mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
1589 lines
60 KiB
Python
1589 lines
60 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
""" Tests for VPN in VPC
|
|
"""
|
|
# Import Local Modules
|
|
from marvin.codes import PASS, FAILED
|
|
from marvin.cloudstackTestCase import cloudstackTestCase
|
|
from marvin.lib.utils import (validateList,
|
|
wait_until)
|
|
|
|
from marvin.lib.base import (Account,
|
|
VPC,
|
|
VpcOffering,
|
|
ServiceOffering,
|
|
NetworkOffering,
|
|
Network,
|
|
PublicIPAddress,
|
|
NATRule,
|
|
NetworkACLList,
|
|
VirtualMachine,
|
|
Vpn,
|
|
VpnCustomerGateway,
|
|
VpnUser
|
|
)
|
|
|
|
from marvin.sshClient import SshClient
|
|
|
|
|
|
from marvin.lib.common import (get_zone,
|
|
get_domain,
|
|
get_test_template)
|
|
|
|
from nose.plugins.attrib import attr
|
|
|
|
import logging
|
|
import time
|
|
|
|
|
|
class Services:
|
|
|
|
"""Test VPC VPN Services.
|
|
"""
|
|
|
|
def __init__(self):
|
|
self.services = {
|
|
"account": {
|
|
"email": "test@test.com",
|
|
"firstname": "Test",
|
|
"lastname": "User",
|
|
"username": "test",
|
|
"password": "password",
|
|
},
|
|
"host1": None,
|
|
"host2": None,
|
|
"compute_offering": {
|
|
"name": "Tiny Instance",
|
|
"displaytext": "Tiny Instance",
|
|
"cpunumber": 1,
|
|
"cpuspeed": 100,
|
|
"memory": 128,
|
|
},
|
|
"network_offering": {
|
|
"name": 'VPC Network offering',
|
|
"displaytext": 'VPC Network',
|
|
"guestiptype": 'Isolated',
|
|
"supportedservices": 'Vpn,Dhcp,Dns,SourceNat,Lb,PortForwarding,UserData,StaticNat,NetworkACL',
|
|
"traffictype": 'GUEST',
|
|
"availability": 'Optional',
|
|
"useVpc": 'on',
|
|
"serviceProviderList": {
|
|
"Vpn": 'VpcVirtualRouter',
|
|
"Dhcp": 'VpcVirtualRouter',
|
|
"Dns": 'VpcVirtualRouter',
|
|
"SourceNat": 'VpcVirtualRouter',
|
|
"Lb": 'VpcVirtualRouter',
|
|
"PortForwarding": 'VpcVirtualRouter',
|
|
"UserData": 'VpcVirtualRouter',
|
|
"StaticNat": 'VpcVirtualRouter',
|
|
"NetworkACL": 'VpcVirtualRouter'
|
|
},
|
|
},
|
|
"network_offering_internal_lb": {
|
|
"name": 'VPC Network Internal Lb offering',
|
|
"displaytext": 'VPC Network internal lb',
|
|
"guestiptype": 'Isolated',
|
|
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,UserData,StaticNat,NetworkACL,Lb',
|
|
"traffictype": 'GUEST',
|
|
"availability": 'Optional',
|
|
"useVpc": 'on',
|
|
"serviceCapabilityList": {
|
|
"Lb": {
|
|
"SupportedLbIsolation": 'dedicated',
|
|
"lbSchemes": 'internal'
|
|
}
|
|
},
|
|
"serviceProviderList": {
|
|
"Dhcp": 'VpcVirtualRouter',
|
|
"Dns": 'VpcVirtualRouter',
|
|
"SourceNat": 'VpcVirtualRouter',
|
|
"PortForwarding": 'VpcVirtualRouter',
|
|
"UserData": 'VpcVirtualRouter',
|
|
"StaticNat": 'VpcVirtualRouter',
|
|
"NetworkACL": 'VpcVirtualRouter',
|
|
"Lb": 'InternalLbVm'
|
|
},
|
|
"egress_policy": "true",
|
|
},
|
|
"vpc_offering": {
|
|
"name": 'VPC off',
|
|
"displaytext": 'VPC off',
|
|
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
|
|
},
|
|
"redundant_vpc_offering": {
|
|
"name": 'Redundant VPC off',
|
|
"displaytext": 'Redundant VPC off',
|
|
"supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Vpn,Lb,UserData,StaticNat',
|
|
"serviceProviderList": {
|
|
"Vpn": 'VpcVirtualRouter',
|
|
"Dhcp": 'VpcVirtualRouter',
|
|
"Dns": 'VpcVirtualRouter',
|
|
"SourceNat": 'VpcVirtualRouter',
|
|
"PortForwarding": 'VpcVirtualRouter',
|
|
"Lb": 'VpcVirtualRouter',
|
|
"UserData": 'VpcVirtualRouter',
|
|
"StaticNat": 'VpcVirtualRouter',
|
|
"NetworkACL": 'VpcVirtualRouter'
|
|
},
|
|
"serviceCapabilityList": {
|
|
"SourceNat": {
|
|
"RedundantRouter": 'true'
|
|
}
|
|
},
|
|
},
|
|
"vpc": {
|
|
"name": "TestVPC",
|
|
"displaytext": "TestVPC",
|
|
"cidr": '10.1.0.0/16'
|
|
},
|
|
"vpc1": {
|
|
"name": "TestVPC",
|
|
"displaytext": "VPC1",
|
|
"cidr": '10.1.0.0/16'
|
|
},
|
|
"vpc2": {
|
|
"name": "TestVPC",
|
|
"displaytext": "VPC2",
|
|
"cidr": '10.3.0.0/16'
|
|
},
|
|
"network_1": {
|
|
"name": "Test Network",
|
|
"displaytext": "Test Network",
|
|
"netmask": '255.255.255.0',
|
|
"gateway": "10.1.1.1"
|
|
},
|
|
"network_2": {
|
|
"name": "Test Network",
|
|
"displaytext": "Test Network",
|
|
"netmask": '255.255.255.0',
|
|
"gateway": "10.3.1.1"
|
|
},
|
|
"vpn": {
|
|
"vpn_user": "root",
|
|
"vpn_pass": "Md1sdc",
|
|
"vpn_pass_fail": "abc!123", # too short
|
|
"iprange": "10.3.2.1-10.3.2.10",
|
|
"fordisplay": "true"
|
|
},
|
|
"vpncustomergateway": {
|
|
"esppolicy": "3des-md5;modp1536",
|
|
"ikepolicy": "3des-md5;modp1536",
|
|
"ipsecpsk": "ipsecpsk"
|
|
},
|
|
"natrule": {
|
|
"protocol": "TCP",
|
|
"cidrlist": '0.0.0.0/0',
|
|
},
|
|
"http_rule": {
|
|
"privateport": 80,
|
|
"publicport": 80,
|
|
"startport": 80,
|
|
"endport": 80,
|
|
"cidrlist": '0.0.0.0/0',
|
|
"protocol": "TCP"
|
|
},
|
|
"virtual_machine": {
|
|
"displayname": "Test VM",
|
|
"username": "root",
|
|
"password": "password",
|
|
"ssh_port": 22,
|
|
"privateport": 22,
|
|
"publicport": 22,
|
|
"protocol": 'TCP',
|
|
}
|
|
}
|
|
|
|
|
|
class TestVpcRemoteAccessVpn(cloudstackTestCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
|
|
cls.logger = logging.getLogger('TestVPCRemoteAccessVPN')
|
|
cls.stream_handler = logging.StreamHandler()
|
|
cls.logger.setLevel(logging.DEBUG)
|
|
cls.logger.addHandler(cls.stream_handler)
|
|
|
|
