Google Git
Sign in
apache / cloudstack / 235d1f1d72c0e2d680d38578f473b87153af6b51 / . / test / integration / plugins / tf / test_isolated_zone.py
blob: 0658e44b22ff43b68276ff37a650086e38c50f9d [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import logging
import time
import requests
from nose.plugins.attrib import attr
from marvin.cloudstackTestCase import cloudstackTestCase
from marvin.lib.base import (Network, NetworkOffering, Account, VirtualMachine, ServiceOffering,
NATRule, PublicIPAddress, EgressFireWallRule, Host,
FireWallRule, LoadBalancerRule, LogicalRouter, ApplicationPolicySet,
FirewallPolicy, FirewallRule, TungstenTag, ServiceGroup,
NetworkPolicy, PolicyRule)
from marvin.cloudstackAPI import migrateVirtualMachine
from marvin.lib.utils import (is_server_ssh_ready, get_host_credentials, execute_command_in_host)
from marvin.lib.common import get_zone, get_template
from marvin.lib.decoratorGenerators import skipTestIf
from .common import is_object_created, is_object_deleted, get_list_system_vm, cleanup_resources, not_tungsten_fabric_zone
class Services:
"""Test Tungsten Plugin
"""
def __init__(self):
self.services = {
"network_offering": {
"name": "TungstenNetworkOffering",
"displaytext": "TungstenNetworkOffering",
"guestiptype": "Isolated",
"traffictype": "GUEST",
"supportedservices": [
"Dhcp",
"Dns",
"Lb",
"UserData",
"SourceNat",
"StaticNat",
"PortForwarding",
"Connectivity",
"Firewall"
],
"serviceProviderList": {
"Dhcp": "Tungsten",
"Dns": "Tungsten",
"Lb": "Tungsten",
"UserData": "ConfigDrive",
"SourceNat": "Tungsten",
"StaticNat": "Tungsten",
"PortForwarding": "Tungsten",
"Connectivity": "Tungsten",
"Firewall": "Tungsten"
},
"useTungsten": "on"
},
"networks": {
"network1": {
"name": "TF-Network1",
"displaytext": "TF-Network1",
"gateway": "10.1.1.1",
"netmask": "255.255.255.0",
"startip": "10.1.1.100",
"endip": "10.1.1.200"
},
"network2": {
"name": "TF-Network2",
"displaytext": "TF-Network2",
"gateway": "10.1.2.1",
"netmask": "255.255.255.0",
"startip": "10.1.2.100",
"endip": "10.1.2.200"
}
},
"ostype": "112",
"account": {
"email": "test@test.com",
"firstname": "Test",
"lastname": "User",
"username": "test",
"password": "password",
},
"virtual_machines": {
"vm1": {
"name": "vm1",
"displayname": "vm1",
"username": "root",
"password": "password",
"ssh_port": 22,
"hypervisor": 'KVM',
"privateport": 22,
"publicport": 22,
"protocol": 'TCP'
},
"vm2": {
"name": "vm2",
"displayname": "vm2",
"username": "root",
"password": "password",
"ssh_port": 22,
"hypervisor": 'KVM',
"privateport": 22,
"publicport": 22,
"protocol": 'TCP'
},
"vm3": {
"name": "vm3",
"displayname": "vm3",
"username": "root",
"password": "password",
"ssh_port": 22,
"hypervisor": 'KVM',
"privateport": 22,
"publicport": 22,
"protocol": 'TCP'
}
},
"fw_rule": {
"startport": 80,
"endport": 80,
"cidr": '0.0.0.0/0',
"protocol": "TCP"
},
"nat_rule": {
"privateport": 80,
"publicport": 80,
"protocol": 'TCP'
},
"lbrule": {
"name": "SSH",
"alg": "roundrobin",
"privateport": 80,
"publicport": 80,
"protocol": 'TCP'
},
"logicalrouter": {
"name": "TFLogicalRouter"
},
"applicationpolicysets": {
"aps1": {
"name": "aps1"
}
},
"firewallpolicys": {
"frontend": {
"name": "frontend"
},
"internet": {
"name": "internet"
},
"host": {
"name": "host"
}
},
"firewallrules": {
"frontend": {
"name": "frontend",
"action": "pass",
"direction": "oneway"
},
"internet": {
"name": "internet",
"action": "pass",
"direction": "oneway"
},
"host": {
"name": "host",
"action": "pass",
"direction": "oneway"
}
},
"servicegroups": {
"any": {
"name": "any",
"protocol": "any",
"startport": -1,
"endport": -1
}
},
"network_policy": {
"policy1": {
"name": "policy1",
"rules": {
"rule1": {
"action": "pass",
"direction": "twoway",
"protocol": "icmp",
"srcnetwork": "any",
"srcipprefix": "0.0.0.0",
"srcipprefixlend": 0,
"srcstartport": -1,
"srcendport": -1,
"destnetwork": "any",
"destipprefix": "0.0.0.0",
"destipprefixlen": 0,
"deststartport": -1,
"destendport": -1
}
}
}
},
"network_route_table": {
"route_table_1": {
"name": "Network Route Table 1",
