apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4-2-advanced-zone-security-group'

Browse Source
This commit is contained in:
Anthony Xu 2013-05-28 11:03:56 -07:00
commit 19a1116df2
17 changed files with 1513 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -1787,13 +1787,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
// check if zone has necessary trafficTypes before enabling // check if zone has necessary trafficTypes before enabling
try { try {
PhysicalNetwork mgmtPhyNetwork; PhysicalNetwork mgmtPhyNetwork;
if (NetworkType.Advanced == zone.getNetworkType()) {
// zone should have a physical network with public and management traffiType
_networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public);
mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
} else {
// zone should have a physical network with management traffiType // zone should have a physical network with management traffiType
mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management); mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
if (NetworkType.Advanced == zone.getNetworkType() && ! zone.isSecurityGroupEnabled() ) {
// advanced zone without SG should have a physical network with public Thpe
_networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public);
} }
try { try {

17
server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
View File

@ -687,18 +687,27 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
NetworkVO defaultNetwork = null;
if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
if (networks == null || networks.size() == 0) {
throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
}
defaultNetwork = networks.get(0);
} else {
TrafficType defaultTrafficType = TrafficType.Public; TrafficType defaultTrafficType = TrafficType.Public;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest; defaultTrafficType = TrafficType.Guest;
} }
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
// api should never allow this situation to happen
if (defaultNetworks.size() != 1) { if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1"); throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ defaultTrafficType + " when expect to find 1");
}
defaultNetwork = defaultNetworks.get(0);
} }
NetworkVO defaultNetwork = defaultNetworks.get(0);
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork); List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1); List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);

6
server/src/com/cloud/resource/ResourceManagerImpl.java
View File

@ -444,6 +444,12 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
+ cmd.getHypervisor() + " to a supported "); + cmd.getHypervisor() + " to a supported ");
} }
if (zone.isSecurityGroupEnabled()) {
if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) {
throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone");
}
}
Cluster.ClusterType clusterType = null; Cluster.ClusterType clusterType = null;
if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) { if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) {
clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType()); clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType());

20
server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
View File

@ -538,19 +538,27 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
DataCenter dc = _dcDao.findById(plan.getDataCenterId()); DataCenter dc = _dcDao.findById(plan.getDataCenterId());
NetworkVO defaultNetwork = null;
if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
if (networks == null || networks.size() == 0) {
throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
}
defaultNetwork = networks.get(0);
} else {
TrafficType defaultTrafficType = TrafficType.Public; TrafficType defaultTrafficType = TrafficType.Public;
if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
defaultTrafficType = TrafficType.Guest; defaultTrafficType = TrafficType.Guest;
} }
List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
// api should never allow this situation to happen
//api should never allow this situation to happen
if (defaultNetworks.size() != 1) { if (defaultNetworks.size() != 1) {
throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1"); throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+ defaultTrafficType + " when expect to find 1");
}
defaultNetwork = defaultNetworks.get(0);
} }
NetworkVO defaultNetwork = defaultNetworks.get(0);
List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork); List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork);
List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1); List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);

3
setup/db/db/schema-410to420.sql
View File

@ -1716,4 +1716,5 @@ UPDATE `cloud`.`snapshots` set swift_id=null where swift_id=0;
-- Re-enable foreign key checking, at the end of the upgrade path -- Re-enable foreign key checking, at the end of the upgrade path
SET foreign_key_checks = 1; SET foreign_key_checks = 1;
UPDATE `cloud`.`snapshot_policy` set uuid=id WHERE uuid is NULL; UPDATE `cloud`.`snapshot_policy` set uuid=id WHERE uuid is NULL;
#update shared sg enabled network with not null name in Advance Security Group enabled network
UPDATE `cloud`.`networks` set name='Shared SG enabled network', display_text='Shared SG enabled network' WHERE name IS null AND traffic_type='Guest' AND data_center_id IN (select id from data_center where networktype='Advanced' and is_security_group_enabled=1) AND acl_type='Domain';

185
setup/dev/advancedsg.cfg Normal file
View File

@ -0,0 +1,185 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
{
"zones": [
{
"name": "Sandbox-Simulator",
"dns1": "10.147.28.6",
"physical_networks": [
{
"name": "Sandbox-pnet",
"tags": [
"cloud-simulator-pnet"
],
"broadcastdomainrange": "Zone",
"providers": [
{
"broadcastdomainrange": "ZONE",
"name": "VirtualRouter"
},
{
"broadcastdomainrange": "ZONE",
"name": "SecurityGroupProvider"
}
],
"traffictypes": [
{
"typ": "Guest"
},
{
"typ": "Management",
"simulator": "cloud-simulator-mgmt"
}
],
"isolationmethods": [
"VLAN"
]
}
],
"securitygroupenabled": "true",
"ipranges": [
{
"startip": "10.147.31.150",
"endip": "10.147.31.159",
"netmask": "255.255.255.0",
"vlan": "31",
"gateway": "10.147.31.1"
}
],
"networktype": "Advanced",
"pods": [
{
"endip": "10.147.29.159",
"name": "POD0",
"startip": "10.147.29.150",
"netmask": "255.255.255.0",
"clusters": [
{
"clustername": "C0",
"hypervisor": "Simulator",
"hosts": [
{
"username": "root",
"url": "http://simulator0",
"password": "password"
}
],
"clustertype": "CloudManaged",
"primaryStorages": [
{
"url": "nfs://10.147.28.6:/export/home/sandbox/primary",
"name": "PS0"
}
]
}
],
"gateway": "10.147.29.1"
}
],
"internaldns1": "10.147.28.6",
"secondaryStorages": [
{
"url": "nfs://10.147.28.6:/export/home/sandbox/sstor"
}
]
}
],
"dbSvr": {
"dbSvr": "localhost",
"passwd": "cloud",
"db": "cloud",
"port": 3306,
"user": "cloud"
},
"logger": [
{
"name": "TestClient",
"file": "testclient.log"
},
{
"name": "TestCase",
"file": "testcase.log"
}
],
"globalConfig": [
{
"name": "storage.cleanup.interval",
"value": "300"
},
{
"name": "direct.agent.load.size",
"value": "1000"
},
{
"name": "default.page.size",
"value": "10000"
},
{
"name": "instance.name",
"value": "QA"
},
{
"name": "workers",
"value": "10"
},
{
"name": "vm.op.wait.interval",
"value": "5"
},
{
"name": "account.cleanup.interval",
"value": "600"
},
{
"name": "guest.domain.suffix",
"value": "sandbox.simulator"
},
{
"name": "expunge.delay",
"value": "60"
},
{
"name": "vm.allocation.algorithm",
"value": "random"
},
{
"name": "expunge.interval",
"value": "60"
},
{
"name": "expunge.workers",
"value": "3"
},
{
"name": "secstorage.allowed.internal.sites",
"value": "10.147.28.0/24"
},
{
"name": "check.pod.cidrs",
"value": "true"
}
],
"mgtSvr": [
{
"mgtSvrIp": "localhost",
"passwd": "password",
"user": "root",
"port": 8096
}
]
}