testClient = super(TestVpcRemoteAccessVpn, cls).getClsTestClient()
|
|
cls.apiclient = testClient.getApiClient()
|
|
cls.services = Services().services
|
|
|
|
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
|
|
cls.domain = get_domain(cls.apiclient)
|
|
|
|
cls._cleanup = []
|
|
|
|
cls.compute_offering = ServiceOffering.create(
|
|
cls.apiclient,
|
|
cls.services["compute_offering"]
|
|
)
|
|
cls._cleanup.append(cls.compute_offering)
|
|
cls.account = Account.create(
|
|
cls.apiclient, services=cls.services["account"])
|
|
cls._cleanup.append(cls.account)
|
|
|
|
cls.hypervisor = testClient.getHypervisorInfo()
|
|
|
|
cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor)
|
|
if cls.template == FAILED:
|
|
assert False, "get_test_template() failed to return template"
|
|
|
|
cls.logger.debug("Successfully created account: %s, id: \
|
|
%s" % (cls.account.name,
|
|
cls.account.id))
|
|
|
|
return
|
|
|
|
@attr(tags=["advanced"], required_hardware="true")
|
|
def test_01_vpc_remote_access_vpn(self):
|
|
"""Test Remote Access VPN in VPC"""
|
|
|
|
self.logger.debug("Starting test: test_01_vpc_remote_access_vpn")
|
|
|
|
# 0) Get the default network offering for VPC
|
|
self.logger.debug("Retrieving default VPC offering")
|
|
networkOffering = NetworkOffering.list(
|
|
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
|
|
self.assert_(networkOffering is not None and len(
|
|
networkOffering) > 0, "No VPC based network offering")
|
|
|
|
# 1) Create VPC
|
|
vpcOffering = VpcOffering.list(self.apiclient, name="Default VPC offering")
|
|
self.assert_(vpcOffering is not None and len(
|
|
vpcOffering) > 0, "No VPC offerings found")
|
|
|
|
vpc = None
|
|
try:
|
|
vpc = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc"],
|
|
networkDomain="vpc.vpn",
|
|
vpcofferingid=vpcOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.domain.id
|
|
)
|
|
self.cleanup.append(vpc)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc is not None, "VPC creation failed")
|
|
self.logger.debug("VPC %s created" % (vpc.id))
|
|
|
|
try:
|
|
# 2) Create network in VPC
|
|
ntwk = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_1"],
|
|
accountid=self.account.name,
|
|
domainid=self.domain.id,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk, "Network failed to create")
|
|
self.cleanup.append(ntwk)
|
|
self.logger.debug(
|
|
"Network %s created in VPC %s" % (ntwk.id, vpc.id))
|
|
|
|
try:
|
|
# 3) Deploy a vm
|
|
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.domain.id,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
self.assert_(vm is not None, "VM failed to deploy")
|
|
self.cleanup.append(vm)
|
|
self.assert_(vm.state == 'Running', "VM is not running")
|
|
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.logger.debug("Deployed virtual machine: OK")
|
|
|
|
try:
|
|
# 4) Enable VPN for VPC
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc.id
|
|
)
|
|
ip = src_nat_list[0]
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.logger.debug("Acquired public ip address: OK")
|
|
|
|
vpn = None
|
|
try:
|
|
vpn = Vpn.create(self.apiclient,
|
|
publicipid=ip.id,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
iprange=self.services["vpn"]["iprange"],
|
|
fordisplay=self.services["vpn"]["fordisplay"]
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
|
|
self.logger.debug("Created Remote Access VPN: OK")
|
|
|
|
vpnUser = None
|
|
# 5) Add VPN user for VPC
|
|
try:
|
|
vpnUser = VpnUser.create(self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
username=self.services["vpn"]["vpn_user"],
|
|
password=self.services["vpn"]["vpn_pass"]
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(
|
|
vpnUser, "Failed to create Remote Access VPN User")
|
|
self.logger.debug("Created VPN User: OK")
|
|
|
|
# TODO: Add an actual remote vpn connection test from a remote vpc
|
|
|
|
try:
|
|
# 9) Disable VPN for VPC
|
|
vpn.delete(self.apiclient)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.logger.debug("Deleted the Remote Access VPN: OK")
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(TestVpcRemoteAccessVpn, cls).tearDownClass()
|
|
|
|
def setUp(self):
|
|
self.apiclient = self.testClient.getApiClient()
|
|
self.hypervisor = self.testClient.getHypervisorInfo()
|
|
self.cleanup = []
|
|
|
|
def tearDown(self):
|
|
super(TestVpcRemoteAccessVpn, self).tearDown()
|
|
|
|
|
|
class TestVpcSite2SiteVpn(cloudstackTestCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
cls.logger = logging.getLogger('TestVPCSite2SiteVPN')
|
|
cls.stream_handler = logging.StreamHandler()
|
|
cls.logger.setLevel(logging.DEBUG)
|
|
cls.logger.addHandler(cls.stream_handler)
|
|
|
|
testClient = super(TestVpcSite2SiteVpn, cls).getClsTestClient()
|
|
cls.apiclient = testClient.getApiClient()
|
|
cls.services = Services().services
|
|
|
|
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
|
|
cls.domain = get_domain(cls.apiclient)
|
|
|
|
cls._cleanup = []
|
|
|
|
cls.compute_offering = ServiceOffering.create(
|
|
cls.apiclient,
|
|
cls.services["compute_offering"]
|
|
)
|
|
cls._cleanup.append(cls.compute_offering)
|
|
|
|
cls.account = Account.create(
|
|
cls.apiclient, services=cls.services["account"])
|
|
cls._cleanup.append(cls.account)
|
|
|
|
