diff --git a/test/integration/smoke/test_vpc_vpn.py b/test/integration/smoke/test_vpc_vpn.py index 0b78ad11340..5a322d33aa2 100644 --- a/test/integration/smoke/test_vpc_vpn.py +++ b/test/integration/smoke/test_vpc_vpn.py @@ -16,150 +16,474 @@ # under the License. """ Tests for VPN in VPC """ -#Import Local Modules -from marvin.codes import FAILED -from marvin.cloudstackTestCase import * -from marvin.cloudstackAPI import * -from marvin.lib.utils import * -from marvin.lib.base import * -from marvin.lib.common import * +# Import Local Modules +from marvin.codes import PASS, FAILED +from marvin.cloudstackTestCase import cloudstackTestCase +from marvin.lib.utils import (cleanup_resources, + get_process_status) + +from marvin.lib.base import (Domain, + Account, + Configurations, + VPC, + VpcOffering, + ServiceOffering, + NetworkOffering, + Network, + PublicIPAddress, + NATRule, + NetworkACL, + NetworkACLList, + LoadBalancerRule, + ApplicationLoadBalancer, + VirtualMachine, + Template, + FireWallRule, + StaticNATRule, + Vpn, + VpnCustomerGateway, + VpnUser + ) + +from marvin.sshClient import SshClient + + +from marvin.lib.common import (get_zone, + get_domain, + get_template, + list_network_offerings) + from nose.plugins.attrib import attr +import logging import time +class Services: + + """Test VPC VPN Services. + """ + + def __init__(self): + self.services = { + "account": { + "email": "test@test.com", + "firstname": "Test", + "lastname": "User", + "username": "test", + # Random characters are appended for unique + # username + "password": "password", + }, + "host1": None, + "host2": None, + "default_hypervisor": "kvm", + "compute_offering": { + "name": "Tiny Instance", + "displaytext": "Tiny Instance", + "cpunumber": 1, + "cpuspeed": 100, + "memory": 128, + }, + "network_offering": { + "name": 'VPC Network offering', + "displaytext": 'VPC Network', + "guestiptype": 'Isolated', + "supportedservices": 'Vpn,Dhcp,Dns,SourceNat,Lb,PortForwarding,UserData,StaticNat,NetworkACL', + "traffictype": 'GUEST', + "availability": 'Optional', + "useVpc": 'on', + "serviceProviderList": { + "Vpn": 'VpcVirtualRouter', + "Dhcp": 'VpcVirtualRouter', + "Dns": 'VpcVirtualRouter', + "SourceNat": 'VpcVirtualRouter', + "Lb": 'VpcVirtualRouter', + "PortForwarding": 'VpcVirtualRouter', + "UserData": 'VpcVirtualRouter', + "StaticNat": 'VpcVirtualRouter', + "NetworkACL": 'VpcVirtualRouter' + }, + }, + "network_offering_internal_lb": { + "name": 'VPC Network Internal Lb offering', + "displaytext": 'VPC Network internal lb', + "guestiptype": 'Isolated', + "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,UserData,StaticNat,NetworkACL,Lb', + "traffictype": 'GUEST', + "availability": 'Optional', + "useVpc": 'on', + "serviceCapabilityList": { + "Lb": { + "SupportedLbIsolation": 'dedicated', + "lbSchemes": 'internal' + } + }, + "serviceProviderList": { + "Dhcp": 'VpcVirtualRouter', + "Dns": 'VpcVirtualRouter', + "SourceNat": 'VpcVirtualRouter', + "PortForwarding": 'VpcVirtualRouter', + "UserData": 'VpcVirtualRouter', + "StaticNat": 'VpcVirtualRouter', + "NetworkACL": 'VpcVirtualRouter', + "Lb": 'InternalLbVm' + }, + "egress_policy": "true", + }, + "vpc_offering": { + "name": 'Redundant VPC off', + "displaytext": 'Redundant VPC off', + "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat', + "serviceProviderList": { + "Vpn": 'VpcVirtualRouter', + "Dhcp": 'VpcVirtualRouter', + "Dns": 'VpcVirtualRouter', + "SourceNat": 'VpcVirtualRouter', + "PortForwarding": 'VpcVirtualRouter', + "Lb": 'VpcVirtualRouter', + "UserData": 'VpcVirtualRouter', + "StaticNat": 'VpcVirtualRouter', + "NetworkACL": 'VpcVirtualRouter' + }, + "serviceCapabilityList": { + "SourceNat": { + "RedundantRouter": 