Browse Source

Patch for P0 of allowed address cidr

- P0 automation

Change-Id: I43d14c3f5d700ead7f584ae6555a097a0cf6b746
changes/73/768473/8
Shubham Kadam 9 months ago
parent
commit
0566023cbe
  1. 8
      doc/requirements.txt
  2. 6
      lower-constraints.txt
  3. 4
      test-requirements.txt
  4. 13
      vmware_nsx_tempest_plugin/lib/feature_manager.py
  5. 20
      vmware_nsx_tempest_plugin/lib/traffic_manager.py
  6. 383
      vmware_nsx_tempest_plugin/tests/scenario/test_allowed_addres_cidr.py

8
doc/requirements.txt

@ -1,4 +1,4 @@
sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD
sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
openstackdocstheme>=1.18.1 # Apache-2.0
reno>=2.5.0 # Apache-2.0
openstackdocstheme>=2.2.0 # Apache-2.0
reno>=3.1.0 # Apache-2.0
sphinx>=2.0.0,!=2.1.0 # BSD
sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD

6
lower-constraints.txt

@ -3,13 +3,13 @@ hacking>=1.1.0 # Apache-2.0
flake8-import-order==0.12
mock==2.0.0
neutron-lib==1.26.0
openstackdocstheme==1.18.1
openstackdocstheme==2.2.0
os-testr==1.0.0
oslotest==3.2.0
pbr==4.0.0
pylint==1.7.1
pylint==2.1.0
python-subunit==1.0.0
reno==2.5.0
reno==3.1.0
stestr==2.0.0
tempest==17.1.0
testtools==2.2.0

4
test-requirements.txt

@ -12,8 +12,8 @@ python-subunit>=1.0.0 # Apache-2.0/BSD
oslotest>=3.2.0 # Apache-2.0
testtools>=2.2.0 # MIT
# releasenotes
reno>=2.5.0 # Apache-2.0
reno>=3.1.0 # Apache-2.0
tempest>=17.1.0 # Apache-2.0
os-testr>=1.0.0 # Apache-2.0
pylint==1.7.6 # GPLv2
pylint==2.1.0 # GPLv2
stestr>=2.0.0 # Apache-2.0

13
vmware_nsx_tempest_plugin/lib/feature_manager.py

@ -806,7 +806,8 @@ class FeatureManager(traffic_manager.IperfManager,
i = 0
vip = self.vip_ip_address
time.sleep(constants.WAIT_FOR_VIP)
self.do_http_request(vip=vip, send_counts=self.poke_counters)
self.do_http_request(vip=vip, send_counts=self.poke_counters,
no_resp=no_resp)
# ROUND_ROUBIN, so equal counts
no_of_vms = len(self.http_cnt)
if source_ip:
@ -1591,7 +1592,7 @@ class FeatureManager(traffic_manager.IperfManager,
barbican_container=None, invert=None,
qos_policy_id=None, external=None,
external_subnet=None, create_fip=None,
no_cleanup=False):
no_cleanup=False, ipv6=False):
count = 0
lb_name = None
if persistence:
@ -1717,6 +1718,14 @@ class FeatureManager(traffic_manager.IperfManager,
net_name = self.servers_details[server_name][2][0]['name']
fixed_ip_address = self.servers_details[
server_name][0]['addresses'][net_name][0]['addr']
if ipv6:
if self.servers_details[server_name][0]['addresses'][
net_name][0]['version'] == 6:
fixed_ip_address = self.servers_details[
server_name][0]['addresses'][net_name][0]['addr']
else:
fixed_ip_address = self.servers_details[
server_name][0]['addresses'][net_name][1]['addr']
if weight:
weight += count
if barbican:

20
vmware_nsx_tempest_plugin/lib/traffic_manager.py

@ -195,18 +195,22 @@ class TrafficManager(appliance_manager.ApplianceManager):
stderr)
return stdout
def query_webserver(self, web_ip, HTTPS=None):
def query_webserver(self, web_ip, HTTPS=None, no_resp=False):
try:
if no_resp:
retries = 2
else:
retries = 10
if HTTPS is None:
url_path = "http://{0}/".format(web_ip)
# lbaas servers use nc, might be slower to response
http = urllib3.PoolManager(retries=10)
http = urllib3.PoolManager(retries=retries)
resp = http.request('GET', url_path)
return resp.data.strip()
else:
url_path = "https://{0}/".format(web_ip)
# lbaas servers use nc, might be slower to response
http = urllib3.PoolManager(retries=10,
http = urllib3.PoolManager(retries=retries,
cert_reqs='CERT_NONE')
resp = http.request('GET', url_path)
return resp.data.strip()
@ -220,13 +224,17 @@ class TrafficManager(appliance_manager.ApplianceManager):
self.count_response(resp)
return self.http_cnt
def do_http_request(self, vip, start_path='', send_counts=None):
def do_http_request(self, vip, start_path='', send_counts=None,
no_resp=False):
# http_cnt stores no of requests made for each members
self.http_cnt = {}
if not CONF.nsxv3.ens:
if no_resp:
send_counts = 2
for x in range(send_counts):
resp = self.query_webserver(vip)
self.count_response(resp)
resp = self.query_webserver(vip, no_resp=no_resp)
if not no_resp:
self.count_response(resp)
else:
for x in range(send_counts):
self.http_cnt = self.query_ens(vip)

