diff --git a/doc/test/source/test_suite_system.rst b/doc/test/source/test_suite_system.rst index a015ab6..9190416 100644 --- a/doc/test/source/test_suite_system.rst +++ b/doc/test/source/test_suite_system.rst @@ -117,12 +117,12 @@ Steps 1. Set up for system tests. 2. Log in to Horizon Dashboard. - 3. Create two private networks net_01 and net_02. - 4. Launch 1 instance in each network. Instances should belong to different az (nova and vcenter). - 5. Check that instances can't communicate with each other. - 6. Attach (add interface) both networks to default router. + 3. Create private networks net_01 and net_02 with subnets. + 4. Launch 1 instance on each network. Instances should belong to different az (nova and vcenter). + 5. Attach (add interface) net_01 to default router. Check that instances can't communicate with each other. + 6. Attach net_02 to default router. 7. Check that instances can communicate with each other via router. - 8. Detach (delete interface) both networks from default router. + 8. Detach (delete interface) net_01 from default router. 9. Check that instances can't communicate with each other. 10. Delete created instances. 11. Delete created networks. @@ -251,16 +251,16 @@ Steps 1. Set up for system tests. 2. Log in to Horizon Dashboard. 3. Add two private networks (net01 and net02). - 4. Add one subnet (net01_subnet01: 192.168.101.0/24, net02_subnet01, 192.168.101.0/24) to each network. Disable gateway for all subnets. + 4. Add one subnet (net01_subnet01: 192.168.101.0/24, net02_subnet01, 192.168.102.0/24) to each network. Disable gateway for both subnets. 5. Launch 1 instance in each network. Instances should belong to different az (nova and vcenter). 6. Create new router (Router_01), set gateway and add interface to external network. 7. Enable gateway on subnets. Attach private networks to created router. - 8. Verify that VMs of different networks should communicate between each other. + 8. Verify that VMs of different networks communicate between each other. 9. Add one more router (Router_02), set gateway and add interface to external network. 10. Detach net_02 from Router_01 and attach it to Router_02. 11. Assign floating IPs for all created VMs. - 12. Check that default security group allow the ICMP. - 13. Verify that VMs of different networks should communicate between each other by FIPs. + 12. Check that default security group allows the ICMP. + 13. Verify that VMs of different networks communicate between each other by FIPs. 14. Delete instances. 15. Detach created networks from routers. 16. Delete created networks. @@ -484,12 +484,9 @@ Steps 1. Set up for system tests. 2. Navigate to Project -> Compute -> Instances - 3. Launch 5 instance VM_1 simultaneously with image TestVM-VMDK and flavor m1.tiny in vcenter az in default net_04. - 4. All instance should be created without any error. - 5. Launch 5 instance VM_2 simultaneously with image TestVM and flavor m1.tiny in nova az in default net_04. - 6. All instance should be created without any error. - 7. Check connection between VMs (ping, ssh) - 8. Delete all VMs from horizon simultaneously. + 3. Launch 5 instances VM_1 simultaneously in vcenter az in default net. Verify that creation was successful. + 4. Launch 5 instances VM_2 simultaneously in nova az in default net. Verify that creation was successful. + 5. Delete all VMs simultaneously. Expected result diff --git a/plugin_test/helpers/openstack.py b/plugin_test/helpers/openstack.py index f95b91c..931d5b8 100644 --- a/plugin_test/helpers/openstack.py +++ b/plugin_test/helpers/openstack.py @@ -94,8 +94,7 @@ def check_connection_vms(ip_pair, command='pingv4', result_of_command=0, msg = 'Command "{0}", Actual exit code is NOT {1}' for ip_from in ip_pair: - with get_ssh_connection(ip_from, instance_creds[0], - instance_creds[1]) as ssh: + with get_ssh_connection(ip_from, *instance_creds, timeout=60*5) as ssh: for ip_to in ip_pair[ip_from]: logger.info('Check connection from {0} to {1}'.format( ip_from, ip_to)) @@ -243,8 +242,7 @@ def