Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 1c53f1bed2a11f09bc3eb5a8d412ad31f472d505 / . / octavia_tempest_plugin / tests / test_base.py
blob: b9438e4ac3f2ed00fe47fa277cc313ae0f4adcf0 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
33from octavia_tempest_plugin import clients
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]34from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]35from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]36from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]37from octavia_tempest_plugin.tests import validators
38from octavia_tempest_plugin.tests import waiters
39
40CONF = config.CONF
41LOG = logging.getLogger(__name__)
42
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]43RETRY_ATTEMPTS = 15
44RETRY_INITIAL_DELAY = 1
45RETRY_BACKOFF = 1
46RETRY_MAX = 5
47
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]48
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]49class LoadBalancerBaseTest(validators.ValidatorsMixin,
50 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]51 """Base class for load balancer tests."""
52
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]53 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
54 credentials = [
55 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
56 ['lb_member', CONF.load_balancer.member_role],
57 ['lb_member2', CONF.load_balancer.member_role]]
58 elif CONF.load_balancer.enforce_new_defaults:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]59 credentials = [
60 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
61 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
62 ['lb_global_observer', CONF.load_balancer.global_observer_role,
63 'reader'],
64 ['lb_member', CONF.load_balancer.member_role, 'member'],
65 ['lb_member2', CONF.load_balancer.member_role, 'member'],
66 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
67 else:
68 credentials = [
69 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
70 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
71 ['lb_global_observer', CONF.load_balancer.global_observer_role,
72 'reader'],
73 ['lb_member', CONF.load_balancer.member_role],
74 ['lb_member2', CONF.load_balancer.member_role]]
75
76 # If scope enforcement is enabled, add in the system scope credentials.
77 # The project scope is already handled by the above credentials.
78 if CONF.enforce_scope.octavia:
79 credentials.extend(['system_admin', 'system_reader'])
80
81 # A tuple of credentials that will be allocated by tempest using the
82 # 'credentials' list above. These are used to build RBAC test lists.
83 allocated_creds = []
84 for cred in credentials:
85 if isinstance(cred, list):
86 allocated_creds.append('os_roles_' + cred[0])
87 else:
88 allocated_creds.append('os_' + cred)
89 # Tests shall not mess with the list of allocated credentials
90 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]91
92 client_manager = clients.ManagerV2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]93 webserver1_response = 1
94 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]95 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]96
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]97 SRC_PORT_NUMBER_MIN = 32768
98 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]99 src_port_number = SRC_PORT_NUMBER_MIN
100
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]101 @classmethod
102 def skip_checks(cls):
103 """Check if we should skip all of the children tests."""
104 super(LoadBalancerBaseTest, cls).skip_checks()
105
106 service_list = {
107 'load_balancer': CONF.service_available.load_balancer,
108 }
109
110 live_service_list = {
111 'compute': CONF.service_available.nova,
112 'image': CONF.service_available.glance,
113 'neutron': CONF.service_available.neutron
114 }
115
116 if not CONF.load_balancer.test_with_noop:
117 service_list.update(live_service_list)
118
119 for service, available in service_list.items():
120 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]121 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]122 "available.".format(cls.__name__, service))
123 raise cls.skipException(skip_msg)
124
125 # We must be able to reach our VIP and instances
126 if not (CONF.network.project_networks_reachable
127 or CONF.network.public_network_id):
128 msg = ('Either project_networks_reachable must be "true", or '
129 'public_network_id must be defined.')
130 raise cls.skipException(msg)
131
132 @classmethod
133 def setup_credentials(cls):
134 """Setup test credentials and network resources."""
