -oUserKnownHostsFile=/dev/null' cmd = "pkill dhclient" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) cmd = "dhclient eth0 eth1" os.system("%s %s %s" % (ssh_cmd, vm1_ip, cmd)) os.system("%s %s %s" % (ssh_cmd, vm2_ip, cmd)) test_stub.test_scp_outbound_speed(vm1_ip, test_lib.lib_get_vm_nic_by_l3(vm2.get_vm(), l3_net_uuid).ip, net_bandwidth) vm_ops.delete_instance_offering(new_offering_uuid) test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('VM Network Outbound QoS Test Pass')
def setup_backupstorage_vm(vm_inv, vm_config, deploy_config): vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, vm_inv.defaultL3NetworkUuid).ip host = get_host(vm_config, deploy_config) if not hasattr(host, 'port_') or host.port_ == '22': host.port_ = '22' for backupStorageRef in xmlobject.safe_list(vm_config.backupStorageRef): print backupStorageRef.text_ if backupStorageRef.type_ == 'sftp': for sftpBackupStorage in xmlobject.safe_list(deploy_config.backupStorages.sftpBackupStorage): if backupStorageRef.text_ == sftpBackupStorage.name_: # TODO: sftp may setup with non-root or non-default user/password port test_util.test_logger('[vm:] %s setup sftp service.' % (vm_ip)) cmd = "mkdir -p %s" % (sftpBackupStorage.url_) ssh.execute(cmd, vm_ip, vm_config.imageUsername_, vm_config.imagePassword_, True, int(host.port_)) return
def get_all_available_vr_ip(self): vip = self.test_obj.get_vip() l3_uuid = vip.l3NetworkUuid vrs = test_lib.lib_find_vr_by_l3_uuid(l3_uuid) eip_vm_vr_uuids = [] if self.vm_nic_uuid: #target_vm's VRs should be excluded, otherwise the ip package will be routed to this VR directly. vm_nic = test_lib.lib_get_nic_by_uuid(self.vm_nic_uuid) vr_l3_uuid = vm_nic.l3NetworkUuid vr = test_lib.lib_find_vr_by_l3_uuid(vr_l3_uuid)[0] eip_vm_vr_uuids.append(vr.uuid) for vr in vrs: vnic = test_lib.lib_get_vm_nic_by_l3(vr, l3_uuid) if vr.uuid in eip_vm_vr_uuids: continue ip = vnic.ip self.available_vr_dict[ip] = vr
def check(self): super(zstack_kvm_sg_icmp_ingress_checker, self).check() test_result = True nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid test_util.test_dsc('Check ICMP ingress rules') if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: #test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr) test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr) target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid) if rules: if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid)) test_result = False else: if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid)) print_iptables(test_vm) return self.judge(test_result)
def check(self): super(zstack_vcenter_sg_icmp_ingress_checker, self).check() test_result = True nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid) l3_uuid = nic.l3NetworkUuid test_util.test_dsc('Check ICMP ingress rules') if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid) return self.judge(self.exp_result) stub_vm = self.test_obj.get_stub_vm(l3_uuid) if not stub_vm: test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr) return self.judge(self.exp_result) stub_vm = stub_vm.vm stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip target_addr = '%s/32' % stub_vm_ip test_vm = test_lib.lib_get_vm_by_nic(nic.uuid) if test_vm.state == inventory.RUNNING: rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr) target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid) if rules: if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid)) test_result = False else: if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True): test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid)) else: test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid) test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid)) print_iptables(test_vm) return self.judge(test_result)
def test(): global test_obj_dict test_util.test_dsc("Create 1 VMs with vlan VR L3 network for SG testing.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm1.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm1_ip = test_lib.lib_get_vm_nic_by_l3(vr_vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm1_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm1_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm1_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm1_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm1_ip) sg1.add_rule([rule1, rule2, rule3, rule4, rule5]) sg_vm.attach(sg1, [vm_nics]) time.sleep(3) #need regularlly clean up log files in virtual router when doing stress test test_lib.lib_check_cleanup_vr_logs_by_vm(vm1.vm) #clean up all vm and sg test_lib.lib_robot_cleanup(test_obj_dict) test_util.test_pass('Create/Destroy VM with VR successfully')
def check(self): super(zstack_kvm_vm_default_l3_checker, self).check() vm = self.test_obj.vm default_l3_uuid \ = self.test_obj.get_creation_option().get_default_l3_uuid() if vm.defaultL3NetworkUuid != default_l3_uuid: test_util.test_logger('Checker Fail: VM: %s setting default l3 uuid: %s is different with the one in database: %s' % (vm.uuid, default_l3_uuid, vm.defaultL3NetworkUuid)) return self.judge(False) for vm_nic in vm.vmNics: if vm_nic.l3NetworkUuid == default_l3_uuid: gateway = vm_nic.gateway break else: test_util.test_logger('Checker Fail: Did not find default l3: %s is belonged to any VM: %s vmNics: %s' % (default_l3_uuid, vm.uuid, vm.vmNics)) return self.judge(False) test_lib.lib_install_testagent_to_vr(vm) host = test_lib.lib_get_vm_host(vm) test_lib.lib_install_testagent_to_host(host) test_lib.lib_set_vm_host_l2_ip(vm) nic = test_lib.lib_get_vm_nic_by_l3(vm, default_l3_uuid) command = 'route -n |grep ^0.0.0.0' cmd_result = test_lib.lib_ssh_vm_cmd_by_agent_with_retry(host.managementIp, nic.ip, test_lib.lib_get_vm_username(vm), test_lib.lib_get_vm_password(vm), command, self.exp_result) if not cmd_result: test_util.test_logger('Checker result: FAIL to execute test ssh command in test [vm:] %s throught [host:] %s.' % (vm.uuid, host.name)) return self.judge(False) if isinstance(cmd_result, str) and gateway in cmd_result: test_util.test_logger('Checker result: gateway %s is SUCCESSFULLY set in guest [vm:] %s default router. ' % (gateway, vm.uuid)) return self.judge(True) else: test_util.test_logger('Checker result: gateway: %s is NOT set in guest [vm:] %s default router. The default route is : %s' % (gateway, vm.uuid, cmd_result)) return self.judge(False)