remote_execute_command(instance1_ip, instance2_ip, command, wait=30): transport.start_client() logger.info("Passing authentication to VM") - transport.auth_password( - instance_creds[0], instance_creds[1]) + transport.auth_password(*instance_creds) channel = transport.open_session() channel.get_pty() channel.fileno() @@ -393,3 +391,14 @@ def create_access_point(os_conn, nics, security_groups, host_num=0): access_point, use_neutron=True)['floating_ip_address'] wait(lambda: tcp_ping(access_point_ip, 22), timeout=60 * 5, interval=5) return access_point, access_point_ip + + +def add_gateway_ip(os_conn, subnet_id, ip): + """Add gateway ip for subnet.""" + os_conn.neutron.update_subnet(subnet_id, {'subnet': {'gateway_ip': ip}}) + + +def remove_router_interface(os_conn, router_id, subnet_id): + """Remove subnet interface from router.""" + os_conn.neutron.remove_interface_router( + router_id, {"router_id": router_id, "subnet_id": subnet_id}) diff --git a/plugin_test/tests/test_plugin_scale.py b/plugin_test/tests/test_plugin_scale.py index 882fe5c..fbb096f 100644 --- a/plugin_test/tests/test_plugin_scale.py +++ b/plugin_test/tests/test_plugin_scale.py @@ -330,7 +330,8 @@ class TestNSXtScale(TestNSXtBase): target_node2 = self.fuel_web.get_nailgun_node_by_name('slave-05') self.fuel_web.vcenter_configure(cluster_id, target_node_1=target_node1['hostname'], - target_node_2=target_node2['hostname']) + target_node_2=target_node2['hostname'], + multiclusters=True) self.show_step(12) # Redeploy cluster self.fuel_web.deploy_cluster_wait(cluster_id) diff --git a/plugin_test/tests/test_plugin_system.py b/plugin_test/tests/test_plugin_system.py index 520c16b..2d65209 100644 --- a/plugin_test/tests/test_plugin_system.py +++ b/plugin_test/tests/test_plugin_system.py @@ -205,6 +205,823 @@ class TestNSXtSystem(TestNSXtBase): vm1.delete() vm2.delete() + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_manage_networks']) + @log_snapshot_after_test + def nsxt_manage_networks(self): + """Check abilities to create and terminate networks on NSX. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Create private networks net_01 and net_02 with subnets. + 4. Launch 1 instance on each network. Instances should belong to + different az (nova and vcenter). + 5. Attach (add interface) net_01 to default router. Check that + instances can't communicate with each other. + 6. Attach net_02 to default router. + 7. Check that instances can communicate with each other via router. + 8. Detach (delete interface) net_01 from default router. + 9. Check that instances can't communicate with each other. + 10. Delete created instances. + 11. Delete created networks. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + + os_conn = os_actions.OpenStackActions( + self.fuel_web.get_public_vip(cluster_id), + SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Create private networks net_01 and net_02 with subnets + self.show_step(3) + net1 = self._create_net(os_conn, 'net_01') + subnet1 = os_conn.create_subnet(subnet_name=net1['name'], + network_id=net1['id'], + cidr='192.168.1.0/24', + ip_version=4) + + net2 = self._create_net(os_conn, 'net_02') + subnet2 = os_conn.create_subnet(subnet_name=net2['name'], + network_id=net2['id'], + cidr='192.168.2.0/24', + ip_version=4) + + # Launch 2 instances on each network. Instances should belong to + # different az (nova and vcenter) + self.show_step(4) + sg = os_conn.create_sec_group_for_ssh().name + vm1 = os_help.create_instance(os_conn, net=net1, sg_names=[sg]) + vm2 = os_help.create_instance(os_conn, net=net2, sg_names=[sg], + az='vcenter') + + vm1_ip = os_conn.get_nova_instance_ip(vm1, net_name=net1['name']) + vm2_ip = os_conn.get_nova_instance_ip(vm2, net_name=net2['name']) + + # Attach (add interface) net_01 to default router. Check that + # instances can't communicate with each other. + self.show_step(5) + router_id = os_conn.get_router(os_conn.get_network( + self.default.ADMIN_NET))['id'] + + os_conn.add_router_interface(router_id=router_id, + subnet_id=subnet1['id']) + vm1_fip = os_conn.assign_floating_ip(vm1).ip + + os_help.check_connection_vms({vm1_fip: [vm2_ip]}, + result_of_command=1) + + self.show_step(6) # Attach net_02 to default router. + os_conn.add_router_interface(router_id=router_id, + subnet_id=subnet2['id']) + vm2_fip = os_conn.assign_floating_ip(vm2).ip + + # Check that instances can communicate with each other via router + self.show_step(7) + os_help.check_connection_vms({vm2_fip: [vm1_ip]}) + + # Detach (delete interface) net_01 from default router. + self.show_step(8) + vm1.remove_floating_ip(vm1_fip) + os_help.remove_router_interface(os_conn, router_id, subnet1['id']) + + # Check that instances can't communicate with each other + self.show_step(9) + os_help.check_connection_vms({vm2_fip: [vm1_ip]}, result_of_command=1) + + self.show_step(10) # Delete created instances + vm2.remove_floating_ip(vm2_fip) + os_help.remove_router_interface(os_conn, router_id, subnet2['id']) + + os_conn.delete_instance(vm1) + os_conn.delete_instance(vm2) + os_conn.verify_srv_deleted(vm1) + os_conn.verify_srv_deleted(vm2) + + self.show_step(11) # Delete created networks + os_conn.neutron.delete_network(net1['id']) + os_conn.neutron.delete_network(net2['id']) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_public_network_availability']) + @log_snapshot_after_test + def nsxt_public_network_availability(self): + """Check connectivity from VMs to public network. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Launch two instances in default network. Instances should belong + to different az (nova and vcenter). + 4. Send ping from each instance to 8.8.8.8. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + + os_ip = self.fuel_web.get_public_vip(cluster_id) + os_conn = os_actions.OpenStackActions( + os_ip, SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Launch two instances in default network. Instances should belong to + # different az (nova and vcenter) + self.show_step(3) + sg = os_conn.create_sec_group_for_ssh().name + vm1 = os_help.create_instance(os_conn, sg_names=[sg], az='vcenter') + vm2 = os_help.create_instance(os_conn, sg_names=[sg]) + + # Send ping from each instance to 8.8.8.8 + self.show_step(4) + vm1_fip, vm2_fip = \ + os_help.create_and_assign_floating_ips(os_conn, [vm1, vm2]) + + os_help.check_connection_vms({vm1_fip: ['8.8.8.8'], + vm2_fip: ['8.8.8.8']}) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_connectivity_diff_networks']) + @log_snapshot_after_test + def nsxt_connectivity_diff_networks(self): + """Check connection between VMs from different nets through the router. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Add two private networks (net01 and net02). + 4. Add one subnet to each network + net01_subnet01: 192.168.101.0/24, + net02_subnet01: 192.168.102.0/24. + Disable gateway for both subnets. + 5. Launch 1 instance in each network. Instances should belong to + different az (nova and vcenter). + 6. Create new router (Router_01), set gateway and add interface + to external network. + 7. Enable gateway on subnets. Attach private networks to created + router. + 8. Verify that VMs of different networks communicate between + each other. + 9. Add one more router (Router_02), set gateway and add interface + to external network. + 10. Detach net_02 from Router_01 and attach it to Router_02. + 11. Assign floating IPs for all created VMs. + 12. Check that default security group allows the ICMP. + 13. Verify that VMs of different networks communicate between + each other by FIPs. + 14. Delete instances. + 15. Detach created networks from routers. + 16. Delete created networks. + 17. Delete created routers. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + os_conn = os_actions.OpenStackActions( + self.fuel_web.get_public_vip(cluster_id), + SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + self.show_step(3) # Add two private networks (net01 and net02) + net1 = self._create_net(os_conn, 'net_01') + net2 = self._create_net(os_conn, 'net_02') + + # Add one subnet to each network: net01_subnet01 (192.168.101.0/24) and + # net02_subnet01 (192.168.102.0/24). Disable gateway for both subnets + self.show_step(4) + subnet1 = os_conn.create_subnet( + subnet_name='net01_subnet01', + network_id=net1['id'], + cidr='192.168.101.0/24', + allocation_pools=[ + {'start': '192.168.101.2','end': '192.168.101.254'} + ], + ip_version=4, + gateway_ip=None) + + subnet2 = os_conn.create_subnet( + subnet_name='net02_subnet01', + network_id=net2['id'], + cidr='192.168.102.0/24', + allocation_pools=[ + {'start': '192.168.102.2', 'end': '192.168.102.254'} + ], + ip_version=4, + gateway_ip=None) + + # Launch 1 instance in each network. Instances should belong to + # different az (nova and vcenter) + self.show_step(5) + sg = os_conn.create_sec_group_for_ssh().name + vm1 = os_help.create_instance(os_conn, net=net1, sg_names=[sg], + az='vcenter') + vm2 = os_help.create_instance(os_conn, net=net2, sg_names=[sg]) + + # Create new router (Router_01), set gateway and add interface to + # external network + self.show_step(6) + tenant = os_conn.get_tenant(SERVTEST_TENANT) + router1 = os_conn.create_router('Router_01', tenant) + + # Enable gateway on subnets. Attach private networks to created router + self.show_step(7) + os_help.add_gateway_ip(os_conn, subnet1['id'], '192.168.101.1') + os_conn.add_router_interface(router_id=router1['id'], + subnet_id=subnet1['id']) + + os_help.add_gateway_ip(os_conn, subnet2['id'], '192.168.102.1') + os_conn.add_router_interface(router_id=router1['id'], + subnet_id=subnet2['id']) + + # Verify that VMs of different networks communicate between each other + self.show_step(8) + vm1_ip = os_conn.get_nova_instance_ip(vm1, net_name=net1['name']) + vm2_ip = os_conn.get_nova_instance_ip(vm2, net_name=net2['name']) + + vm1_fip, vm2_fip = \ + os_help.create_and_assign_floating_ips(os_conn, [vm1, vm2]) + + os_help.check_connection_vms({vm1_fip: [vm2_ip], vm2_fip: [vm1_ip]}) + + # Add one more router (Router_02), set gateway and add interface + # to external network + self.show_step(9) + router2 = os_conn.create_router('Router_02', tenant) + + # Detach net_02 from Router_01 and attach it to Router_02 + self.show_step(10) + vm2.remove_floating_ip(vm2_fip) + os_help.remove_router_interface(os_conn, router1['id'], subnet2['id']) + os_conn.add_router_interface(router_id=router2['id'], + subnet_id=subnet2['id']) + + self.show_step(11) # Assign floating IPs for all created VMs + vm2_fip = os_help.create_and_assign_floating_ips(os_conn, [vm2])[0] + + self.show_step(12) # Check that default security group allow the ICMP + + # Verify that VMs of different networks communicate between each + # other by FIPs + self.show_step(13) + os_help.check_connection_vms({vm1_fip: [vm2_fip], vm2_fip: [vm1_fip]}) + + self.show_step(14) # Delete instances + vm1.remove_floating_ip(vm1_fip) + vm2.remove_floating_ip(vm2_fip) + os_conn.delete_instance(vm1) + os_conn.delete_instance(vm2) + + self.show_step(15) # Detach created networks from routers + os_help.remove_router_interface(os_conn, router1['id'], subnet1['id']) + os_help.remove_router_interface(os_conn, router2['id'], subnet2['id']) + + os_conn.verify_srv_deleted(vm2) + os_conn.verify_srv_deleted(vm1) + + self.show_step(16) # Delete created networks + os_conn.neutron.delete_network(net1['id']) + os_conn.neutron.delete_network(net2['id']) + + self.show_step(17) # Delete created routers + os_conn.neutron.delete_router(router1['id']) + os_conn.neutron.delete_router(router2['id']) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_batch_instance_creation']) + @log_snapshot_after_test + def nsxt_batch_instance_creation(self): + """Check instance creation in the one group simultaneously. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Launch 5 instances VM_1 simultaneously with image TestVM-VMDK + and flavor m1.tiny in vcenter az in default net. + 4. Launch 5 instances VM_2 simultaneously with image TestVM and + flavor m1.tiny in nova az in default net. + 5. Delete all VMs simultaneously. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + # self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + os_conn = os_actions.OpenStackActions( + self.fuel_web.get_public_vip(cluster_id), + SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Launch 5 instances VM_1 simultaneously. Image: TestVM-VMDK, + # flavor: m1.tiny, az: vcenter, net: default + self.show_step(3) + sg = os_conn.create_sec_group_for_ssh().name + net_name = self.default.PRIVATE_NET + net = os_conn.get_network(net_name) + flavors = os_conn.nova.flavors.list() + micro_flavor = [f for f in flavors if f.name == 'm1.micro'][0] + + image = os_conn.get_image(os_help.zone_image_maps['vcenter']) + os_conn.nova.servers.create( + name='VM_1', + image=image, + flavor=micro_flavor, + min_count=5, + availability_zone='vcenter', + nics=[{'net-id': net['id']}], + security_groups=[sg]) + os_help.verify_instance_state(os_conn) + + # Launch 5 instances VM_2 simultaneously. Image TestVM, + # flavor: m1.tiny, az: nova, net: default + self.show_step(4) + image = os_conn.get_image(os_help.zone_image_maps['nova']) + os_conn.nova.servers.create( + name='VM_2', + image=image, + flavor=micro_flavor, + min_count=5, + availability_zone='nova', + nics=[{'net-id': net['id']}], + security_groups=[sg]) + os_help.verify_instance_state(os_conn) + + self.show_step(5) # Delete all VMs simultaneously + for instance in instances: + instance.delete() + for instance in instances: + os_conn.verify_srv_deleted(instance) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_manage_secgroups']) + @log_snapshot_after_test + def nsxt_manage_secgroups(self): + """Check ability to create and delete security group. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Create new security group with default rules. + 4. Add ingress rule for ICMP protocol. + 5. Launch two instances in default network. Instances should + belong to different az (nova and vcenter). + 6. Attach created security group to instances. + 7. Check that instances can ping each other. + 8. Delete ingress rule for ICMP protocol. + 9. Check that instances can't ping each other. + 10. Delete instances. + 11. Delete security group. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + os_conn = os_actions.OpenStackActions( + self.fuel_web.get_public_vip(cluster_id), + SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Create new security group with default rules + self.show_step(3) + sg1 = os_conn.nova.security_groups.create('SG_1', 'test-icmp') + + # Add ingress rule for ICMP protocol + self.show_step(4) + icmp = { + 'ip_protocol': 'icmp', + 'from_port': -1, + 'to_port': -1, + 'cidr': '0.0.0.0/0' + } + sg1_rule = os_conn.nova.security_group_rules.create(sg1.id, **icmp) + + # Launch two instances in default network. Instances should belong to + # different az (nova and vcenter) + self.show_step(5) + ssh = { + 'ip_protocol': 'tcp', + 'from_port': 22, + 'to_port': 22, + 'cidr': '0.0.0.0/0' + } + ssh_sg = os_conn.nova.security_groups.create('ssh_sg', 'test-ssh') + os_conn.nova.security_group_rules.create(ssh_sg.id, **ssh) + + vm1 = os_help.create_instance(os_conn, sg_names=[ssh_sg.name]) + vm2 = os_help.create_instance(os_conn, sg_names=[ssh_sg.name], + az='vcenter') + + # Attach created security group to instances + self.show_step(6) + os_conn.nova.servers.add_security_group(vm1, sg1.name) + os_conn.nova.servers.add_security_group(vm2, sg1.name) + + # Check that instances can ping each other + self.show_step(7) + vm1_fip, vm2_fip = \ + os_help.create_and_assign_floating_ips(os_conn, [vm1, vm2]) + + net_name = self.default.PRIVATE_NET + vm1_ip = os_conn.get_nova_instance_ip(vm1, net_name=net_name) + vm2_ip = os_conn.get_nova_instance_ip(vm2, net_name=net_name) + + os_help.check_connection_vms({vm1_fip: [vm2_ip], vm2_fip: [vm1_ip]}) + + # Delete ingress rule for ICMP protocol + self.show_step(8) + os_conn.nova.security_group_rules.delete(sg1_rule) + + # Check that instances can't ping each other + self.show_step(9) + os_help.check_connection_vms({vm1_fip: [vm2_ip], vm2_fip: [vm1_ip]}, + result_of_command=1) + + # Delete instances + self.show_step(10) + os_conn.delete_instance(vm1) + os_conn.delete_instance(vm2) + os_conn.verify_srv_deleted(vm1) + os_conn.verify_srv_deleted(vm2) + + # Delete