753
test/integration/component/test_advancedsg_networks.py Normal file
View File

@ -0,0 +1,753 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
""" P1 tests for networks in advanced zone with security groups
"""
#Import Local Modules
import marvin
from marvin.cloudstackTestCase import *
from marvin.cloudstackAPI import *
from marvin.integration.lib.utils import *
from marvin.integration.lib.base import *
from marvin.integration.lib.common import *
from marvin.remoteSSHClient import remoteSSHClient
import datetime
import netaddr
class Services:
""" Test networks in advanced zone with security groups"""
def __init__(self):
self.services = {
"domain": {
"name": "DOM",
},
"project": {
"name": "Project",
"displaytext": "Test project",
},
"account": {
"email": "admin-XABU1@test.com",
"firstname": "admin-XABU1",
"lastname": "admin-XABU1",
"username": "admin-XABU1",
# Random characters are appended for unique
# username
"password": "fr3sca",
},
"service_offering": {
"name": "Tiny Instance",
"displaytext": "Tiny Instance",
"cpunumber": 1,
"cpuspeed": 100, # in MHz
"memory": 128, # In MBs
},
"shared_network_offering_sg": {
"name": 'MySharedOffering-sg',
"displaytext": 'MySharedOffering-sg',
"guestiptype": 'Shared',
"supportedservices": 'Dhcp,Dns,UserData,SecurityGroup',
"specifyVlan" : "False",
"specifyIpRanges" : "False",
"traffictype": 'GUEST',
"serviceProviderList" : {
"Dhcp": 'VirtualRouter',
"Dns": 'VirtualRouter',
"UserData": 'VirtualRouter',
"SecurityGroup": 'SecurityGroupProvider'
},
},
"shared_network_offering": {
"name": 'MySharedOffering',
"displaytext": 'MySharedOffering',
"guestiptype": 'Shared',
"supportedservices": 'Dhcp,Dns,UserData',
"specifyVlan" : "False",
"specifyIpRanges" : "False",
"traffictype": 'GUEST',
"serviceProviderList" : {
"Dhcp": 'VirtualRouter',
"Dns": 'VirtualRouter',
"UserData": 'VirtualRouter'
},
},
"shared_network_sg": {
"name": "MyIsolatedNetwork - Test",
"displaytext": "MyIsolatedNetwork",
"networkofferingid":"1",
"vlan" :1200,
"gateway" :"172.16.15.1",
"netmask" :"255.255.255.0",
"startip" :"172.16.15.2",
"endip" :"172.16.15.20",
"acltype" : "Domain",
"scope":"all",
},
"shared_network": {
"name": "MySharedNetwork - Test",
"displaytext": "MySharedNetwork",
"vlan" :1201,
"gateway" :"172.16.15.1",
"netmask" :"255.255.255.0",
"startip" :"172.16.15.21",
"endip" :"172.16.15.41",
"acltype" : "Domain",
"scope":"all",
},
"isolated_network_offering": {
"name": 'Network offering-DA services',
"displaytext": 'Network offering-DA services',
"guestiptype": 'Isolated',
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Firewall,Lb,UserData,StaticNat',
"traffictype": 'GUEST',
"availability": 'Optional',
"serviceProviderList": {
"Dhcp": 'VirtualRouter',
"Dns": 'VirtualRouter',
"SourceNat": 'VirtualRouter',
"PortForwarding": 'VirtualRouter',
"Vpn": 'VirtualRouter',
"Firewall": 'VirtualRouter',
"Lb": 'VirtualRouter',
"UserData": 'VirtualRouter',
"StaticNat": 'VirtualRouter',
},
},
"isolated_network": {
"name": "Isolated Network",
"displaytext": "Isolated Network",
},
"virtual_machine": {
"displayname": "Test VM",
"username": "root",
"password": "password",
"ssh_port": 22,
"hypervisor": 'XenServer',
# Hypervisor type should be same as
# hypervisor type of cluster
"privateport": 22,
"publicport": 22,
"protocol": 'TCP',
},
"ostype": 'CentOS 5.3 (64-bit)',
# Cent OS 5.3 (64 bit)
"sleep": 90,
"timeout": 10,
"mode": 'advanced',
"securitygroupenabled": 'true'
}
class TestNetworksInAdvancedSG(cloudstackTestCase):
@classmethod
def setUpClass(cls):
cls.api_client = super(
TestSharedNetworks,
cls
).getClsTestClient().getApiClient()
cls.services = Services().services
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client, cls.services)
cls.zone = get_zone(cls.api_client, cls.services)
cls.template = get_template(
cls.api_client,
cls.zone.id,
cls.services["ostype"]
)
cls.services["virtual_machine"]["zoneid"] = cls.zone.id
cls.services["virtual_machine"]["template"] = cls.template.id
cls.service_offering = ServiceOffering.create(
cls.api_client,
cls.services["service_offering"]
)
cls._cleanup = [
cls.service_offering,
]
return
@classmethod
def tearDownClass(cls):
try:
#Cleanup resources used
cleanup_resources(cls.api_client, cls._cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def setUp(self):
self.api_client = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.cleanup = []
self.cleanup_networks = []
self.cleanup_accounts = []
self.cleanup_domains = []
self.cleanup_projects = []
self.cleanup_vms = []
return
def tearDown(self):
try:
#Clean up, terminate the created network offerings
cleanup_resources(self.api_client, self.cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
#below components is not a part of cleanup because to mandate the order and to cleanup network
try:
for vm in self.cleanup_vms:
vm.delete(self.api_client)
except Exception as e:
raise Exception("Warning: Exception during virtual machines cleanup : %s" % e)
try:
for project in self.cleanup_projects:
project.delete(self.api_client)
except Exception as e:
raise Exception("Warning: Exception during project cleanup : %s" % e)
try:
for account in self.cleanup_accounts:
account.delete(self.api_client)
except Exception as e:
raise Exception("Warning: Exception during account cleanup : %s" % e)
try:
for domain in self.cleanup_domains:
domain.delete(self.api_client)
except Exception as e:
raise Exception("Warning: Exception during domain cleanup : %s" % e)
#Wait till all resources created are cleaned up completely and then attempt to delete Network
time.sleep(self.services["sleep"])
try:
for network in self.cleanup_networks:
network.delete(self.api_client)
except Exception as e:
raise Exception("Warning: Exception during network cleanup : %s" % e)
return
def test_createIsolatedNetwork(self):
""" Test Isolated Network """
# Steps,
# 1. create an Admin Account - admin-XABU1
# 2. listPhysicalNetworks in available zone
# 3. createNetworkOffering:
# 4. Enable network offering - updateNetworkOffering - state=Enabled
# 5. createNetwork
# Validations,
# 1. listAccounts name=admin-XABU1, state=enabled returns your account
# 2. listPhysicalNetworks should return at least one active physical network
# 4. listNetworkOfferings - name=myisolatedoffering, should list enabled offering
# 5. network creation should FAIL since isolated network is not supported in advanced zone with security groups.
#Create admin account