cls.hypervisor = testClient.getHypervisorInfo()
|
|
|
|
cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor)
|
|
if cls.template == FAILED:
|
|
assert False, "get_test_template() failed to return template"
|
|
|
|
cls.logger.debug("Successfully created account: %s, id: \
|
|
%s" % (cls.account.name,
|
|
cls.account.id))
|
|
return
|
|
|
|
def setUp(self):
|
|
self.apiclient = self.testClient.getApiClient()
|
|
self.hypervisor = self.testClient.getHypervisorInfo()
|
|
self.cleanup = []
|
|
|
|
def _get_ssh_client(self, virtual_machine, services, retries):
|
|
""" Setup ssh client connection and return connection
|
|
vm requires attributes public_ip, public_port, username, password """
|
|
|
|
try:
|
|
ssh_client = SshClient(
|
|
virtual_machine.public_ip,
|
|
services["virtual_machine"]["ssh_port"],
|
|
services["virtual_machine"]["username"],
|
|
services["virtual_machine"]["password"],
|
|
retries)
|
|
|
|
except Exception as e:
|
|
self.fail("Unable to create ssh connection: " % e)
|
|
|
|
self.assertIsNotNone(
|
|
ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip))
|
|
|
|
return ssh_client
|
|
|
|
def _create_natrule(self, vpc, vm, public_port, private_port, public_ip, network, services=None):
|
|
self.logger.debug("Creating NAT rule in network for vm with public IP")
|
|
if not services:
|
|
self.services["natrule"]["privateport"] = private_port
|
|
self.services["natrule"]["publicport"] = public_port
|
|
self.services["natrule"]["startport"] = public_port
|
|
self.services["natrule"]["endport"] = public_port
|
|
services = self.services["natrule"]
|
|
|
|
nat_rule = NATRule.create(
|
|
apiclient=self.apiclient,
|
|
services=services,
|
|
ipaddressid=public_ip.ipaddress.id,
|
|
virtual_machine=vm,
|
|
networkid=network.id
|
|
)
|
|
self.assertIsNotNone(
|
|
nat_rule, "Failed to create NAT Rule for %s" % public_ip.ipaddress.ipaddress)
|
|
self.logger.debug(
|
|
"Adding NetworkACL rules to make NAT rule accessible")
|
|
|
|
vm.ssh_ip = nat_rule.ipaddress
|
|
vm.public_ip = nat_rule.ipaddress
|
|
vm.public_port = int(public_port)
|
|
return nat_rule
|
|
|
|
def _validate_vpc_offering(self, vpc_offering):
|
|
|
|
self.logger.debug("Check if the VPC offering is created successfully?")
|
|
vpc_offs = VpcOffering.list(
|
|
self.apiclient,
|
|
id=vpc_offering.id
|
|
)
|
|
offering_list = validateList(vpc_offs)
|
|
self.assertEqual(offering_list[0],
|
|
PASS,
|
|
"List VPC offerings should return a valid list"
|
|
)
|
|
self.assertEqual(
|
|
vpc_offering.name,
|
|
vpc_offs[0].name,
|
|
"Name of the VPC offering should match with listVPCOff data"
|
|
)
|
|
self.logger.debug(
|
|
"VPC offering is created successfully - %s" %
|
|
vpc_offering.name)
|
|
return
|
|
|
|
def _create_vpc_offering(self, offering_name):
|
|
|
|
vpc_off = None
|
|
if offering_name is not None:
|
|
|
|
self.logger.debug("Creating VPC offering: %s", offering_name)
|
|
vpc_off = VpcOffering.create(
|
|
self.apiclient,
|
|
self.services[offering_name]
|
|
)
|
|
|
|
self._validate_vpc_offering(vpc_off)
|
|
self.cleanup.append(vpc_off)
|
|
|
|
return vpc_off
|
|
|
|
@attr(tags=["advanced"], required_hardware="true")
|
|
def test_01_vpc_site2site_vpn(self):
|
|
"""Test Site 2 Site VPN Across VPCs"""
|
|
self.logger.debug("Starting test: test_01_vpc_site2site_vpn")
|
|
# 0) Get the default network offering for VPC
|
|
networkOffering = NetworkOffering.list(
|
|
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
|
|
self.assert_(networkOffering is not None and len(
|
|
networkOffering) > 0, "No VPC based network offering")
|
|
|
|
# Create and Enable VPC offering
|
|
vpc_offering = self._create_vpc_offering('vpc_offering')
|
|
self.assert_(vpc_offering is not None, "Failed to create VPC Offering")
|
|
vpc_offering.update(self.apiclient, state='Enabled')
|
|
|
|
vpc1 = None
|
|
# Create VPC 1
|
|
try:
|
|
vpc1 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc"],
|
|
networkDomain="vpc1.vpn",
|
|
vpcofferingid=vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.domain.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc1 is not None, "VPC1 creation failed")
|
|
self.cleanup.append(vpc1)
|
|
self.logger.debug("VPC1 %s created" % vpc1.id)
|
|
|
|
vpc2 = None
|
|
# Create VPC 2
|
|
try:
|
|
vpc2 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc2"],
|
|
networkDomain="vpc2.vpn",
|
|
vpcofferingid=vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc2 is not None, "VPC2 creation failed")
|
|
self.cleanup.append(vpc2)
|
|
self.logger.debug("VPC2 %s created" % vpc2.id)
|
|
|
|
default_acl = NetworkACLList.list(
|
|
self.apiclient, name="default_allow")[0]
|
|
|
|
ntwk1 = None
|
|
# Create network in VPC 1
|
|
try:
|
|
ntwk1 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_1"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc1.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk1, "Network failed to create")
|
|
self.cleanup.append(ntwk1)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
|
|
|
|
ntwk2 = None
|
|
# Create network in VPC 2
|
|
try:
|
|
ntwk2 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_2"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc2.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk2, "Network failed to create")
|
|
