From 2eb83d06bda2436b114afc725494cf3de754cbc9 Mon Sep 17 00:00:00 2001 From: ekhomyakova Date: Thu, 25 Aug 2016 17:59:12 +0300 Subject: [PATCH] Fix for dvs_attached_ports test Closes-Bug: #1594343 Change-Id: I960da1bc9c46629e6529d37436183b2aa6ab7a55 --- docs/test_plan/source/test_suite_system.rst | 16 +- .../tests/test_plugin_vmware_dvs_system.py | 225 +++++++++--------- 2 files changed, 126 insertions(+), 115 deletions(-) diff --git a/docs/test_plan/source/test_suite_system.rst b/docs/test_plan/source/test_suite_system.rst index 364a318..2744e19 100644 --- a/docs/test_plan/source/test_suite_system.rst +++ b/docs/test_plan/source/test_suite_system.rst @@ -986,22 +986,22 @@ Steps 1. Set up for system tests. 2. Create net_1: net01__subnet, 192.168.1.0/24, and attach it to the default router. - 3. Create security SG1 group with rules: + 3. Create security group SG1 with rules: Ingress rule with ip protocol 'icmp', port range any, SG group 'SG1' Egress rule with ip protocol 'icmp', port range any, SG group 'SG1' Ingress rule with ssh protocol 'tcp', port range 22, SG group 'SG1' Egress rule with ssh protocol 'tcp', port range 22, SG group 'SG1' - 4. Launch few instances with SG1 in net1. - 5. Launch few instances with Default SG in net1. + 4. Launch 2 instances with SG1 in net_1. + 5. Launch 2 instances with Default SG in net_1. 6. Verify that icmp/ssh is enabled between instances from SG1. - 7. Verify that that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. - 8. Detached ports of all instances from net_1. - 9. Attached ports of all instances to default internal net. For instances of Vcenter to activate new interface on cirros edit the restart network: "sudo /etc/init.d/S40network restart" + 7. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. + 8. Detach ports of all instances from net_1. + 9. Attach ports of all instances to default internal net. To activate new interface on cirros restart network: "sudo /etc/init.d/S40network restart" 10. Check that all instances are in Default SG. 11. Verify that icmp/ssh is enabled between instances. - 12. Change of some instances Default SG to SG1. + 12. Change for some instances Default SG to SG1. 13. Verify that icmp/ssh is enabled between instances from SG1. - 14. Verify that that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. + 14. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. Expected result diff --git a/plugin_test/tests/test_plugin_vmware_dvs_system.py b/plugin_test/tests/test_plugin_vmware_dvs_system.py index bc5caf8..f074685 100644 --- a/plugin_test/tests/test_plugin_vmware_dvs_system.py +++ b/plugin_test/tests/test_plugin_vmware_dvs_system.py @@ -1992,8 +1992,8 @@ class TestDVSSystem(TestBasic): Scenario: 1. Revert snapshot to dvs_vcenter_systest_setup. 2. Create net_1: net01__subnet, 192.168.1.0/24, and attach - it to the router01. - 3. Create security SG1 group with rules: + it to the default router. + 3. Create security group SG1 with rules: Ingress rule with ip protocol 'icmp ', port range any, SG group 'SG1' Egress rule with ip protocol 'icmp ', port range any, @@ -2002,27 +2002,29 @@ class TestDVSSystem(TestBasic): SG group 'SG1' Egress rule with ssh protocol 'tcp ', port range 22, SG group 'SG1' - 4. Launch few instances with SG1 in net1. - 5. Launch few instances with Default SG in net1. + 4. Launch 2 instances with SG1 in net_1. + 5. Launch 2 instances with Default SG in net_1. 6. Verify that icmp/ssh is enabled between instances from SG1. - 7. Verify that that icmp/ssh isn't allowed to instances of SG1 + 7. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. - 8. Detached ports of all instances from net_1. - 9. Attached ports of all instances to default internal net. + 8. Detach ports of all instances from net_1. + 9. Attach ports of all instances to default internal net. To activate new interface on cirros restart network: "sudo /etc/init.d/S40network restart" 10. Check that all instances are in Default SG. 11. Verify that icmp/ssh is enabled between instances. - 12. Change of some instances Default SG to SG1. + 12. Change for some instances Default SG to SG1. 13. Verify that icmp/ssh is enabled between instances from SG1. - 14. Verify that that icmp/ssh isn't allowed to instances of SG1 + 14. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG. Duration 15 min """ + # Set up environment for the test self.show_step(1) - self.env.revert_snapshot("dvs_vcenter_systest_setup") + + self.env.revert_snapshot('dvs_vcenter_systest_setup') cluster_id = self.fuel_web.get_last_created_cluster() os_ip = self.fuel_web.get_public_vip(cluster_id) @@ -2033,147 +2035,156 @@ class TestDVSSystem(TestBasic): tenant = os_conn.get_tenant(SERVTEST_TENANT) - network = os_conn.create_network( - network_name=self.net_data[0].keys()[0], - tenant_id=tenant.id)['network'] + # Create net_1 and attach it to the default router + self.show_step(2) - subnet = os_conn.create_subnet( - subnet_name=network['name'], - network_id=network['id'], + net1 = os_conn.create_network(network_name=self.net_data[0].keys()[0], + tenant_id=tenant.id)['network'] + subnet1 = os_conn.create_subnet( + subnet_name=net1['name'], + network_id=net1['id'], cidr=self.net_data[0][self.net_data[0].keys()[0]], ip_version=4) - # Check that network is created. - assert_true( - os_conn.get_network(network['name'])['id'] == network['id'] - ) - # Create Router_01, set gateway and add interface - # to external network. - router_1 = os_conn.create_router( - 'router_1', - tenant=tenant) + # Check that network is created + assert_true(os_conn.get_network(net1['name'])['id'] == net1['id']) - # Add net_1 to router_1 - os_conn.add_router_interface( - router_id=router_1["id"], - subnet_id=subnet["id"]) + # Add net_1 to default router + default_router = os_conn.neutron.list_routers()['routers'][0] + os_conn.add_router_interface(router_id=default_router['id'], + subnet_id=subnet1['id']) - self.show_step(4) - sg1 = os_conn.nova.security_groups.create( - 'SG1', "descr") - sg_rules = [ - sg_rule for sg_rule - in os_conn.neutron.list_security_group_rules()[ - 'security_group_rules'] - if sg_rule['security_group_id'] == sg1.id] - for rule in sg_rules: + # Create security group SG1 + self.show_step(3) + + sg1 = os_conn.nova.security_groups.create('SG1', 'descr') + _sg_rules = os_conn.neutron.list_security_group_rules() + sg1_rules = [sg_rule for sg_rule in _sg_rules['security_group_rules'] + if sg_rule['security_group_id'] == sg1.id] + for rule in sg1_rules: os_conn.neutron.delete_security_group_rule(rule['id']) for rule in [self.icmp, self.tcp]: rule["security_group_rule"]["security_group_id"] = sg1.id rule["security_group_rule"]["remote_group_id"] = sg1.id + rule["security_group_rule"]["direction"] = "ingress" os_conn.neutron.create_security_group_rule(rule) + rule["security_group_rule"]["direction"] = "egress" os_conn.neutron.create_security_group_rule(rule) default_net = os_conn.nova.networks.find(label=self.inter_net_name) - # add rules for ssh and ping + # Permit all TCP and ICMP in security group default os_conn.goodbye_security() - default_sg = [ - sg - for sg in os_conn.neutron.list_security_groups()['security_groups'] - if sg['tenant_id'] == os_conn.get_tenant(SERVTEST_TENANT).id - if sg['name'] == 'default'][0] - self.show_step(5) + _groups = os_conn.neutron.list_security_groups()['security_groups'] + default_sg = [sg for sg in _groups + if sg['tenant_id'] == tenant.id and + sg['name'] == 'default'][0] + + # Launch instances with SG1 in net_1 + self.show_step(4) + instances_1 = openstack.create_instances( - os_conn=os_conn, nics=[{'net-id': network['id']}], + os_conn=os_conn, + nics=[{'net-id': net1['id']}], security_groups=[sg1.name]) - access_point_1, access_point_ip_1 = openstack.create_access_point( - os_conn=os_conn, nics=[{'net-id': network['id']}], - security_groups=[sg1.name, default_sg['name']]) + _, access_point_ip_1 = openstack.create_access_point( + os_conn=os_conn, + nics=[{'net-id': net1['id']}], + security_groups=[default_sg['name'], sg1.name]) + + # Launch instances with Default SG in net_1 + self.show_step(5) - self.show_step(6) instances_2 = openstack.create_instances( - os_conn=os_conn, nics=[{'net-id': default_net.id}], + os_conn=os_conn, + nics=[{'net-id': net1['id']}], security_groups=[default_sg['name']]) - access_point_2, access_point_ip_2 = openstack.create_access_point( - os_conn=os_conn, nics=[{'net-id': default_net.id}], - security_groups=[default_sg['name'], sg1.name]) openstack.verify_instance_state(os_conn) - ips_1 = [] - for instance in instances_1: - ips_1.append(os_conn.get_nova_instance_ip( - instance, net_name=network['name'])) - ips_2 = [] - for instance in instances_2: - ips_2.append(os_conn.get_nova_instance_ip( - instance, net_name=self.inter_net_name)) + # Verify that icmp/ssh is enabled in SG1 + self.show_step(6) - ip_pair = dict.fromkeys(ips_1) - for key in ip_pair: - ip_pair[key] = [value for value in ips_1 if key != value] - openstack.check_connection_through_host( - access_point_ip_1, ip_pair, - timeout=60) + ips_1 = [os_conn.get_nova_instance_ip(i, net_name=net1['name']) + for i in instances_1] + openstack.ping_each_other(ips=ips_1, + timeout=60 * 5, + access_point_ip=access_point_ip_1) + + # Verify that icmp/ssh isn't allowed between SG1 and Default SG self.show_step(7) - for key in ip_pair: - ip_pair[key] = ips_2 - openstack.check_connection_through_host( - access_point_ip_1, ip_pair, - result_of_command=1) + ips_2 = [os_conn.get_nova_instance_ip(i, net_name=net1['name']) + for i in instances_2] + ip_pairs = {ip: ips_2 for ip in ips_1} + openstack.check_connection_through_host(remote=access_point_ip_1, + timeout=60, + ip_pair=ip_pairs, + result_of_command=1) + + # Detach ports of all instances from net_1 self.show_step(8) + # Attach ports of all instances to default internal net self.show_step(9) + for instance in instances_1: - ip = os_conn.get_nova_instance_ip( - instance, net_name=network['name']) - port = [ - p - for p in os_conn.neutron.list_ports()['ports'] - if p['fixed_ips'][0]['ip_address'] == ip].pop() - instance.interface_detach( - port["id"]) - instance.interface_attach( - None, default_net.id, None) - instance.reboot() # instead of restart network + ip = os_conn.get_nova_instance_ip(instance, net_name=net1['name']) + port = [p for p in os_conn.neutron.list_ports()['ports'] + if p['fixed_ips'][0]['ip_address'] == ip].pop() + instance.interface_detach(port['id']) + instance.interface_attach(None, default_net.id, None) + instance.reboot() # instead of network restart + # Check that all instances are in Default SG self.show_step(10) - ips = [] - instances = [instance for instance in os_conn.nova.servers.list() - if instance.id in [inst.id for inst in instances_1]] - for instance in instances: - assert_true(instance.security_groups.pop()['name'] == 'default') - ips.append(os_conn.get_nova_instance_ip( - instance, net_name=self.inter_net_name)) + ips_1 = [] + instances_1 = [instance for instance in os_conn.nova.servers.list() + if instance.id in [inst.id for inst in instances_1]] + for instance in instances_1: + assert_true(instance.security_groups.pop()['name'] == 'default') + ips_1.append(os_conn.get_nova_instance_ip( + srv=instance, net_name=self.inter_net_name)) + + # Verify that icmp/ssh is enabled between instances (in Default SG) self.show_step(11) - ip_pair = dict.fromkeys(ips_2) - for key in ip_pair: - ip_pair[key] = ips - openstack.check_connection_through_host( - access_point_ip_2, ip_pair, - timeout=60 * 5) + + _, access_point_ip_2 = openstack.create_access_point( + os_conn=os_conn, + nics=[{'net-id': default_net.id}], + security_groups=[default_sg['name']]) + + openstack.ping_each_other(ips=ips_1 + ips_2, + timeout=60, + access_point_ip=access_point_ip_2) + + # Change for some instances Default SG to SG1 self.show_step(12) - self.show_step(13) - for instance in instances: + + for instance in instances_1: instance.remove_security_group('default') instance.add_security_group(sg1.name) - for key in ip_pair: - ip_pair[key] = [value for value in ips if key != value] - openstack.check_connection_through_host( - access_point_ip_2, ip_pair, - timeout=60 * 2) + # Verify that icmp/ssh is enabled in SG1 + self.show_step(13) + + openstack.ping_each_other(ips=ips_1, + timeout=60, + access_point_ip=access_point_ip_1) + + # Verify that icmp/ssh isn't allowed between SG1 and Default SG self.show_step(14) - openstack.check_connection_through_host( - access_point_ip_2, ip_pair, - result_of_command=1) + + ip_pairs = {ip: ips_2 for ip in ips_1} + openstack.check_connection_through_host(remote=access_point_ip_1, + timeout=60, + ip_pair=ip_pairs, + result_of_command=1) @test(depends_on=[dvs_vcenter_systest_setup], groups=["dvs_port_security_group"])