self.admin_account = Account.create(
self.api_client,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.cleanup_accounts.append(self.admin_account)
#verify that the account got created with state enabled
list_accounts_response = Account.list(
self.api_client,
id=self.admin_account.account.id,
listall=True
)
self.assertEqual(
isinstance(list_accounts_response, list),
True,
"listAccounts returned invalid object in response."
)
self.assertNotEqual(
len(list_accounts_response),
0,
"listAccounts returned empty list."
)
self.assertEqual(
list_accounts_response[0].state,
"enabled",
"The admin account created is not enabled."
)
self.debug("Admin type account created: %s" % self.admin_account.name)
#Create an user account
self.user_account = Account.create(
self.api_client,
self.services["account"],
admin=False,
domainid=self.domain.id
)
self.cleanup_accounts.append(self.user_account)
#verify that the account got created with state enabled
list_accounts_response = Account.list(
self.api_client,
id=self.user_account.account.id,
listall=True
)
self.assertEqual(
isinstance(list_accounts_response, list),
True,
"listAccounts returned invalid object in response."
)
self.assertNotEqual(
len(list_accounts_response),
0,
"listAccounts returned empty list."
)
self.assertEqual(
list_accounts_response[0].state,
"enabled",
"The user account created is not enabled."
)
self.debug("User type account created: %s" % self.user_account.name)
#Verify that there should be at least one physical network present in zone.
list_physical_networks_response = PhysicalNetwork.list(
self.api_client,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(list_physical_networks_response, list),
True,
"listPhysicalNetworks returned invalid object in response."
)
self.assertNotEqual(
len(list_physical_networks_response),
0,
"listPhysicalNetworks should return at least one physical network."
)
physical_network = list_physical_networks_response[0]
self.debug("Physical network found: %s" % physical_network.id)
#Create Network Offering
self.isolated_network_offering = NetworkOffering.create(
self.api_client,
self.services["isolated_network_offering"],
conservemode=False
)
self.cleanup.append(self.isolated_network_offering)
#Verify that the network offering got created
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.isolated_network_offering.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Disabled",
"The network offering created should be bydefault disabled."
)
self.debug("Isolated Network offering created: %s" % self.isolated_network_offering.id)
#Update network offering state from disabled to enabled.
network_offering_update_response = NetworkOffering.update(
self.isolated_network_offering,
self.api_client,
id=self.isolated_network_offering.id,
state="enabled"
)
#Verify that the state of the network offering is updated
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.isolated_network_offering.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Enabled",
"The network offering state should get updated to Enabled."
)
#create network using the isolated network offering created
try:
self.isolated_network = Network.create(
self.api_client,
self.services["isolated_network"],
networkofferingid=self.isolated_network_offering.id,
zoneid=self.zone.id,
)
self.cleanup_networks.append(self.isolated_network)
self.fail("Create isolated network is invalid in advanced zone with security groups.")
except Exception as e:
self.debug("Network creation failed because create isolated network is invalid in advanced zone with security groups.")
def test_createSharedNetwork_withoutSG(self):
""" Test Shared Network with used vlan 01 """
# Steps,
# 1. create an Admin account
# 2. create a shared NetworkOffering
# 3. enable the network offering
# 4. listPhysicalNetworks
# 5. createNetwork
# Validations,
# 1. listAccounts state=enabled returns your account
# 2. listNetworkOfferings - name=mysharedoffering , should list offering in disabled state
# 3. listNetworkOfferings - name=mysharedoffering, should list enabled offering
# 4. listPhysicalNetworks should return at least one active physical network
# 5. network creation should FAIL since there is no SecurityProvide in the network offering
#Create admin account
self.admin_account = Account.create(
self.api_client,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.cleanup_accounts.append(self.admin_account)
#verify that the account got created with state enabled
list_accounts_response = Account.list(
self.api_client,
id=self.admin_account.account.id,
listall=True
)
self.assertEqual(
isinstance(list_accounts_response, list),
True,
"listAccounts returned invalid object in response."
)
self.assertNotEqual(
len(list_accounts_response),
0,
"listAccounts returned empty list."
)
self.assertEqual(
list_accounts_response[0].state,
"enabled",
"The admin account created is not enabled."
)
self.debug("Domain admin account created: %s" % self.admin_account.account.id)
#Verify that there should be at least one physical network present in zone.
list_physical_networks_response = PhysicalNetwork.list(
self.api_client,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(list_physical_networks_response, list),
True,
"listPhysicalNetworks returned invalid object in response."
)
self.assertNotEqual(
len(list_physical_networks_response),
0,
"listPhysicalNetworks should return at least one physical network."
)
physical_network = list_physical_networks_response[0]
self.debug("Physical Network found: %s" % physical_network.id)
self.services["shared_network_offering"]["specifyVlan"] = "True"
self.services["shared_network_offering"]["specifyIpRanges"] = "True"
#Create Network Offering
self.shared_network_offering = NetworkOffering.create(
self.api_client,
self.services["shared_network_offering"],
conservemode=False
)
self.cleanup.append(self.shared_network_offering)
#Verify that the network offering got created