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports)) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove nic from security group 1.") sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Add rule2, rule3 back to security group 1.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg1.add_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.check() vm2.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format(VLAN1_NAME, VLAN2_NAME)) vm1 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME) test_obj_dict.add_vm(vm1) vm1.check() vm2 = test_stub.create_vm_with_random_offering(vm_name='vpc_vm_{}'.format(VLAN2_NAME), l3_name=VLAN2_NAME) test_obj_dict.add_vm(vm2) vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm2.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports)) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove nic from security group 1.") sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Add rule2, rule3 back to security group 1.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg1.add_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.check() vm2.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success') test_lib.lib_error_cleanup(test_obj_dict) test_stub.remove_all_vpc_vrouter()
def deploy_scenario(scenario_config, scenario_file, deploy_config): vm_inv_lst = [] vm_cfg_lst = [] eip_lst = [] vip_lst = [] ocfs2smp_shareable_volume_is_created = False zstack_management_ip = scenario_config.basicConfig.zstackManagementIp.text_ root_xml = etree.Element("deployerConfig") vms_xml = etree.SubElement(root_xml, 'vms') for host in xmlobject.safe_list(scenario_config.deployerConfig.hosts.host): for vm in xmlobject.safe_list(host.vms.vm): vm_creation_option = test_util.VmOption() l3_uuid_list = [] default_l3_uuid = None for l3network in xmlobject.safe_list(vm.l3Networks.l3Network): if not default_l3_uuid: default_l3_uuid = l3network.uuid_ l3_uuid_list.append(l3network.uuid_) vm_creation_option.set_instance_offering_uuid(vm.vmInstranceOfferingUuid_) vm_creation_option.set_l3_uuids(l3_uuid_list) vm_creation_option.set_image_uuid(vm.imageUuid_) vm_creation_option.set_name(vm.name_) vm_creation_option.set_host_uuid(host.uuid_) #vm_creation_option.set_data_disk_uuids(disk_offering_uuids) #vm_creation_option.set_default_l3_uuid(default_l3_uuid) #vm_creation_option.set_system_tags(system_tags) #vm_creation_option.set_ps_uuid(ps_uuid) #vm_creation_option.set_session_uuid(session_uuid) vm_inv = create_vm(zstack_management_ip, vm_creation_option) vm_ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, default_l3_uuid).ip test_lib.lib_wait_target_up(vm_ip, '22', 120) vm_xml = etree.SubElement(vms_xml, 'vm') vm_xml.set('name', vm.name_) vm_xml.set('uuid', vm_inv.uuid) vm_xml.set('ip', vm_ip) setup_vm_no_password(vm_inv, vm, deploy_config) setup_vm_console(vm_inv, vm, deploy_config) stop_vm(zstack_management_ip, vm_inv.uuid) start_vm(zstack_management_ip, vm_inv.uuid) test_lib.lib_wait_target_up(vm_ip, '22', 120) ips_xml = etree.SubElement(vm_xml, 'ips') for l3_uuid in l3_uuid_list: ip_xml = etree.SubElement(ips_xml, 'ip') ip = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3_uuid).ip ip_xml.set('ip', ip) #setup eip if xmlobject.has_element(vm, 'eipRef'): vm_nic = vm_inv.vm.vmNics[0] vm_nic_uuid = vm_nic.uuid for l3network in xmlobject.safe_list(vm.l3Networks.l3Network): vip = test_stub.create_vip('scenario-auto-vip', l3network.uuid_) vip_lst.append(vip) eip = test_stub.create_eip(l3network.eipRef.text_, vip_uuid=vip.get_vip().uuid, vnic_uuid=vm_nic_uuid, vm_obj=vm_inv) eip_lst.append(eip) vip.attach_eip(eip) vm_xml.set('ip', eip.get_eip().vipIp) if xmlobject.has_element(vm, 'nodeRef'): setup_node_vm(vm_inv, vm, deploy_config) if xmlobject.has_element(vm, 'hostRef'): setup_host_vm(vm_inv, vm, deploy_config) vm_inv_lst.append(vm_inv) vm_cfg_lst.append(vm) vm_xml.set('managementIp', vm_ip) if xmlobject.has_element(vm, 'mnHostRef'): setup_mn_host_vm(vm_inv, vm) if xmlobject.has_element(vm, 'backupStorageRef'): volume_option = test_util.VolumeOption() volume_option.set_name(os.environ.get('volumeName')) for bs_ref in xmlobject.safe_list(vm.backupStorageRef): if bs_ref.type_ == 'ceph': disk_offering_uuid = bs_ref.offering_uuid_ volume_option.set_disk_offering_uuid(disk_offering_uuid) volume_inv = create_volume_from_offering(zstack_management_ip, volume_option) attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid) break if bs_ref.type_ == 'fusionstor': disk_offering_uuid = bs_ref.offering_uuid_ volume_option.set_disk_offering_uuid(disk_offering_uuid) volume_inv = create_volume_from_offering(zstack_management_ip, volume_option) volume_inv1 = create_volume_from_offering(zstack_management_ip, volume_option) volume_inv2 = create_volume_from_offering(zstack_management_ip, volume_option) attach_volume(zstack_management_ip, volume_inv.uuid, vm_inv.uuid) attach_volume(zstack_management_ip, volume_inv1.uuid, vm_inv.uuid) attach_volume(zstack_management_ip, volume_inv2.uuid, vm_inv.uuid) break setup_backupstorage_vm(vm_inv, vm, deploy_config) if xmlobject.has_element(vm, 'primaryStorageRef'): setup_primarystorage_vm(vm_inv, vm, deploy_config) for ps_ref in xmlobject.safe_list(vm.primaryStorageRef): if ps_ref.type_ == 'ocfs2smp': if ocfs2smp_shareable_volume_is_created == False and hasattr(ps_ref, 'disk_offering_uuid_'): ocfs2smp_disk_offering_uuid = ps_ref.disk_offering_uuid_ volume_option.set_disk_offering_uuid(ocfs2smp_disk_offering_uuid) volume_option.set_system_tags(['ephemeral::shareable', 'capability::virtio-scsi']) share_volume_inv = create_volume_from_offering(zstack_management_ip, volume_option) ocfs2smp_shareable_volume_is_created = True attach_volume(zstack_management_ip, share_volume_inv.uuid, vm_inv.uuid) xml_string = etree.tostring(root_xml, 'utf-8') xml_string = minidom.parseString(xml_string).toprettyxml(indent=" ") open(scenario_file, 'w+').write(xml_string) setup_ceph_storages(scenario_config, scenario_file, deploy_config) setup_ocfs2smp_primary_storages(scenario_config, scenario_file, deploy_config, vm_inv_lst, vm_cfg_lst) setup_fusionstor_storages(scenario_config, scenario_file, deploy_config)
