| # Copyright 2012 OpenStack Foundation |
| # Copyright 2013 IBM Corp. |
| # All Rights Reserved. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. You may obtain |
| # a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations |
| # under the License. |
| |
| from oslo_log import log |
| from oslo_utils import netutils |
| |
| from tempest.common import utils |
| from tempest.common.utils.linux import remote_client |
| from tempest import config |
| from tempest.lib.common.utils import data_utils |
| from tempest.lib.common.utils import test_utils |
| from tempest.lib import exceptions as lib_exc |
| from tempest.scenario import manager |
| |
| CONF = config.CONF |
| |
| LOG = log.getLogger(__name__) |
| |
| |
| class ScenarioTest(manager.NetworkScenarioTest): |
| """Base class for scenario tests. Uses tempest own clients. """ |
| |
| credentials = ['primary'] |
| |
| @classmethod |
| def setup_clients(cls): |
| super(ScenarioTest, cls).setup_clients() |
| # Clients (in alphabetical order) |
| cls.keypairs_client = cls.os_primary.keypairs_client |
| cls.servers_client = cls.os_primary.servers_client |
| # Neutron network client |
| cls.networks_client = cls.os_primary.networks_client |
| cls.ports_client = cls.os_primary.ports_client |
| cls.routers_client = cls.os_primary.routers_client |
| cls.subnets_client = cls.os_primary.subnets_client |
| cls.floating_ips_client = cls.os_primary.floating_ips_client |
| cls.security_groups_client = cls.os_primary.security_groups_client |
| cls.security_group_rules_client = ( |
| cls.os_primary.security_group_rules_client) |
| |
| # ## Test functions library |
| # |
| # The create_[resource] functions only return body and discard the |
| # resp part which is not used in scenario tests |
| |
| def get_remote_client(self, ip_address, username=None, private_key=None): |
| """Get a SSH client to a remote server |
| |
| @param ip_address the server floating or fixed IP address to use |
| for ssh validation |
| @param username name of the Linux account on the remote server |
| @param private_key the SSH private key to use |
| @return a RemoteClient object |
| """ |
| |
| if username is None: |
| username = CONF.validation.image_ssh_user |
| # Set this with 'keypair' or others to log in with keypair or |
| # username/password. |
| if CONF.validation.auth_method == 'keypair': |
| password = None |
| if private_key is None: |
| private_key = self.keypair['private_key'] |
| else: |
| password = CONF.validation.image_ssh_password |
| private_key = None |
| linux_client = remote_client.RemoteClient(ip_address, username, |
| pkey=private_key, |
| password=password) |
| try: |
| linux_client.validate_authentication() |
| except Exception as e: |
| message = ('Initializing SSH connection to %(ip)s failed. ' |
| 'Error: %(error)s' % {'ip': ip_address, |
| 'error': e}) |
| caller = test_utils.find_test_caller() |
| if caller: |
| message = '(%s) %s' % (caller, message) |
| LOG.exception(message) |
| self._log_console_output() |
| raise |
| |
| return linux_client |
| |
| def _log_console_output(self, servers=None): |
| if not CONF.compute_feature_enabled.console_output: |
| LOG.debug('Console output not supported, cannot log') |
| return |
| if not servers: |
| servers = self.servers_client.list_servers() |
| servers = servers['servers'] |
| for server in servers: |
| try: |
| console_output = self.servers_client.get_console_output( |
| server['id'])['output'] |
| LOG.debug('Console output for %s\nbody=\n%s', |
| server['id'], console_output) |
| except lib_exc.NotFound: |
| LOG.debug("Server %s disappeared(deleted) while looking " |
| "for the console log", server['id']) |