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.shared_network_offering.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Disabled",
"The network offering created should be bydefault disabled."
)
self.debug("Shared Network Offering created: %s" % self.shared_network_offering.id)
#Update network offering state from disabled to enabled.
network_offering_update_response = NetworkOffering.update(
self.shared_network_offering,
self.api_client,
id=self.shared_network_offering.id,
state="enabled"
)
#Verify that the state of the network offering is updated
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.shared_network_offering.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Enabled",
"The network offering state should get updated to Enabled."
)
#create network using the shared network offering created
self.services["shared_network"]["acltype"] = "domain"
self.services["shared_network"]["networkofferingid"] = self.shared_network_offering.id
self.services["shared_network"]["physicalnetworkid"] = physical_network.id
try:
self.shared_network = Network.create(
self.api_client,
self.services["shared_network"],
networkofferingid=self.shared_network_offering.id,
zoneid=self.zone.id
)
self.cleanup_networks.append(self.shared_network)
self.fail("Network created without SecurityProvider , which is invalid")
except Exception as e:
self.debug("Network creation failed because there is no SecurityProvider in the network offering.")
def test_deployVM_SharedwithSG(self):
""" Test VM deployment in shared networks with SecurityProvider """
# Steps,
# 0. create a user account
# 1. Create one shared Network (scope=ALL, different IP ranges)
# 2. deployVirtualMachine in the above networkid within the user account
# 3. delete the user account
# Validations,
# 1. shared network should be created successfully
# 2. VM should deploy successfully
#Create admin account
self.admin_account = Account.create(
self.api_client,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.cleanup_accounts.append(self.admin_account)
#verify that the account got created with state enabled
list_accounts_response = Account.list(
self.api_client,
id=self.admin_account.account.id,
liistall=True
)
self.assertEqual(
isinstance(list_accounts_response, list),
True,
"listAccounts returned invalid object in response."
)
self.assertNotEqual(
len(list_accounts_response),
0,
"listAccounts returned empty list."
)
self.assertEqual(
list_accounts_response[0].state,
"enabled",
"The admin account created is not enabled."
)
self.debug("Admin type account created: %s" % self.admin_account.name)
self.services["shared_network_offering_sg"]["specifyVlan"] = "True"
self.services["shared_network_offering_sg"]["specifyIpRanges"] = "True"
#Create Network Offering
self.shared_network_offering_sg = NetworkOffering.create(
self.api_client,
self.services["shared_network_offering_sg"],
conservemode=False
)
self.cleanup.append(self.shared_network_offering_sg)
#Verify that the network offering got created
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.shared_network_offering_sg.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Disabled",
"The network offering created should be bydefault disabled."
)
self.debug("Shared Network offering created: %s" % self.shared_network_offering_sg.id)
#Update network offering state from disabled to enabled.
network_offering_update_response = NetworkOffering.update(
self.shared_network_offering_sg,
self.api_client,
id=self.shared_network_offering_sg.id,
state="enabled"
)
#Verify that the state of the network offering is updated
list_network_offerings_response = NetworkOffering.list(
self.api_client,
id=self.shared_network_offering_sg.id
)
self.assertEqual(
isinstance(list_network_offerings_response, list),
True,
"listNetworkOfferings returned invalid object in response."
)
self.assertNotEqual(
len(list_network_offerings_response),
0,
"listNetworkOfferings returned empty list."
)
self.assertEqual(
list_network_offerings_response[0].state,
"Enabled",
"The network offering state should get updated to Enabled."
)
physical_network = list_physical_networks_response[0]
#create network using the shared network offering created
self.services["shared_network_sg"]["acltype"] = "domain"
self.services["shared_network_sg"]["networkofferingid"] = self.shared_network_offering_sg.id
self.services["shared_network_sg"]["physicalnetworkid"] = physical_network.id
self.shared_network_sg = Network.create(
self.api_client,
self.services["shared_network_sg"],
domainid=self.admin_account.account.domainid,
networkofferingid=self.shared_network_offering_sg.id,
zoneid=self.zone.id
)
self.cleanup_networks.append(self.shared_network_sg)
list_networks_response = Network.list(
self.api_client,
id=self.shared_network_sg.id
)
self.assertEqual(
isinstance(list_networks_response, list),
True,
"listNetworks returned invalid object in response."
)
self.assertNotEqual(
len(list_networks_response),
0,
"listNetworks returned empty list."
)
self.assertEqual(
list_networks_response[0].specifyipranges,
True,
"The network is created with ip range but the flag is set to False."
)
self.debug("Shared Network created: %s" % self.shared_network_sg.id)
self.shared_network_admin_account_virtual_machine = VirtualMachine.create(
self.api_client,
self.services["virtual_machine"],
accountid=self.admin_account.name,
domainid=self.admin_account.account.domainid,
networkids=self.shared_network_sg.id,
serviceofferingid=self.service_offering.id
)
vms = VirtualMachine.list(
self.api_client,
id=self.shared_network_admin_account_virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"listVirtualMachines returned invalid object in response."
)
self.assertNotEqual(
len(vms),
0,
"listVirtualMachines returned empty list."
)
self.debug("Virtual Machine created: %s" % self.shared_network_admin_account_virtual_machine.id)
ip_range = list(netaddr.iter_iprange(unicode(self.services["shared_network_sg"]["startip"]), unicode(self.services["shared_network_sg"]["endip"])))
if netaddr.IPAddress(unicode(vms[0].nic[0].ipaddress)) not in ip_range:
self.fail("Virtual machine ip should be from the ip range assigned to network created.")