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm3 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm3) vm1.check() vm2.check() vm3.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip) sg1.add_rule([rule1]) sg_vm.add_stub_vm(l3_uuid, vm3) sg_vm.check() nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) #test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1]) test_util.test_dsc("Add vm 1 nic to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm1_nics]) sg_vm.check() test_util.test_dsc("Detach security group 1 from vm1's l3 network.") test_util.test_dsc("VM1 nic will be automatically removed from SG1") sg_vm.detach_l3(sg1, l3_uuid) sg_vm.check() test_util.test_dsc("Add vm 1 & vm 2 nics to security group 1.") sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Detach security group 1 from vm1's l3 network. It will cause both vm1 and vm2 nics are detached from sg1.") sg_vm.detach_l3(sg1, l3_uuid) sg_vm.check() #Reboot Vm1 and check sg again. vm1.reboot() vm1.check() sg_vm.check() test_util.test_dsc("Add vm 1 & vm 2 nics to security group 1.") sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Detach security group 1 from vm1's l3 network. It will cause both vm1 and vm2 nics are detached from sg1.") sg_vm.detach_l3(sg1, l3_uuid) sg_vm.check() #delete sg1 test_util.test_dsc("Delete security group 1.") sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() #Cleanup vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) vm3.destroy() test_obj_dict.rm_vm(vm3) test_util.test_pass('Security Group Detach from L3 network with 2 VMs on virtual router Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm) test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100") rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) test_util.test_dsc("Create SG rule2: allow connection from vm2 to port 9000~10000") rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule4: allow ICMP connection to VR") rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule5: allow icmp from vm2") rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule6: allow icmp to vm2") rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3, rule4]) sg2.add_rule([rule5]) sg3.add_rule([rule6]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip)) #add sg2 test_util.test_dsc("Add VM1 nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) test_util.test_dsc("remove rule5 from sg2") sg2.delete_rule([rule5]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail('Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg1.delete() test_obj_dict.rm_sg(sg1.security_group.uuid) sg2.delete() test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.check() sg3.delete() test_obj_dict.rm_sg(sg3.security_group.uuid) test_util.test_pass('Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test(): global vm, session_uuid global all_volume_offering_uuid, rw_volume_offering_uuid, instance_offering_uuid global test_account_uuid test_util.test_dsc('Test normal account change the qos network and volume ') #create normal account test_util.test_dsc('create normal account') account_name = 'a' account_pass = hashlib.sha512(account_name).hexdigest() test_account = acc_ops.create_normal_account(account_name, account_pass) test_account_uuid = test_account.uuid test_account_session = acc_ops.login_by_account(account_name, account_pass) #create disk offering test_util.test_dsc('create disk offering') name_all = 'all_disk_offering' volume_bandwidth = 30*1024*1024 all_volume_offering = test_lib.lib_create_disk_offering(name = name_all, volume_bandwidth = volume_bandwidth) all_volume_offering_uuid = all_volume_offering.uuid name_rw = 'rw_disk_offering' volume_read_bandwidth = 90*1024*1024 volume_write_bandwidth = 100*1024*1024 rw_volume_offering = test_lib.lib_create_disk_offering(name = name_rw, read_bandwidth = volume_read_bandwidth, write_bandwidth = volume_write_bandwidth) rw_volume_offering_uuid = rw_volume_offering.uuid #create instance offering test_util.test_dsc('create instance offering') read_bandwidth = 50*1024*1024 write_bandwidth = 60*1024*1024 net_outbound_bandwidth = 70*1024*1024 net_inbound_bandwidth = 80*1024*1024 new_instance_offering = test_lib.lib_create_instance_offering(read_bandwidth = read_bandwidth, write_bandwidth=write_bandwidth, net_outbound_bandwidth = net_outbound_bandwidth, net_inbound_bandwidth = net_inbound_bandwidth) instance_offering_uuid = new_instance_offering.uuid #share admin resoure to normal account test_util.test_dsc('share admin resoure to normal account') test_stub.share_admin_resource([test_account_uuid]) acc_ops.share_resources([test_account_uuid], [all_volume_offering_uuid, rw_volume_offering_uuid]) #create vm with 2 data volumes test_util.test_dsc('create vm with volumes qos by normal account a') l3net_uuid = res_ops.get_resource(res_ops.L3_NETWORK, session_uuid = test_account_session)[0].uuid cond = res_ops.gen_query_conditions('platform', '=', 'Linux') image_uuid = res_ops.query_resource(res_ops.IMAGE, cond, session_uuid = test_account_session)[0].uuid vm_creation_option = test_util.VmOption() vm_creation_option.set_instance_offering_uuid(instance_offering_uuid) vm_creation_option.set_image_uuid(image_uuid) vm_creation_option.set_l3_uuids([l3net_uuid]) vm = test_stub.create_vm_with_volume(vm_creation_option = vm_creation_option, data_volume_uuids = [all_volume_offering_uuid, rw_volume_offering_uuid], session_uuid = test_account_session) vm_inv = vm.get_vm() # get the nic uuid test_util.test_dsc('get the vm_nic') l3_uuid = vm_inv.vmNics[0].l3NetworkUuid vm_nic = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3_uuid) # get the volume uuid test_util.test_dsc('get the vm data volumes') cond1 = res_ops.gen_query_conditions("diskOfferingUuid", '=', all_volume_offering_uuid) cond2 = res_ops.gen_query_conditions("diskOfferingUuid", '=', rw_volume_offering_uuid) all_volume_uuid = res_ops.query_resource(res_ops.VOLUME, cond1)[0].uuid rw_volume_uuid = res_ops.query_resource(res_ops.VOLUME, cond2)[0].uuid #set root disk qos test_util.test_dsc('set read*2, read/2, write*2, write/2 and del the root disk read and write qos') try: vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = read_bandwidth*2, mode = 'read', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del the root disk read qos') try: vm_ops.del_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, mode = 'read', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = read_bandwidth/2, mode = 'read', session_uuid = test_account_session) test_util.test_dsc('set 2 times the root disk write qos') try: vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = write_bandwidth*2, mode = 'write', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del the root disk write qos') try: vm_ops.del_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, mode = 'write', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('set below the root disk write qos') vm_ops.set_vm_disk_qos(test_lib.lib_get_root_volume(vm_inv).uuid, volumeBandwidth = write_bandwidth/2, mode = 'write', session_uuid = test_account_session) #set data disk all_volume_uuid qos test_util.test_dsc('set read*2, read/2, write*2, write/2 and del the volume1 disk read and write qos') try: vm_ops.set_vm_disk_qos(all_volume_uuid, volumeBandwidth = volume_bandwidth*2, session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del the data volume qos') try: vm_ops.del_vm_disk_qos(all_volume_uuid, session_uuid = test_account_session) except: print "Test results were in line with expectations" pass vm_ops.set_vm_disk_qos(all_volume_uuid, volumeBandwidth = volume_bandwidth/2, session_uuid = test_account_session) #set data disk rw_volume_uuid write qos test_util.test_dsc('set 2 times the data rw_volume_uuid write qos') try: vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_write_bandwidth*2, mode = 'write', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del the data rw_volume_uuid write qos') try: vm_ops.del_vm_disk_qos(rw_volume_uuid, mode = 'write', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_write_bandwidth/2, mode = 'write', session_uuid = test_account_session) #set data disk rw_volume_uuid read qos test_util.test_dsc('set 2 times the data rw_volume_uuid read qos') try: vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_read_bandwidth*2, mode = 'read', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del the data rw_volume_uuid read qos') try: vm_ops.del_vm_disk_qos(rw_volume_uuid, mode = 'read', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass vm_ops.set_vm_disk_qos(rw_volume_uuid, volumeBandwidth = volume_read_bandwidth/2, mode = 'read', session_uuid = test_account_session) # set the vm nic qos test_util.test_dsc('set higher than net out and in ') try: vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth*2, inboundBandwidth = net_inbound_bandwidth*2, session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('set higher than net out and equal in ') try: vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth*2, inboundBandwidth = net_inbound_bandwidth, session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del net in ') try: vm_ops.del_vm_nic_qos(vm_nic.uuid, direction = 'in', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('del net out ') try: vm_ops.del_vm_nic_qos(vm_nic.uuid, direction = 'out', session_uuid = test_account_session) except: print "Test results were in line with expectations" pass test_util.test_dsc('set equal net out and in ') try: vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth, inboundBandwidth = net_inbound_bandwidth, session_uuid = test_account_session) #except: except Exception as e: test_util.test_logger(e) test_util.test_dsc('set below net out and in ') vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_outbound_bandwidth/2, inboundBandwidth = net_inbound_bandwidth/2, session_uuid = test_account_session) vm.check() vm.destroy(test_account_session) vm.check() vol_ops.delete_disk_offering(all_volume_offering_uuid) vol_ops.delete_disk_offering(rw_volume_offering_uuid) vol_ops.delete_volume(all_volume_uuid, test_account_session) vol_ops.delete_volume(rw_volume_uuid, test_account_session) acc_ops.delete_account(test_account_uuid) vm_ops.delete_instance_offering(instance_offering_uuid) test_util.test_pass('Create VM Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm3 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm3) vm1.check() vm2.check() vm3.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm3_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.add_stub_vm(l3_uuid, vm3) sg_vm.check() nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) #vm_nics = [nic_uuid1, nic_uuid2] #test_util.test_dsc("Create SG rule0: allow connection from vr to port 0~100. This is for enabling ssh connection from vr") #rule0 = inventory.SecurityGroupRuleAO() #rule0.allowedCidr = '%s/32' % vr_internal_ip #rule0.protocol = inventory.TCP #rule0.startPort = 0 #rule0.endPort = 100 #rule0.type = inventory.INGRESS #test_stub.lib_add_sg_rules(sg1.uuid, [rule0, rule1]) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Remove nic from security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports) sg_vm.detach(sg1, nic_uuid1) sg_vm.detach(sg1, nic_uuid2) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg2.