diff options
author | Steven Pisarski <s.pisarski@cablelabs.com> | 2017-06-07 14:45:09 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2017-06-07 14:45:09 +0000 |
commit | c8212122569c2dbf6290b43a0fbde0171c2ffdc5 (patch) | |
tree | 2fe861f481f95f517bc8a9e0b17bb4fd17820b3a | |
parent | 48da17bfedb683b624faf08d2e0b7552d56cff21 (diff) | |
parent | 9a20a7224ab4b45d541c183fb208e221b1fc1b6c (diff) |
Merge "Added custom security group with ICMP and SSH rules."
-rw-r--r-- | snaps/openstack/create_instance.py | 2 | ||||
-rw-r--r-- | snaps/openstack/tests/create_instance_tests.py | 102 | ||||
-rw-r--r-- | snaps/provisioning/tests/ansible_utils_tests.py | 32 |
3 files changed, 111 insertions, 25 deletions
diff --git a/snaps/openstack/create_instance.py b/snaps/openstack/create_instance.py index 3e4fd93..85e96a8 100644 --- a/snaps/openstack/create_instance.py +++ b/snaps/openstack/create_instance.py @@ -486,7 +486,7 @@ class OpenStackVmInstance: if block: start = time.time() else: - start = time.time() - timeout + return self.__status(expected_status_code) while timeout > time.time() - start: status = self.__status(expected_status_code) diff --git a/snaps/openstack/tests/create_instance_tests.py b/snaps/openstack/tests/create_instance_tests.py index 950e987..34cec98 100644 --- a/snaps/openstack/tests/create_instance_tests.py +++ b/snaps/openstack/tests/create_instance_tests.py @@ -27,7 +27,8 @@ from snaps.openstack.create_keypairs import OpenStackKeypair, KeypairSettings from snaps.openstack.create_network import OpenStackNetwork, PortSettings from snaps.openstack.create_router import OpenStackRouter from snaps.openstack.create_image import OpenStackImage, ImageSettings -from snaps.openstack.create_security_group import SecurityGroupSettings, OpenStackSecurityGroup +from snaps.openstack.create_security_group import SecurityGroupSettings, OpenStackSecurityGroup, \ + SecurityGroupRuleSettings, Direction, Protocol from snaps.openstack.tests import openstack_tests, validation_utils from snaps.openstack.utils import nova_utils from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase, OSComponentTestCase @@ -319,26 +320,7 @@ class SimpleHealthCheck(OSIntegrationTestCase): self.assertTrue(self.inst_creator.vm_active(block=True)) - found = False - timeout = 160 - start_time = time.time() - - logger.info("Looking for IP %s in the console log" % ip) - full_log = '' - while timeout > time.time() - start_time: - output = vm.get_console_output() - full_log = full_log + output - if re.search(ip, output): - logger.info('DHCP lease obtained logged in console') - found = True - break - - if not found: - logger.error('Full console output -\n' + full_log) - else: - logger.debug('Full console output -\n' + full_log) - - self.assertTrue(found) + self.assertTrue(check_dhcp_lease(vm, ip)) class CreateInstanceSimpleTests(OSIntegrationTestCase): @@ -471,6 +453,7 @@ class CreateInstanceSingleNetworkTests(OSIntegrationTestCase): self.router_creator = None self.flavor_creator = None self.keypair_creator = None + self.sec_grp_creator = None self.inst_creators = list() self.pub_net_config = openstack_tests.get_pub_net_config( @@ -502,6 +485,16 @@ class CreateInstanceSingleNetworkTests(OSIntegrationTestCase): name=self.keypair_name, public_filepath=self.keypair_pub_filepath, private_filepath=self.keypair_priv_filepath)) self.keypair_creator.create() + + sec_grp_name = guid + '-sec-grp' + rule1 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.icmp) + rule2 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.tcp, port_range_min=22, port_range_max=22) + self.sec_grp_creator = OpenStackSecurityGroup( + self.os_creds, + SecurityGroupSettings(name=sec_grp_name, rule_settings=[rule1, rule2])) + self.sec_grp_creator.create() except Exception as e: self.tearDown() raise e @@ -534,6 +527,12 @@ class CreateInstanceSingleNetworkTests(OSIntegrationTestCase): except Exception as e: logger.error('Unexpected exception cleaning flavor with message - ' + str(e)) + if self.sec_grp_creator: + try: + self.sec_grp_creator.clean() + except Exception as e: + logger.error('Unexpected exception cleaning security group with message - ' + str(e)) + if self.router_creator: try: self.router_creator.clean() @@ -601,6 +600,11 @@ class CreateInstanceSingleNetworkTests(OSIntegrationTestCase): self.assertIsNotNone(vm_inst) self.assertTrue(inst_creator.vm_active(block=True)) + + ip = inst_creator.get_port_ip(port_settings.name) + self.assertTrue(check_dhcp_lease(vm_inst, ip)) + + inst_creator.add_security_group(self.sec_grp_creator.get_security_group()) self.assertEqual(vm_inst, inst_creator.get_vm_inst()) self.assertTrue(validate_ssh_client(inst_creator)) @@ -628,6 +632,11 @@ class CreateInstanceSingleNetworkTests(OSIntegrationTestCase): self.assertIsNotNone(vm_inst) self.assertTrue(inst_creator.vm_active(block=True)) + + ip = inst_creator.get_port_ip(port_settings.name) + self.assertTrue(check_dhcp_lease(vm_inst, ip)) + + inst_creator.add_security_group(self.sec_grp_creator.get_security_group()) self.assertEqual(vm_inst, inst_creator.get_vm_inst()) self.assertTrue(validate_ssh_client(inst_creator)) @@ -1001,6 +1010,7 @@ class CreateInstancePubPrivNetTests(OSIntegrationTestCase): self.router_creators = list() self.flavor_creator = None self.keypair_creator = None + self.sec_grp_creator = None self.inst_creator = None self.guid = self.__class__.