self.cleanup.append(ntwk2)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
|
|
|
|
vm1 = None
|
|
# Deploy a vm in network 2
|
|
try:
|
|
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk1.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm1 is not None, "VM failed to deploy")
|
|
self.assert_(vm1.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm1)
|
|
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
|
|
|
|
vm2 = None
|
|
# Deploy a vm in network 2
|
|
try:
|
|
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk2.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm2 is not None, "VM failed to deploy")
|
|
self.assert_(vm2.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm2)
|
|
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
|
|
|
|
# 4) Enable Site-to-Site VPN for VPC
|
|
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
|
|
self.assert_(
|
|
vpn1_response is not None, "Failed to enable VPN Gateway 1")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
|
|
|
|
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
|
|
self.assert_(
|
|
vpn2_response is not None, "Failed to enable VPN Gateway 2")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
|
|
|
|
# 5) Add VPN Customer gateway info
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc1.id
|
|
)
|
|
ip1 = src_nat_list[0]
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc2.id
|
|
)
|
|
ip2 = src_nat_list[0]
|
|
|
|
services = self.services["vpncustomergateway"]
|
|
customer1_response = VpnCustomerGateway.create(
|
|
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id)
|
|
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
|
|
self.logger.debug(vars(customer1_response))
|
|
|
|
customer2_response = VpnCustomerGateway.create(
|
|
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id)
|
|
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
|
|
self.logger.debug(vars(customer2_response))
|
|
|
|
# 6) Connect two VPCs
|
|
vpnconn1_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer1_response.id, vpn2_response['id'], True)
|
|
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
|
|
|
|
vpnconn2_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer2_response.id, vpn1_response['id'])
|
|
self.debug("VPN connection created for VPC %s" % vpc1.id)
|
|
|
|
def checkVpnConnected():
|
|
connections = Vpn.listVpnConnection(
|
|
self.apiclient,
|
|
listall='true',
|
|
vpcid=vpc2.id)
|
|
if isinstance(connections, list):
|
|
return connections[0].state == 'Connected', None
|
|
return False, None
|
|
|
|
# Wait up to 60 seconds for passive connection to show up as Connected
|
|
res, _ = wait_until(2, 30, checkVpnConnected)
|
|
if not res:
|
|
self.fail("Failed to connect between VPCs, see VPN state as Connected")
|
|
|
|
# acquire an extra ip address to use to ssh into vm2
|
|
try:
|
|
vm2.public_ip = PublicIPAddress.create(
|
|
apiclient=self.apiclient,
|
|
accountid=self.account.name,
|
|
zoneid=self.zone.id,
|
|
domainid=self.account.domainid,
|
|
services=self.services,
|
|
networkid=ntwk2.id,
|
|
vpcid=vpc2.id)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
|
|
|
|
natrule = None
|
|
# Create port forward to be able to ssh into vm2
|
|
try:
|
|
natrule = self._create_natrule(
|
|
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
natrule is not None, "Failed to create portforward for vm2")
|
|
time.sleep(20)
|
|
|
|
# setup ssh connection to vm2
|
|
ssh_client = self._get_ssh_client(vm2, self.services, 10)
|
|
|
|
if ssh_client:
|
|
# run ping test
|
|
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0]
|
|
# during startup, some packets may not reply due to link/ipsec-route setup
|
|
self.assert_(int(packet_loss) < 50, "Ping did not succeed")
|
|
else:
|
|
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(TestVpcSite2SiteVpn, cls).tearDownClass()
|
|
|
|
def tearDown(self):
|
|
super(TestVpcSite2SiteVpn, self).tearDown()
|
|
|
|
|
|
class TestRVPCSite2SiteVpn(cloudstackTestCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
cls.logger = logging.getLogger('TestRVPCSite2SiteVPN')
|
|
cls.stream_handler = logging.StreamHandler()
|
|
cls.logger.setLevel(logging.DEBUG)
|
|
cls.logger.addHandler(cls.stream_handler)
|
|
|
|
testClient = super(TestRVPCSite2SiteVpn, cls).getClsTestClient()
|
|
cls.apiclient = testClient.getApiClient()
|
|
cls.services = Services().services
|
|
|
|
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
|
|
cls.domain = get_domain(cls.apiclient)
|
|
cls._cleanup = []
|
|
|
|
cls.compute_offering = ServiceOffering.create(
|
|
cls.apiclient,
|
|
cls.services["compute_offering"]
|
|
)
|
|
cls._cleanup.append(cls.compute_offering)
|
|
|
|
cls.account = Account.create(
|
|
cls.apiclient, services=cls.services["account"])
|
|
cls._cleanup.append(cls.account)
|
|
|
|
cls.hypervisor = testClient.getHypervisorInfo()
|
|
|
|
cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor)
|
|
if cls.template == FAILED:
|
|
assert False, "get_test_template() failed to return template"
|
|
|
|
cls.logger.debug("Successfully created account: %s, id: \
|
|
%s" % (cls.account.name,
|
|
cls.account.id))
|
|
return
|
|
|
|
def _validate_vpc_offering(self, vpc_offering):
|
|
|
|
self.logger.debug("Check if the VPC offering is created successfully?")