383
vmware_nsx_tempest_plugin/tests/scenario/test_allowed_addres_cidr.py

@ -0,0 +1,383 @@
# Copyright 2017 VMware Inc
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import time
from tempest.common.utils.linux import remote_client
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
from tempest.lib import exceptions
from vmware_nsx_tempest_plugin.common import constants
from vmware_nsx_tempest_plugin.lib import feature_manager
from vmware_nsx_tempest_plugin.services import nsxp_client
from vmware_nsx_tempest_plugin.services import nsxv3_client
CONF = config.CONF
LOG = constants.log.getLogger(__name__)
class TestAllowedAddresCidr(feature_manager.FeatureManager):
"""Test New Cases Scenario
"""
@classmethod
def setup_clients(cls):
super(TestAllowedAddresCidr, cls).setup_clients()
cls.cmgr_adm = cls.get_client_manager('admin')
cls.cmgr_alt = cls.get_client_manager('alt')
cls.cmgr_adm = cls.get_client_manager('admin')
cls.routers_client = cls.cmgr_adm.routers_client
cls.networks_client = cls.cmgr_adm.networks_client
cls.subnets_client = cls.cmgr_adm.subnets_client
cls.sec_rule_client = cls.cmgr_adm.security_group_rules_client
cls.sec_client = cls.cmgr_adm.security_groups_client
def setUp(self):
super(TestAllowedAddresCidr, self).setUp()
CONF.validation.ssh_shell_prologue = ''
self.vip_ip_address = ''
self.namestart = 'lbaas-ops'
self.poke_counters = 12
self.hm_delay = 4
self.hm_max_retries = 3
self.hm_timeout = 10
self.server_names = []
self.loadbalancer = None
self.vip_fip = None
self.web_service_start_delay = 2.5
@classmethod
def resource_setup(cls):
super(TestAllowedAddresCidr, cls).resource_setup()
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager,
CONF.nsxv3.nsx_user,
CONF.nsxv3.nsx_password)
cls.nsxp = nsxp_client.NSXPClient(CONF.nsxv3.nsx_manager,
CONF.nsxv3.nsx_user,
CONF.nsxv3.nsx_password)
def _test_ping_from_external_network(self, fip_ip):
out = os.popen('ping -c 5 %s' % fip_ip).read().strip()
return out
def _create_ipv6_subnet(self, network, cidr, ipv6_ra_mode=None,
ipv6_address_mode=None,
router_id=None, slaac=False, enable_dhcp=False):
subnet_client = self.cmgr_adm.subnets_client
subnet_name = network['name'] + 'sub'
if slaac:
subnet = self.create_topology_subnet(
subnet_name, network,
subnets_client=subnet_client,
ip_version=6, ipv6_ra_mode='slaac',
ipv6_address_mode='slaac',
cidr=cidr, router_id=router_id)
else:
subnet = self.create_topology_subnet(
subnet_name, network,
subnets_client=subnet_client,
ipv6_address_mode=ipv6_address_mode,
ipv6_ra_mode=ipv6_ra_mode,
ip_version=6, enable_dhcp=True,
cidr=cidr, router_id=router_id)
return subnet
def create_topo_single_dhcpv6_network(
self, namestart, ipv6_address_mode,
ipv6_ra_mode, create_instance=True,
set_gateway=True, slaac=False,
ipv6cidr=None, cidr=None,
security_groups=None, **kwargs):
"""
Create Topo where 1 logical switches which is
connected via tier-1 router.
"""
rtr_name = data_utils.rand_name(name='tempest-router')
network_name = data_utils.rand_name(name='tempest-net')
subnet_name = data_utils.rand_name(name='tempest-subnet')
router_state = self.create_topology_router(rtr_name,
set_gateway=set_gateway,
**kwargs)
network_state = self.create_topology_network(network_name)
subnet_state = self.create_topology_subnet(
subnet_name, network_state,
router_id=router_state["id"], cidr=cidr)
subnet_v6 = self._create_ipv6_subnet(
network_state, cidr=ipv6cidr, slaac=slaac,
ipv6_address_mode=ipv6_address_mode,
ipv6_ra_mode=ipv6_ra_mode,
router_id=router_state["id"])
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
if create_instance:
image_id = self.get_glance_image_id(["cirros", "esx"])
self.create_topology_instance(
"state_vm_1", [network_state],
create_floating_ip=True, image_id=image_id,
clients=self.cmgr_adm,
security_groups=security_groups)
self.create_topology_instance(
"state_vm_2", [network_state],
create_floating_ip=True, image_id=image_id,
clients=self.cmgr_adm,
security_groups=security_groups)
topology_dict = dict(router_state=router_state,
network_state=network_state,
subnet_state=subnet_state,
subnet_v6=subnet_v6)
return topology_dict
@decorators.idempotent_id('2317449c-14ca-1428-a428-09956daa46c3')
def test_allowed_address_cidr_octavia_lb(self):
"""
Create NAT and Firewall rules on router.
Verify order of NAT and Firewall.
"""
kwargs = {"enable_snat": True}
network_name = data_utils.rand_name(name='tempest-net')
subnet_name = data_utils.rand_name(name='tempest-subnet')
router_state = self.create_topology_router(
set_gateway=True,