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 to vm1 test_util.test_dsc("Add vm1 nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ingress ports for vm1 from vm3: %s" % tmp_allowed_ports) test_util.test_dsc("Allowed ingress ports for vm1 from vm3: %s" % test_stub.rule1_ports) test_util.test_dsc("Allowed ingress ports for vm2: %s" % test_stub.rule1_ports) sg_vm.attach(sg2, [vm1_nics]) sg_vm.check() #add sg2 to vm2 test_util.test_dsc("Add vm2 nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ingress ports for vm1/vm2: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm2_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add vm1/vm2 nics to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm1_nics, vm2_nics]) sg_vm.check() #remove sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ingress ports: %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid1) sg_vm.detach(sg2, nic_uuid2) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.check() #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) vm3.destroy() test_obj_dict.rm_vm(vm3) test_util.test_pass('Security Group Vlan VirtualRouter 2 VMs Group Ingress Test Success')
def test(): test_util.test_logger("start check vm lifecycle") test_util.test_logger("create public ip billing") bill_ip = test_stub.PublicIpBilling() ipin = threading.Thread(target=bill_ip.create_resource_type(),\ args=(bill_ip.get_resourceName())) bill_ip.set_resourceName("pubIpVmNicBandwidthOut") ipout = threading.Thread(target=bill_ip.create_resource_type(),\ args=(bill_ip.get_resourceName())) ipin.start() ipout.start() test_util.test_logger("create vm instance") global vm vm = test_stub.create_vm_billing("test_vmm", test_stub.set_vm_resource()[0], None,\ test_stub.set_vm_resource()[1], test_stub.set_vm_resource()[2]) vm_nic = test_lib.lib_get_vm_nic_by_l3(vm.get_vm(), test_stub.set_vm_resource()[2]) test_util.test_logger("set vm nic bandwidth") net_bandwidth = 10*1024*1024 vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_bandwidth, inboundBandwidth = net_bandwidth) time.sleep(1) test_util.test_logger("verify calculate if right is") if bill_ip.get_price_total().total < 100: test_util.test_fail("test billing fail, bill is %s ,less than 100" %(bill_ip.get_price_total().total)) test_util.test_logger("stop vm instance") vm.stop() bill_ip.compare("stop") test_util.test_logger("destory vm instance") vm.destroy() bill_ip.compare("destory") test_util.test_logger("recover vm instance") vm.recover() vm.start() bill_ip.compare("recover") test_util.test_logger("get host total and primarystorge type") Host_uuid = test_stub.get_resource_from_vmm(res_ops.HOST,vm.get_vm().zoneUuid,vm.get_vm().hostUuid) PrimaryFlag = test_stub.get_resource_from_vmm(res_ops.PRIMARY_STORAGE,vm.get_vm().zoneUuid) if Host_uuid and PrimaryFlag == 0: test_util.test_logger("migration vm instance") prices = bill_ip.get_price_total() vm.migrate(Host_uuid) prices1 = bill_ip.get_price_total() if prices1.total > prices.total: bill_ip.compare("migration") else: test_util.test_fail("test bill fail, maybe can not calculate when vm live migration") BackStorageFlag = test_stub.get_resource_from_vmm(res_ops.BACKUP_STORAGE) if BackStorageFlag == 1: clone = vm.clone(["clone-1"]) vm.clean() bill_ip.compare("clone") clone[0].clean() else: test_util.test_logger("clean vm instance") vm.clean() bill_ip.compare("clean") test_util.test_logger("delete public ip resource") resourcePrices = test_stub.query_resource_price() for resource_price in resourcePrices: test_stub.delete_price(resource_price.uuid) test_util.test_pass("check vm lifecycle with public ip billing pass")
def test(): vm1 = test_stub.create_vr_vm('migrate_vm1', 'imageName_net', 'l3VlanNetwork3') test_obj_dict.add_vm(vm1) vm2 = test_stub.create_vr_vm('migrate_vm2', 'imageName_net', 'l3VlanNetwork3') test_obj_dict.add_vm(vm2) vm3 = test_stub.create_vr_vm('migrate_vm3', 'imageName_net', 'l3VlanNetwork3') test_obj_dict.add_vm(vm3) vm1.check() vm2.check() vm3.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid if not test_lib.lib_find_vr_by_vm(vm1.vm)[0]: test_util.test_skip("skip the test for no vr found in the env.") vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg_vm.add_stub_vm(l3_uuid, vm3) nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.attach(sg2, [vm1_nics, vm2_nics]) test_stub.migrate_vm_to_random_host(vm1) test_stub.migrate_vm_to_random_host(vm2) test_stub.migrate_vm_to_random_host(vm3) vm1.check() vm2.check() vm3.check() sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) vm3.destroy() test_obj_dict.rm_vm(vm3) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) test_util.test_pass('Migrate SG VM Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("create vpc vrouter and attach vpc l3 to vpc") for vpc_name in vpc_name_list: vr_list.append(test_stub.create_vpc_vrouter(vpc_name)) for vr, l3_list in izip(vr_list, vpc_l3_list): test_stub.attach_l3_to_vpc_vr(vr, l3_list) test_util.test_dsc("create two vm, vm1 in l3 {}, vm2 in l3 {}".format( VLAN1_NAME, VLAN2_NAME)) vm1 = test_stub.create_vm_with_random_offering( vm_name='vpc_vm_{}'.format(VLAN1_NAME), l3_name=VLAN1_NAME) test_obj_dict.add_vm(vm1) vm1.check() vm2 = test_stub.create_vm_with_random_offering( vm_name='vpc_vm_{}'.format(VLAN2_NAME), l3_name=VLAN2_NAME) test_obj_dict.add_vm(vm2) vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm2.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % Port.get_ports(Port.rule1_ports)) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove nic from security group 1.") sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Add rule2, rule3 back to security group 1.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg1.add_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.check() vm2.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Security Group Vlan VirtualRouter VMs Test Success') test_lib.lib_error_cleanup(test_obj_dict) test_stub.remove_all_vpc_vrouter()