|
|
vpc_offs = VpcOffering.list(
|
|
self.apiclient,
|
|
id=vpc_offering.id
|
|
)
|
|
offering_list = validateList(vpc_offs)
|
|
self.assertEqual(offering_list[0],
|
|
PASS,
|
|
"List VPC offerings should return a valid list"
|
|
)
|
|
self.assertEqual(
|
|
vpc_offering.name,
|
|
vpc_offs[0].name,
|
|
"Name of the VPC offering should match with listVPCOff data"
|
|
)
|
|
self.logger.debug(
|
|
"VPC offering is created successfully - %s" %
|
|
vpc_offering.name)
|
|
return
|
|
|
|
def _create_vpc_offering(self, offering_name):
|
|
|
|
vpc_off = None
|
|
if offering_name is not None:
|
|
|
|
self.logger.debug("Creating VPC offering: %s", offering_name)
|
|
vpc_off = VpcOffering.create(
|
|
self.apiclient,
|
|
self.services[offering_name]
|
|
)
|
|
|
|
self._validate_vpc_offering(vpc_off)
|
|
self.cleanup.append(vpc_off)
|
|
|
|
return vpc_off
|
|
|
|
def _get_ssh_client(self, virtual_machine, services, retries):
|
|
""" Setup ssh client connection and return connection
|
|
vm requires attributes public_ip, public_port, username, password """
|
|
|
|
try:
|
|
ssh_client = SshClient(
|
|
virtual_machine.public_ip,
|
|
services["virtual_machine"]["ssh_port"],
|
|
services["virtual_machine"]["username"],
|
|
services["virtual_machine"]["password"],
|
|
retries)
|
|
|
|
except Exception as e:
|
|
self.fail("Unable to create ssh connection: %s" % e)
|
|
|
|
self.assertIsNotNone(
|
|
ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip))
|
|
|
|
return ssh_client
|
|
|
|
def _create_natrule(self, vpc, vm, public_port, private_port, public_ip, network, services=None):
|
|
self.logger.debug("Creating NAT rule in network for vm with public IP")
|
|
if not services:
|
|
self.services["natrule"]["privateport"] = private_port
|
|
self.services["natrule"]["publicport"] = public_port
|
|
self.services["natrule"]["startport"] = public_port
|
|
self.services["natrule"]["endport"] = public_port
|
|
services = self.services["natrule"]
|
|
|
|
nat_rule = NATRule.create(
|
|
apiclient=self.apiclient,
|
|
services=services,
|
|
ipaddressid=public_ip.ipaddress.id,
|
|
virtual_machine=vm,
|
|
networkid=network.id
|
|
)
|
|
self.assertIsNotNone(
|
|
nat_rule, "Failed to create NAT Rule for %s" % public_ip.ipaddress.ipaddress)
|
|
self.logger.debug(
|
|
"Adding NetworkACL rules to make NAT rule accessible")
|
|
|
|
vm.ssh_ip = nat_rule.ipaddress
|
|
vm.public_ip = nat_rule.ipaddress
|
|
vm.public_port = int(public_port)
|
|
return nat_rule
|
|
|
|
@attr(tags=["advanced"], required_hardware="true")
|
|
def test_01_redundant_vpc_site2site_vpn(self):
|
|
"""Test Site 2 Site VPN Across redundant VPCs"""
|
|
self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn")
|
|
|
|
# 0) Get the default network offering for VPC
|
|
networkOffering = NetworkOffering.list(
|
|
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
|
|
self.assert_(networkOffering is not None and len(
|
|
networkOffering) > 0, "No VPC based network offering")
|
|
|
|
# Create and enable redundant VPC offering
|
|
redundant_vpc_offering = self._create_vpc_offering(
|
|
'redundant_vpc_offering')
|
|
self.assert_(redundant_vpc_offering is not None,
|
|
"Failed to create redundant VPC Offering")
|
|
redundant_vpc_offering.update(self.apiclient, state='Enabled')
|
|
|
|
# Create VPC 1
|
|
vpc1 = None
|
|
try:
|
|
vpc1 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc"],
|
|
networkDomain="vpc1.vpn",
|
|
vpcofferingid=redundant_vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.domain.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc1 is not None, "VPC1 creation failed")
|
|
self.cleanup.append(vpc1)
|
|
self.logger.debug("VPC1 %s created" % vpc1.id)
|
|
|
|
# Create VPC 2
|
|
vpc2 = None
|
|
try:
|
|
vpc2 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc2"],
|
|
networkDomain="vpc2.vpn",
|
|
vpcofferingid=redundant_vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc2 is not None, "VPC2 creation failed")
|
|
self.cleanup.append(vpc2)
|
|
self.logger.debug("VPC2 %s created" % vpc2.id)
|
|
|
|
default_acl = NetworkACLList.list(
|
|
self.apiclient, name="default_allow")[0]
|
|
|
|
# Create network in VPC 1
|
|
ntwk1 = None
|
|
try:
|
|
ntwk1 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_1"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc1.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk1, "Network failed to create")
|
|
self.cleanup.append(ntwk1)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
|
|
|
|
# Create network in VPC 2
|
|
ntwk2 = None
|
|
try:
|
|
ntwk2 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_2"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc2.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk2, "Network failed to create")
|
|
self.cleanup.append(ntwk2)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
|
|
|
|
# Deploy a vm in network 2
|
|
vm1 = None
|
|
try:
|
|
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk1.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm1 is not None, "VM failed to deploy")
|
|
self.assert_(vm1.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm1)
|
|
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
|
|
|
|
# Deploy a vm in network 2
|
|
vm2 = None
|
|
try:
|
|
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk2.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm2 is not None, "VM failed to deploy")
|
|
self.assert_(vm2.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm2)
|
|
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
|
|
|
|
# 4) Enable Site-to-Site VPN for VPC
|
|
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
|
|
self.assert_(
|
|
vpn1_response is not None, "Failed to enable VPN Gateway 1")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
|
|
|
|
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
|
|
self.assert_(
|
|
vpn2_response is not None, "Failed to enable VPN Gateway 2")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
|
|