security group + self.show_step(11) + os_conn.nova.security_groups.delete(sg1) + os_conn.nova.security_groups.delete(ssh_sg) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_manage_compute_hosts']) + @log_snapshot_after_test + def nsxt_manage_compute_hosts(self): + """Verify that instances could be launched on enabled compute host. + + Scenario: + 1. Set up for system tests. + 2. Disable one of compute host in each availability zone + (vcenter and nova). + 3. Create several instances in both az. + 4. Check that instances were created on enabled compute hosts. + 5. Disable second compute host and enable first one in each + availability zone (vcenter and nova). + 6. Create several instances in both az. + 7. Check that instances were created on enabled compute hosts. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + cluster_id = self.fuel_web.get_last_created_cluster() + os_conn = os_actions.OpenStackActions( + self.fuel_web.get_public_vip(cluster_id), + SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Disable one of compute host in each availability zone + self.show_step(2) + services = os_conn.nova.services.list(binary='nova-compute') + disabled_services = [ + [srv for srv in services if srv.zone == 'vcenter'].pop(), + [srv for srv in services if srv.zone == 'nova'].pop() + ] + for service in disabled_services: + os_conn.disable_nova_service(service) + + self.show_step(3) # Create several instances in both az + instances = [] + for i in range(1): + instances.append(os_help.create_instance(os_conn, az='vcenter')) + instances.append(os_help.create_instance(os_conn)) + + # Check that instances were created on enabled compute hosts + self.show_step(4) + vmware_hosts = [srv.host for srv in disabled_services] + for inst in instances: + inst_host = getattr(inst, 'OS-EXT-SRV-ATTR:host') + assert_true(inst_host not in vmware_hosts, + 'Instance was launched on disabled cluster') + for i in instances: + i.delete() + instances = [] + + # Disable second compute host and enable first one in each + # availability zone (vcenter and nova) + self.show_step(5) + for service in services: + if service in disabled_services: + os_conn.enable_nova_service(service) + else: + os_conn.disable_nova_service(service) + + self.show_step(6) # Create several instances in both az + for i in range(1): + instances.append(os_help.create_instance(os_conn, az='vcenter')) + instances.append(os_help.create_instance(os_conn)) + + # Check that instances were created on enabled compute hosts + self.show_step(7) + for inst in instances: + inst_host = getattr(inst, 'OS-EXT-SRV-ATTR:host') + assert_true(inst_host in vmware_hosts, + 'Instance was launched on disabled cluster') + + for service in services: + if service not in disabled_services: + os_conn.enable_nova_service(service) + for i in instances: + i.delete() + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_different_tenants']) + @log_snapshot_after_test + def nsxt_different_tenants(self): + """Check isolation between VMs in different tenants. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Create new tenant with new user. + 4. In new tenant create network with subnet. + 5. In new tenant create router, set gateway and add interface. + 6. In new tenant launch instance and associate floating ip with vm. + 7. Launch instance in default network and associate floating ip + with vm. + 8. Check that default security group allow ingress icmp traffic. + 9. Send icmp ping between instances in different tenants via + floating ip. + + Duration: 30 min + """ + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + + os_ip = self.fuel_web.get_public_vip(cluster_id) + os_conn = os_actions.OpenStackActions( + os_ip, SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + self.show_step(3) # Create new tenant with new user + tenant = os_conn.create_tenant('test_tenant') + + user = os_conn.create_user('test', 'test', tenant) + os_help.add_role_to_user(os_conn, 'test', 'admin', 