'true' + } + }, + }, + "vpc": { + "name": "TestVPC", + "displaytext": "TestVPC", + "cidr": '10.1.0.0/16' + }, + "vpc1": { + "name": "TestVPC", + "displaytext": "VPC1", + "cidr": '10.1.0.0/16' + }, + "vpc2": { + "name": "TestVPC", + "displaytext": "VPC2", + "cidr": '10.2.0.0/16' + }, + "network_1": { + "name": "Test Network", + "displaytext": "Test Network", + "netmask": '255.255.255.0', + "gateway": "10.1.1.1" + }, + "network_2": { + "name": "Test Network", + "displaytext": "Test Network", + "netmask": '255.255.255.0', + "gateway": "10.2.1.1" + }, + "vpn": { + "vpn_user":"root", + "vpn_pass":"Md1s#dc", + "vpn_pass_fail":"abc!123", # too short + "iprange":"10.2.2.1-10.2.2.10", + "fordisplay": "true" + }, + "vpncustomergateway": { + "esppolicy":"3des-md5;modp1536", + "ikepolicy":"3des-md5;modp1536", + "ipsecpsk":"ipsecpsk" + }, + "natrule": { + "protocol": "TCP", + "cidrlist": '0.0.0.0/0', + }, + "http_rule": { + "privateport": 80, + "publicport": 80, + "startport": 80, + "endport": 80, + "cidrlist": '0.0.0.0/0', + "protocol": "TCP" + }, + "virtual_machine": { + "displayname": "Test VM", + "username": "root", + "password": "password", + "ssh_port": 22, + "privateport": 22, + "publicport": 22, + "protocol": 'TCP', + }, + "template_kvm": { + "name": "tiny-kvm", + "displaytext": "macchinina kvm", + "format": "qcow2", + "hypervisor": "kvm", + "ostype": "Other PV (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", + "requireshvm": "True", + }, + "template_xen": { + "name": "tiny-xen", + "displaytext": "macchinina xen", + "format": "vhd", + "hypervisor": "xen", + "ostype": "Other (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", + "requireshvm": "True", + }, + } + + class TestVpcRemoteAccessVpn(cloudstackTestCase): @classmethod def setUpClass(cls): + + cls.logger = logging.getLogger('TestVPCRemoteAccessVPN') + cls.stream_handler = logging.StreamHandler() + cls.logger.setLevel(logging.DEBUG) + cls.logger.addHandler(cls.stream_handler) + cls.startTime = time.time() + testClient = super(TestVpcRemoteAccessVpn, cls).getClsTestClient() cls.apiclient = testClient.getApiClient() - cls.services = testClient.getParsedTestDataConfig() + cls.services = Services().services cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) cls.domain = get_domain(cls.apiclient) - cls.service_offering = ServiceOffering.create( + cls.compute_offering = ServiceOffering.create( cls.apiclient, - cls.services["service_offerings"]["tiny"] + cls.services["compute_offering"] ) cls.account = Account.create(cls.apiclient, services=cls.services["account"]) - cls.template = get_template( - cls.apiclient, - cls.zone.id, - cls.services["ostype"] - ) - if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + if cls.services["default_hypervisor"] == "kvm": + cls.template = Template.register(cls.apiclient, cls.services["template_kvm"], cls.zone.id, hypervisor=cls.services[ + "template_kvm"]["hypervisor"], account=cls.account.name, domainid=cls.domain.id) + else: + cls.template = Template.register(cls.apiclient, cls.services["template_xen"], cls.zone.id, hypervisor=cls.services[ + "template_xen"]["hypervisor"], account=cls.account.name, domainid=cls.domain.id) + + if cls.template == FAILED: + assert False, "get_template() failed to return template with description %s" % cls.services["compute_offering"] + + cls.services["virtual_machine"]["hypervisor"] = cls.services["default_hypervisor"] cls.cleanup = [cls.account] - + @attr(tags=["advanced"], required_hardware="false") def test_vpc_remote_access_vpn(self): - """Test VPN in VPC""" + """Test Remote Access VPN in VPC""" # 0) Get the default network offering for VPC + self.logger.debug("Retrieving default VPC offering") networkOffering = NetworkOffering.list(self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC vpcOffering = VpcOffering.list(self.apiclient,isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering)>0, "No VPC offerings found") - vpc = VPC.create( + + try: + vpc = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc"], + networkDomain="vpc.vpn", + vpcofferingid=vpcOffering[0].id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.domain.id + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vpc is not None, "VPC creation failed") + self.logger.debug("VPC %s created" %(vpc.id)) + + try: + # 2) Create network in VPC + ntwk = Network.create( apiclient=self.apiclient, - services=self.services["vpc"], - networkDomain="vpc.vpn", - vpcofferingid=vpcOffering[0].id, + services=self.services["network_1"], + accountid=self.account.name, + domainid=self.domain.id, + networkofferingid=networkOffering[0].id, zoneid=self.zone.id, - account=self.account.name, - domainid=self.domain.id - ) - self.assert_(vpc is not None, "VPC creation failed") - self.debug("VPC %s created" %(vpc.id)) + vpcid=vpc.id + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(ntwk, "Network failed to create") + self.logger.debug("Network %s created in VPC %s" %(ntwk.id, vpc.id)) - # 2) Create network in VPC - ntwk = Network.create( - apiclient=self.apiclient, - services=self.services["ntwk"], - accountid=self.account.name, - domainid=self.domain.id, - networkofferingid=networkOffering[0].id, - zoneid=self.zone.id, - vpcid=vpc.id - ) - self.assertIsNotNone(ntwk, "Network failed to create") - self.debug("Network %s created in VPC %s" %(ntwk.id, vpc.id)) + try: + # 3) Deploy a vm + vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid= self.domain.id, + serviceofferingid=self.compute_offering.id, + networkids=ntwk.id, + hypervisor=self.services["virtual_machine"]["hypervisor"] + ) + self.assert_(vm is not None, "VM failed to deploy") + self.assert_(vm.state == 'Running', "VM is not running") + self.debug("VM %s deployed in VPC %s" %(vm.id, vpc.id)) + except Exception as e: + self.fail(e) + finally: + self.logger.debug("Deployed virtual machine: OK") - # 3) Deploy a vm - vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], - templateid=self.template.id, - zoneid=self.zone.id, - accountid=self.account.name, - domainid= self.domain.id, - serviceofferingid=self.service_offering.id, - networkids=ntwk.id - ) - self.assert_(vm is not None, "VM failed to deploy") - self.assert_(vm.state == 'Running', "VM is not running") - self.debug("VM %s deployed in VPC %s" %(vm.id, vpc.id)) + try: + # 4) Enable VPN for VPC + src_nat_list = PublicIPAddress.list( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + listall=True, + issourcenat=True, + vpcid=vpc.id + ) + ip = src_nat_list[0] + except Exception as e: + self.fail(e) + finally: + self.logger.debug("Acquired public ip address: OK") - # 4) Enable VPN for VPC - - src_nat_list = PublicIPAddress.list( - self.apiclient, - account=self.account.name, - domainid=self.account.domainid, - listall=True, - issourcenat=True, - vpcid=vpc.id - ) - ip = src_nat_list[0] - vpn = Vpn.create(self.apiclient, - publicipid=ip.id, - account=self.account.name, - domainid=self.account.domainid) + try: + vpn = Vpn.create(self.apiclient, + publicipid=ip.id, + account=self.account.name, + domainid=self.account.domainid, + iprange=self.services["vpn"]["iprange"], + fordisplay=self.services["vpn"]["fordisplay"] + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") + self.logger.debug("Created Remote Access VPN: OK") + vpnUser = None # 5) Add VPN user for VPC - vpnUser = VpnUser.create(self.apiclient, - account=self.account.name, - domainid=self.account.domainid, - username=self.services["vpn_user"]["username"], - password=self.services["vpn_user"]["password"]) + try: + vpnUser = VpnUser.create(self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + username=self.services["vpn"]["vpn_user"], + password=self.services["vpn"]["vpn_pass"] + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(vpnUser, "Failed to create Remote Access VPN User") + self.logger.debug("Created VPN User: OK") + + + #TODO: Add an actual remote vpn connection test from a remote vpc + + try: + # 9) Disable VPN for VPC + vpn.delete(self.apiclient) + except Exceptio as e: + self.fail(e) + finally: + self.logger.debug("Deleted the Remote Access VPN: OK") - # 6) Disable VPN for VPC - vpn.delete(self.apiclient) @classmethod def tearDownClass(cls): + total_time = time.time() - cls.startTime + cls.logger.debug("%.3f" % (total_time)) try: + cls.logger.debug("Cleaning up resources") cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) + class TestVpcSite2SiteVpn(cloudstackTestCase): @classmethod def setUpClass(cls): + cls.logger = logging.getLogger('TestVPCSite2SiteVPN') + cls.stream_handler = logging.StreamHandler() + cls.logger.setLevel(logging.DEBUG) + cls.logger.addHandler(cls.stream_handler) + testClient = super(TestVpcSite2SiteVpn, cls).getClsTestClient() cls.apiclient = testClient.getApiClient() - cls.services = testClient.getParsedTestDataConfig() + cls.services = Services().services cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) cls.domain = get_domain(cls.apiclient) cls.service_offering = ServiceOffering.create( cls.apiclient, - cls.services["service_offerings"]["tiny"] + cls.services["compute_offering"] ) - cls.account = Account.create(cls.apiclient, services=cls.services["account"]) - cls.template = get_template( - cls.apiclient, - cls.zone.id, - cls.services["ostype"] - ) - if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + cls.account = Account.create(cls.apiclient, services=cls.services["account"]) + if cls.services["default_hypervisor"] == "kvm": + cls.template = Template.register(cls.apiclient, cls.services["template_kvm"], cls.zone.id, hypervisor=cls.services[ + "template_kvm"]["hypervisor"], account=cls.account.name, domainid=cls.domain.id) + else: + cls.template = Template.register(cls.apiclient, cls.services["template_xen"], cls.zone.id, hypervisor=cls.services[ + "template_xen"]["hypervisor"], account=cls.account.name, domainid=cls.domain.id) + + if cls.template == FAILED: + assert False, "get_template() failed to return template with description %s" % cls.services["compute_offering"] + + cls.services["virtual_machine"]["hypervisor"] = cls.services["default_hypervisor"] cls.cleanup = [cls.account] + + def get_ssh_client(self, virtual_machine, services, retries): + """ Setup ssh client connection and return connection + vm requires attributes public_ip, public_port, username, password """ + + try: + ssh_client = SshClient( + virtual_machine.public_ip, + services["virtual_machine"]["ssh_port"], + services["virtual_machine"]["username"], + services["virtual_machine"]["password"], + retries) + + except Exception as e: + self.fail("Unable to create ssh connection: " % e) + + self.assertIsNotNone( + ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip)) + + return ssh_client + + def create_natrule(self, vpc, vm, public_port, private_port, public_ip, network, services=None): + self.logger.debug("Creating NAT rule in network for vm with public IP") + if not services: + self.services["natrule"]["privateport"] = private_port + self.services["natrule"]["publicport"] = public_port + self.services["natrule"]["startport"] = public_port + self.services["natrule"]["endport"] = public_port + services = self.services["natrule"] + + nat_rule = NATRule.create( + apiclient=self.apiclient, + services=services, + ipaddressid=public_ip.ipaddress.id, + virtual_machine=vm, + networkid=network.id + ) + self.assertIsNotNone( + nat_rule, "Failed to create NAT Rule for %s" % public_ip.ipaddress.ipaddress) + self.logger.debug( + "Adding NetworkACL rules to make NAT rule accessible") + + vm.ssh_ip = nat_rule.ipaddress + vm.public_ip = nat_rule.ipaddress + vm.public_port = int(public_port) + return nat_rule + + @attr(tags=["advanced"], required_hardware="false") def test_vpc_site2site_vpn(self): """Test VPN in VPC""" @@ -168,99 +492,134 @@ class TestVpcSite2SiteVpn(cloudstackTestCase): networkOffering = NetworkOffering.list(self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") - # 1) Create VPC + # 1) Create VPC offering vpcOffering = VpcOffering.list(self.apiclient,isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering)>0, "No VPC offerings found") - vpc1 = VPC.create( + # Create VPC 1 + try: + vpc1 = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc"], + networkDomain="vpc1.vpn", + vpcofferingid=vpcOffering[0].id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.domain.id + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vpc1 is not None, "VPC1 creation failed") + + self.logger.debug("VPC1 %s created" %(vpc1.id)) + + # Create VPC 2 + try: + vpc2 = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc2"], + networkDomain="vpc2.vpn", + vpcofferingid=vpcOffering[0].id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.account.domainid + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vpc2 is not None, "VPC2 creation failed") + + self.logger.debug("VPC2 %s created" %(vpc2.id)) + + default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] + + # Create network in VPC 1 + try: + ntwk1 = Network.create( apiclient=self.apiclient, - services=self.services["vpc"], - networkDomain="vpc1.vpn", - vpcofferingid=vpcOffering[0].id, + services=self.services["network_1"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=networkOffering[0].id, zoneid=self.zone.id, - account=self.account.name, - domainid=self.domain.id - ) - self.assert_(vpc1 is not None, "VPC creation failed") - self.debug("VPC1 %s created" %(vpc1.id)) + vpcid=vpc1.id, + aclid=default_acl.id + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(ntwk1, "Network failed to create") - vpc2 = VPC.create( + self.logger.debug("Network %s created in VPC %s" %(ntwk1.id, vpc1.id)) + + # Create network in VPC 2 + try: + ntwk2 = Network.create( apiclient=self.apiclient, - services=self.services["vpc2"], - networkDomain="vpc2.vpn", - vpcofferingid=vpcOffering[0].id, + services=self.services["network_2"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=networkOffering[0].id, zoneid=self.zone.id, - account=self.account.name, - domainid=self.domain.id - ) - self.assert_(vpc2 is not None, "VPC2 creation failed") - self.debug("VPC2 %s created" %(vpc1.id)) + vpcid=vpc2.id, + aclid=default_acl.id + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(ntwk2, "Network failed to create") - # 2) Create network in VPC - ntwk1 = Network.create( - apiclient=self.apiclient, - services=self.services["ntwk"], - accountid=self.account.name, - domainid=self.domain.id, - networkofferingid=networkOffering[0].id, - zoneid=self.zone.id, - vpcid=vpc1.id - ) - self.assertIsNotNone(ntwk1, "Network failed to create") - self.debug("Network %s created in VPC %s" %(ntwk1.id, vpc1.id)) + self.logger.debug("Network %s created in VPC %s" %(ntwk2.id, vpc2.id)) - ntwk2 = Network.create( - apiclient=self.apiclient, - services=self.services["ntwk2"], - accountid=self.account.name, - domainid=self.domain.id, - networkofferingid=networkOffering[0].id, - zoneid=self.zone.id, - vpcid=vpc2.id - ) - self.assertIsNotNone(ntwk2, "Network failed to create") - self.debug("Network %s created in VPC %s" %(ntwk2.id, vpc2.id)) + # Deploy a vm in network 2 + try: + vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid= self.account.domainid, + serviceofferingid=self.service_offering.id, + networkids=ntwk1.id, + hypervisor=self.services["virtual_machine"]["hypervisor"] + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vm1 is not None, "VM failed to deploy") + self.assert_(vm1.state == 'Running', "VM is not running") - # 3) Deploy a vm - vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], - templateid=self.template.id, - zoneid=self.zone.id, - accountid=self.account.name, - domainid= self.domain.id, - serviceofferingid=self.service_offering.id, - networkids=ntwk1.id - ) - self.assert_(vm1 is not None, "VM failed to deploy") - self.assert_(vm1.state == 'Running', "VM is not running") - self.debug("VM %s deployed in VPC %s" %(vm1.id, vpc1.id)) + self.logger.debug("VM %s deployed in VPC %s" %(vm1.id, vpc1.id)) + + # Deploy a vm in network 2 + try: + vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid= self.account.domainid, + serviceofferingid=self.service_offering.id, + networkids=ntwk2.id, + hypervisor=self.services["virtual_machine"]["hypervisor"] + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vm2 is not None, "VM failed to deploy") + self.assert_(vm2.state == 'Running', "VM is not running") - vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], - templateid=self.template.id, - zoneid=self.zone.id, - accountid=self.account.name, - domainid= self.domain.id, - serviceofferingid=self.service_offering.id, - networkids=ntwk2.id - ) - self.assert_(vm2 is not None, "VM failed to deploy") - self.assert_(vm2.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" %(vm2.id, vpc2.id)) # 4) Enable Site-to-Site VPN for VPC - cmd=createVpnGateway.createVpnGatewayCmd() - cmd.vpcid=vpc1.id - vpn1_response = self.apiclient.createVpnGateway(cmd) + vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) + self.assert_(vpn1_response is not None, "Failed to enable VPN Gateway 1") + self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) - self.debug("VPN gateway for VPC %s enabled" % (vpc1.id)) - - cmd=createVpnGateway.createVpnGatewayCmd() - cmd.vpcid=vpc2.id - vpn2_response = self.apiclient.createVpnGateway(cmd) - - self.debug("VPN gateway for VPC %s enabled" %(vpc2.id)) + vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) + self.assert_(vpn2_response is not None, "Failed to enable VPN Gateway 2") + self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) # 5) Add VPN Customer gateway info - src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, @@ -270,7 +629,6 @@ class TestVpcSite2SiteVpn(cloudstackTestCase): vpcid=vpc1.id ) ip1 = src_nat_list[0] - src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, @@ -281,40 +639,58 @@ class TestVpcSite2SiteVpn(cloudstackTestCase): ) ip2 = src_nat_list[0] - cmd=createVpnCustomerGateway.createVpnCustomerGatewayCmd() - cmd.esppolicy="3des-md5;modp1536" - cmd.ikepolicy="3des-md5;modp1536" - cmd.domainid=self.account.domainid - cmd.account=self.account.name - cmd.ipsecpsk="ipsecpsk" + services = self.services["vpncustomergateway"] + customer1_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id ) + self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id ) + self.logger.debug(vars(customer1_response)) - cmd.name="Peer VPC1" - cmd.gateway=ip1.ipaddress - cmd.cidrlist=vpc1.cidr - customer1_response = self.apiclient.createVpnCustomerGateway(cmd) - self.debug("VPN customer gateway added for VPC %s enabled" %(vpc1.id)) + customer2_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id ) + self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id ) + self.logger.debug(vars(customer2_response)) - cmd.name="Peer