"prefix": "10.1.2.0/24",
"nexthoptype": "ip-address",
"communities": ""
},
"route_table_2": {
"name": "Network Route Table 2",
"prefix": "10.1.1.0/24",
"nexthoptype": "ip-address",
"communities": ""
}
},
"interface_route_table": {
"route_table_1": {
"name": "Interface Route Table 1",
"prefix": "10.1.2.0/24",
"communities": ""
},
"route_table_2": {
"name": "Interface Route Table 2",
"prefix": "10.1.1.0/24",
"communities": ""
}
},
"routing_policy": {
"routing_policy_1": {
"name": "Routing Policy 1",
"matchall": "true",
"protocollist": [""],
"prefixlist": [
"10.1.2.0/24&exact"
],
"termlist": [
"reject&action& "
],
"communities": [""]
}
}
}
class TestIsolatedZone(cloudstackTestCase):
@classmethod
def setUpClass(cls):
cls.apiclient = cls.clstestclient.getApiClient()
cls.dbclient = cls.clstestclient.getDbConnection()
cls.services = Services().services
cls.testdata = cls.clstestclient.getParsedTestDataConfig()
cls.zone = get_zone(cls.apiclient, cls.clstestclient.getZoneForTests())
cls.hypervisor = cls.clstestclient.getHypervisorInfo()
cls.tfgw = cls.getClsConfig()["zones"][0]["tungstenprovider"]["gateway"]
cls.config = cls.getClsConfig()
cls.template = get_template(cls.apiclient, cls.zone.id)
cls.hosts = Host.list(cls.apiclient, zoneid=cls.zone.id, type="routing")
for host in cls.hosts:
Host.reconnect(cls.apiclient, id=host.id)
cls.not_tungsten_fabric_zone = not_tungsten_fabric_zone(cls.apiclient, cls.zone.id)
cls.is_single_host = len(cls.hosts) < 2
cls.can_not_migrate = cls.not_tungsten_fabric_zone or cls.is_single_host
cls._cleanup = []
cls.logger = logging.getLogger("TestIsolatedZone")
cls.stream_handler = logging.StreamHandler()
cls.logger.setLevel(logging.DEBUG)
cls.logger.addHandler(cls.stream_handler)
@classmethod
def tearDownClass(self):
try:
cleanup_resources(self.apiclient, self.zone.id, self._cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def setUp(self):
self.account = Account.create(self.apiclient, self.services["account"], admin=True)
self.service_offering = ServiceOffering.create(self.apiclient, self.testdata["service_offering"])
self.cleanup = [self.account, self.service_offering]
return
def tearDown(self):
try:
cleanup_resources(self.apiclient, self.zone.id, reversed(self.cleanup))
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_configuration(self):
# check if public network was created in tungsten fabric when deployed zone with setup/dev/advancedtf.cfg
list_public_network = Network.list(self.apiclient, zoneid=self.zone.id, issystem=True,
traffictype="Public")
self.assertEqual(is_object_created(self.apiclient, self.zone.id, "virtual-network",
list_public_network[0].id), True,
"Check if public network was created in tungsten")
# check if management network was created in tungsten fabric when deployed zone with setup/dev/advancedtf.cfg
list_management_network = Network.list(self.apiclient, zoneid=self.zone.id, issystem=True,
traffictype="Management")
self.assertEqual(is_object_created(self.apiclient, self.zone.id, "virtual-network",
list_management_network[0].id), True,
"Check if management network was created in tungsten")
# check if ssvm and proxyvm was created in tungsten fabric when deployed zone with setup/dev/advancedtf.cfg
list_system_vm = get_list_system_vm(self.apiclient, self.zone.id)
for system_vm in list_system_vm:
# check if system vm was created in tungsten fabric
self.assertEqual(
is_object_created(self.apiclient, self.zone.id, "virtual-machine", system_vm.id),
True, "Check if system vm was created in tungsten fabric")
# check if tungsten fabric virtual gateway was created
username, password = get_host_credentials(self.config, self.tfgw)
ssh = is_server_ssh_ready(self.tfgw, 22, username, password)
vgw = ssh.execute("vif --list | grep vgw")
self.assertEqual(
str(vgw).count("vgw"), 1, "Check if vgw was created in host"
)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_connectivity(self):
# test create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# check if network offering was created
self.logger.info("network offering id is %s" % network_offering.id)
