diff options
Diffstat (limited to 'sdnvpn')
-rw-r--r-- | sdnvpn/artifacts/testcase_2bis.yaml | 289 | ||||
-rw-r--r-- | sdnvpn/test/functest/config.yaml | 39 | ||||
-rw-r--r-- | sdnvpn/test/functest/testcase_2bis.py | 188 |
3 files changed, 515 insertions, 1 deletions
diff --git a/sdnvpn/artifacts/testcase_2bis.yaml b/sdnvpn/artifacts/testcase_2bis.yaml new file mode 100644 index 0000000..0319a6d --- /dev/null +++ b/sdnvpn/artifacts/testcase_2bis.yaml @@ -0,0 +1,289 @@ +heat_template_version: 2013-05-23 + +description: > + Template for SDNVPN testcase 2 + tenant separation + +parameters: + flavor: + type: string + description: flavor for the servers to be created + constraints: + - custom_constraint: nova.flavor + image_n: + type: string + description: image for the servers to be created + constraints: + - custom_constraint: glance.image + av_zone_1: + type: string + description: availability zone 1 + id_rsa_key: + type: string + description: id_rsa file contents for the vms + + net_1_name: + type: string + description: network 1 + subnet_1a_name: + type: string + description: subnet 1a name + subnet_1a_cidr: + type: string + description: subnet 1a cidr + subnet_1b_name: + type: string + description: subnet 1b name + subnet_1b_cidr: + type: string + description: subnet 1b cidr + router_1_name: + type: string + description: router 1 name + net_2_name: + type: string + description: network 2 + subnet_2a_name: + type: string + description: subnet 2a name + subnet_2a_cidr: + type: string + description: subnet 2a cidr + subnet_2b_name: + type: string + description: subnet 2b name + subnet_2b_cidr: + type: string + description: subnet 2b cidr + router_2_name: + type: string + description: router 2 name + + secgroup_name: + type: string + description: security group name + secgroup_descr: + type: string + description: security group slogan + + instance_1_name: + type: string + description: instance name + instance_2_name: + type: string + description: instance name + instance_3_name: + type: string + description: instance name + instance_4_name: + type: string + description: instance name + instance_5_name: + type: string + description: instance name + + instance_1_ip: + type: string + description: instance fixed ip + instance_2_ip: + type: string + description: instance fixed ip + instance_3_ip: + type: string + description: instance fixed ip + instance_4_ip: + type: string + description: instance fixed ip + instance_5_ip: + type: string + description: instance fixed ip + +resources: + net_1: + type: OS::Neutron::Net + properties: + name: { get_param: net_1_name } + subnet_1a: + type: OS::Neutron::Subnet + properties: + name: { get_param: subnet_1a_name } + network: { get_resource: net_1 } + cidr: { get_param: subnet_1a_cidr } + net_2: + type: OS::Neutron::Net + properties: + name: { get_param: net_2_name } + subnet_2b: + type: OS::Neutron::Subnet + properties: + name: { get_param: subnet_2b_name } + network: { get_resource: net_2 } + cidr: { get_param: subnet_2b_cidr } + + sec_group: + type: OS::Neutron::SecurityGroup + properties: + name: { get_param: secgroup_name } + description: { get_param: secgroup_descr } + rules: + - protocol: icmp + remote_ip_prefix: 0.0.0.0/0 + - protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: 0.0.0.0/0 + + vm1: + type: OS::Nova::Server + depends_on: [ vm2, vm4 ] + properties: + name: { get_param: instance_1_name } + image: { get_param: image_n } + flavor: { get_param: flavor } + availability_zone: { get_param: av_zone_1 } + security_groups: + - { get_resource: sec_group } + networks: + - network: { get_resource: net_1 } + fixed_ip: { get_param: instance_1_ip } + user_data_format: RAW + user_data: + str_replace: + template: | + #!