|
|
# 5) Add VPN Customer gateway info
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc1.id
|
|
)
|
|
ip1 = src_nat_list[0]
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc2.id
|
|
)
|
|
ip2 = src_nat_list[0]
|
|
|
|
services = self.services["vpncustomergateway"]
|
|
customer1_response = VpnCustomerGateway.create(
|
|
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id)
|
|
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
|
|
self.logger.debug(vars(customer1_response))
|
|
|
|
customer2_response = VpnCustomerGateway.create(
|
|
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id)
|
|
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
|
|
self.logger.debug(vars(customer2_response))
|
|
|
|
# 6) Connect two VPCs
|
|
vpnconn1_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer1_response.id, vpn2_response['id'], True)
|
|
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
|
|
|
|
vpnconn2_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer2_response.id, vpn1_response['id'])
|
|
self.debug("VPN connection created for VPC %s" % vpc1.id)
|
|
|
|
def checkVpnConnected():
|
|
connections = Vpn.listVpnConnection(
|
|
self.apiclient,
|
|
listall='true',
|
|
vpcid=vpc2.id)
|
|
if isinstance(connections, list):
|
|
return connections[0].state == 'Connected', None
|
|
return False, None
|
|
|
|
# Wait up to 60 seconds for passive connection to show up as Connected
|
|
res, _ = wait_until(2, 30, checkVpnConnected)
|
|
if not res:
|
|
self.fail("Failed to connect between VPCs, see VPN state as Connected")
|
|
|
|
# acquire an extra ip address to use to ssh into vm2
|
|
try:
|
|
vm2.public_ip = PublicIPAddress.create(
|
|
apiclient=self.apiclient,
|
|
accountid=self.account.name,
|
|
zoneid=self.zone.id,
|
|
domainid=self.account.domainid,
|
|
services=self.services,
|
|
networkid=ntwk2.id,
|
|
vpcid=vpc2.id)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
|
|
|
|
# Create port forward to be able to ssh into vm2
|
|
natrule = None
|
|
try:
|
|
natrule = self._create_natrule(
|
|
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
natrule is not None, "Failed to create portforward for vm2")
|
|
time.sleep(20)
|
|
|
|
# setup ssh connection to vm2
|
|
ssh_client = self._get_ssh_client(vm2, self.services, 10)
|
|
|
|
if ssh_client:
|
|
# run ping test
|
|
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0]
|
|
self.assert_(int(packet_loss) < 50, "Ping did not succeed")
|
|
else:
|
|
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(TestRVPCSite2SiteVpn, cls).tearDownClass()
|
|
|
|
def setUp(self):
|
|
self.apiclient = self.testClient.getApiClient()
|
|
self.hypervisor = self.testClient.getHypervisorInfo()
|
|
self.cleanup = []
|
|
|
|
def tearDown(self):
|
|
super(TestRVPCSite2SiteVpn, self).tearDown()
|
|
|
|
class TestVPCSite2SiteVPNMultipleOptions(cloudstackTestCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
cls.logger = logging.getLogger('TestVPCSite2SiteVPNMultipleOptions')
|
|
cls.stream_handler = logging.StreamHandler()
|
|
cls.logger.setLevel(logging.DEBUG)
|
|
cls.logger.addHandler(cls.stream_handler)
|
|
|
|
testClient = super(TestVPCSite2SiteVPNMultipleOptions, cls).getClsTestClient()
|
|
cls.apiclient = testClient.getApiClient()
|
|
cls.services = Services().services
|
|
|
|
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
|
|
cls.domain = get_domain(cls.apiclient)
|
|
|
|
cls._cleanup = []
|
|
|
|
cls.compute_offering = ServiceOffering.create(
|
|
cls.apiclient,
|
|
cls.services["compute_offering"]
|
|
)
|
|
cls._cleanup.append(cls.compute_offering)
|
|
|
|
cls.account = Account.create(
|
|
cls.apiclient, services=cls.services["account"])
|
|
cls._cleanup.append(cls.account)
|
|
|
|
cls.hypervisor = testClient.getHypervisorInfo()
|
|
|
|
cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor)
|
|
if cls.template == FAILED:
|
|
assert False, "get_test_template() failed to return template"
|
|
|
|
cls.logger.debug("Successfully created account: %s, id: \
|
|
%s" % (cls.account.name,
|
|
cls.account.id))
|
|
return
|
|
|
|
def setUp(self):
|
|
self.apiclient = self.testClient.getApiClient()
|
|
self.hypervisor = self.testClient.getHypervisorInfo()
|
|
self.cleanup = []
|
|
|
|
def _get_ssh_client(self, virtual_machine, services, retries):
|
|
""" Setup ssh client connection and return connection
|
|
vm requires attributes public_ip, public_port, username, password """
|
|
|
|
try:
|
|
ssh_client = SshClient(
|
|
virtual_machine.public_ip,
|
|
services["virtual_machine"]["ssh_port"],
|
|
services["virtual_machine"]["username"],
|
|
services["virtual_machine"]["password"],
|
|
retries)
|
|
|
|
except Exception as e:
|
|
self.fail("Unable to create ssh connection: " % e)
|
|
|
|
self.assertIsNotNone(
|
|
ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip))
|
|
|
|
return ssh_client
|
|
|
|
def _create_natrule(self, vpc, vm, public_port, private_port, public_ip, network, services=None):
|
|
self.logger.debug("Creating NAT rule in network for vm with public IP")
|
|
if not services:
|
|
self.services["natrule"]["privateport"] = private_port
|
|
self.services["natrule"]["publicport"] = public_port
|
|
self.services["natrule"]["startport"] = public_port
|
|
self.services["natrule"]["endport"] = public_port
|
|
services = self.services["natrule"]
|
|
|
|
nat_rule = NATRule.create(
|
|
apiclient=self.apiclient,
|
|
services=services,
|
|
ipaddressid=public_ip.ipaddress.id,
|
|
virtual_machine=vm,
|
|
networkid=network.id
|
|
)
|
|
self.assertIsNotNone(
|
|
nat_rule, "Failed to create NAT Rule for %s" % public_ip.ipaddress.ipaddress)
|
|
self.logger.debug(
|
|
"Adding NetworkACL rules to make NAT rule accessible")
|
|
|
|
vm.ssh_ip = nat_rule.ipaddress
|
|
vm.public_ip = nat_rule.ipaddress
|
|
vm.public_port = int(public_port)
|
|
return nat_rule
|
|
|
|
def _validate_vpc_offering(self, vpc_offering):
|
|
|
|
self.logger.debug("Check if the VPC offering is created successfully?")
