diff --git a/vmware_nsx_tempest_plugin/lib/feature_manager.py b/vmware_nsx_tempest_plugin/lib/feature_manager.py index 9acbab5..d063dcc 100644 --- a/vmware_nsx_tempest_plugin/lib/feature_manager.py +++ b/vmware_nsx_tempest_plugin/lib/feature_manager.py @@ -341,9 +341,28 @@ class FeatureManager(traffic_manager.IperfManager, # Wait for the firewall resource to become ready self._wait_fw_v1_until_ready(created_firewall['id']) + def ping_between_vms_different_router_uniscale(self, icmp_succeed=True): + """ + Receives topology servers dictionary as input and finds all the + servers list checks NS and EW Traffic + """ + for server in self.servers_details.values(): + ip_address = server[0]['floating_ips'][0]['floating_ip_address'] + ssh_source = self._get_remote_client(ip_address, use_password=True) + self.\ + test_fip_check_server_and_project_network_connectivity( + server, + should_connect=icmp_succeed) + for remote_server in self.servers_details.values(): + if remote_server[0]['name'] != server[0]['name']: + remote_ip = remote_server[0][ + 'addresses'].values()[0][0]['addr'] + self.check_remote_connectivity(ssh_source, remote_ip, + should_succeed=True) # # L2Gateway base class. To get basics of L2GW. # + def create_l2gw(self, l2gw_name, l2gw_param): """Creates L2GW and returns the response. diff --git a/vmware_nsx_tempest_plugin/lib/traffic_manager.py b/vmware_nsx_tempest_plugin/lib/traffic_manager.py index 171e5b3..d86ac28 100644 --- a/vmware_nsx_tempest_plugin/lib/traffic_manager.py +++ b/vmware_nsx_tempest_plugin/lib/traffic_manager.py @@ -77,8 +77,9 @@ class TrafficManager(appliance_manager.ApplianceManager): self.check_server_internal_ips_using_floating_ip( floating_ip, server, compute_ips, should_connect) - def using_floating_ip_check_server_and_project_network_connectivity( - self, server_details, floating_ip=None, network=None): + def test_fip_check_server_and_project_network_connectivity( + self, server_details, floating_ip=None, network=None, + should_connect=True): if not network: network = server_details.networks[0] if not floating_ip: diff --git a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_ens.py b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_ens.py index e3502e8..31fce62 100644 --- a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_ens.py +++ b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_ens.py @@ -58,7 +58,7 @@ class TestEnsOps(feature_manager.FeatureManager): CONF.nsxv3.nsx_password) def verify_ping_to_fip_from_ext_vm(self, server_details): - self.using_floating_ip_check_server_and_project_network_connectivity( + self.test_fip_check_server_and_project_network_connectivity( server_details) def verify_ping_own_fip(self, server): diff --git a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_net_ops.py b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_net_ops.py index c586bbc..947473c 100644 --- a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_net_ops.py +++ b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_net_ops.py @@ -66,13 +66,13 @@ class TestNetOps(feature_manager.FeatureManager): router_ops = self.create_topology_router("router_ops") network_ops = self.create_topology_network("network_ops") self.create_topology_subnet("subnet_ops", network_ops, - router_id=router_ops["id"]) + router_id=router_ops["id"]) self.create_topology_instance( "server_ops", [network_ops], security_groups=[{'name': self.net_ssh_icmp_sg['name']}]) def verify_ping_to_fip_from_ext_vm(self, server_details): - self.using_floating_ip_check_server_and_project_network_connectivity( + self.test_fip_check_server_and_project_network_connectivity( server_details) def verify_ping_own_fip(self, server): diff --git a/vmware_nsx_tempest_plugin/tests/scenario/test_micro_segmentation_ops.py b/vmware_nsx_tempest_plugin/tests/scenario/test_micro_segmentation_ops.py index a75b2ba..073719f 100644 --- a/vmware_nsx_tempest_plugin/tests/scenario/test_micro_segmentation_ops.py +++ b/vmware_nsx_tempest_plugin/tests/scenario/test_micro_segmentation_ops.py @@ -111,7 +111,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager): # Web network network_web = self.create_topology_network("network_web") self.create_topology_subnet("subnet_web", network_web, - router_id=router_microseg["id"]) + router_id=router_microseg["id"]) self.create_topology_instance( "server_web_1", [network_web], security_groups=[{'name': self.web_sg['name']}]) @@ -121,7 +121,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager): # App network network_app = self.create_topology_network("network_app") self.create_topology_subnet("subnet_app", network_app, - router_id=router_microseg["id"]) + router_id=router_microseg["id"]) self.create_topology_instance( "server_app_1", [network_app], security_groups=[{'name': self.app_sg['name']}]) @@ -130,7 +130,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager): security_groups=[{'name': self.app_sg['name']}]) def check_server_project_connectivity(self, server_details): - self.using_floating_ip_check_server_and_project_network_connectivity( + self.test_fip_check_server_and_project_network_connectivity( server_details) @decorators.attr(type=["nsxv3", "nsxv"]) diff --git a/vmware_nsx_tempest_plugin/tests/scenario/test_new_case_coverage.py b/vmware_nsx_tempest_plugin/tests/scenario/test_new_case_coverage.py index 551d633..e49973f 100644 --- a/vmware_nsx_tempest_plugin/tests/scenario/test_new_case_coverage.py +++ b/vmware_nsx_tempest_plugin/tests/scenario/test_new_case_coverage.py @@ -163,7 +163,7 @@ class TestNewCase(feature_manager.FeatureManager): return topology_dict def verify_ping_to_fip_from_ext_vm(self, server_details): - self.using_floating_ip_check_server_and_project_network_connectivity( + self.test_fip_check_server_and_project_network_connectivity( server_details) def verify_ping_own_fip(self, server): diff --git a/vmware_nsx_tempest_plugin/tests/uni-scale/test_dhcp_uni_port_sec.py b/vmware_nsx_tempest_plugin/tests/uni-scale/test_dhcp_uni_port_sec.py new file mode 100644 index 0000000..1998809 --- /dev/null +++ b/vmware_nsx_tempest_plugin/tests/uni-scale/test_dhcp_uni_port_sec.py @@ -0,0 +1,99 @@ +# Copyright 2018 VMware Inc +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import re + +from tempest import config +from tempest.lib.common.utils import data_utils +from tempest.lib import decorators + +from vmware_nsx_tempest_plugin.lib import feature_manager +from vmware_nsx_tempest_plugin.services import nsxv3_client +from vmware_nsx_tempest_plugin.services import nsxv_client + +from oslo_log import log as logging + +CONF = config.CONF +LOG = logging.getLogger(__name__) + + +class PORTSecUnidimensionalScaleTest(feature_manager.FeatureManager): + + """Test Uni Dimesional Case for + Logical-switches + Logical-Dhcp-Servers + Logical-Static-bindings + + """ + @classmethod + def setup_clients(cls): + super(PORTSecUnidimensionalScaleTest, cls).setup_clients() + cls.cmgr_adm = cls.get_client_manager('admin') + cls.cmgr_alt = cls.get_client_manager('alt') + cls.cmgr_adm = cls.get_client_manager('admin') + + @classmethod + def resource_setup(cls): + super(PORTSecUnidimensionalScaleTest, cls).resource_setup() + if CONF.network.backend == "nsxv3": + cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager, + CONF.nsxv3.nsx_user, + CONF.nsxv3.nsx_password) + elif CONF.network.backend == "nsxv": + manager_ip = re.search(r"(\d{1,3}\.){3}\d{1,3}", + CONF.nsxv.manager_uri).group(0) + cls.vsm = nsxv_client.VSMClient( + manager_ip, CONF.nsxv.user, CONF.nsxv.password) + + def _create_scale_logical_port_with_disabled_port_sec(self, scale): + # Create a network with dhcp enabled subnet + neutron_ports = 0 + name = data_utils.rand_name('port-sec-net') + network = self.create_topology_network(network_name=name) + sub_name = data_utils.rand_name('port-sec-sub') + self.create_topology_subnet(sub_name, network, cidr='20.20.0.0/16') + port_name = data_utils.rand_name('port-sec') + for i in range(scale): + args = {"device_owner": 'compute:None', + "port_security_enabled": False, + "name": '%s%s' % (port_name, i)} + self.create_topology_port(network, **args) + ports = self.ports_client.list_ports() + for port in ports.get('ports'): + if "port-sec" in port['name']: + neutron_ports += 1 + self.assertEqual(neutron_ports, scale) + backend_ports = self.nsx.get_logical_ports() + ports_name = [i.get('display_name') for i in backend_ports + if "port-sec" in i.get('display_name')] + self.assertEqual(len(ports_name) - 2, scale) + ns_group_id = self.nsx.get_neutron_ns_group_id() + members = self.nsx.get_ns_group_port_members(ns_group_id) + self.assertEqual(members.get('result_count'), scale) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c2b264a2-daab-4123-ad3b-f0713a390f47') + def test_create_500_logical_dhcp_server(self): + self._create_scale_logical_port_with_disabled_port_sec(500) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('5ba22b0f-4593-4345-8998-a3002ce63406') + def test_create_1k_logical_dhcp_server(self): + self._create_scale_logical_port_with_disabled_port_sec(1000) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ddf3d789-838a-4567-b4fe-8fe214f0e956') + def test_create_2k_logical_dhcp_server(self): + self._create_scale_logical_port_with_disabled_port_sec(2000) diff --git a/vmware_nsx_tempest_plugin/tests/uni-scale/test_provider_sec_gw_uni_dimensionalscale.py