summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sdnvpn/artifacts/testcase_2bis.yaml289
-rw-r--r--sdnvpn/test/functest/config.yaml39
-rw-r--r--sdnvpn/test/functest/testcase_2bis.py188
3 files changed, 515 insertions, 1 deletions
diff --git a/sdnvpn/artifacts/testcase_2bis.yaml b/sdnvpn/artifacts/testcase_2bis.yaml
new file mode 100644
index 0000000..0319a6d
--- /dev/null
+++ b/sdnvpn/artifacts/testcase_2bis.yaml
@@ -0,0 +1,289 @@
+heat_template_version: 2013-05-23
+
+description: >
+ Template for SDNVPN testcase 2
+ tenant separation
+
+parameters:
+ flavor:
+ type: string
+ description: flavor for the servers to be created
+ constraints:
+ - custom_constraint: nova.flavor
+ image_n:
+ type: string
+ description: image for the servers to be created
+ constraints:
+ - custom_constraint: glance.image
+ av_zone_1:
+ type: string
+ description: availability zone 1
+ id_rsa_key:
+ type: string
+ description: id_rsa file contents for the vms
+
+ net_1_name:
+ type: string
+ description: network 1
+ subnet_1a_name:
+ type: string
+ description: subnet 1a name
+ subnet_1a_cidr:
+ type: string
+ description: subnet 1a cidr
+ subnet_1b_name:
+ type: string
+ description: subnet 1b name
+ subnet_1b_cidr:
+ type: string
+ description: subnet 1b cidr
+ router_1_name:
+ type: string
+ description: router 1 name
+ net_2_name:
+ type: string
+ description: network 2
+ subnet_2a_name:
+ type: string
+ description: subnet 2a name
+ subnet_2a_cidr:
+ type: string
+ description: subnet 2a cidr
+ subnet_2b_name:
+ type: string
+ description: subnet 2b name
+ subnet_2b_cidr:
+ type: string
+ description: subnet 2b cidr
+ router_2_name:
+ type: string
+ description: router 2 name
+
+ secgroup_name:
+ type: string
+ description: security group name
+ secgroup_descr:
+ type: string
+ description: security group slogan
+
+ instance_1_name:
+ type: string
+ description: instance name
+ instance_2_name:
+ type: string
+ description: instance name
+ instance_3_name:
+ type: string
+ description: instance name
+ instance_4_name:
+ type: string
+ description: instance name
+ instance_5_name:
+ type: string
+ description: instance name
+
+ instance_1_ip:
+ type: string
+ description: instance fixed ip
+ instance_2_ip:
+ type: string
+ description: instance fixed ip
+ instance_3_ip:
+ type: string
+ description: instance fixed ip
+ instance_4_ip:
+ type: string
+ description: instance fixed ip
+ instance_5_ip:
+ type: string
+ description: instance fixed ip
+
+resources:
+ net_1:
+ type: OS::Neutron::Net
+ properties:
+ name: { get_param: net_1_name }
+ subnet_1a:
+ type: OS::Neutron::Subnet
+ properties:
+ name: { get_param: subnet_1a_name }
+ network: { get_resource: net_1 }
+ cidr: { get_param: subnet_1a_cidr }
+ net_2:
+ type: OS::Neutron::Net
+ properties:
+ name: { get_param: net_2_name }
+ subnet_2b:
+ type: OS::Neutron::Subnet
+ properties:
+ name: { get_param: subnet_2b_name }
+ network: { get_resource: net_2 }
+ cidr: { get_param: subnet_2b_cidr }
+
+ sec_group:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name: { get_param: secgroup_name }
+ description: { get_param: secgroup_descr }
+ rules:
+ - protocol: icmp
+ remote_ip_prefix: 0.0.0.0/0
+ - protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ remote_ip_prefix: 0.0.0.0/0
+
+ vm1:
+ type: OS::Nova::Server
+ depends_on: [ vm2, vm4 ]
+ properties:
+ name: { get_param: instance_1_name }
+ image: { get_param: image_n }
+ flavor: { get_param: flavor }
+ availability_zone: { get_param: av_zone_1 }
+ security_groups:
+ - { get_resource: sec_group }
+ networks:
+ - network: { get_resource: net_1 }