list_network_offering_response = NetworkOffering.list(self.apiclient,
id=network_offering.id)
self.assertEqual(isinstance(list_network_offering_response, list), True,
"Check for a valid list network response")
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
# check if network was created in cloudstack
self.logger.info("network id is %s" % network.id)
list_network_response = Network.list(self.apiclient, id=network.id, listall=True)
self.assertEqual(isinstance(list_network_response, list), True,
"Check for a valid list network response")
# create virtual machine 1
vm1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
# create virtual machine 2
vm2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm2"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
# check if vm 1 was created in cloudstack
self.logger.info("vm id is %s" % vm1.id)
list_vm_response = VirtualMachine.list(self.apiclient, id=vm1.id, listall=True)
self.assertEqual(isinstance(list_vm_response, list), True,
"Check for a valid list vm response")
# check if vm 2 was created in cloudstack
self.logger.info("vm id is %s" % vm2.id)
list_vm_response = VirtualMachine.list(self.apiclient, id=vm2.id, listall=True)
self.assertEqual(isinstance(list_vm_response, list), True,
"Check for a valid list vm response")
# wait for vm start
time.sleep(30)
# tungsten fabric network was only created when network was implemented
# check if network was created in tungsten fabric
self.assertEqual(
is_object_created(self.apiclient, self.zone.id, "virtual-network", network.id), True,
"Check if network was created in tungsten")
# check if vm 1 was created in tungsten fabric
self.assertEqual(is_object_created(self.apiclient, self.zone.id, "virtual-machine", vm1.id),
True, "Check if vm1 was created in tungsten")
# check if vm 2 was created in tungsten fabric
self.assertEqual(is_object_created(self.apiclient, self.zone.id, "virtual-machine", vm2.id),
True, "Check if vm1 was created in tungsten")
# check if nic 1 was created in tungsten fabric
self.assertEqual(
is_object_created(self.apiclient, self.zone.id, "virtual-machine-interface", vm1.nic[0].id),
True, "Check if nic 1 was created in tungsten")
# check if nic 2 was created in tungsten fabric
self.assertEqual(
is_object_created(self.apiclient, self.zone.id, "virtual-machine-interface", vm2.nic[0].id),
True, "Check if nic 2 was created in tungsten")
# check vm1 vif interface was created in host
host1 = Host.list(self.apiclient, id=vm1.hostid)
username, password = get_host_credentials(self.config, host1[0].ipaddress)
tap1 = "tap" + vm1.nic[0].macaddress.replace(":", "")
cmd1 = "vif --list | grep %s" % tap1
vif1 = execute_command_in_host(host1[0].ipaddress, 22, username, password, cmd1)
self.assertEqual(
str(vif1).count(tap1), 1, "Check if vm1 tap interface was created in host"
)
# check vm2 vif interface was created in host
host2 = Host.list(self.apiclient, id=vm2.hostid)
username, password = get_host_credentials(self.config, host2[0].ipaddress)
tap2 = "tap" + vm2.nic[0].macaddress.replace(":", "")
cmd2 = "vif --list | grep %s" % tap2
vif2 = execute_command_in_host(host2[0].ipaddress, 22, username, password, cmd2)
self.assertEqual(
str(vif2).count(tap2), 1, "Check if vm2 tap interface was created in host"
)
# ssh vm 1 and ping vm2
ssh1 = vm1.get_ssh_client()
res_1 = ssh1.execute("ping -c1 %s" % vm2.ipaddress)
# ssh vm 2 and ping vm1
ssh2 = vm2.get_ssh_client()
res_2 = ssh2.execute("ping -c1 %s" % vm1.ipaddress)
self.assertEqual(
str(res_1).count("1 received"),
1,
"Ping vm_2 from vm_1 should be successful"
)
self.assertEqual(
str(res_2).count("1 received"),
1,
"Ping vm_1 from vm_2 should be successful"
)
# delete vm 1
try:
vm1.delete(self.apiclient, expunge=True)
except Exception as e:
raise Exception("Warning: Exception in expunging vms: %s" % e)
# delete vm 2
try:
vm2.delete(self.apiclient, expunge=True)
except Exception as e:
raise Exception("Warning: Exception in expunging vms: %s" % e)
# check if nic 1 was deleted in tungsten fabric
self.assertEqual(