'test_tenant') + + os_conn_test = os_actions.OpenStackActions(os_ip, 'test', 'test', + 'test_tenant') + + self.show_step(4) # In new tenant create network with subnet + net1 = os_conn_test.create_network(network_name='net_01', + tenant_id=tenant.id)['network'] + subnet1 = os_conn_test.create_subnet( + subnet_name=net1['name'], + network_id=net1['id'], + cidr='192.168.1.0/24', + ip_version=4) + + # In new tenant create router, set gateway and add interface + self.show_step(5) + router = os_conn_test.create_router('test_router', tenant) + os_conn_test.add_router_interface(router_id=router["id"], + subnet_id=subnet1["id"]) + + # In new tenant launch instance and associate floating ip with vm + self.show_step(6) + default_net = self.default.PRIVATE_NET + sg = os_conn_test.create_sec_group_for_ssh().name + vm1 = os_help.create_instance(os_conn_test, sg_names=[sg]) + + vm1_fip = os_conn_test.assign_floating_ip(vm1).ip + vm1_ip = os_conn.get_nova_instance_ip(vm1, net_name=default_net) + + # Launch instance in default network and associate floating ip with vm + self.show_step(7) + sg = os_conn.create_sec_group_for_ssh().name + vm2 = os_help.create_instance(os_conn, sg_names=[sg], az='vcenter') + + vm2_fip = os_conn.assign_floating_ip(vm2).ip + vm2_ip = os_conn.get_nova_instance_ip(vm2, net_name=default_net) + + # Check that default security group allow ingress icmp traffic + self.show_step(8) + + # Send icmp ping between instances in different tenants via floating ip + self.show_step(9) + os_help.check_connection_vms({vm1_fip: [vm2_ip], vm2_fip: [vm1_ip]}) + + # Cleanup + vm1.delete() + vm2.delete() + os_help.remove_router_interface(os_conn_test, + router['id'], subnet1['id']) + os_conn.neutron.delete_network(net1['id']) + os_conn.neutron.delete_router(router['id']) + + os_conn.delete_tenant(tenant) + os_conn.delete_user(user) + + @test(depends_on=[nsxt_setup_system], + groups=['nsxt_same_ip_different_tenants']) + @log_snapshot_after_test + def nsxt_same_ip_different_tenants(self): + """Check connectivity between VMs with same ip in different tenants. + + Scenario: + 1. Set up for system tests. + 2. Get access to OpenStack. + 3. Create 2 non-admin tenants 'test_1' and 'test_2' with common + admin user. + 4. In tenant 'test_1' create network 'net1' and subnet 'subnet1' + with CIDR 10.0.0.0/24. + 5. In tenant 'test_1' create router 'router1' and attach 'net1' + to it. + 6. In tenant 'test_1' create security group 'SG_1' and add rule + that allows ingress icmp traffic. + 7. In tenant 'test_1' launch two instances (VM_1 and VM_2) in + created network with created security group. Instances should + belong to different az (nova and vcenter). + 8. Assign floating IPs for created VMs. + 9. In tenant 'test_2' create network 'net2' and subnet 'subnet2' + with CIDR 10.0.0.0/24. + 10. In tenant 'test_2' create router 'router2' and attach 'net2' + to it. + 11. In tenant 'test_2' create security group 'SG_2' and add rule + that allows ingress icmp traffic. + 12. In tenant 'test_2' launch two instances (VM_3 and VM_4) in + created network with created security group. Instances should + belong to different az (nova and vcenter). + 13. Assign floating IPs for created VMs. + 14. Verify that VMs with same ip on different tenants communicate + between each other by FIPs. Send icmp ping from VM_1 to VM_3, + VM_2 to VM_4 and vice versa. + + Duration: 30 min + """ + icmp_rule = { + 'ip_protocol': 'icmp', + 'from_port': -1, + 'to_port': -1, + 'cidr': '0.0.0.0/0', + } + + self.show_step(1) # Set up for system tests + self.env.revert_snapshot('nsxt_setup_system') + + self.show_step(2) # Get access to OpenStack + cluster_id = self.fuel_web.get_last_created_cluster() + + os_ip = self.fuel_web.get_public_vip(cluster_id) + os_conn = os_actions.OpenStackActions( + os_ip, SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + # Create 2 non-admin tenants 'test_1' and 'test_2' with common + # admin user + self.show_step(3) + tenant1 = os_conn.create_tenant('test_1') + tenant2 = os_conn.create_tenant('test_2') + + os_help.add_role_to_user(os_conn, 