|
|
vpc_offs = VpcOffering.list(
|
|
self.apiclient,
|
|
id=vpc_offering.id
|
|
)
|
|
offering_list = validateList(vpc_offs)
|
|
self.assertEqual(offering_list[0],
|
|
PASS,
|
|
"List VPC offerings should return a valid list"
|
|
)
|
|
self.assertEqual(
|
|
vpc_offering.name,
|
|
vpc_offs[0].name,
|
|
"Name of the VPC offering should match with listVPCOff data"
|
|
)
|
|
self.logger.debug(
|
|
"VPC offering is created successfully - %s" %
|
|
vpc_offering.name)
|
|
return
|
|
|
|
def _create_vpc_offering(self, offering_name):
|
|
|
|
vpc_off = None
|
|
if offering_name is not None:
|
|
|
|
self.logger.debug("Creating VPC offering: %s", offering_name)
|
|
vpc_off = VpcOffering.create(
|
|
self.apiclient,
|
|
self.services[offering_name]
|
|
)
|
|
|
|
self._validate_vpc_offering(vpc_off)
|
|
self.cleanup.append(vpc_off)
|
|
|
|
return vpc_off
|
|
|
|
@attr(tags=["advanced"], required_hardware="true")
|
|
def test_01_vpc_site2site_vpn_multiple_options(self):
|
|
"""Test Site 2 Site VPN Across VPCs"""
|
|
self.logger.debug("Starting test: test_01_vpc_site2site_vpn_multiple_options")
|
|
# 0) Get the default network offering for VPC
|
|
networkOffering = NetworkOffering.list(
|
|
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
|
|
self.assert_(networkOffering is not None and len(
|
|
networkOffering) > 0, "No VPC based network offering")
|
|
|
|
# Create and Enable VPC offering
|
|
vpc_offering = self._create_vpc_offering('vpc_offering')
|
|
self.assert_(vpc_offering is not None, "Failed to create VPC Offering")
|
|
vpc_offering.update(self.apiclient, state='Enabled')
|
|
|
|
vpc1 = None
|
|
# Create VPC 1
|
|
try:
|
|
vpc1 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc"],
|
|
networkDomain="vpc1.vpn",
|
|
vpcofferingid=vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.domain.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc1 is not None, "VPC1 creation failed")
|
|
self.cleanup.append(vpc1)
|
|
self.logger.debug("VPC1 %s created" % vpc1.id)
|
|
|
|
vpc2 = None
|
|
# Create VPC 2
|
|
try:
|
|
vpc2 = VPC.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["vpc2"],
|
|
networkDomain="vpc2.vpn",
|
|
vpcofferingid=vpc_offering.id,
|
|
zoneid=self.zone.id,
|
|
account=self.account.name,
|
|
domainid=self.domain.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vpc2 is not None, "VPC2 creation failed")
|
|
self.cleanup.append(vpc2)
|
|
self.logger.debug("VPC2 %s created" % vpc2.id)
|
|
|
|
default_acl = NetworkACLList.list(
|
|
self.apiclient, name="default_allow")[0]
|
|
|
|
ntwk1 = None
|
|
# Create network in VPC 1
|
|
try:
|
|
ntwk1 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_1"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc1.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk1, "Network failed to create")
|
|
self.cleanup.append(ntwk1)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
|
|
|
|
ntwk2 = None
|
|
# Create network in VPC 2
|
|
try:
|
|
ntwk2 = Network.create(
|
|
apiclient=self.apiclient,
|
|
services=self.services["network_2"],
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
networkofferingid=networkOffering[0].id,
|
|
zoneid=self.zone.id,
|
|
vpcid=vpc2.id,
|
|
aclid=default_acl.id
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assertIsNotNone(ntwk2, "Network failed to create")
|
|
self.cleanup.append(ntwk2)
|
|
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
|
|
|
|
vm1 = None
|
|
# Deploy a vm in network 2
|
|
try:
|
|
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk1.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm1 is not None, "VM failed to deploy")
|
|
self.assert_(vm1.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm1)
|
|
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
|
|
|
|
vm2 = None
|
|
# Deploy a vm in network 2
|
|
try:
|
|
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
|
|
templateid=self.template.id,
|
|
zoneid=self.zone.id,
|
|
accountid=self.account.name,
|
|
domainid=self.account.domainid,
|
|
serviceofferingid=self.compute_offering.id,
|
|
networkids=ntwk2.id,
|
|
hypervisor=self.hypervisor
|
|
)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(vm2 is not None, "VM failed to deploy")
|
|
self.assert_(vm2.state == 'Running', "VM is not running")
|
|
self.cleanup.append(vm2)
|
|
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
|
|
|
|
# default config
|
|
config = {
|
|
'ike_enc' :'aes128',
|
|
'ike_hash' :'sha1',
|
|
'ike_dh' :'modp1536',
|
|
'esp_enc' :'aes128',
|
|
'esp_hash' :'sha1',
|
|
'esp_pfs' :'modp1536',
|
|
'psk' :'secreatKey',
|
|
'ike_life' :86400,
|
|
'esp_life' :3600,
|
|
'dpd' :True,
|
|
'force_encap' :False,
|
|
'passive_1' :False,
|
|
'passive_2' :False
|
|
}
|
|
test_confs = [
|
|
{}, # default
|
|
{'force_encap': True},
|
|
{'ike_life': ''},
|
|
{'esp_life': ''},
|
|
{'ike_life': '', 'esp_life': ''},
|
|
{'passive_1': True, 'passive_2': True},
|
|
{'passive_1': False, 'passive_2': True},
|
|
{'passive_1': True, 'passive_2': False},
|
|