is_object_deleted(self.apiclient, self.zone.id, "virtual-machine-interface", vm1.nic[0].id),
True, "Check if nic 1 was deleted in tungsten")
# check if nic 2 was deleted in tungsten fabric
self.assertEqual(
is_object_deleted(self.apiclient, self.zone.id, "virtual-machine-interface", vm2.nic[0].id),
True, "Check if nic 2 was deleted in tungsten")
# check if vm 1 was deleted in tungsten fabric
self.assertEqual(
is_object_deleted(self.apiclient, self.zone.id, "virtual-machine", vm1.id),
True, "Check if vm was deleted in tungsten")
# check if vm 2 was deleted in tungsten fabric
self.assertEqual(
is_object_deleted(self.apiclient, self.zone.id, "virtual-machine", vm2.id),
True, "Check if vm was deleted in tungsten")
network.delete(self.apiclient)
# check if network was deleted in tungsten fabric
self.assertEqual(
is_object_deleted(self.apiclient, self.zone.id, "virtual-network", network.id),
True, "Check if network was deleted in tungsten")
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_sourcenat(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm)
# open firewall rule
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
# wait for vm start
# time.sleep(30)
# ssh vm, ping google.com and verified response package
ssh = vm.get_ssh_client()
res = ssh.execute("ping -c1 google.com")
self.assertEqual(
str(res).count("1 received"),
1,
"Ping google.com from vm should be successful"
)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_staticnat(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm)
# wait for vm start
time.sleep(30)
public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=network.id
)
FireWallRule.create(
apiclient=self.apiclient,
ipaddressid=public_ip.ipaddress.id,
protocol='TCP',
cidrlist=['0.0.0.0/0'],
startport=80,
endport=80
)
NATRule.create(
apiclient=self.apiclient,
virtual_machine=vm,
services=self.services["nat_rule"],
ipaddressid=public_ip.ipaddress.id
)
# ssh vm, start httpd, clear iptables
ssh = vm.get_ssh_client()
ssh.execute("service httpd start")
ssh.execute("iptables -F")
ssh.execute("echo test > /var/www/html/test.html")
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36'}
r = requests.get("http://%s/test.html" % public_ip.ipaddress.ipaddress, headers=headers)
self.assertEqual(r.status_code, 200, "Static nat was created and applied to vm")
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_loadbalancing(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine 1
vm1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm1)
# create virtual machine 2
vm2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm2"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm2)
public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=network.id
)
# open firewall rule
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
firewall_rule = FireWallRule.create(
apiclient=self.apiclient,
ipaddressid=public_ip.ipaddress.id,
protocol='TCP',
cidrlist=['0.0.0.0/0'],
startport=80,
endport=80
)
self.cleanup.append(firewall_rule)
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
self.cleanup.append(lb_rule)
lb_rule.assign(self.apiclient, [vm1, vm2])
# ssh vm1 and vm2, start httpd, clear iptables
ssh1 = vm1.get_ssh_client()
ssh1.execute("service httpd start")
ssh1.execute("iptables -F")
ssh1.execute("echo test1 > /var/www/html/test.html")
ssh2 = vm2.get_ssh_client()
ssh2.execute("service httpd start")
ssh2.execute("iptables -F")
ssh2.execute("echo test2 > /var/www/html/test.html")
# wait for tungsten instance service create
time.sleep(120)
# check if load balancing was apply and content was load balancing with round robin method
contents = ["test1", "test2"]
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36'}
r1 = requests.get("http://%s/test.html" % public_ip.ipaddress.ipaddress, headers=headers)
self.assertEqual(r1.status_code, 200, "Load balance was created and applied to vms")
self.logger.info("http response 1 content %s" % r1.text)
contents.remove(r1.text.rstrip())
self.assertEqual(len(contents), 1, "Contents was load balancing with test1 or test2")