'admin', 'admin', 'test_1') + os_help.add_role_to_user(os_conn, 'admin', 'admin', 'test_2') + + os_conn1 = os_actions.OpenStackActions(os_ip, 'admin', + 'admin', 'test_1') + os_conn2 = os_actions.OpenStackActions(os_ip, 'admin', + 'admin', 'test_2') + + # In tenant 'test_1' create network 'net1' and subnet 'subnet1' with + # CIDR 10.0.0.0/24 + self.show_step(4) + net1 = os_conn1.create_network(network_name='net01', + tenant_id=tenant1.id)['network'] + subnet1 = os_conn1.create_subnet( + subnet_name='subnet1', + network_id=net1['id'], + cidr='10.0.0.0/24', + ip_version=4) + + # In tenant 'test_1' create router 'router1' and attach 'net1' to it + self.show_step(5) + router1 = os_conn1.create_router('router1', tenant1) + os_conn1.add_router_interface(router_id=router1["id"], + subnet_id=subnet1["id"]) + + # In tenant 'test_1' create security group 'SG_1' and add rule that + # allows ingress icmp traffic + self.show_step(6) + sg1 = os_conn1.nova.security_groups.create('SG_1', 'descr') + os_conn1.nova.security_group_rules.create(sg1.id, **icmp_rule) + + # In tenant 'test_1' launch two instances (VM_1 and VM_2) in created + # network with created security group. Instances should belong to + # different az + self.show_step(7) + sg = os_conn1.create_sec_group_for_ssh().name + vm1 = os_help.create_instance(os_conn1, net=net1, + sg_names=[sg, sg1.name]) + vm2 = os_help.create_instance(os_conn1, net=net1, az='vcenter', + sg_names=[sg, sg1.name]) + + self.show_step(8) # Assign floating IPs for created VMs + vm1_fip = os_conn1.assign_floating_ip(vm1).ip + vm2_fip = os_conn1.assign_floating_ip(vm2).ip + + # In tenant 'test_2' create network 'net2' and subnet 'subnet2' with + # CIDR 10.0.0.0/24 + self.show_step(9) + net2 = os_conn2.create_network(network_name='net02', + tenant_id=tenant2.id)['network'] + + subnet2 = os_conn2.create_subnet( + subnet_name='subnet2', + network_id=net2['id'], + cidr='10.0.0.0/24', + ip_version=4) + + # In tenant 'test_2' create router 'router2' and attach 'net2' to it + self.show_step(10) + router2 = os_conn2.create_router('router2', tenant2) + os_conn2.add_router_interface(router_id=router2["id"], + subnet_id=subnet2["id"]) + + # In tenant 'test_2' create security group 'SG_2' and add rule that + # allows ingress icmp traffic + self.show_step(11) + sg = os_conn2.create_sec_group_for_ssh().name + sg2 = os_conn2.nova.security_groups.create('SG_2', 'descr') + os_conn2.nova.security_group_rules.create(sg2.id, **icmp_rule) + + # In tenant 'test_2' launch two instances (VM_3 and VM_4) in created + # network with created security group. Instances should belong to + # different az + self.show_step(12) + vm3 = os_help.create_instance(os_conn2, net=net2, + sg_names=[sg, sg2.name]) + vm4 = os_help.create_instance(os_conn2, net=net2, az='vcenter', + sg_names=[sg, sg2.name]) + + self.show_step(13) # Assign floating IPs for created VMs + vm3_fip = os_conn2.assign_floating_ip(vm3).ip + vm4_fip = os_conn2.assign_floating_ip(vm4).ip + + # Verify that VMs with same ip on different tenants communicate + # between each other by FIPs. Send icmp ping from VM_1 to VM_3, + # VM_2 to VM_4 and vice versa + self.show_step(14) + os_help.check_connection_vms({vm1_fip: [vm3_fip], vm3_fip: [vm1_fip], + vm2_fip: [vm4_fip], vm4_fip: [vm2_fip]}) + + vms = (vm1, vm2, vm3, vm4) + + # Cleanup + for vm, fip in zip(vms, (vm1_fip, vm2_fip, vm3_fip, vm4_fip)): + vm.remove_floating_ip(fip) + vm.delete() + + os_help.remove_router_interface(os_conn1, router1['id'], subnet1['id']) + os_help.remove_router_interface(os_conn2, router2['id'], subnet2['id']) + + for vm in (vm1, vm2): + os_conn.verify_srv_deleted(vm) + + os_conn.neutron.delete_router(router1['id']) + os_conn.neutron.delete_router(router2['id']) + + for vm in (vm3, vm4): + os_conn.verify_srv_deleted(vm) + + os_conn.neutron.delete_network(net1['id']) + os_conn.neutron.delete_network(net2['id']) + + os_conn.delete_tenant(tenant1) + os_conn.delete_tenant(tenant2) + @test(depends_on=[nsxt_setup_system], groups=['nsxt_hot']) @log_snapshot_after_test