| |
| |
| class NetworkScenarioTest(ScenarioTest): |
| """Base class for network scenario tests. |
| |
| This class provide helpers for network scenario tests, using the neutron |
| API. Helpers from ancestor which use the nova network API are overridden |
| with the neutron API. |
| |
| This Class also enforces using Neutron instead of novanetwork. |
| Subclassed tests will be skipped if Neutron is not enabled |
| |
| """ |
| |
| credentials = ['primary', 'admin'] |
| |
| @classmethod |
| def skip_checks(cls): |
| super(NetworkScenarioTest, cls).skip_checks() |
| if not CONF.service_available.neutron: |
| raise cls.skipException('Neutron not available') |
| if not utils.is_extension_enabled('bgpvpn', 'network'): |
| msg = "Bgpvpn extension not enabled." |
| raise cls.skipException(msg) |
| |
| def _create_network(self, networks_client=None, |
| tenant_id=None, |
| namestart='network-smoke-', |
| port_security_enabled=True): |
| if not networks_client: |
| networks_client = self.networks_client |
| if not tenant_id: |
| tenant_id = networks_client.tenant_id |
| name = data_utils.rand_name(namestart) |
| network_kwargs = dict(name=name, tenant_id=tenant_id) |
| # Neutron disables port security by default so we have to check the |
| # config before trying to create the network with port_security_enabled |
| if CONF.network_feature_enabled.port_security: |
| network_kwargs['port_security_enabled'] = port_security_enabled |
| result = networks_client.create_network(**network_kwargs) |
| network = result['network'] |
| |
| self.assertEqual(network['name'], name) |
| self.addCleanup(test_utils.call_and_ignore_notfound_exc, |
| networks_client.delete_network, |
| network['id']) |
| return network |
| |
| def _get_server_port_id_and_ip4(self, server, ip_addr=None): |
| ports = self.os_admin.ports_client.list_ports( |
| device_id=server['id'], fixed_ip=ip_addr)['ports'] |
| # A port can have more than one IP address in some cases. |
| # If the network is dual-stack (IPv4 + IPv6), this port is associated |
| # with 2 subnets |
| p_status = ['ACTIVE'] |
| # NOTE(vsaienko) With Ironic, instances live on separate hardware |
| # servers. Neutron does not bind ports for Ironic instances, as a |
| # result the port remains in the DOWN state. |
| # TODO(vsaienko) remove once bug: #1599836 is resolved. |
| if getattr(CONF.service_available, 'ironic', False): |
| p_status.append('DOWN') |
| port_map = [(p["id"], fxip["ip_address"]) |
| for p in ports |
| for fxip in p["fixed_ips"] |
| if netutils.is_valid_ipv4(fxip["ip_address"]) and |
| p['status'] in p_status] |
| inactive = [p for p in ports if p['status'] != 'ACTIVE'] |
| if inactive: |
| LOG.warning("Instance has ports that are not ACTIVE: %s", inactive) |
| |
| self.assertNotEqual(0, len(port_map), |
| "No IPv4 addresses found in: %s" % ports) |
| self.assertEqual(len(port_map), 1, |
| "Found multiple IPv4 addresses: %s. " |
| "Unable to determine which port to target." |
| % port_map) |
| return port_map[0] |
| |
| def create_floating_ip(self, thing, external_network_id=None, |
| port_id=None, client=None): |
| """Create a floating IP and associates to a resource/port on Neutron""" |
| if not external_network_id: |
| external_network_id = CONF.network.public_network_id |
| if not client: |
| client = self.floating_ips_client |
| if not port_id: |
| port_id, ip4 = self._get_server_port_id_and_ip4(thing) |
| else: |
| ip4 = None |
| result = client.create_floatingip( |
| floating_network_id=external_network_id, |
| port_id=port_id, |
| tenant_id=thing['tenant_id'], |
| fixed_ip_address=ip4 |
| ) |
| floating_ip = result['floatingip'] |
| self.addCleanup(test_utils.call_and_ignore_notfound_exc, |