20
test/integration/component/test_egress_rules.py
View File

@ -194,7 +194,7 @@ class TestDefaultSecurityGroupEgress(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_deployVM_InDefaultSecurityGroup(self): def test_deployVM_InDefaultSecurityGroup(self):
"""Test deploy VM in default security group with no egress rules """Test deploy VM in default security group with no egress rules
""" """
@ -351,7 +351,7 @@ class TestAuthorizeIngressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_authorizeIngressRule(self): def test_authorizeIngressRule(self):
"""Test authorize ingress rule """Test authorize ingress rule
""" """
@ -509,7 +509,7 @@ class TestDefaultGroupEgress(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_default_group_with_egress(self): def test_01_default_group_with_egress(self):
"""Test default group with egress rule before VM deploy and ping, ssh """Test default group with egress rule before VM deploy and ping, ssh
""" """
@ -710,7 +710,7 @@ class TestDefaultGroupEgressAfterDeploy(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_default_group_with_egress(self): def test_01_default_group_with_egress(self):
""" Test default group with egress rule added after vm deploy and ping, """ Test default group with egress rule added after vm deploy and ping,
ssh test ssh test
@ -893,7 +893,7 @@ class TestRevokeEgressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_revoke_egress_rule(self): def test_revoke_egress_rule(self):
"""Test revoke security group egress rule """Test revoke security group egress rule
""" """
@ -1155,7 +1155,7 @@ class TestInvalidAccountAuthroize(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_invalid_account_authroize(self): def test_invalid_account_authroize(self):
"""Test invalid account authroize """Test invalid account authroize
""" """
@ -1283,7 +1283,7 @@ class TestMultipleAccountsEgressRuleNeg(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_multiple_account_egress_rule_negative(self): def test_multiple_account_egress_rule_negative(self):
"""Test multiple account egress rules negative case """Test multiple account egress rules negative case
""" """
@ -1531,7 +1531,7 @@ class TestMultipleAccountsEgressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_multiple_account_egress_rule_positive(self): def test_multiple_account_egress_rule_positive(self):
"""Test multiple account egress rules positive case """Test multiple account egress rules positive case
""" """
@ -1822,7 +1822,7 @@ class TestStartStopVMWithEgressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_start_stop_vm_egress(self): def test_start_stop_vm_egress(self):
""" Test stop start Vm with egress rules """ Test stop start Vm with egress rules
""" """
@ -2034,7 +2034,7 @@ class TestInvalidParametersForEgress(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_invalid_parameters(self): def test_invalid_parameters(self):
""" Test invalid parameters for egress rules """ Test invalid parameters for egress rules
""" """

22
test/integration/component/test_security_groups.py
View File

@ -164,7 +164,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_deployVM_InDefaultSecurityGroup(self): def test_01_deployVM_InDefaultSecurityGroup(self):
"""Test deploy VM in default security group """Test deploy VM in default security group
""" """
@ -243,7 +243,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
) )
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_listSecurityGroups(self): def test_02_listSecurityGroups(self):
"""Test list security groups for admin account """Test list security groups for admin account
""" """
@ -278,7 +278,7 @@ class TestDefaultSecurityGroup(cloudstackTestCase):
) )
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_03_accessInDefaultSecurityGroup(self): def test_03_accessInDefaultSecurityGroup(self):
"""Test access in default security group """Test access in default security group
""" """
@ -435,7 +435,7 @@ class TestAuthorizeIngressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_authorizeIngressRule(self): def test_01_authorizeIngressRule(self):
"""Test authorize ingress rule """Test authorize ingress rule
""" """
@ -571,7 +571,7 @@ class TestRevokeIngressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_revokeIngressRule(self): def test_01_revokeIngressRule(self):
"""Test revoke ingress rule """Test revoke ingress rule
""" """
@ -868,7 +868,7 @@ class TestdeployVMWithUserData(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_deployVMWithUserData(self): def test_01_deployVMWithUserData(self):
"""Test Deploy VM with User data""" """Test Deploy VM with User data"""
@ -1044,7 +1044,7 @@ class TestDeleteSecurityGroup(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_delete_security_grp_running_vm(self): def test_01_delete_security_grp_running_vm(self):
"""Test delete security group with running VM""" """Test delete security group with running VM"""
@ -1128,7 +1128,7 @@ class TestDeleteSecurityGroup(cloudstackTestCase):
) )
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_delete_security_grp_withoout_running_vm(self): def test_02_delete_security_grp_withoout_running_vm(self):
"""Test delete security group without running VM""" """Test delete security group without running VM"""
@ -1290,7 +1290,7 @@ class TestIngressRule(cloudstackTestCase):
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_01_authorizeIngressRule_AfterDeployVM(self): def test_01_authorizeIngressRule_AfterDeployVM(self):
"""Test delete security group with running VM""" """Test delete security group with running VM"""
@ -1402,7 +1402,7 @@ class TestIngressRule(cloudstackTestCase):
% (ingress_rule_2["id"], e)) % (ingress_rule_2["id"], e))
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_02_revokeIngressRule_AfterDeployVM(self): def test_02_revokeIngressRule_AfterDeployVM(self):
"""Test Revoke ingress rule after deploy VM""" """Test Revoke ingress rule after deploy VM"""
@ -1556,7 +1556,7 @@ class TestIngressRule(cloudstackTestCase):
% (icmp_rule["ruleid"], e)) % (icmp_rule["ruleid"], e))
return return
@attr(tags = ["sg", "eip"]) @attr(tags = ["sg", "eip", "advancedsg"])
def test_03_stopStartVM_verifyIngressAccess(self): def test_03_stopStartVM_verifyIngressAccess(self):
"""Test Start/Stop VM and Verify ingress rule""" """Test Start/Stop VM and Verify ingress rule"""