r2 = requests.get("http://%s/test.html" % public_ip.ipaddress.ipaddress, headers=headers)
self.assertEqual(r2.status_code, 200, "Load balance was created and applied to vms")
self.logger.info("http response 2 content %s" % r2.text)
contents.remove(r2.text.rstrip())
self.assertEqual(len(contents), 0, "Contents was load balancing with the rest of contents")
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_logicalrouter(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network 1
network1 = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network1)
# create virtual machine 1
vm1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network1.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm1)
# create network 2
network2 = Network.create(
self.apiclient,
self.services["networks"]["network2"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network2)
# create virtual machine 2
vm2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm2"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network2.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm2)
ssh1 = vm1.get_ssh_client()
res1 = ssh1.execute("ping -c1 %s" % vm2.ipaddress)
self.assertEqual(
str(res1).count("0 received"),
1,
"Ping vm2 from vm1 should be not successful"
)
logicalrouter = LogicalRouter.create(
self.apiclient,
self.zone.id,
self.services["logicalrouter"]["name"]
)
self.cleanup.append(logicalrouter)
LogicalRouter.add(
self.apiclient,
self.zone.id,
logicalrouter.uuid,
network1.id)
LogicalRouter.add(
self.apiclient,
self.zone.id,
logicalrouter.uuid,
network2.id)
# open firewall rule for network 1
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network1.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
# open firewall rule for network 2
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network2.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
ssh2 = vm1.get_ssh_client()
res2 = ssh2.execute("ping -c1 %s" % vm2.ipaddress)
self.assertEqual(
str(res2).count("1 received"),
1,
"Ping vm2 from vm1 should be successful"
)
LogicalRouter.remove(
self.apiclient,
self.zone.id,
logicalrouter.uuid,
network1.id)
LogicalRouter.remove(
self.apiclient,
self.zone.id,
logicalrouter.uuid,
network2.id)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_firewall(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm)
# ssh vm, ping google.com and verified response package
ssh1 = vm.get_ssh_client()
res1 = ssh1.execute("ping -c1 google.com")
self.assertEqual(
str(res1).count("0 received"),
1,
"Ping google.com from vm should be fail"
)
# open firewall rule
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
# wait for vm start
time.sleep(30)
# ssh vm, ping google.com and verified response package
ssh2 = vm.get_ssh_client()
res2 = ssh2.execute("ping -c1 google.com")
self.assertEqual(
str(res2).count("1 received"),
1,
"Ping google.com from vm should be successful"
)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_network_policy(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
networkpolicy = NetworkPolicy.create(
self.apiclient,
self.zone.id,
self.services["network_policy"]["policy1"]["name"]
)
self.cleanup.append(networkpolicy)
self.assertEqual(
is_object_created(self.apiclient, self.zone.id, "network-policy", networkpolicy.uuid),
True, "Check if network policy was created in tungsten")
# create virtual machine
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm)
ssh = vm.get_ssh_client()
res = ssh.execute("ping -c1 google.com")
self.assertEqual(
str(res).count("0 received"),
1,
"Ping google.com from vm should not be successful"
)
NetworkPolicy.apply(
self.apiclient,
self.zone.id,
network.id,
networkpolicy.uuid,
1,
1
)
policyrule = PolicyRule.create(
self.apiclient,
self.zone.id,
networkpolicy.uuid,