| client.delete_floatingip, |
| floating_ip['id']) |
| return floating_ip |
| |
| def _check_remote_connectivity(self, source, dest, should_succeed=True, |
| nic=None): |
| """check ping server via source ssh connection |
| |
| :param source: RemoteClient: an ssh connection from which to ping |
| :param dest: and IP to ping against |
| :param should_succeed: boolean should ping succeed or not |
| :param nic: specific network interface to ping from |
| :returns: boolean -- should_succeed == ping |
| :returns: ping is false if ping failed |
| """ |
| def ping_remote(): |
| try: |
| source.ping_host(dest, nic=nic) |
| except lib_exc.SSHExecCommandFailed: |
| LOG.warning('Failed to ping IP: %s via a ssh connection ' |
| 'from: %s.', dest, source.ssh_client.host) |
| return not should_succeed |
| return should_succeed |
| |
| return test_utils.call_until_true(ping_remote, |
| CONF.validation.ping_timeout, |
| 1) |
| |
| def _create_security_group(self, security_group_rules_client=None, |
| tenant_id=None, |
| namestart='secgroup-smoke', |
| security_groups_client=None): |
| if security_group_rules_client is None: |
| security_group_rules_client = self.security_group_rules_client |
| if security_groups_client is None: |
| security_groups_client = self.security_groups_client |
| if tenant_id is None: |
| tenant_id = security_groups_client.tenant_id |
| secgroup = self._create_empty_security_group( |
| namestart=namestart, client=security_groups_client, |
| tenant_id=tenant_id) |
| |
| # Add rules to the security group |
| rules = self._create_loginable_secgroup_rule( |
| security_group_rules_client=security_group_rules_client, |
| secgroup=secgroup, |
| security_groups_client=security_groups_client) |
| for rule in rules: |
| self.assertEqual(tenant_id, rule['tenant_id']) |
| self.assertEqual(secgroup['id'], rule['security_group_id']) |
| return secgroup |
| |
| def _create_empty_security_group(self, client=None, tenant_id=None, |
| namestart='secgroup-smoke'): |
| """Create a security group without rules. |
| |
| Default rules will be created: |
| - IPv4 egress to any |
| - IPv6 egress to any |
| |
| :param tenant_id: secgroup will be created in this tenant |
| :returns: the created security group |
| """ |
| if client is None: |
| client = self.security_groups_client |
| if not tenant_id: |
| tenant_id = client.tenant_id |
| sg_name = data_utils.rand_name(namestart) |
| sg_desc = sg_name + " description" |
| sg_dict = dict(name=sg_name, |
| description=sg_desc) |
| sg_dict['tenant_id'] = tenant_id |
| result = client.create_security_group(**sg_dict) |
| |
| secgroup = result['security_group'] |
| self.assertEqual(secgroup['name'], sg_name) |
| self.assertEqual(tenant_id, secgroup['tenant_id']) |
| self.assertEqual(secgroup['description'], sg_desc) |
| |
| self.addCleanup(test_utils.call_and_ignore_notfound_exc, |
| client.delete_security_group, secgroup['id']) |
| return secgroup |
| |
| def _default_security_group(self, client=None, tenant_id=None): |
| """Get default secgroup for given tenant_id. |
| |
| :returns: default secgroup for given tenant |
| """ |
| if client is None: |
| client = self.security_groups_client |
| if not tenant_id: |
| tenant_id = client.tenant_id |
| sgs = [ |
| sg for sg in list(client.list_security_groups().values())[0] |
| if sg['tenant_id'] == tenant_id and sg['name'] == 'default' |
| ] |
| msg = "No default security group for tenant %s." % (tenant_id) |
| self.assertGreater(len(sgs), 0, msg) |
| return sgs[0] |
| |
| def _create_security_group_rule(self, secgroup=None, |
| sec_group_rules_client=None, |
| tenant_id=None, |
| security_groups_client=None, **kwargs): |