+ fixed_ip: { get_param: instance_1_ip }
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ template: |
+ #!/bin/sh
+ sudo mkdir -p /home/cirros/.ssh/
+ sudo chown cirros:cirros /home/cirros/.ssh/
+ sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc
+ sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa
+ sudo chown cirros:cirros /home/cirros/.ssh/id_rsa
+ sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys
+ sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys
+ chmod 700 /home/cirros/.ssh
+ chmod 644 /home/cirros/.ssh/authorized_keys
+ chmod 600 /home/cirros/.ssh/id_rsa
+ echo gocubsgo > cirros_passwd
+ set $IP_VM2 $IP_VM4
+ echo will try to ssh to $IP_VM2 and $IP_VM4
+ while true; do
+ for i do
+ ip=$i
+ hostname=$(ssh -y -i /home/cirros/.ssh/id_rsa cirros@$ip 'hostname' </dev/zero 2>/dev/null)
+ RES=$?
+ echo $RES
+ if [ \"Z$RES\" = \"Z0\" ]; then echo $ip $hostname;
+ else echo $ip 'not reachable';fi;
+ done
+ sleep 1
+ done
+ params:
+ $IP_VM2: { get_param: instance_2_ip }
+ $IP_VM4: { get_param: instance_4_ip }
+ $ID_RSA: { get_param: id_rsa_key }
+ $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\
+ stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\
+ sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\
+ ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1"
+ vm2:
+ type: OS::Nova::Server
+ properties:
+ name: { get_param: instance_2_name }
+ image: { get_param: image_n }
+ flavor: { get_param: flavor }
+ availability_zone: { get_param: av_zone_1 }
+ security_groups:
+ - { get_resource: sec_group }
+ networks:
+ - network: { get_resource: net_1 }
+ fixed_ip: { get_param: instance_2_ip }
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ template: |
+ #!/bin/sh
+ sudo mkdir -p /home/cirros/.ssh/
+ sudo chown cirros:cirros /home/cirros/.ssh/
+ sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc
+ sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa
+ sudo chown cirros:cirros /home/cirros/.ssh/id_rsa
+ sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys
+ sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys
+ chmod 700 /home/cirros/.ssh
+ chmod 644 /home/cirros/.ssh/authorized_keys
+ chmod 600 /home/cirros/.ssh/id_rsa
+ params:
+ $ID_RSA: { get_param: id_rsa_key }
+ $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\
+ stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\
+ sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\
+ ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1"
+ vm4:
+ type: OS::Nova::Server
+ depends_on: vm2
+ properties:
+ name: { get_param: instance_4_name }
+ image: { get_param: image_n }
+ flavor: { get_param: flavor }
+ availability_zone: { get_param: av_zone_1 }
+ security_groups:
+ - { get_resource: sec_group }
+ networks:
+ - network: { get_resource: net_2 }
+ fixed_ip: { get_param: instance_4_ip }
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ template: |
+ #!/bin/sh
+ sudo mkdir -p /home/cirros/.ssh/
+ sudo chown cirros:cirros /home/cirros/.ssh/
+ sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc
+ sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa
+ sudo chown cirros:cirros /home/cirros/.ssh/id_rsa
+ sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys
+ sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys
+ chmod 700 /home/cirros/.ssh
+ chmod 644 /home/cirros/.ssh/authorized_keys
+ chmod 600 /home/cirros/.ssh/id_rsa
+ set $IP_VM1
+ echo will try to ssh to $IP_VM1
+ while true; do
+ for i do
+ ip=$i
+ hostname=$(ssh -y -i /home/cirros/.ssh/id_rsa cirros@$ip 'hostname' </dev/zero 2>/dev/null)
+ RES=$?
