Google Git
Sign in
apache / cloudstack / refs/heads/resize-root / . / test / integration / smoke / test_vpc_vpn.py
blob: 5e97c79065f531e3c35bf488a810d228d32e704e [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
""" Tests for VPN in VPC
"""
#Import Local Modules
from marvin.cloudstackTestCase import *
from marvin.cloudstackAPI import *
from marvin.integration.lib.utils import *
from marvin.integration.lib.base import *
from marvin.integration.lib.common import *
from nose.plugins.attrib import attr
import time
class Services:
def __init__(self):
self.services = {
"account": {
"email": "test@test.com",
"firstname": "Test",
"lastname": "User",
"username": "test",
"password": "password",
},
"virtual_machine": {
"displayname": "Test VM",
"username": "root",
"password": "password",
"ssh_port": 22,
"hypervisor": 'XenServer',
"privateport": 22,
"publicport": 22,
"protocol": 'TCP',
},
"ostype": 'CentOS 5.3 (64-bit)',
"service_offering": {
"name": "Tiny Instance",
"displaytext": "Tiny Instance",
"cpunumber": 1,
"cpuspeed": 100,
"memory": 256,
},
"network_offering": {
"name": "Network offering for internal vpc",
"displaytext": "Network offering for internal vpc",
"guestiptype": "Isolated",
"traffictype": "Guest",
"supportedservices": "Vpn,Dhcp,Dns,Lb,UserData,SourceNat,StaticNat,PortForwarding,NetworkACL",
"serviceProviderList": {
"Dhcp": "VpcVirtualRouter",
"Dns": "VpcVirtualRouter",
"Vpn": "VpcVirtualRouter",
"UserData": "VpcVirtualRouter",
"Lb": "InternalLbVM",
"SourceNat": "VpcVirtualRouter",
"StaticNat": "VpcVirtualRouter",
"PortForwarding": "VpcVirtualRouter",
"NetworkACL": "VpcVirtualRouter",
},
"serviceCapabilityList": {
"SourceNat": {"SupportedSourceNatTypes": "peraccount"},
"Lb": {"lbSchemes": "internal", "SupportedLbIsolation": "dedicated"}
}
},
"vpn_user": {
"username": "test",
"password": "password",
},
"vpc": {
"name": "vpc_vpn",
"displaytext": "vpc-vpn",
"cidr": "10.1.1.0/24"
},
"ntwk": {
"name": "tier1",
"displaytext": "vpc-tier1",
"gateway" : "10.1.1.1",
"netmask" : "255.255.255.192"
},
"vpc2": {
"name": "vpc2_vpn",
"displaytext": "vpc2-vpn",
"cidr": "10.2.1.0/24"
},
"ntwk2": {
"name": "tier2",
"displaytext": "vpc-tier2",
"gateway" : "10.2.1.1",
"netmask" : "255.255.255.192"
}
}
class TestVpcRemoteAccessVpn(cloudstackTestCase):
@classmethod
def setUpClass(cls):
cls.apiclient = super(TestVpcRemoteAccessVpn, cls).getClsTestClient().getApiClient()
cls.services = Services().services
cls.zone = get_zone(cls.apiclient, cls.services)
cls.domain = get_domain(cls.apiclient)
cls.service_offering = ServiceOffering.create(
cls.apiclient,
cls.services["service_offering"]
)
cls.account = Account.create(cls.apiclient, services=cls.services["account"])
cls.template = get_template(
cls.apiclient,
cls.zone.id,
cls.services["ostype"]
)
cls.cleanup = [cls.account]
@attr(tags=["advanced"])
def test_vpc_remote_access_vpn(self):
"""Test VPN in VPC"""
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient,isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering)>0, "No VPC offerings found")
vpc = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assert_(vpc is not None, "VPC creation failed")
self.debug("VPC %s created" %(vpc.id))
# 2) Create network in VPC
ntwk = Network.create(
apiclient=self.apiclient,
services=self.services["ntwk"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc.id
)
self.assertIsNotNone(ntwk, "Network failed to create")
self.debug("Network %s created in VPC %s" %(ntwk.id, vpc.id))
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid= self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=ntwk.id
)
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" %(vm.id, vpc.id))
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
ip = src_nat_list[0]
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid)
# 5) Add VPN user for VPC
vpnUser = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn_user"]["username"],
password=self.services["vpn_user"]["password"])
# 6) Disable VPN for VPC
vpn.delete(self.apiclient)
@classmethod
def tearDownClass(cls):
try:
cleanup_resources(cls.apiclient, cls.cleanup)
except Exception, e:
raise Exception("Cleanup failed with %s" % e)
class TestVpcSite2SiteVpn(cloudstackTestCase):
@classmethod
def setUpClass(cls):
cls.apiclient = super(TestVpcSite2SiteVpn, cls).getClsTestClient().getApiClient()
cls.services = Services().services
cls.zone = get_zone(cls.apiclient, cls.services)
cls.domain = get_domain(cls.apiclient)
cls.service_offering = ServiceOffering.create(
cls.apiclient,
cls.services["service_offering"]
)
cls.account = Account.create(cls.apiclient, services=cls.services["account"])
cls.template = get_template(
cls.apiclient,
cls.zone.id,
cls.services["ostype"]
)
cls.cleanup = [cls.account]
@attr(tags=["advanced"])
def test_vpc_site2site_vpn(self):
"""Test VPN in VPC"""
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient,isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering)>0, "No VPC offerings found")
vpc1 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assert_(vpc1 is not None, "VPC creation failed")
self.debug("VPC1 %s created" %(vpc1.id))
vpc2 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.debug("VPC2 %s created" %(vpc1.id))
# 2) Create network in VPC
ntwk1 = Network.create(
apiclient=self.apiclient,
services=self.services["ntwk"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id
)
self.assertIsNotNone(ntwk1, "Network failed to create")
self.debug("Network %s created in VPC %s" %(ntwk1.id, vpc1.id))
ntwk2 = Network.create(
apiclient=self.apiclient,
services=self.services["ntwk2"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id
)
self.assertIsNotNone(ntwk2, "Network failed to create")
self.debug("Network %s created in VPC %s" %(ntwk2.id, vpc2.id))
# 3) Deploy a vm
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid= self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=ntwk1.id
)
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" %(vm1.id, vpc1.id))
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid= self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=ntwk2.id
)
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" %(vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
cmd=createVpnGateway.createVpnGatewayCmd()
cmd.vpcid=vpc1.id
vpn1_response = self.apiclient.createVpnGateway(cmd)
self.debug("VPN gateway for VPC %s enabled" % (vpc1.id))
cmd=createVpnGateway.createVpnGatewayCmd()
cmd.vpcid=vpc2.id
vpn2_response = self.apiclient.createVpnGateway(cmd)
self.debug("VPN gateway for VPC %s enabled" %(vpc2.id))
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id
)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id
)
ip2 = src_nat_list[0]
cmd=createVpnCustomerGateway.createVpnCustomerGatewayCmd()
cmd.esppolicy="3des-md5;modp1536"
cmd.ikepolicy="3des-md5;modp1536"
cmd.domainid=self.account.domainid
cmd.account=self.account.name
cmd.ipsecpsk="ipsecpsk"
cmd.name="Peer VPC1"
cmd.gateway=ip1.ipaddress
cmd.cidrlist=vpc1.cidr
customer1_response = self.apiclient.createVpnCustomerGateway(cmd)
self.debug("VPN customer gateway added for VPC %s enabled" %(vpc1.id))
cmd.name="Peer VPC2"
cmd.gateway=ip2.ipaddress
cmd.cidrlist=vpc2.cidr
customer2_response = self.apiclient.createVpnCustomerGateway(cmd)
self.debug("VPN customer gateway added for VPC %s enabled" %(vpc2.id))
# 6) Connect two VPCs
cmd = createVpnConnection.createVpnConnectionCmd()
cmd.s2svpngatewayid = vpn2_response.id
cmd.s2scustomergatewayid = customer1_response.id
cmd.passive="true"
vpnconn1_response = self.apiclient.createVpnConnection(cmd)
self.debug("VPN passive connection created for VPC %s" %(vpc2.id))
cmd = createVpnConnection.createVpnConnectionCmd()
cmd.s2svpngatewayid = vpn1_response.id
cmd.s2scustomergatewayid = customer2_response.id
vpnconn2_response = self.apiclient.createVpnConnection(cmd)
self.debug("VPN connection created for VPC %s" %(vpc1.id))
self.assertEqual(vpnconn2_response.state, "Connected", "Failed to connect between VPCs!")
@classmethod
def tearDownClass(cls):
try:
cleanup_resources(cls.apiclient, cls.cleanup)
except Exception, e:
raise Exception("Cleanup failed with %s" % e)