{'passive_1': False, 'passive_2': False, 'dpd': False},
|
|
{'passive_1': True, 'passive_2': True, 'dpd': False},
|
|
{'passive_1': True, 'passive_2': False, 'dpd': False},
|
|
{'passive_1': False, 'passive_2': True, 'dpd': False},
|
|
{'passive_1': True, 'passive_2': False, 'esp_pfs': ''},
|
|
{'ike_dh': 'modp3072', 'ike_hash': 'sha256', 'esp_pfs': 'modp2048', 'esp_hash':'sha384'},
|
|
{'ike_dh': 'modp4096', 'ike_hash': 'sha384', 'esp_pfs': 'modp6144', 'esp_hash':'sha512'},
|
|
{'ike_dh': 'modp8192', 'ike_hash': 'sha512', 'esp_pfs': 'modp8192', 'esp_hash':'sha384'}
|
|
]
|
|
|
|
# 4) Enable Site-to-Site VPN for VPC
|
|
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
|
|
self.assert_(
|
|
vpn1_response is not None, "Failed to enable VPN Gateway 1")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
|
|
|
|
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
|
|
self.assert_(
|
|
vpn2_response is not None, "Failed to enable VPN Gateway 2")
|
|
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
|
|
|
|
# 5) Add VPN Customer gateway info
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc1.id
|
|
)
|
|
ip1 = src_nat_list[0]
|
|
src_nat_list = PublicIPAddress.list(
|
|
self.apiclient,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid,
|
|
listall=True,
|
|
issourcenat=True,
|
|
vpcid=vpc2.id
|
|
)
|
|
ip2 = src_nat_list[0]
|
|
|
|
# acquire an extra ip address to use to ssh into vm2
|
|
try:
|
|
vm2.public_ip = PublicIPAddress.create(
|
|
apiclient=self.apiclient,
|
|
accountid=self.account.name,
|
|
zoneid=self.zone.id,
|
|
domainid=self.account.domainid,
|
|
services=self.services,
|
|
networkid=ntwk2.id,
|
|
vpcid=vpc2.id)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
|
|
|
|
natrule = None
|
|
# Create port forward to be able to ssh into vm2
|
|
try:
|
|
natrule = self._create_natrule(
|
|
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
|
|
except Exception as e:
|
|
self.fail(e)
|
|
finally:
|
|
self.assert_(
|
|
natrule is not None, "Failed to create portforward for vm2")
|
|
time.sleep(20)
|
|
|
|
# setup ssh connection to vm2
|
|
ssh_client = self._get_ssh_client(vm2, self.services, 10)
|
|
if not ssh_client:
|
|
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
|
|
|
|
for test_c in test_confs:
|
|
c = config.copy()
|
|
c.update(test_c)
|
|
services = self._get_vpn_config(c)
|
|
self.logger.debug(services)
|
|
customer1_response = VpnCustomerGateway.create(
|
|
self.apiclient,
|
|
services,
|
|
"Peer VPC1",
|
|
ip1.ipaddress,
|
|
vpc1.cidr,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid)
|
|
self.logger.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
|
|
|
|
customer2_response = VpnCustomerGateway.create(
|
|
self.apiclient,
|
|
services,
|
|
"Peer VPC2",
|
|
ip2.ipaddress,
|
|
vpc2.cidr,
|
|
account=self.account.name,
|
|
domainid=self.account.domainid)
|
|
self.logger.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
|
|
|
|
# 6) Connect two VPCs
|
|
vpnconn1_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer1_response.id, vpn2_response['id'], c['passive_1'])
|
|
self.logger.debug("VPN connection created for VPC %s" % vpc2.id)
|
|
time.sleep(5)
|
|
vpnconn2_response = Vpn.createVpnConnection(
|
|
self.apiclient, customer2_response.id, vpn1_response['id'], c['passive_2'])
|
|
self.logger.debug("VPN connection created for VPC %s" % vpc1.id)
|
|
|
|
def checkVpnConnected():
|
|
connections = Vpn.listVpnConnection(
|
|
self.apiclient,
|
|
listall='true',
|
|
vpcid=vpc2.id)
|
|
if isinstance(connections, list):
|
|
return connections[0].state == 'Connected', None
|
|
return False, None
|
|
|
|
# Wait up to 60 seconds for passive connection to show up as Connected
|
|
res, _ = wait_until(2, 30, checkVpnConnected)
|
|
if not res:
|
|
self.logger.debug("Failed to see VPN state as Connected, we'll attempt ssh+pinging")
|
|
|
|
# run ping test
|
|
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0]
|
|
self.logger.debug("Packet loss %s" % packet_loss)
|
|
self.assert_(int(packet_loss) < 50, "Ping did not succeed")
|
|
|
|
# Cleanup
|
|
Vpn.deleteVpnConnection(self.apiclient, vpnconn1_response['id'])
|
|
Vpn.deleteVpnConnection(self.apiclient, vpnconn2_response['id'])
|
|
customer1_response.delete(self.apiclient)
|
|
customer2_response.delete(self.apiclient)
|
|
|
|
def _get_vpn_config(self, c):
|
|
ike_policy = '%s-%s;%s' % (c['ike_enc'], c['ike_hash'], c['ike_dh']) if c['ike_dh'] else '%s-%s' % (c['ike_enc'], c['ike_hash'])
|
|
esp_policy = '%s-%s;%s' % (c['esp_enc'], c['esp_hash'], c['esp_pfs']) if c['esp_pfs'] else '%s-%s' % (c['esp_enc'], c['esp_hash'])
|
|
out = {
|
|
'ipsecpsk': c['psk'],
|
|
'ikepolicy':ike_policy,
|
|
'esppolicy':esp_policy,
|
|
'dpd':c['dpd'],
|
|
'forceencap':c['force_encap']
|
|
}
|
|
if c['ike_life']:
|
|
out['ikelifetime'] = c['ike_life']
|
|
if c['esp_life']:
|
|
out['esplifetime'] = c['esp_life']
|
|
return out
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
super(TestVPCSite2SiteVPNMultipleOptions, cls).tearDownClass()
|