135 # Do not auto create network resources
136 cls.set_network_resources()
137 super(LoadBalancerBaseTest, cls).setup_credentials()
138
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]139 # Log the user roles for this test run
140 role_name_cache = {}
141 for cred in cls.credentials:
142 user_roles = []
143 if isinstance(cred, list):
144 user_name = cred[0]
145 cred_obj = getattr(cls, 'os_roles_' + cred[0])
146 else:
147 user_name = cred
148 cred_obj = getattr(cls, 'os_' + cred)
149 params = {'user.id': cred_obj.credentials.user_id,
150 'project.id': cred_obj.credentials.project_id}
151 roles = cls.os_admin.role_assignments_client.list_role_assignments(
152 **params)['role_assignments']
153 for role in roles:
154 role_id = role['role']['id']
155 try:
156 role_name = role_name_cache[role_id]
157 except KeyError:
158 role_name = cls.os_admin.roles_v3_client.show_role(
159 role_id)['role']['name']
160 role_name_cache[role_id] = role_name
161 user_roles.append([role_name, role['scope']])
162 LOG.info("User %s has roles: %s", user_name, user_roles)
163
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]164 @classmethod
165 def setup_clients(cls):
166 """Setup client aliases."""
167 super(LoadBalancerBaseTest, cls).setup_clients()
168 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
169 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
170 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
171 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
172 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
173 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
174 cls.lb_mem_SGr_client = (
175 cls.os_roles_lb_member.security_group_rules_client)
176 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
177 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
178 cls.mem_lb_client = cls.os_roles_lb_member.loadbalancer_client
Jude Crossfbbd2b42017-08-09 15:21:04 -0700[diff] [blame]179 cls.mem_listener_client = cls.os_roles_lb_member.listener_client
Adam Harwell8ffce3e2018-05-01 21:18:44 -0700[diff] [blame]180 cls.mem_pool_client = cls.os_roles_lb_member.pool_client
Adam Harwellde3e0542018-05-03 18:21:06 -0700[diff] [blame]181 cls.mem_member_client = cls.os_roles_lb_member.member_client
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]182 cls.mem_healthmonitor_client = (
183 cls.os_roles_lb_member.healthmonitor_client)
Adam Harwell446f8be2018-05-24 16:51:03 -0700[diff] [blame]184 cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]185 cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
Michael Johnson2b10e0a2019-01-25 15:42:13 -0800[diff] [blame]186 cls.lb_admin_amphora_client = cls.os_roles_lb_admin.amphora_client
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]187 cls.lb_admin_flavor_profile_client = (
188 cls.os_roles_lb_admin.flavor_profile_client)
Michael Johnsona2d03072019-01-14 17:18:21 -0800[diff] [blame]189 cls.lb_admin_flavor_client = cls.os_roles_lb_admin.flavor_client
190 cls.mem_flavor_client = cls.os_roles_lb_member.flavor_client
Michael Johnsonfc223fe2019-01-15 16:40:05 -0800[diff] [blame]191 cls.mem_provider_client = cls.os_roles_lb_member.provider_client
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]192 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]193 cls.os_admin_routers_client = cls.os_admin.routers_client
194 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]195 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson77df0322019-01-15 18:27:58 -0800[diff] [blame]196 cls.os_roles_lb_admin.flavor_capabilities_client)
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]197 cls.lb_admin_availability_zone_capabilities_client = (
198 cls.os_roles_lb_admin.availability_zone_capabilities_client)
199 cls.lb_admin_availability_zone_profile_client = (
200 cls.os_roles_lb_admin.availability_zone_profile_client)
201 cls.lb_admin_availability_zone_client = (
202 cls.os_roles_lb_admin.availability_zone_client)
203 cls.mem_availability_zone_client = (
204 cls.os_roles_lb_member.availability_zone_client)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]205
206 @classmethod
207 def resource_setup(cls):
208 """Setup resources needed by the tests."""
209 super(LoadBalancerBaseTest, cls).resource_setup()
210
211 conf_lb = CONF.load_balancer
212
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]213 cls.api_version = cls.mem_lb_client.get_max_api_version()
214
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]215 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
216 raise exceptions.InvalidConfiguration(
217 "Configuration value test_network_override must be "
218 "specified if test_subnet_override is used.")
219
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]220 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]221 # Get loadbalancing algorithms supported by provider driver.