__name__ + '-' + str(uuid.uuid4()) @@ -1053,6 +1063,16 @@ class CreateInstancePubPrivNetTests(OSIntegrationTestCase): name=self.keypair_name, public_filepath=self.keypair_pub_filepath, private_filepath=self.keypair_priv_filepath)) self.keypair_creator.create() + + sec_grp_name = self.guid + '-sec-grp' + rule1 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.icmp) + rule2 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.tcp, port_range_min=22, port_range_max=22) + self.sec_grp_creator = OpenStackSecurityGroup( + self.os_creds, + SecurityGroupSettings(name=sec_grp_name, rule_settings=[rule1, rule2])) + self.sec_grp_creator.create() except Exception as e: self.tearDown() raise Exception(str(e)) @@ -1097,6 +1117,12 @@ class CreateInstancePubPrivNetTests(OSIntegrationTestCase): except Exception as e: logger.error('Unexpected exception cleaning network with message - ' + str(e)) + if self.sec_grp_creator: + try: + self.sec_grp_creator.clean() + except Exception as e: + logger.error('Unexpected exception cleaning security group with message - ' + str(e)) + if self.image_creator and not self.image_creator.image_settings.exists: try: self.image_creator.clean() @@ -1141,6 +1167,12 @@ class CreateInstancePubPrivNetTests(OSIntegrationTestCase): # Effectively blocks until VM has been properly activated self.assertTrue(self.inst_creator.vm_active(block=True)) + ip = self.inst_creator.get_port_ip(ports_settings[0].name) + self.assertTrue(check_dhcp_lease(vm_inst, ip)) + + # Add security group to VM + self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group()) + # Effectively blocks until VM's ssh port has been opened self.assertTrue(self.inst_creator.vm_ssh_active(block=True)) @@ -1916,3 +1948,31 @@ class CreateInstanceMockOfflineTests(OSComponentTestCase): self.inst_creator.create() self.assertTrue(self.inst_creator.vm_active(block=True)) + + +def check_dhcp_lease(vm, ip, timeout=160): + """ + Returns true if the expected DHCP lease has been acquired + :param vm: + :param ip: + :return: + """ + found = False + start_time = time.time() + + logger.info("Looking for IP %s in the console log" % ip) + full_log = '' + while timeout > time.time() - start_time: + output = vm.get_console_output() + full_log = full_log + output + if re.search(ip, output): + logger.info('DHCP lease obtained logged in console') + found = True + break + + if not found: + logger.error('Full console output -\n' + full_log) + else: + logger.debug('Full console output -\n' + full_log) + + return found diff --git a/snaps/provisioning/tests/ansible_utils_tests.py b/snaps/provisioning/tests/ansible_utils_tests.py index c39bde4..76714b8 100644 --- a/snaps/provisioning/tests/ansible_utils_tests.py +++ b/snaps/provisioning/tests/ansible_utils_tests.py @@ -16,6 +16,8 @@ import os import uuid from scp import SCPClient +from snaps.openstack.create_security_group import SecurityGroupRuleSettings, Direction, Protocol, \ + OpenStackSecurityGroup, SecurityGroupSettings from snaps.openstack import create_flavor from snaps.openstack import create_instance @@ -23,7 +25,7 @@ from snaps.openstack import create_image from snaps.openstack import create_keypairs from snaps.openstack import create_network from snaps.openstack import create_router -from snaps.openstack.tests import openstack_tests +from snaps.openstack.tests import openstack_tests, create_instance_tests from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase from snaps.provisioning import ansible_utils @@ -58,6 +60,7 @@ class AnsibleProvisioningTests(OSIntegrationTestCase): # Setup members to cleanup just in case they don't get created self.inst_creator = None self.keypair_creator = None + self.sec_grp_creator = None self.flavor_creator = None self.router_creator = None self.network_creator = None @@ -96,6 +99,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase): private_filepath=self.keypair_priv_filepath)) self.keypair_creator.create() + # Create Security Group + sec_grp_name = guid + '-sec-grp' + rule1 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.icmp) + rule2 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress, + protocol=Protocol.tcp, port_range_min=22, port_range_max=22) + self.sec_grp_creator = OpenStackSecurityGroup( + self.os_creds, + SecurityGroupSettings(name=sec_grp_name, rule_settings=[rule1, rule2])) + self.sec_grp_creator.create() + # Create instance ports_settings = list() ports_settings.append( @@ -155,11 +169,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase): 2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail. """ - self.inst_creator.create(block=True) + vm = self.inst_creator.create(block=True) # Block until VM's ssh port has been opened self.assertTrue(self.inst_creator.vm_ssh_active(block=True)) + priv_ip = self.inst_creator.get_port_ip(self.port_1_name) + self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip)) + + # Apply Security Group + self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group()) + ssh_client = self.inst_creator.ssh_client() self.assertIsNotNone(ssh_client) out = ssh_client.exec_command('pwd')[1].channel.in_buffer.read(1024) @@ -192,11 +212,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase): 2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail. """ - self.inst_creator.create(block=True) + vm = self.inst_creator.create(block=True) # Block until VM's ssh port has been opened self.assertTrue(self.inst_creator.vm_ssh_active(block=True)) + priv_ip = self.inst_creator.get_port_ip(self.port_1_name) + self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip)) + + # Apply Security Group + self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group()) + # Need to use the first floating IP as subsequent ones are currently broken with Apex CO ip = self.inst_creator.get_floating_ip().ip user = self.inst_creator.get_image_user() |