/bin/sh + sudo mkdir -p /home/cirros/.ssh/ + sudo chown cirros:cirros /home/cirros/.ssh/ + sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc + sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa + sudo chown cirros:cirros /home/cirros/.ssh/id_rsa + sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys + sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys + chmod 700 /home/cirros/.ssh + chmod 644 /home/cirros/.ssh/authorized_keys + chmod 600 /home/cirros/.ssh/id_rsa + echo gocubsgo > cirros_passwd + set $IP_VM2 $IP_VM4 + echo will try to ssh to $IP_VM2 and $IP_VM4 + while true; do + for i do + ip=$i + hostname=$(ssh -y -i /home/cirros/.ssh/id_rsa cirros@$ip 'hostname' </dev/zero 2>/dev/null) + RES=$? + echo $RES + if [ \"Z$RES\" = \"Z0\" ]; then echo $ip $hostname; + else echo $ip 'not reachable';fi; + done + sleep 1 + done + params: + $IP_VM2: { get_param: instance_2_ip } + $IP_VM4: { get_param: instance_4_ip } + $ID_RSA: { get_param: id_rsa_key } + $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\ + stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\ + sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\ + ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1" + vm2: + type: OS::Nova::Server + properties: + name: { get_param: instance_2_name } + image: { get_param: image_n } + flavor: { get_param: flavor } + availability_zone: { get_param: av_zone_1 } + security_groups: + - { get_resource: sec_group } + networks: + - network: { get_resource: net_1 } + fixed_ip: { get_param: instance_2_ip } + user_data_format: RAW + user_data: + str_replace: + template: | + #!/bin/sh + sudo mkdir -p /home/cirros/.ssh/ + sudo chown cirros:cirros /home/cirros/.ssh/ + sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc + sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa + sudo chown cirros:cirros /home/cirros/.ssh/id_rsa + sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys + sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys + chmod 700 /home/cirros/.ssh + chmod 644 /home/cirros/.ssh/authorized_keys + chmod 600 /home/cirros/.ssh/id_rsa + params: + $ID_RSA: { get_param: id_rsa_key } + $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\ + stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\ + sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\ + ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1" + vm4: + type: OS::Nova::Server + depends_on: vm2 + properties: + name: { get_param: instance_4_name } + image: { get_param: image_n } + flavor: { get_param: flavor } + availability_zone: { get_param: av_zone_1 } + security_groups: + - { get_resource: sec_group } + networks: + - network: { get_resource: net_2 } + fixed_ip: { get_param: instance_4_ip } + user_data_format: RAW + user_data: + str_replace: + template: | + #!/bin/sh + sudo mkdir -p /home/cirros/.ssh/ + sudo chown cirros:cirros /home/cirros/.ssh/ + sudo echo $ID_RSA > /home/cirros/.ssh/id_rsa.enc + sudo base64 -d /home/cirros/.ssh/id_rsa.enc > /home/cirros/.ssh/id_rsa + sudo chown cirros:cirros /home/cirros/.ssh/id_rsa + sudo echo $AUTH_KEYS > /home/cirros/.ssh/authorized_keys + sudo chown cirros:cirros /home/cirros/.ssh/authorized_keys + chmod 700 /home/cirros/.ssh + chmod 644 /home/cirros/.ssh/authorized_keys + chmod 600 /home/cirros/.ssh/id_rsa + set $IP_VM1 + echo will try to ssh to $IP_VM1 + while true; do + for i do + ip=$i + hostname=$(ssh -y -i /home/cirros/.ssh/id_rsa cirros@$ip 'hostname' </dev/zero 2>/dev/null) + RES=$? + if [ \"Z$RES\" = \"Z0\" ]; then echo $ip $hostname; + else echo $ip 'not reachable';fi; + done + sleep 1 + done + params: + $IP_VM1: { get_param: instance_1_ip } + $ID_RSA: { get_param: id_rsa_key } + $AUTH_KEYS: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgnWtSS98Am516e\ + stBsq0jbyOB4eLMUYDdgzsUHsnxFQCtACwwAg9/2uq3FoGUBUWeHZNsT6jcK9\ + sCMEYiS479CUCzbrxcd8XaIlK38HECcDVglgBNwNzX/WDfMejXpKzZG61s98rU\ + ElNvZ0YDqhaqZGqxIV4ejalqLjYrQkoly3R+2k= cirros@test1" + $DROPBEAR_PASSWORD: gocubsgo +outputs: + net_1_o: + description: the id of network 1 + value: { get_attr: [net_1, show, id] } + net_2_o: + description: the id of network 2 + value: { get_attr: [net_2, show, id] } + + vm1_o: + description: the deployed vm resource + value: { get_attr: [vm1, show, name] } + vm2_o: + description: the deployed vm resource + value: { get_attr: [vm2, show, name] } + vm3_o: + description: dummy + value: { get_attr: [vm2, show, name] } + vm4_o: + description: the deployed vm resource + value: { get_attr: [vm4, show, name] } + vm5_o: + description: dummy + value: { get_attr: [vm2, show, name] } diff --git a/sdnvpn/test/functest/config.yaml b/sdnvpn/test/functest/config.yaml index 809eed1..3ff35c5 100644 --- a/sdnvpn/test/functest/config.yaml +++ b/sdnvpn/test/functest/config.yaml @@ -86,6 +86,43 @@ testcases: route_distinguishers1: '111:111' route_distinguishers2: '222:222' + sdnvpn.test.functest.testcase_2bis: + enabled: true + order: 15 + description: Tenant separation -same as test case 2 + image_name: sdnvpn-image + stack_name: stack-2bis + hot_file_name: artifacts/testcase_2bis.yaml + heat_parameters: + instance_1_name: sdnvpn-2-1 + instance_2_name: sdnvpn-2-2 + instance_3_name: sdnvpn-2-3 + instance_4_name: sdnvpn-2-4 + instance_5_name: sdnvpn-2-5 + instance_1_ip: 10.10.10.11 + instance_2_ip: 10.10.10.12 + instance_3_ip: 10.10.11.13 + instance_4_ip: 10.10.10.12 + instance_5_ip: 10.10.11.13 + net_1_name: sdnvpn-2-1-net + subnet_1a_name: sdnvpn-2-1a-subnet + subnet_1a_cidr: 10.10.10.0/24 + subnet_1b_name: sdnvpn-2-1b-subnet + subnet_1b_cidr: 10.10.11.0/24 + router_1_name: sdnvpn-2-1-router + net_2_name: sdnvpn-2-2-net + subnet_2a_name: sdnvpn-2-2a-subnet + subnet_2a_cidr: 10.10.11.0/24 + subnet_2b_name: sdnvpn-2-2b-subnet + subnet_2b_cidr: 10.10.10.0/24 + router_2_name: sdnvpn-2-2-router + secgroup_name: sdnvpn-sg + secgroup_descr: Security group for SDNVPN test cases + targets1: '88:88' + targets2: '55:55' + route_distinguishers1: '111:111' + route_distinguishers2: '222:222' + sdnvpn.test.functest.testcase_3: enabled: true order: 3 @@ -141,7 +178,7 @@ testcases: sdnvpn.test.functest.testcase_4bis: enabled: true - order: 15 + order: 17 description: Test bed for HOT introduction - same tests as case 4 image_name: sdnvpn-image stack_name: stack-4bis diff --git a/sdnvpn/test/functest/testcase_2bis.py b/sdnvpn/test/functest/testcase_2bis.py new file mode 100644 index 0000000..3736c0c --- /dev/null +++ b/sdnvpn/test/functest/testcase_2bis.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python +# +# Copyright (c) 2018 All rights reserved +# This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +import base64 +import logging +import sys +import pkg_resources + +from random import randint +from sdnvpn.lib import config as sdnvpn_config +from sdnvpn.lib import openstack_utils as os_utils +from sdnvpn.lib import utils as test_utils +from sdnvpn.lib.results import Results + +logger = logging.getLogger(__name__) + +COMMON_CONFIG = sdnvpn_config.CommonConfig() +TESTCASE_CONFIG = sdnvpn_config.TestcaseConfig( + 'sdnvpn.test.functest.testcase_2bis') + + +def main(): + conn = os_utils.get_os_connection() + results = Results(COMMON_CONFIG.line_length, conn) + + results.add_to_summary(0, '=') + results.add_to_summary(2, 'STATUS', 'SUBTEST') + results.add_to_summary(0, '=') + + conn = os_utils.get_os_connection() + # neutron client is needed as long as bgpvpn heat module + # is not yet installed by default in apex (APEX-618) + neutron_client = os_utils.get_neutron_client() + + image_ids = [] + bgpvpn_ids = [] + + try: + logger.debug("Using private key %s injected to the VMs." + % COMMON_CONFIG.keyfile_path) + keyfile = open(COMMON_CONFIG.keyfile_path, 'r') + key_buf = keyfile.read() + keyfile.close() + key = base64.b64encode(key_buf) + + # image created outside HOT (OS::Glance::Image deprecated since ocata) + image_id = os_utils.create_glance_image( + conn, TESTCASE_CONFIG.image_name, + COMMON_CONFIG.image_path, disk=COMMON_CONFIG.image_format, + container='bare', public='public') + image_ids = [image_id] + + compute_nodes = test_utils.assert_and_get_compute_nodes(conn) + + az_1 = 'nova:' + compute_nodes[0] + # av_zone_2 = "nova:" + compute_nodes[1] + + file_path = pkg_resources.resource_filename( + 'sdnvpn', TESTCASE_CONFIG.hot_file_name) + templ = open(file_path, 'r').read() + logger.debug("Template