routers_client=self.cmgr_adm.routers_client, **kwargs)
network_state = self.create_topology_network(
network_name, networks_client=self.cmgr_adm.networks_client)
subnet_state = self.create_topology_subnet(
subnet_name, network_state,
subnets_client=self.cmgr_adm.subnets_client)
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
self.cmgr_adm.routers_client.add_router_interface(
router_state['id'], subnet_id=subnet_state["id"])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.cmgr_adm.routers_client.remove_router_interface,
router_state['id'], subnet_id=subnet_state["id"])
sec_rule_client = self.cmgr_adm.security_group_rules_client
sec_client = self.cmgr_adm.security_groups_client
kwargs = dict(tenant_id=network_state['tenant_id'],
security_group_rules_client=sec_rule_client,
security_groups_client=sec_client)
self.sg = self._create_security_group(
security_group_rules_client=self.cmgr_adm.
security_group_rules_client,
security_groups_client=self.cmgr_adm.security_groups_client)
lbaas_rules = [dict(direction='ingress', protocol='tcp',
port_range_min=constants.HTTP_PORT,
port_range_max=constants.HTTP_PORT, ),
dict(direction='ingress', protocol='tcp',
port_range_min=443, port_range_max=443, ),
dict(direction='ingress', protocol='tcp',
port_range_min=constants.HTTP_PORT,
port_range_max=constants.HTTP_PORT,
ethertype='IPv6'),
dict(direction='ingress', protocol='tcp',
port_range_min=443, port_range_max=443,
ethertype='IPv6')]
for rule in lbaas_rules:
self.add_security_group_rule(
self.sg,
rule,
ruleclient=self.cmgr_adm.security_group_rules_client,
secclient=self.cmgr_adm.security_groups_client,
tenant_id=network_state['tenant_id'])
security_groups = [{'name': self.sg['name']}]
image_id = self.get_glance_image_id(["cirros", "esx"])
self.create_topology_instance(
"state_vm_1", [network_state],
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
security_groups=security_groups)
self.create_topology_instance(
"state_vm_2", [network_state],
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
security_groups=security_groups)
self.start_web_servers(constants.HTTP_PORT)
lb_cist = self.create_project_octavia(
protocol_type="HTTP", protocol_port="80",
lb_algorithm="LEAST_CONNECTIONS",
vip_net_id=network_state['id'])
allowed_cidrs = {'allowed_cidrs': ['3.0.0.0/24', '4.0.0.0/24']}
self.octavia_admin_listener_client.\
update_octavia_listener(lb_cist['listener_id'],
listener_data=allowed_cidrs)['listener']
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
self.check_project_lbaas(no_resp=True)
out = os.popen("sudo ifconfig eth1 | grep 'inet'"
"| awk {'print$2'} | "
"cut -f2 -d':'").read().strip()
allowed_cidrs = {'allowed_cidrs': ['%s/24' % out]}
self.octavia_admin_listener_client.\
update_octavia_listener(lb_cist['listener_id'],
listener_data=allowed_cidrs)['listener']
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
self.check_project_lbaas(no_resp=False)
self.delete_octavia_lb_resources(lb_cist['lb_id'])
@decorators.idempotent_id('2317449c-14ca-1428-a428-09956daa46c3')
def test_allowed_address_ipv6_cidr_octavia_lb(self):
"""
Create NAT and Firewall rules on router.
Verify order of NAT and Firewall.
"""
kwargs = {"enable_snat": True}
mode = "dhcpv6-stateless"
network_name = data_utils.rand_name(name='tempest-net')
subnet_name = data_utils.rand_name(name='tempest-subnet')
router_name = data_utils.rand_name(name='tempest-router')
network_state1 = self.create_topology_network(
network_name, networks_client=self.cmgr_adm.networks_client)
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
sec_rule_client = self.cmgr_adm.security_group_rules_client
sec_client = self.cmgr_adm.security_groups_client
kwargs = dict(tenant_id=network_state1['tenant_id'],
security_group_rules_client=sec_rule_client,
security_groups_client=sec_client)
self.sg = self._create_security_group(
security_group_rules_client=self.cmgr_adm.
security_group_rules_client,
security_groups_client=self.cmgr_adm.security_groups_client)
lbaas_rules = [dict(direction='ingress', protocol='tcp'),
dict(direction='ingress', protocol='tcp',
ethertype='IPv6'),
dict(direction='egress', protocol='tcp',
ethertype='IPv6'),
dict(direction='egress', protocol='tcp')]
for rule in lbaas_rules:
self.add_security_group_rule(
self.sg,
rule,
ruleclient=self.cmgr_adm.security_group_rules_client,
secclient=self.cmgr_adm.security_groups_client,
tenant_id=network_state1['tenant_id'])
kwargs = {"admin_state_up": "True"}
security_groups = [{'name': self.sg['name']}]
topology_dict = self.create_topo_single_dhcpv6_network(