self.services["network_policy"]["policy1"]["rules"]["rule1"]["action"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["direction"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["protocol"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["srcnetwork"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["srcipprefix"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["srcipprefixlend"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["srcstartport"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["srcendport"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["destnetwork"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["destipprefix"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["destipprefixlen"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["deststartport"],
self.services["network_policy"]["policy1"]["rules"]["rule1"]["destendport"]
)
ssh1 = vm.get_ssh_client()
res1 = ssh1.execute("ping -c1 google.com")
self.assertEqual(
str(res1).count("1 received"),
1,
"Ping google.com from vm should be successful"
)
PolicyRule.delete(
self.apiclient,
self.zone.id,
networkpolicy.uuid,
policyrule.uuid
)
NetworkPolicy.remove(
self.apiclient,
self.zone.id,
network.id,
networkpolicy.uuid
)
return
@skipTestIf("not_tungsten_fabric_zone")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_application_policy_set(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine 1
vm1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm1)
# create virtual machine 2
vm2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm2"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm2)
# create virtual machine 3
vm3 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm3"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced'
)
self.cleanup.append(vm3)
applicationtag = TungstenTag.create(
self.apiclient,
zoneid=self.zone.id,
tagtype="application",
tagvalue="webapp"
)
self.cleanup.append(applicationtag)
frontendtag = TungstenTag.create(
self.apiclient,
zoneid=self.zone.id,
tagtype="tier",
tagvalue="frontend"
)
self.cleanup.append(frontendtag)
backendtag = TungstenTag.create(
self.apiclient,
zoneid=self.zone.id,
tagtype="tier",
tagvalue="backend"
)
self.cleanup.append(backendtag)
aps = ApplicationPolicySet.create(
self.apiclient,
self.zone.id,
self.services["applicationpolicysets"]["aps1"]["name"]
)
self.cleanup.append(aps)
frontendpolicy = FirewallPolicy.create(
self.apiclient,
self.zone.id,
aps.uuid,
self.services["firewallpolicys"]["frontend"]["name"],
1
)
self.cleanup.append(frontendpolicy)
internetpolicy = FirewallPolicy.create(
self.apiclient,
self.zone.id,
aps.uuid,
self.services["firewallpolicys"]["internet"]["name"],
3
)
self.cleanup.append(internetpolicy)
hostpolicy = FirewallPolicy.create(
self.apiclient,
self.zone.id,
aps.uuid,
self.services["firewallpolicys"]["host"]["name"],
4
)
self.cleanup.append(hostpolicy)
anyservicegroup = ServiceGroup.create(
self.apiclient,
self.zone.id,
self.services["servicegroups"]["any"]["name"],
self.services["servicegroups"]["any"]["protocol"],
self.services["servicegroups"]["any"]["startport"],
self.services["servicegroups"]["any"]["endport"]
)
self.cleanup.append(anyservicegroup)
frontendrule = FirewallRule.create(
self.apiclient,
self.zone.id,
frontendpolicy.uuid,
name=self.services["firewallrules"]["frontend"]["name"],
action=self.services["firewallrules"]["frontend"]["action"],
direction=self.services["firewallrules"]["frontend"]["direction"],
servicegroupuuid=anyservicegroup.uuid,
srctaguuid=frontendtag.uuid,
desttaguuid=backendtag.uuid,
sequence=1
)
self.cleanup.append(frontendrule)
internetrule = FirewallRule.create(
self.apiclient,
self.zone.id,
internetpolicy.uuid,
name=self.services["firewallrules"]["internet"]["name"],
action=self.services["firewallrules"]["internet"]["action"],
direction=self.services["firewallrules"]["internet"]["direction"],
servicegroupuuid=anyservicegroup.uuid,
srctaguuid=applicationtag.uuid,
destnetworkuuid=network.id,
sequence=1
)
self.cleanup.append(internetrule)
publicnetwork = Network.list(self.apiclient, listall=True, issystem=True, traffictype="Public")
hostrule = FirewallRule.create(
self.apiclient,
self.zone.id,
hostpolicy.uuid,
name=self.services["firewallrules"]["host"]["name"],
action=self.services["firewallrules"]["host"]["action"],