is read: '%s'" % templ) + env = test_utils.get_heat_environment(TESTCASE_CONFIG, COMMON_CONFIG) + logger.debug("Environment is read: '%s'" % env) + + env['name'] = TESTCASE_CONFIG.stack_name + env['template'] = templ + env['parameters']['image_n'] = TESTCASE_CONFIG.image_name + env['parameters']['av_zone_1'] = az_1 + env['parameters']['id_rsa_key'] = key + + stack_id = os_utils.create_stack(conn, **env) + if stack_id is None: + logger.error('Stack create start failed') + raise SystemError('Stack create start failed') + + test_utils.wait_stack_for_status(conn, stack_id, 'CREATE_COMPLETE') + + net_1_output = os_utils.get_output(conn, stack_id, 'net_1_o') + network_1_id = net_1_output['output_value'] + net_2_output = os_utils.get_output(conn, stack_id, 'net_2_o') + network_2_id = net_2_output['output_value'] + + vm_stack_output_keys = ['vm1_o', 'vm2_o', 'vm3_o', 'vm4_o', 'vm5_o'] + vms = test_utils.get_vms_from_stack_outputs(conn, + stack_id, + vm_stack_output_keys) + + logger.debug("Entering base test case with stack '%s'" % stack_id) + + msg = ('Create VPN1 with eRT=iRT') + results.record_action(msg) + vpn1_name = 'sdnvpn-1-' + str(randint(100000, 999999)) + kwargs = { + 'import_targets': TESTCASE_CONFIG.targets2, + 'export_targets': TESTCASE_CONFIG.targets2, + 'route_targets': TESTCASE_CONFIG.targets2, + 'route_distinguishers': TESTCASE_CONFIG.route_distinguishers1, + 'name': vpn1_name + } + bgpvpn1 = test_utils.create_bgpvpn(neutron_client, **kwargs) + bgpvpn1_id = bgpvpn1['bgpvpn']['id'] + logger.debug("VPN1 created details: %s" % bgpvpn1) + bgpvpn_ids.append(bgpvpn1_id) + + msg = ("Associate network '%s' to the VPN." % + TESTCASE_CONFIG.heat_parameters['net_1_name']) + results.record_action(msg) + results.add_to_summary(0, '-') + + test_utils.create_network_association( + neutron_client, bgpvpn1_id, network_1_id) + + logger.info('Waiting for the VMs to connect to each other using the' + ' updated network configuration for VPN1') + test_utils.wait_before_subtest() + + # Remember: vms[X] has instance_X+1_name + + # 10.10.10.12 should return sdnvpn-2 to sdnvpn-1 + results.check_ssh_output( + vms[0], vms[1], + expected=TESTCASE_CONFIG.heat_parameters['instance_2_name'], + timeout=200) + + results.add_to_summary(0, '-') + msg = ('Create VPN2 with eRT=iRT') + results.record_action(msg) + vpn2_name = 'sdnvpn-2-' + str(randint(100000, 999999)) + kwargs = { + 'import_targets': TESTCASE_CONFIG.targets1, + 'export_targets': TESTCASE_CONFIG.targets1, + 'route_targets': TESTCASE_CONFIG.targets1, + 'route_distinguishers': TESTCASE_CONFIG.route_distinguishers2, + 'name': vpn2_name + } + bgpvpn2 = test_utils.create_bgpvpn(neutron_client, **kwargs) + bgpvpn2_id = bgpvpn2['bgpvpn']['id'] + logger.debug("VPN created details: %s" % bgpvpn2) + bgpvpn_ids.append(bgpvpn2_id) + + msg = ("Associate network '%s' to the VPN2." % + TESTCASE_CONFIG.heat_parameters['net_2_name']) + results.record_action(msg) + results.add_to_summary(0, '-') + + test_utils.create_network_association( + neutron_client, bgpvpn2_id, network_2_id) + + test_utils.wait_for_bgp_net_assoc(neutron_client, + bgpvpn1_id, network_1_id) + test_utils.wait_for_bgp_net_assoc(neutron_client, + bgpvpn2_id, network_2_id) + + logger.info('Waiting for the VMs to connect to each other using the' + ' updated network configuration for VPN2') + test_utils.wait_before_subtest() + + # 10.10.10.11 should return 'not reachable' to sdnvpn-4 + results.check_ssh_output(vms[3], vms[0], + expected='not reachable', + timeout=30) + + except Exception as e: + logger.error("exception occurred while executing testcase_2bis: %s", e) + raise + finally: + test_utils.cleanup_glance(conn, image_ids) + test_utils.cleanup_neutron(conn, neutron_client, [], bgpvpn_ids, + [], [], [], []) + + try: + test_utils.delete_stack_and_wait(conn, stack_id) + except Exception as e: + logger.error( + "exception occurred while executing testcase_2bis: %s", e) + + return results.compile_summary() + + +if __name__ == '__main__': + sys.exit(main()) |