VPC2" - cmd.gateway=ip2.ipaddress - cmd.cidrlist=vpc2.cidr - customer2_response = self.apiclient.createVpnCustomerGateway(cmd) - self.debug("VPN customer gateway added for VPC %s enabled" %(vpc2.id)) + # 6) Connect two VPCs + vpnconn1_response = Vpn.createVpnConnection(self.apiclient, customer1_response.id, vpn2_response['id'], True) + self.debug("VPN passive connection created for VPC %s" % vpc2.id) - # 6) Connect two VPCs - cmd = createVpnConnection.createVpnConnectionCmd() - cmd.s2svpngatewayid = vpn2_response.id - cmd.s2scustomergatewayid = customer1_response.id - cmd.passive="true" - vpnconn1_response = self.apiclient.createVpnConnection(cmd) - self.debug("VPN passive connection created for VPC %s" %(vpc2.id)) + vpnconn2_response = Vpn.createVpnConnection(self.apiclient, customer2_response.id, vpn1_response['id']) + self.debug("VPN connection created for VPC %s" % vpc1.id) - cmd = createVpnConnection.createVpnConnectionCmd() - cmd.s2svpngatewayid = vpn1_response.id - cmd.s2scustomergatewayid = customer2_response.id - vpnconn2_response = self.apiclient.createVpnConnection(cmd) - self.debug("VPN connection created for VPC %s" %(vpc1.id)) + self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") - self.assertEqual(vpnconn2_response.state, "Connected", "Failed to connect between VPCs!") + # acquire an extra ip address to use to ssh into vm2 + try: + vm2.public_ip = PublicIPAddress.create( + apiclient=self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + services=self.services, + networkid=ntwk2.id, + vpcid=vpc2.id) + except Exception as e: + self.fail(e) + finally: + self.assert_(vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") + + + # Create port forward to be able to ssh into vm2 + try: + natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) + except Exception as e: + self.fail(e) + finally: + self.assert_(natrule is not None, "Failed to create portforward for vm2") + time.sleep(10) + + # setup ssh connection to vm2 + ssh_client = self.get_ssh_client(vm2, self.services, 10) + + if ssh_client: + # run ping test + packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] + self.assert_(int(packet_loss) == 0, "Ping did not succeed") + else: + self.fail("Failed to setup ssh connection to %s" %vm2.public_ip) @classmethod def tearDownClass(cls): diff --git a/tools/marvin/marvin/lib/base.py b/tools/marvin/marvin/lib/base.py index 54922c84ed3..fc49fd2dadd 100755 --- a/tools/marvin/marvin/lib/base.py +++ b/tools/marvin/marvin/lib/base.py @@ -2936,7 +2936,7 @@ class Vpn: @classmethod def create(cls, apiclient, publicipid, account=None, domainid=None, - projectid=None, networkid=None, vpcid=None, openfirewall=None): + projectid=None, networkid=None, vpcid=None, openfirewall=None, iprange=None, fordisplay=False): """Create VPN for Public IP address""" cmd = createRemoteAccessVpn.createRemoteAccessVpnCmd() cmd.publicipid = publicipid @@ -2950,8 +2950,12 @@ class Vpn: cmd.networkid = networkid if vpcid: cmd.vpcid = vpcid + if iprange: + cmd.iprange = iprange if openfirewall: cmd.openfirewall = openfirewall + + cmd.fordisplay = fordisplay return Vpn(apiclient.createRemoteAccessVpn(cmd).__dict__) @classmethod @@ -2962,11 +2966,13 @@ class Vpn: return (apiclient.createVpnGateway(cmd).__dict__) @classmethod - def createVpnConnection(cls, apiclient, s2scustomergatewayid, s2svpngatewayid): + def createVpnConnection(cls, apiclient, s2scustomergatewayid, s2svpngatewayid, passive=False): """Create VPN Connection """ cmd = createVpnConnection.createVpnConnectionCmd() cmd.s2scustomergatewayid = s2scustomergatewayid cmd.s2svpngatewayid = s2svpngatewayid + if passive: + cmd.passive = passive return (apiclient.createVpnGateway(cmd).__dict__) @classmethod