def test(): cond = res_ops.gen_query_conditions('system', '=', 'false') imageUuid = res_ops.query_resource_fields(res_ops.IMAGE, cond)[0].uuid cond = res_ops.gen_query_conditions('type', '=', 'UserVm') instanceOfferingUuid = res_ops.query_resource_fields(res_ops.INSTANCE_OFFERING, cond)[0].uuid cond = res_ops.gen_query_conditions('name', '=', 'public network') l3NetworkUuids = res_ops.query_resource_fields(res_ops.L3_NETWORK, cond)[0].uuid vm_name = 'vm-1' create_bill(1, "pubIpVmNicBandwidthIn", "s", "m") resourcePrices = query_resource_price() for resource_price in resourcePrices: delete_price(resource_price.uuid) ##parallel create bill counter = 0 for i in range(0, 200): ipin = threading.Thread(target=create_bill, args=(i, "pubIpVmNicBandwidthIn", "s", "k")) ipout = threading.Thread(target=create_bill, args=(i, "pubIpVmNicBandwidthOut", "m", "m")) vipin = threading.Thread(target=create_bill, args=(i, "pubIpVipBandwidthIn", "h", "g")) vipout = threading.Thread(target=create_bill, args=(i, "pubIpVipBandwidthOut", "d", "m")) while threading.active_count() > 10: time.sleep(3) ipin.start() ipout.start() vipin.start() vipout.start() #Delete all price resourcePrices = query_resource_price() ##wait 15s for all prices created i = 0 while len(resourcePrices) != 800: print len(resourcePrices) time.sleep(3) if i > 5: test_util.test_fail("Fail to create 800 prices") i = i + 1 resourcePrices = query_resource_price() #Delete all price for resource_price in resourcePrices: delete_price(resource_price.uuid) ipin = threading.Thread(target=create_bill, args=(10, "pubIpVmNicBandwidthIn", "s", "m")) ipout = threading.Thread(target=create_bill, args=(10, "pubIpVmNicBandwidthOut", "s", "m")) vipin = threading.Thread(target=create_bill, args=(10, "pubIpVipBandwidthIn", "s", "m")) vipout = threading.Thread(target=create_bill, args=(10, "pubIpVipBandwidthOut", "s", "m")) ipin.start() ipout.start() vipin.start() vipout.start() net_bandwidth = 10*1024*1024 vm = create_vm(vm_name, imageUuid, None,instanceOfferingUuid, l3NetworkUuids) vm_inv = vm.get_vm() vm_nic = test_lib.lib_get_vm_nic_by_l3(vm_inv, l3NetworkUuids) vm_ops.set_vm_nic_qos(vm_nic.uuid, outboundBandwidth = net_bandwidth, inboundBandwidth = net_bandwidth) cond = res_ops.gen_query_conditions('name', '=', 'admin') time.sleep(1) admin_uuid = res_ops.query_resource_fields(res_ops.ACCOUNT, cond)[0].uuid prices = bill_ops.calculate_account_spending(admin_uuid) if prices.total < 180: test_util.test_fail("test billing fail, bill is lesser than 180 after vm nic qos set") #Delete vm nic qos vm_ops.del_vm_nic_qos(vm_nic.uuid, "in") vm_ops.del_vm_nic_qos(vm_nic.uuid, "out") time.sleep(1) # Total cost should not grow up price1 = bill_ops.calculate_account_spending(admin_uuid) time.sleep(2) price2 = bill_ops.calculate_account_spending(admin_uuid) if price1.total != price2.total: test_util.test_fail("test billing fail, bill still grows up after deleting vm nic qos. price1 total: %s, price2 total: %s" % (price1.total, price2.total)) #Delete vm nic resource price price_ipin = query_resource_price(resource_name = "pubIpVmNicBandwidthIn")[0] price_ipout = query_resource_price(resource_name = "pubIpVmNicBandwidthOut")[0] delete_price(price_ipin.uuid) delete_price(price_ipout.uuid) #make sure vm nic resource price has been deleted price_ipin = query_resource_price(resource_name = "pubIpVmNicBandwidthIn") price_ipout = query_resource_price(resource_name = "pubIpVmNicBandwidthOut") if len(price_ipin) > 0 or len(price_ipout)> 0: test_util.test_fail("Fail to clean vm nic resource price. length of pubIpVmNicBandwidthIn: %d, length of pubIpVmNicBandwidthOut: %d" %(len(price_ipin), len(price_ipout))) # price.total should be 0, after the prices are deleted prices = bill_ops.calculate_account_spending(admin_uuid) if prices.total != 0: test_util.test_fail("test billing fail, bill is not 0. Bill is: %s" % (prices.total)) #create vip qos vip = test_stub.create_vip("test_vip_qos_price", l3NetworkUuids) vip_uuid = vip.get_vip().uuid vip_qos = net_ops.set_vip_qos(vip_uuid=vip_uuid, inboundBandwidth = net_bandwidth, outboundBandwidth = net_bandwidth) time.sleep(1) prices = bill_ops.calculate_account_spending(admin_uuid) if prices.total < 180: print prices.total test_util.test_fail("test billing fail, bill is lesser than 180 after vip qos set") #Delete vip qos net_ops.delete_vip_qos(vip_uuid) time.sleep(1) # Total cost should not grow up price1 = bill_ops.calculate_account_spending(admin_uuid) time.sleep(2) price2 = bill_ops.calculate_account_spending(admin_uuid) if price1.total != price2.total: test_util.test_fail("test billing fail, bill still grows up after deleting vip qos. price1 total: %s, price2 total: %s" % (price1.total, price2.total)) #Delete vip resource price price_vipin = query_resource_price(resource_name = "pubIpVipBandwidthIn")[0] price_vipout = query_resource_price(resource_name = "pubIpVipBandwidthOut")[0] delete_price(price_vipin.uuid) delete_price(price_vipout.uuid) #make sure vm nic resource price has been deleted price_vipin = query_resource_price(resource_name = "pubIpVipBandwidthIn") price_vipout = query_resource_price(resource_name = "pubIpVipBandwidthOut") if len(price_vipin) > 0 or len(price_vipout)> 0: test_util.test_fail("Fail to clean vip resource price. length of pubIpVipBandwidthIn: %d, length of pubIpVipBandwidthOut: %d" %(len(price_vipin), len(price_vipout))) # price.total should be 0, after the prices are deleted prices = bill_ops.calculate_account_spending(admin_uuid) if prices.total != 0: test_util.test_fail("test billing fail, bill is not 0. Bill is: %s" % (prices.total)) test_util.test_pass("test billing pass")