119
tools/devcloud/devcloud-advancedsg.cfg Normal file
View File

@ -0,0 +1,119 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# This configuration is meant for running advanced networking with security groups, with management server on the laptop.
# It requires that the user run a DNS resolver within devcloud via 'apt-get install dnsmasq'
{
"zones": [
{
"localstorageenabled": "true",
"name": "testzone",
"dns1": "8.8.8.8",
"physical_networks": [
{
"broadcastdomainrange": "Zone",
"name": "shared",
"traffictypes": [
{
"typ": "Management"
},
{
"typ": "Guest"
}
],
"providers": [
{
"broadcastdomainrange": "ZONE",
"name": "VirtualRouter"
},
{
"broadcastdomainrange": "ZONE",
"name": "SecurityGroupProvider"
}
],
"isolationmethods": [
"VLAN"
]
}
],
"securitygroupenabled": "true",
"ipranges": [
{
"startip": "10.0.3.100",
"endip": "10.0.3.199",
"netmask": "255.255.255.0",
"vlan": "1003",
"gateway": "10.0.3.2"
}
],
"networktype": "Advanced",
"pods": [
{
"endip": "192.168.56.249",
"name": "testpod",
"startip": "192.168.56.200",
"netmask": "255.255.255.0",
"clusters": [
{
"clustername": "testcluster",
"hypervisor": "XenServer",
"hosts": [
{
"username": "root",
"url": "http://192.168.56.10/",
"password": "password"
}
],
"clustertype": "CloudManaged"
}
],
"gateway": "192.168.56.1"
}
],
"internaldns1": "192.168.56.10",
"secondaryStorages": [
{
"url": "nfs://192.168.56.10/opt/storage/secondary"
}
]
}
],
"dbSvr": {
"dbSvr": "localhost",
"passwd": "cloud",
"db": "cloud",
"port": 3306,
"user": "cloud"
},
"logger": [
{
"name": "TestClient",
"file": "/var/log/testclient.log"
},
{
"name": "TestCase",
"file": "/var/log/testcase.log"
}
],
"mgtSvr": [
{
"mgtSvrIp": "127.0.0.1",
"port": 8096
}
]
}

123
tools/marvin/marvin/configGenerator.py
View File

@ -638,6 +638,126 @@ def describe_setup_in_advanced_mode():
return zs return zs
'''sample code to generate setup configuration file'''
def describe_setup_in_advancedsg_mode():
zs = cloudstackConfiguration()
for l in range(1):
z = zone()
z.dns1 = "8.8.8.8"
z.dns2 = "4.4.4.4"
z.internaldns1 = "192.168.110.254"
z.internaldns2 = "192.168.110.253"
z.name = "test"+str(l)
z.networktype = 'Advanced'
z.vlan = "100-2000"
z.securitygroupenabled = "true"
pn = physical_network()
pn.name = "test-network"
pn.traffictypes = [traffictype("Guest"), traffictype("Management")]
#If security groups are reqd
sgprovider = provider()
sgprovider.broadcastdomainrange = 'ZONE'
sgprovider.name = 'SecurityGroupProvider'
pn.providers.append(sgprovider)
z.physical_networks.append(pn)
'''create 10 pods'''
for i in range(2):
p = pod()
p.name = "test" +str(l) + str(i)
p.gateway = "192.168.%d.1"%i
p.netmask = "255.255.255.0"
p.startip = "192.168.%d.200"%i
p.endip = "192.168.%d.220"%i
'''add 10 clusters'''
for j in range(2):
c = cluster()
c.clustername = "test"+str(l)+str(i) + str(j)
c.clustertype = "CloudManaged"
c.hypervisor = "Simulator"
'''add 10 hosts'''
for k in range(2):
h = host()
h.username = "root"
h.password = "password"
memory = 8*1024*1024*1024
localstorage=1*1024*1024*1024*1024
#h.url = "http://sim/%d%d%d%d/cpucore=1&cpuspeed=8000&memory=%d&localstorage=%d"%(l,i,j,k,memory,localstorage)
h.url = "http://sim/%d%d%d%d"%(l,i,j,k)
c.hosts.append(h)
'''add 2 primary storages'''
for m in range(2):
primary = primaryStorage()
primary.name = "primary"+str(l) + str(i) + str(j) + str(m)
#primary.url = "nfs://localhost/path%s/size=%d"%(str(l) + str(i) + str(j) + str(m), size)
primary.url = "nfs://localhost/path%s"%(str(l) + str(i) + str(j) + str(m))
c.primaryStorages.append(primary)
p.clusters.append(c)
z.pods.append(p)
'''add two secondary'''
for i in range(5):
secondary = secondaryStorage()
secondary.url = "nfs://localhost/path"+str(l) + str(i)
z.secondaryStorages.append(secondary)
'''add default guest network'''
ips = iprange()
ips.vlan = "26"
ips.startip = "172.16.26.2"
ips.endip = "172.16.26.100"
ips.gateway = "172.16.26.1"
ips.netmask = "255.255.255.0"
z.ipranges.append(ips)
zs.zones.append(z)
'''Add one mgt server'''
mgt = managementServer()
mgt.mgtSvrIp = "localhost"
zs.mgtSvr.append(mgt)
'''Add a database'''
db = dbServer()
db.dbSvr = "localhost"
zs.dbSvr = db
'''add global configuration'''
global_settings = {'expunge.delay': '60',
'expunge.interval': '60',
'expunge.workers': '3',
}
for k,v in global_settings.iteritems():
cfg = configuration()
cfg.name = k
cfg.value = v
zs.globalConfig.append(cfg)
''''add loggers'''
testClientLogger = logger()
testClientLogger.name = "TestClient"
testClientLogger.file = "/tmp/testclient.log"
testCaseLogger = logger()
testCaseLogger.name = "TestCase"
testCaseLogger.file = "/tmp/testcase.log"
zs.logger.append(testClientLogger)
zs.logger.append(testCaseLogger)
return zs
def generate_setup_config(config, file=None): def generate_setup_config(config, file=None):
describe = config describe = config
if file is None: if file is None:
@ -666,6 +786,7 @@ if __name__ == "__main__":
parser.add_option("-i", "--input", action="store", default=None , dest="inputfile", help="input file") parser.add_option("-i", "--input", action="store", default=None , dest="inputfile", help="input file")
parser.add_option("-a", "--advanced", action="store_true", default=False, dest="advanced", help="use advanced networking") parser.add_option("-a", "--advanced", action="store_true", default=False, dest="advanced", help="use advanced networking")
parser.add_option("-s", "--advancedsg", action="store_true", default=False, dest="advancedsg", help="use advanced networking with security groups")
parser.add_option("-o", "--output", action="store", default="./datacenterCfg", dest="output", help="the path where the json config file generated, by default is ./datacenterCfg") parser.add_option("-o", "--output", action="store", default="./datacenterCfg", dest="output", help="the path where the json config file generated, by default is ./datacenterCfg")
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
@ -674,6 +795,8 @@ if __name__ == "__main__":
config = get_setup_config(options.inputfile) config = get_setup_config(options.inputfile)
if options.advanced: if options.advanced:
config = describe_setup_in_advanced_mode() config = describe_setup_in_advanced_mode()
elif options.advancedsg:
config = describe_setup_in_advancedsg_mode()
else: else:
config = describe_setup_in_basic_mode() config = describe_setup_in_basic_mode()