"allowed_address_cidr", create_instance=True,
set_gateway=True,
ipv6_ra_mode=mode, ipv6_address_mode=mode,
ipv6cidr="1300::/64", cidr="13.0.0.0/24",
security_groups=security_groups, **kwargs)
subnetipv6_state = topology_dict['subnet_v6']
router_state1 = self.create_topology_router(
router_name, set_gateway=True,
routers_client=self.cmgr_adm.routers_client, **kwargs)
self.create_topology_subnet(
subnet_name, network_state1,
subnets_client=self.cmgr_adm.subnets_client,
cidr="35.0.0.0/24", router_id=router_state1["id"])
mode = "dhcpv6-stateless"
self._create_ipv6_subnet(
network_state1, cidr="3500::/64", slaac=False,
ipv6_address_mode=mode,
ipv6_ra_mode=mode,
router_id=router_state1["id"])
network_name = data_utils.rand_name(name='tempest-net')
subnet_name = data_utils.rand_name(name='tempest-subnet')
router_name = data_utils.rand_name(name='tempest-router')
network_state2 = self.create_topology_network(
network_name, networks_client=self.cmgr_adm.networks_client)
router_state2 = self.create_topology_router(
router_name, set_gateway=True,
routers_client=self.cmgr_adm.routers_client, **kwargs)
self.create_topology_subnet(
subnet_name, network_state2,
subnets_client=self.cmgr_adm.subnets_client,
cidr="46.0.0.0/24", router_id=router_state2["id"])
self._create_ipv6_subnet(
network_state2, cidr="4600::/64", slaac=False,
ipv6_address_mode=mode,
ipv6_ra_mode=mode,
router_id=router_state2["id"])
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT)
self.start_web_servers(constants.HTTP_PORT)
lb_cist = self.create_project_octavia(
protocol_type="HTTP", protocol_port="80",
lb_algorithm="LEAST_CONNECTIONS",
vip_subnet_id=subnetipv6_state['id'],
create_fip=False, ipv6=True)
security_groups = [{'name': self.sg['name']}]
image_id = self.get_glance_image_id(["cirros", "esx"])
server3 = self.create_topology_instance(
"state_vm_3", [network_state1],
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
security_groups=security_groups)
server4 = self.create_topology_instance(
"state_vm_4", [network_state2],
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
security_groups=security_groups)
allowed_cidrs = {'allowed_cidrs': ['3500::/64', '4600::/64']}
self.octavia_admin_listener_client.\
update_octavia_listener(lb_cist['listener_id'],
listener_data=allowed_cidrs)['listener']
fip1 = server3["floating_ips"][0]["floating_ip_address"]
fip2 = server4["floating_ips"][0]["floating_ip_address"]
ssh_client = remote_client.RemoteClient(
fip1, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
for i in range(4):
data = ssh_client.exec_command(command)
self.assertIn(data, ['state_vm_1', 'state_vm_2'])
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
ssh_client = remote_client.RemoteClient(
fip2, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
for i in range(4):
data = ssh_client.exec_command(command)
self.assertIn(data, ['state_vm_1', 'state_vm_2'])
allowed_cidrs = {'allowed_cidrs': ["6700::/64"]}
self.octavia_admin_listener_client.\
update_octavia_listener(lb_cist['listener_id'],
listener_data=allowed_cidrs)['listener']
fip1 = server3["floating_ips"][0]["floating_ip_address"]
fip2 = server4["floating_ips"][0]["floating_ip_address"]
ssh_client = remote_client.RemoteClient(
fip1, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
for i in range(4):
self.assertRaises(
exceptions.SSHExecCommandFailed,
ssh_client.exec_command, command)
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
ssh_client = remote_client.RemoteClient(
fip2, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
for i in range(4):
self.assertRaises(
exceptions.SSHExecCommandFailed,
ssh_client.exec_command, command)
allowed_cidrs = {'allowed_cidrs': []}
self.octavia_admin_listener_client.\
update_octavia_listener(lb_cist['listener_id'],
listener_data=allowed_cidrs)['listener']
fip1 = server3["floating_ips"][0]["floating_ip_address"]
fip2 = server4["floating_ips"][0]["floating_ip_address"]
ssh_client = remote_client.RemoteClient(
fip1, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
for i in range(4):
data = ssh_client.exec_command(command)
self.assertIn(data, ['state_vm_1', 'state_vm_2'])
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
ssh_client = remote_client.RemoteClient(
fip2, 'cirros', 'gocubsgo')
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address']
for i in range(4):
data = ssh_client.exec_command(command)
self.assertIn(data, ['state_vm_1', 'state_vm_2'])
self.delete_octavia_lb_resources(lb_cist['lb_id'])
Loading…
Cancel
Save