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) #test_util.test_dsc("Create SG rule6: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") #rule6 = inventory.SecurityGroupRuleAO() #rule6.allowedCidr = '%s/32' % vr_internal_ip #rule6.protocol = inventory.TCP #rule6.startPort = 0 #rule6.endPort = 65535 #rule6.type = inventory.INGRESS #test_util.test_dsc("Create SG rule7: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") #rule7 = inventory.SecurityGroupRuleAO() #rule7.allowedCidr = '%s/32' % vr_internal_ip #rule7.protocol = inventory.ICMP #rule7.startPort = -1 #rule7.endPort = -1 #rule7.type = inventory.EGRESS #test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6, rule7]) #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() sg_vm.check() #add sg2 test_util.test_dsc("Add VM1 nic to security group 2 to stopped vm1.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports(rules1 + rule2 + rule3): %s" % tmp_allowed_ports) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1 again") vm1.stop() sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1 again") vm1.stop() sg_vm.check() test_util.test_dsc("remove rule2 from sg2 and rule4 from sg3") sg2.delete_rule([rule2]) sg3.delete_rule([rule4]) sg_vm.check() test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg_vm.delete_sg(sg3) test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) test_util.test_pass('Security Group Vlan VirtualRouter VM Add/Remove rules to stopped VM Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) #test_util.test_dsc("Create SG rule6: allow connection from vr to port 0~65535") #rule6 = inventory.SecurityGroupRuleAO() #rule6.allowedCidr = '%s/32' % vr_internal_ip #rule6.protocol = inventory.TCP #rule6.startPort = 0 #rule6.endPort = 65535 #rule6.type = inventory.INGRESS #test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6]) #add sg1 test_util.test_dsc("Attach security group 1 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #add sg2 test_util.test_dsc("Attach security group 2 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Attach security group 3 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() sg_vm.check() test_util.test_dsc("Start VM1") vm1.start() vm1.check() test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() test_util.test_dsc("Restart VM1") vm1.reboot() vm1.check() test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() test_util.test_dsc("Destroy VM1. All its SG rules should be removed.") vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm) vm1.destroy() test_obj_dict.rm_vm(vm1) if linux.wait_callback_success(do_check, (vm1.vm, "vnic%s.0-in" % vm_internalId), 5, 0.2): test_util.test_logger('[vm:] %s SG INGRESS rules are removed, after it is destroyed.' % vm1.vm.uuid) else: test_util.test_fail('[vm:] %s SG INGRESS rules are not removed, after it is destroyed 5 seconds. ' % vm1.vm.uuid) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.delete_sg(sg3) test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) test_util.test_pass('Security Group Vlan VirtualRouter VM Start/Stop/Reboot/Destroy Test Success')
def test(): vm1 = test_stub.create_vr_vm('migrate_vm1', 'imageName_s', 'l3VlanNetwork3') test_obj_dict.add_vm(vm1) vm2 = test_stub.create_vr_vm('migrate_vm2', 'imageName_s', 'l3VlanNetwork3') test_obj_dict.add_vm(vm2) vm3 = test_stub.create_vr_vm('migrate_vm3', 'imageName_s', 'l3VlanNetwork3') test_obj_dict.add_vm(vm3) vm1.check() vm2.check() vm3.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm3_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm3_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg_vm.add_stub_vm(l3_uuid, vm3) nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ingress ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.attach(sg2, [vm1_nics, vm2_nics]) test_stub.migrate_vm_to_random_host(vm1) test_stub.migrate_vm_to_random_host(vm2) test_stub.migrate_vm_to_random_host(vm3) vm1.check() vm2.check() vm3.check() sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) vm3.destroy() test_obj_dict.rm_vm(vm3) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) test_util.test_pass('Migrate SG VM Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() sg_vm = test_sg_vm_header.ZstackTestSgVm() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3]) sg_vm.add_stub_vm(l3_uuid, vm2) #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() #remove vm1 nic from sg1 test_util.test_dsc("Remove nic from security group 1 to stopped vm1.") sg_vm.detach(sg1, nic_uuid) test_util.test_dsc("Start VM1") vm1.start() vm1.check() sg_vm.check() vm1.destroy() vm2.destroy() sg_vm.delete_sg(sg1) test_util.test_pass( 'Detach stopped VM NIC from Security Group Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm) vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.UDP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() # test_util.test_dsc("Remove nic from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #can't directly remove rule1, as it will block vr ssh connection. test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass( 'Security Group UDP Vlan VirtualRouter VMs Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip vr_internal_ip = test_lib.lib_find_vr_private_ip(vr_vm) test_util.test_dsc("Create SG rule1: allow connection to vm2 port 0~100") rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) test_util.test_dsc( "Create SG rule2: allow connection from vm2 to port 9000~10000") rule2 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) test_util.test_dsc( "Create SG rule3: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing" ) rule3 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule4: allow ICMP connection to VR") rule4 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vr_internal_ip) test_util.test_dsc("Create SG rule5: allow icmp from vm2") rule5 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip) test_util.test_dsc("Create SG rule6: allow icmp to vm2") rule6 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1, rule2, rule3, rule4]) sg2.add_rule([rule5]) sg3.add_rule([rule6]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.vm.uuid, vr_internal_ip)) #add sg2 test_util.test_dsc("Add VM1 nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Allowed ports egress rules1: %s, ingress rule2: %s" % (test_stub.rule1_ports, test_stub.rule2_ports)) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) test_util.test_dsc("remove rule5 from sg2") sg2.delete_rule([rule5]) sg_vm.check() if not test_lib.lib_check_ping(vm1.vm, vr_internal_ip, no_exception=True): test_util.test_fail( 'Exception: [vm:] %s ping [vr:] %s fail. But it should ping successfully.' % (vm1.uuid, vr_internal_ip)) vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg1.delete() test_obj_dict.rm_sg(sg1.security_group.uuid) sg2.delete() test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.check() sg3.delete() test_obj_dict.rm_sg(sg3.security_group.uuid) test_util.test_pass( 'Security Group Vlan VirtualRouter VM ICMP rules Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm3 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm3) vm1.check() vm2.check() vm3.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm3_ip = test_lib.lib_get_vm_nic_by_l3(vm3.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm3_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm3_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm3_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.EGRESS, vm3_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.EGRESS, vm3_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.add_stub_vm(l3_uuid, vm3) sg_vm.check() nic_uuid1 = vm1.vm.vmNics[0].uuid nic_uuid2 = vm2.vm.vmNics[0].uuid vm1_nics = (nic_uuid1, vm1) vm2_nics = (nic_uuid2, vm2) #vm_nics = [nic_uuid1, nic_uuid2] test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Remove nic from security group 1.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports) sg_vm.detach(sg1, nic_uuid1) sg_vm.detach(sg1, nic_uuid2) sg_vm.check() test_util.test_dsc("Remove rule1 from security group 1.") sg1.delete_rule([rule1]) test_util.test_dsc("Add nic to security group 1 again.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports) sg_vm.attach(sg1, [vm1_nics, vm2_nics]) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.target_ports) sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() #can't directly remove rule1, as it will block vr ssh connection. test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Add rule2, rule3 back to security group 1.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports) sg1.add_rule([rule2, rule3]) sg_vm.check() test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed egress ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 to vm1 test_util.test_dsc("Add vm 1 nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed egress ports for vm1 to vm3: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm1_nics]) sg_vm.check() #add sg2 to vm2 test_util.test_dsc("Add vm 2 nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed egress ports for vm1 and vm2: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm2_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm1_nics, vm2_nics]) sg_vm.check() #remove sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed egress ports: %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid1) sg_vm.detach(sg2, nic_uuid2) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg3.delete() test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.check() sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) vm3.destroy() test_obj_dict.rm_vm(vm3) test_util.test_pass('Security Group Vlan VirtualRouter 2 VMs Group Egress Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.EGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) #test_util.test_dsc("Create SG rule6: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") #rule6 = inventory.SecurityGroupRuleAO() #rule6.allowedCidr = '%s/32' % vr_internal_ip #rule6.protocol = inventory.TCP #rule6.startPort = 0 #rule6.endPort = 65535 #rule6.type = inventory.INGRESS #test_util.test_dsc("Create SG rule7: allow connection from VR to port 0~65535 to make VR can connect VMs to do testing") #rule7 = inventory.SecurityGroupRuleAO() #rule7.allowedCidr = '%s/32' % vr_internal_ip #rule7.protocol = inventory.ICMP #rule7.startPort = -1 #rule7.endPort = -1 #rule7.type = inventory.EGRESS #test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6, rule7]) #add sg1 test_util.test_dsc("Add VM1 nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() sg_vm.check() #add sg2 test_util.test_dsc("Add VM1 nic to security group 2 to stopped vm1.") sg_vm.attach(sg2, [vm_nics]) test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports(rules1 + rule2 + rule3): %s" % tmp_allowed_ports) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1 again") vm1.stop() sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3 to stopped vm1.") sg_vm.attach(sg3, [vm_nics]) test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1 again") vm1.stop() sg_vm.check() test_util.test_dsc("remove rule2 from sg2 and rule4 from sg3") sg2.delete_rule([rule2]) sg3.delete_rule([rule4]) sg_vm.check() test_util.test_dsc("Start VM1") vm1.start() vm1.check() tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.check() sg_vm.delete_sg(sg3) test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) test_util.test_pass( 'Security Group Vlan VirtualRouter VM Add/Remove rules to stopped VM Test Success' )