| """Create a rule from a dictionary of rule parameters. |
| |
| Create a rule in a secgroup. if secgroup not defined will search for |
| default secgroup in tenant_id. |
| |
| :param secgroup: the security group. |
| :param tenant_id: if secgroup not passed -- the tenant in which to |
| search for default secgroup |
| :param kwargs: a dictionary containing rule parameters: |
| for example, to allow incoming ssh: |
| rule = { |
| direction: 'ingress' |
| protocol:'tcp', |
| port_range_min: 22, |
| port_range_max: 22 |
| } |
| """ |
| if sec_group_rules_client is None: |
| sec_group_rules_client = self.security_group_rules_client |
| if security_groups_client is None: |
| security_groups_client = self.security_groups_client |
| if not tenant_id: |
| tenant_id = security_groups_client.tenant_id |
| if secgroup is None: |
| secgroup = self._default_security_group( |
| client=security_groups_client, tenant_id=tenant_id) |
| |
| ruleset = dict(security_group_id=secgroup['id'], |
| tenant_id=secgroup['tenant_id']) |
| ruleset.update(kwargs) |
| |
| sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset) |
| sg_rule = sg_rule['security_group_rule'] |
| |
| self.assertEqual(secgroup['tenant_id'], sg_rule['tenant_id']) |
| self.assertEqual(secgroup['id'], sg_rule['security_group_id']) |
| |
| return sg_rule |
| |
| def _create_loginable_secgroup_rule(self, security_group_rules_client=None, |
| secgroup=None, |
| security_groups_client=None): |
| """Create loginable security group rule |
| |
| This function will create: |
| 1. egress and ingress tcp port 22 allow rule in order to allow ssh |
| access for ipv4. |
| 2. egress and ingress tcp port 80 allow rule in order to allow http |
| access for ipv4. |
| 3. egress and ingress ipv6 icmp allow rule, in order to allow icmpv6. |
| 4. egress and ingress ipv4 icmp allow rule, in order to allow icmpv4. |
| """ |
| |
| if security_group_rules_client is None: |
| security_group_rules_client = self.security_group_rules_client |
| if security_groups_client is None: |
| security_groups_client = self.security_groups_client |
| rules = [] |
| rulesets = [ |
| dict( |
| # ssh |
| protocol='tcp', |
| port_range_min=22, |
| port_range_max=22, |
| ), |
| dict( |
| # http |
| protocol='tcp', |
| port_range_min=80, |
| port_range_max=80, |
| ), |
| dict( |
| # ping |
| protocol='icmp', |
| ), |
| dict( |
| # ipv6-icmp for ping6 |
| protocol='icmp', |
| ethertype='IPv6', |
| ) |
| ] |
| sec_group_rules_client = security_group_rules_client |
| for ruleset in rulesets: |
| for r_direction in ['ingress', 'egress']: |
| ruleset['direction'] = r_direction |
| try: |
| sg_rule = self._create_security_group_rule( |
| sec_group_rules_client=sec_group_rules_client, |
| secgroup=secgroup, |
| security_groups_client=security_groups_client, |
| **ruleset) |
| except lib_exc.Conflict as ex: |
| # if rule already exist - skip rule and continue |
| msg = 'Security group rule already exists' |
| if msg not in ex._error_string: |
| raise ex |
| else: |
| self.assertEqual(r_direction, sg_rule['direction']) |
| rules.append(sg_rule) |
| |
| return rules |
| |
| def _create_router(self, client=None, tenant_id=None, |
| namestart='router-smoke'): |
| if not client: |
| client = self.routers_client |
| if not tenant_id: |
| tenant_id = client.tenant_id |
| name = data_utils.rand_name(namestart) |
| result = client.create_router(name=name, |
| admin_state_up=True, |
| tenant_id=tenant_id) |
| router = result['router'] |
| self.assertEqual(router['name'], name) |
| self.addCleanup(test_utils.call_and_ignore_notfound_exc, |
| client.delete_router, |
| router['id']) |
| return router |