30
tools/marvin/marvin/deployDataCenter.py
View File

@ -300,6 +300,7 @@ class deployDataCenters():
createzone.securitygroupenabled = zone.securitygroupenabled createzone.securitygroupenabled = zone.securitygroupenabled
createzone.localstorageenabled = zone.localstorageenabled createzone.localstorageenabled = zone.localstorageenabled
createzone.networktype = zone.networktype createzone.networktype = zone.networktype
if zone.securitygroupenabled != "true":
createzone.guestcidraddress = zone.guestcidraddress createzone.guestcidraddress = zone.guestcidraddress
zoneresponse = self.apiClient.createZone(createzone) zoneresponse = self.apiClient.createZone(createzone)
@ -334,10 +335,37 @@ class deployDataCenters():
self.createVlanIpRanges(zone.networktype, zone.ipranges, \ self.createVlanIpRanges(zone.networktype, zone.ipranges, \
zoneId, forvirtualnetwork=True) zoneId, forvirtualnetwork=True)
if zone.networktype == "Advanced": if zone.networktype == "Advanced" and zone.securitygroupenabled != "true":
self.createpods(zone.pods, zoneId) self.createpods(zone.pods, zoneId)
self.createVlanIpRanges(zone.networktype, zone.ipranges, \ self.createVlanIpRanges(zone.networktype, zone.ipranges, \
zoneId) zoneId)
elif zone.networktype == "Advanced" and zone.securitygroupenabled == "true":
listnetworkoffering = listNetworkOfferings.listNetworkOfferingsCmd()
listnetworkoffering.name = "DefaultSharedNetworkOfferingWithSGService"
if zone.networkofferingname is not None:
listnetworkoffering.name = zone.networkofferingname
listnetworkofferingresponse = \
self.apiClient.listNetworkOfferings(listnetworkoffering)
networkcmd = createNetwork.createNetworkCmd()
networkcmd.displaytext = "Shared SG enabled network"
networkcmd.name = "Shared SG enabled network"
networkcmd.networkofferingid = listnetworkofferingresponse[0].id
networkcmd.zoneid = zoneId
ipranges = zone.ipranges
if ipranges:
iprange = ipranges.pop()
networkcmd.startip = iprange.startip
networkcmd.endip = iprange.endip
networkcmd.gateway = iprange.gateway
networkcmd.netmask = iprange.netmask
networkcmd.vlan = iprange.vlan
networkcmdresponse = self.apiClient.createNetwork(networkcmd)
networkId = networkcmdresponse.id
self.createpods(zone.pods, zoneId, networkId)
self.createSecondaryStorages(zone.secondaryStorages, zoneId) self.createSecondaryStorages(zone.secondaryStorages, zoneId)

18
tools/marvin/marvin/sandbox/advancedsg/__init__.py Normal file
View File

@ -0,0 +1,18 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

150
tools/marvin/marvin/sandbox/advancedsg/advancedsg_env.py Normal file
View File