+ if [ \"Z$RES\" = \"Z0\" ]; then echo $ip $hostname;
+ else echo $ip 'not reachable';fi;
+ done
+ sleep 1
+ done
+ params:
+ $IP_VM1: { get_param: instance_1_ip }
+ $ID_RSA: { get_param: id_rsa_key }
+ $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\
+ stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\
+ sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\
+ ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1"
+ $DROPBEAR_PASSWORD: gocubsgo
+outputs:
+ net_1_o:
+ description: the id of network 1
+ value: { get_attr: [net_1, show, id] }
+ net_2_o:
+ description: the id of network 2
+ value: { get_attr: [net_2, show, id] }
+
+ vm1_o:
+ description: the deployed vm resource
+ value: { get_attr: [vm1, show, name] }
+ vm2_o:
+ description: the deployed vm resource
+ value: { get_attr: [vm2, show, name] }
+ vm3_o:
+ description: dummy
+ value: { get_attr: [vm2, show, name] }
+ vm4_o:
+ description: the deployed vm resource
+ value: { get_attr: [vm4, show, name] }
+ vm5_o:
+ description: dummy
+ value: { get_attr: [vm2, show, name] }
diff --git a/sdnvpn/test/functest/config.yaml b/sdnvpn/test/functest/config.yaml
index 809eed1..3ff35c5 100644
--- a/sdnvpn/test/functest/config.yaml
+++ b/sdnvpn/test/functest/config.yaml
@@ -86,6 +86,43 @@ testcases:
route_distinguishers1: '111:111'
route_distinguishers2: '222:222'
+ sdnvpn.test.functest.testcase_2bis:
+ enabled: true
+ order: 15
+ description: Tenant separation -same as test case 2
+ image_name: sdnvpn-image
+ stack_name: stack-2bis
+ hot_file_name: artifacts/testcase_2bis.yaml
+ heat_parameters:
+ instance_1_name: sdnvpn-2-1
+ instance_2_name: sdnvpn-2-2
+ instance_3_name: sdnvpn-2-3
+ instance_4_name: sdnvpn-2-4
+ instance_5_name: sdnvpn-2-5
+ instance_1_ip: 10.10.10.11
+ instance_2_ip: 10.10.10.12
+ instance_3_ip: 10.10.11.13
+ instance_4_ip: 10.10.10.12
+ instance_5_ip: 10.10.11.13
+ net_1_name: sdnvpn-2-1-net
+ subnet_1a_name: sdnvpn-2-1a-subnet
+ subnet_1a_cidr: 10.10.10.0/24
+ subnet_1b_name: sdnvpn-2-1b-subnet
+ subnet_1b_cidr: 10.10.11.0/24
+ router_1_name: sdnvpn-2-1-router
+ net_2_name: sdnvpn-2-2-net
+ subnet_2a_name: sdnvpn-2-2a-subnet
+ subnet_2a_cidr: 10.10.11.0/24
+ subnet_2b_name: sdnvpn-2-2b-subnet
+ subnet_2b_cidr: 10.10.10.0/24
+ router_2_name: sdnvpn-2-2-router
+ secgroup_name: sdnvpn-sg
+ secgroup_descr: Security group for SDNVPN test cases
+ targets1: '88:88'
+ targets2: '55:55'
+ route_distinguishers1: '111:111'
+ route_distinguishers2: '222:222'
+
sdnvpn.test.functest.testcase_3:
enabled: true
order: 3
@@ -141,7 +178,7 @@ testcases:
sdnvpn.test.functest.testcase_4bis:
enabled: true
- order: 15
+ order: 17
description: Test bed for HOT introduction - same tests as case 4
image_name: sdnvpn-image
stack_name: stack-4bis
diff --git a/sdnvpn/test/functest/testcase_2bis.py b/sdnvpn/test/functest/testcase_2bis.py
new file mode 100644
index 0000000..3736c0c
--- /dev/null
+++ b/sdnvpn/test/functest/testcase_2bis.py