b/vmware_nsx_tempest_plugin/tests/uni-scale/test_provider_sec_gw_uni_dimensionalscale.py new file mode 100644 index 0000000..2c0de7d --- /dev/null +++ b/vmware_nsx_tempest_plugin/tests/uni-scale/test_provider_sec_gw_uni_dimensionalscale.py @@ -0,0 +1,147 @@ +# Copyright 2018 VMware Inc +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import re + +from tempest import config +from tempest.lib import decorators + +from vmware_nsx_tempest_plugin.lib import feature_manager +from vmware_nsx_tempest_plugin.services import nsxv3_client +from vmware_nsx_tempest_plugin.services import nsxv_client + +from oslo_log import log as logging + +CONF = config.CONF +LOG = logging.getLogger(__name__) + + +class ProviderSecGrpUnidimensionalScaleTest(feature_manager.FeatureManager): + + """Test Uni Dimesional Case for + Logical-security-groups + Logical-security-group-rules + + """ + @classmethod + def setup_clients(cls): + super(ProviderSecGrpUnidimensionalScaleTest, cls).setup_clients() + cls.cmgr_adm = cls.get_client_manager('admin') + cls.cmgr_alt = cls.get_client_manager('alt') + cls.cmgr_adm = cls.get_client_manager('admin') + + @classmethod + def resource_setup(cls): + super(ProviderSecGrpUnidimensionalScaleTest, cls).resource_setup() + if CONF.network.backend == "nsxv3": + cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager, + CONF.nsxv3.nsx_user, + CONF.nsxv3.nsx_password) + elif CONF.network.backend == "nsxv": + manager_ip = re.search(r"(\d{1,3}\.){3}\d{1,3}", + CONF.nsxv.manager_uri).group(0) + cls.vsm = nsxv_client.VSMClient( + manager_ip, CONF.nsxv.user, CONF.nsxv.password) + + def _create_topology_tier1_with_vms(self, no_of_entites, no_of_ports): + name = 'pro-sec-router' + router = self.create_topology_router(router_name=name) + for i in range(no_of_entites): + name = 'uniscale-%s-net' % i + network = self.create_topology_network(network_name=name) + sub_name = 'uniscale-%s-sub' % i + self.create_topology_subnet( + sub_name, + network, + router_id=router['id']) + self.create_topology_instance( + "server_pro_%s" % i, [network]) + + for j in range(no_of_ports): + kwargs = {"port_security_enabled": "true", + "security_groups": []} + self.create_topology_port( + network, ports_client=self.cmgr_adm.ports_client, **kwargs) + + def _create_scale_logical_security_groups(self, scale): + i = 100 + for num in range(scale): + sg = self.create_topology_security_provider_group(self.cmgr_adm, + provider=True) + sw_rules = [dict(direction='ingress', protocol='icmp', + port_range_min=i + 1, + port_range_max=i + 1, )] + for rule in sw_rules: + self.add_security_group_rule(sg, rule) + provider_sec = self.security_group_rules_client.list_security_groups( + ) + error_msg = "Neutron provider sec group doesn't created" + self.assertIsNotNone(len(provider_sec), error_msg) + nsx_firewall = self.nsx.get_firewall_sections() + sec_group = [dfw for dfw in nsx_firewall + if sg['name'] in dfw['display_name']][0] + self.assertIsNotNone(len(sec_group)) + nsx_firewall = self.nsx.get_firewall_section_rules(sec_group) + scale_firewall_rule = [dfw for dfw in nsx_firewall + if dfw['id'] is not None] + self.assertIsNotNone(len(scale_firewall_rule)) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('a12264a2-daab-451f-ad3b-f0713a390123') + def test_create_10_provider_groups_100_ports_1_switch(self): + self._create_scale_logical_security_groups(10) + self._create_topology_tier1_with_vms(1, 100) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63231') + def test_create_10_provider_groups_1000_ports_1_switch(self): + self._create_scale_logical_security_groups(10) + self._create_topology_tier1_with_vms(1, 1000) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63981') + def test_create_100_provider_groups_100_ports_1_switch(self): + self._create_scale_logical_security_groups(100) + self._create_topology_tier1_with_vms(1, 100) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63009') + def test_create_100_provider_groups_1000_ports_1_switch(self): + self._create_scale_logical_security_groups(100) + self._create_topology_tier1_with_vms(1, 1000) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63341') + def test_create_10_provider_groups_100_ports_switch_10(self): + self._create_scale_logical_security_groups(10) + self._create_topology_tier1_with_vms(10, 100) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002c345406') + def test_create_1000_provider_groups_100_ports_10_switch(self): + self._create_scale_logical_security_groups(1000) + self._create_topology_tier1_with_vms(10, 100) + # Check vms connectivity from outside world when provider-sec group enabled + self.ping_between_vms_different_router_uniscale(icmp_succeed=False)