@ -0,0 +1,150 @@
#!/usr/bin/env python
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
'''
############################################################
# Experimental state of scripts
# * Need to be reviewed
# * Only a sandbox
############################################################
'''
import random
import marvin
from ConfigParser import SafeConfigParser
from optparse import OptionParser
from marvin.configGenerator import *
def getGlobalSettings(config):
for k, v in dict(config.items('globals')).iteritems():
cfg = configuration()
cfg.name = k
cfg.value = v
yield cfg
def describeResources(config):
zs = cloudstackConfiguration()
z = zone()
z.dns1 = config.get('environment', 'dns')
z.internaldns1 = config.get('environment', 'dns')
z.name = 'Sandbox-%s'%(config.get('cloudstack', 'hypervisor'))
z.networktype = 'Advanced'
z.securitygroupenabled = 'true'
sgprovider = provider()
sgprovider.broadcastdomainrange = 'ZONE'
sgprovider.name = 'SecurityGroupProvider'
pn = physical_network()
pn.name = "Sandbox-pnet"
pn.tags = ["cloud-simulator-pnet"]
pn.traffictypes = [traffictype("Guest"),
traffictype("Management", {"simulator" : "cloud-simulator-mgmt"})]
pn.isolationmethods = ["VLAN"]
pn.providers.append(sgprovider)
z.physical_networks.append(pn)
p = pod()
p.name = 'POD0'
p.gateway = config.get('cloudstack', 'private.gateway')
p.startip = config.get('cloudstack', 'private.pod.startip')
p.endip = config.get('cloudstack', 'private.pod.endip')
p.netmask = config.get('cloudstack', 'private.netmask')
v = iprange()
v.gateway = config.get('cloudstack', 'guest.gateway')
v.startip = config.get('cloudstack', 'guest.vlan.startip')
v.endip = config.get('cloudstack', 'guest.vlan.endip')
v.netmask = config.get('cloudstack', 'guest.netmask')
v.vlan = config.get('cloudstack', 'guest.vlan')
z.ipranges.append(v)
c = cluster()
c.clustername = 'C0'
c.hypervisor = config.get('cloudstack', 'hypervisor')
c.clustertype = 'CloudManaged'
h = host()
h.username = 'root'
h.password = config.get('cloudstack', 'host.password')
h.url = 'http://%s'%(config.get('cloudstack', 'host'))
c.hosts.append(h)
ps = primaryStorage()
ps.name = 'PS0'
ps.url = config.get('cloudstack', 'primary.pool')
c.primaryStorages.append(ps)
p.clusters.append(c)
z.pods.append(p)
secondary = secondaryStorage()
secondary.url = config.get('cloudstack', 'secondary.pool')
z.secondaryStorages.append(secondary)
'''Add zone'''
zs.zones.append(z)
'''Add mgt server'''
mgt = managementServer()
mgt.mgtSvrIp = config.get('environment', 'mshost')
mgt.user = config.get('environment', 'mshost.user')
mgt.passwd = config.get('environment', 'mshost.passwd')
zs.mgtSvr.append(mgt)
'''Add a database'''
db = dbServer()
db.dbSvr = config.get('environment', 'mysql.host')
db.user = config.get('environment', 'mysql.cloud.user')
db.passwd = config.get('environment', 'mysql.cloud.passwd')
zs.dbSvr = db
'''Add some configuration'''
[zs.globalConfig.append(cfg) for cfg in getGlobalSettings(config)]
''''add loggers'''
testClientLogger = logger()
testClientLogger.name = 'TestClient'
testClientLogger.file = 'testclient.log'
testCaseLogger = logger()
testCaseLogger.name = 'TestCase'
testCaseLogger.file = 'testcase.log'
zs.logger.append(testClientLogger)
zs.logger.append(testCaseLogger)
return zs
if __name__ == '__main__':
parser = OptionParser()
parser.add_option('-i', '--input', action='store', default='setup.properties', \
dest='input', help='file containing environment setup information')
parser.add_option('-o', '--output', action='store', default='./sandbox.cfg', \
dest='output', help='path where environment json will be generated')
(opts, args) = parser.parse_args()
cfg_parser = SafeConfigParser()
cfg_parser.read(opts.input)
cfg = describeResources(cfg_parser)
generate_setup_config(cfg, opts.output)

61
tools/marvin/marvin/sandbox/advancedsg/setup.properties Normal file
View File

@ -0,0 +1,61 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
[globals]
#global settings in cloudstack
expunge.delay=60
expunge.interval=60
storage.cleanup.interval=300
account.cleanup.interval=600
expunge.workers=3
workers=10
vm.allocation.algorithm=random
vm.op.wait.interval=5
guest.domain.suffix=sandbox.simulator
instance.name=QA
direct.agent.load.size=1000
default.page.size=10000
check.pod.cidrs=true
secstorage.allowed.internal.sites=10.147.28.0/24
[environment]
dns=10.147.28.6
mshost=localhost
mshost.user=root
mshost.passwd=password
mysql.host=localhost
mysql.cloud.user=cloud
mysql.cloud.passwd=cloud
[cloudstack]
#management network
private.gateway=10.147.29.1
private.pod.startip=10.147.29.150
private.pod.endip=10.147.29.159
private.netmask=255.255.255.0
#guest network
guest.gateway=10.147.31.1
guest.vlan=31
guest.vlan.startip=10.147.31.150
guest.vlan.endip=10.147.31.159
guest.netmask=255.255.255.0
#hypervisor host information
hypervisor=Simulator
host=simulator0
host.password=password
#storage pools
primary.pool=nfs://10.147.28.6:/export/home/sandbox/primary
secondary.pool=nfs://10.147.28.6:/export/home/sandbox/sstor

2
tools/marvin/setup.py
View File

@ -45,7 +45,7 @@ setup(name="Marvin",
url="https://builds.apache.org/job/cloudstack-marvin/", url="https://builds.apache.org/job/cloudstack-marvin/",
packages=["marvin", "marvin.cloudstackAPI", "marvin.integration", packages=["marvin", "marvin.cloudstackAPI", "marvin.integration",
"marvin.integration.lib", "marvin.sandbox", "marvin.integration.lib", "marvin.sandbox",
"marvin.sandbox.advanced", "marvin.sandbox.basic"], "marvin.sandbox.advanced", "marvin.sandbox.advancedsg", "marvin.sandbox.basic"],
license="LICENSE.txt", license="LICENSE.txt",
install_requires=[ install_requires=[
"mysql-connector-python", "mysql-connector-python",

1
ui/scripts/zoneWizard.js
View File

@ -401,7 +401,6 @@
var nonSupportedHypervisors = {}; var nonSupportedHypervisors = {};
if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") { if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") {
firstOption = "KVM"; firstOption = "KVM";
nonSupportedHypervisors["XenServer"] = 1; //to developers: comment this line if you need to test Advanced SG-enabled zone with XenServer hypervisor
nonSupportedHypervisors["VMware"] = 1; nonSupportedHypervisors["VMware"] = 1;
nonSupportedHypervisors["BareMetal"] = 1; nonSupportedHypervisors["BareMetal"] = 1;
nonSupportedHypervisors["Ovm"] = 1; nonSupportedHypervisors["Ovm"] = 1;