direction=self.services["firewallrules"]["host"]["direction"],
servicegroupuuid=anyservicegroup.uuid,
srcnetworkuuid=publicnetwork[0].id,
desttaguuid=applicationtag.uuid,
sequence=1
)
self.cleanup.append(hostrule)
TungstenTag.apply(
self.apiclient,
self.zone.id,
applicationpolicysetuuid=aps.uuid,
taguuid=applicationtag.uuid
)
TungstenTag.apply(
self.apiclient,
self.zone.id,
taguuid=applicationtag.uuid,
nicuuid=vm1.nic[0].id
)
TungstenTag.apply(
self.apiclient,
self.zone.id,
taguuid=frontendtag.uuid,
nicuuid=vm1.nic[0].id
)
TungstenTag.apply(
self.apiclient,
self.zone.id,
taguuid=applicationtag.uuid,
nicuuid=vm2.nic[0].id
)
TungstenTag.apply(
self.apiclient,
self.zone.id,
taguuid=backendtag.uuid,
nicuuid=vm2.nic[0].id
)
# open firewall rule for network
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
ssh1 = vm1.get_ssh_client()
ssh2 = vm2.get_ssh_client()
ssh3 = vm3.get_ssh_client()
# vm1 can access to internet
res1 = ssh1.execute("ping -c1 google.com")
self.assertEqual(
str(res1).count("1 received"),
1,
"Ping google from vm1 should be successful"
)
# vm2 can access to internet
res2 = ssh2.execute("ping -c1 google.com")
self.assertEqual(
str(res2).count("1 received"),
1,
"Ping google from vm2 should be successful"
)
# vm3 can access to internet
res3 = ssh3.execute("ping -c1 google.com")
self.assertEqual(
str(res3).count("1 received"),
1,
"Ping google from vm3 should be successful"
)
# vm3(outside) can not ping to vm1
res4 = ssh3.execute("ping -c1 %s" % vm1.ipaddress)
self.assertEqual(
str(res4).count("0 received"),
1,
"Ping vm1 from vm3 should be not successful"
)
# vm3(outside) can not ping to vm2
res5 = ssh3.execute("ping -c1 %s" % vm2.ipaddress)
self.assertEqual(
str(res5).count("0 received"),
1,
"Ping vm2 from vm3 should be not successful"
)
# vm1(frontend) can ping to vm2(backend)
res6 = ssh1.execute("ping -c1 %s" % vm2.ipaddress)
self.assertEqual(
str(res6).count("1 received"),
1,
"Ping vm1 from vm2 should be successful"
)
TungstenTag.remove(
self.apiclient,
self.zone.id,
applicationpolicysetuuid=aps.uuid,
taguuid=applicationtag.uuid
)
TungstenTag.remove(
self.apiclient,
self.zone.id,
taguuid=applicationtag.uuid,
nicuuid=vm1.nic[0].id
)
TungstenTag.remove(
self.apiclient,
self.zone.id,
taguuid=frontendtag.uuid,
nicuuid=vm1.nic[0].id
)
TungstenTag.remove(
self.apiclient,
self.zone.id,
taguuid=applicationtag.uuid,
nicuuid=vm2.nic[0].id
)
TungstenTag.remove(
self.apiclient,
self.zone.id,
taguuid=backendtag.uuid,
nicuuid=vm2.nic[0].id
)
return
@skipTestIf("can_not_migrate")
@attr(tags=["tungstenfabric"], required_hardware="false")
def test_01_vm_migration(self):
# create network offering
network_offering = NetworkOffering.create(self.apiclient, self.services["network_offering"])
network_offering.update(self.apiclient, state='Enabled')
self.cleanup.append(network_offering)
# create network
network = Network.create(
self.apiclient,
self.services["networks"]["network1"],
networkofferingid=network_offering.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid
)
self.cleanup.append(network)
# create virtual machine
vm = VirtualMachine.create(
self.apiclient,
self.services["virtual_machines"]["vm1"],
serviceofferingid=self.service_offering.id,
templateid=self.template.id,
networkids=[str(network.id)],
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
mode='advanced',
hostid=self.hosts[0].id
)
self.cleanup.append(vm)
# open firewall rule for network 1
EgressFireWallRule.create(
apiclient=self.apiclient,
networkid=network.id,
protocol='All',
cidrlist='0.0.0.0/0'
)
ssh = vm.get_ssh_client()
res = ssh.execute("ping -c1 google.com")
self.assertEqual(
str(res).count("1 received"),
1,
"Ping google.com from vm1 should be successful"
)
cmd = migrateVirtualMachine.migrateVirtualMachineCmd()
cmd.virtualmachineid = vm.id
cmd.hostid = self.hosts[1].id
migrate = self.apiclient.migrateVirtualMachine(cmd)
ssh = vm.get_ssh_client()
res = ssh.execute("ping -c1 google.com")
self.assertEqual(
str(res).count("1 received"),
1,
"Ping google.com from vm1 should be successful"
)