@@ -0,0 +1,188 @@
+#!/usr/bin/env python
+#
+# Copyright (c) 2018 All rights reserved
+# This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+import base64
+import logging
+import sys
+import pkg_resources
+
+from random import randint
+from sdnvpn.lib import config as sdnvpn_config
+from sdnvpn.lib import openstack_utils as os_utils
+from sdnvpn.lib import utils as test_utils
+from sdnvpn.lib.results import Results
+
+logger = logging.getLogger(__name__)
+
+COMMON_CONFIG = sdnvpn_config.CommonConfig()
+TESTCASE_CONFIG = sdnvpn_config.TestcaseConfig(
+ 'sdnvpn.test.functest.testcase_2bis')
+
+
+def main():
+ conn = os_utils.get_os_connection()
+ results = Results(COMMON_CONFIG.line_length, conn)
+
+ results.add_to_summary(0, '=')
+ results.add_to_summary(2, 'STATUS', 'SUBTEST')
+ results.add_to_summary(0, '=')
+
+ conn = os_utils.get_os_connection()
+ # neutron client is needed as long as bgpvpn heat module
+ # is not yet installed by default in apex (APEX-618)
+ neutron_client = os_utils.get_neutron_client()
+
+ image_ids = []
+ bgpvpn_ids = []
+
+ try:
+ logger.debug("Using private key %s injected to the VMs."
+ % COMMON_CONFIG.keyfile_path)
+ keyfile = open(COMMON_CONFIG.keyfile_path, 'r')
+ key_buf = keyfile.read()
+ keyfile.close()
+ key = base64.b64encode(key_buf)
+
+ # image created outside HOT (OS::Glance::Image deprecated since ocata)
+ image_id = os_utils.create_glance_image(
+ conn, TESTCASE_CONFIG.image_name,
+ COMMON_CONFIG.image_path, disk=COMMON_CONFIG.image_format,
+ container='bare', public='public')
+ image_ids = [image_id]
+
+ compute_nodes = test_utils.assert_and_get_compute_nodes(conn)
+
+ az_1 = 'nova:' + compute_nodes[0]
+ # av_zone_2 = "nova:" + compute_nodes[1]
+
+ file_path = pkg_resources.resource_filename(
+ 'sdnvpn', TESTCASE_CONFIG.hot_file_name)
+ templ = open(file_path, 'r').read()
+ logger.debug("Template is read: '%s'" % templ)
+ env = test_utils.get_heat_environment(TESTCASE_CONFIG, COMMON_CONFIG)
+ logger.debug("Environment is read: '%s'" % env)
+
+ env['name'] = TESTCASE_CONFIG.stack_name
+ env['template'] = templ
+ env['parameters']['image_n'] = TESTCASE_CONFIG.image_name
+ env['parameters']['av_zone_1'] = az_1
+ env['parameters']['id_rsa_key'] = key
+
+ stack_id = os_utils.create_stack(conn, **env)
+ if stack_id is None:
+ logger.error('Stack create start failed')
+ raise SystemError('Stack create start failed')
+
+ test_utils.wait_stack_for_status(conn, stack_id, 'CREATE_COMPLETE')
+
+ net_1_output = os_utils.get_output(conn, stack_id, 'net_1_o')
+ network_1_id = net_1_output['output_value']
+ net_2_output = os_utils.get_output(conn, stack_id, 'net_2_o')
+ network_2_id = net_2_output['output_value']
+
+ vm_stack_output_keys = ['vm1_o', 'vm2_o', 'vm3_o', 'vm4_o', 'vm5_o']
+ vms = test_utils.get_vms_from_stack_outputs(conn,
+ stack_id,
+ vm_stack_output_keys)
+
+ logger.debug("Entering base test case with stack '%s'" % stack_id)
+
+ msg = ('Create VPN1 with eRT=iRT')
+ results.record_action(msg)
+ vpn1_name = 'sdnvpn-1-' + str(randint(100000, 999999))
+ kwargs = {
+ 'import_targets': TESTCASE_CONFIG.targets2,
+ 'export_targets': TESTCASE_CONFIG.targets2,
+ 'route_targets': TESTCASE_CONFIG.targets2,
+ 'route_distinguishers': TESTCASE_CONFIG.route_distinguishers1,
+ 'name': vpn1_name
+ }
+ bgpvpn1 = test_utils.create_bgpvpn(neutron_client, **kwargs)
+ bgpvpn1_id = bgpvpn1['bgpvpn']['id']
+ logger.debug("VPN1 created details: %s" % bgpvpn1)
+ bgpvpn_ids.append(bgpvpn1_id)
+
+ msg = ("Associate network '%s' to the VPN." %
+ TESTCASE_CONFIG.heat_parameters['net_1_name'])
+ results.record_action(msg)
+ results.add_to_summary(0, '-')
+
+ test_utils.create_network_association(
+ neutron_client, bgpvpn1_id, network_1_id)
+
+ logger.info('Waiting for the VMs to connect to each other using the'
+ ' updated network configuration for VPN1')
+ test_utils.wait_before_subtest()
+
+ # Remember: vms[X] has instance_X+1_name
+
+ # 10.10.10.12 should return sdnvpn-2 to sdnvpn-1
+ results.check_ssh_output(
+ vms[0], vms[1],
+ expected=TESTCASE_CONFIG.heat_parameters['instance_2_name'],
+ timeout=200)
+
+ results.add_to_summary(0, '-')
+ msg = ('Create VPN2 with eRT=iRT')
+ results.record_action(msg)
+ vpn2_name = 'sdnvpn-2-' + str(randint(100000, 999999))
+ kwargs = {
+ 'import_targets': TESTCASE_CONFIG.targets1,
+ 'export_targets': TESTCASE_CONFIG.targets1,
+ 'route_targets': TESTCASE_CONFIG.targets1,
+ 'route_distinguishers': TESTCASE_CONFIG.route_distinguishers2,
+ 'name': vpn2_name
+ }
+ bgpvpn2 = test_utils.create_bgpvpn(neutron_client, **kwargs)
+ bgpvpn2_id = bgpvpn2['bgpvpn']['id']
+ logger.debug("VPN created details: %s" % bgpvpn2)
+ bgpvpn_ids.append(bgpvpn2_id)
+
+ msg = ("Associate network '%s' to the VPN2." %
+ TESTCASE_CONFIG.heat_parameters['net_2_name'])
+ results.record_action(msg)
+ results.add_to_summary(0, '-')
+
+ test_utils.create_network_association(
+ neutron_client, bgpvpn2_id, network_2_id)
+
+ test_utils.wait_for_bgp_net_assoc(neutron_client,
+ bgpvpn1_id, network_1_id)
+ test_utils.wait_for_bgp_net_assoc(neutron_client,
+ bgpvpn2_id, network_2_id)
+
+ logger.info('Waiting for the VMs to connect to each other using the'
+ ' updated network configuration for VPN2')
+ test_utils.wait_before_subtest()
+
+ # 10.10.10.11 should return 'not reachable' to sdnvpn-4
+ results.check_ssh_output(vms[3], vms[0],
+ expected='not reachable',
+ timeout=30)
+
+ except Exception as e:
+ logger.error("exception occurred while executing testcase_2bis: %s", e)
+ raise
+ finally:
+ test_utils.cleanup_glance(conn, image_ids)
+ test_utils.cleanup_neutron(conn, neutron_client, [], bgpvpn_ids,
+ [], [], [], [])
+
+ try:
+ test_utils.delete_stack_and_wait(conn, stack_id)
+ except Exception as e:
+ logger.error(
+ "exception occurred while executing testcase_2bis: %s", e)
+
+ return results.compile_summary()
+
+
+if __name__ == '__main__':
+ sys.exit(main())