222 try:
223 algorithms = const.SUPPORTED_LB_ALGORITHMS[
224 CONF.load_balancer.provider]
225 except KeyError:
226 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
227 # Set default algorithm as first from the list.
228 cls.lb_algorithm = algorithms[0]
229
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]230 show_subnet = cls.lb_mem_subnet_client.show_subnet
231 if CONF.load_balancer.test_with_noop:
232 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
233 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
234 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
235 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
236 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
237 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
238 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]239 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]240 cls.lb_member_vip_ipv6_subnet = {'id':
241 uuidutils.generate_uuid()}
242 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
243 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]244 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]245 return
246 elif CONF.load_balancer.test_network_override:
247 if conf_lb.test_subnet_override:
248 override_subnet = show_subnet(conf_lb.test_subnet_override)
249 else:
250 override_subnet = None
251
252 show_net = cls.lb_mem_net_client.show_network
253 override_network = show_net(conf_lb.test_network_override)
254 override_network = override_network.get('network')
255
256 cls.lb_member_vip_net = override_network
257 cls.lb_member_vip_subnet = override_subnet
258 cls.lb_member_1_net = override_network
259 cls.lb_member_1_subnet = override_subnet
260 cls.lb_member_2_net = override_network
261 cls.lb_member_2_subnet = override_subnet
262
263 if (CONF.load_balancer.test_with_ipv6 and
264 conf_lb.test_IPv6_subnet_override):
265 override_ipv6_subnet = show_subnet(
266 conf_lb.test_IPv6_subnet_override)
267 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
268 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
269 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]270 cls.lb_member_vip_ipv6_subnet_stateful = False
271 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
272 'dhcpv6-stateful'):
273 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]274 else:
275 cls.lb_member_vip_ipv6_subnet = None
276 cls.lb_member_1_ipv6_subnet = None
277 cls.lb_member_2_ipv6_subnet = None
278 else:
279 cls._create_networks()
280
281 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
282 cls.lb_member_vip_net[const.ID]))
283 if cls.lb_member_vip_subnet:
284 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
285 cls.lb_member_vip_subnet[const.ID]))
286 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
287 cls.lb_member_1_net[const.ID]))
288 if cls.lb_member_1_subnet:
289 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
290 cls.lb_member_1_subnet[const.ID]))
291 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
292 cls.lb_member_2_net[const.ID]))
293 if cls.lb_member_2_subnet:
294 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
295 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]296 if CONF.load_balancer.test_with_ipv6:
297 if cls.lb_member_vip_ipv6_subnet:
298 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
299 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
300 if cls.lb_member_1_ipv6_subnet:
301 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
302 cls.lb_member_1_ipv6_subnet[const.ID]))
303 if cls.lb_member_2_ipv6_subnet:
304 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
305 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]306
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]307 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]308 # Neutron can be slow to clean up ports from the subnets/networks.
309 # Retry this delete a few times if we get a "Conflict" error to give
310 # neutron time to fully cleanup the ports.
311 @tenacity.retry(
312 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
313 wait=tenacity.wait_incrementing(
314 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
315 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
316 def _logging_delete_network(cls, net_id):
317 try:
318 cls.lb_mem_net_client.delete_network(net_id)
319 except Exception:
320 LOG.error('Unable to delete network {}. Active ports:'.format(
321 net_id))
322 LOG.error(cls.lb_mem_ports_client.list_ports())
323 raise
324
325 @classmethod
326 # Neutron can be slow to clean up ports from the subnets/networks.
327 # Retry this delete a few times if we get a "Conflict" error to give
328 # neutron time to fully cleanup the ports.
329 @tenacity.retry(
330 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
331 wait=tenacity.wait_incrementing(
332 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
333 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
334 def _logging_delete_subnet(cls, subnet_id):
335 try:
336 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
337 except Exception:
338 LOG.error('Unable to delete subnet {}. Active ports:'.format(
339 subnet_id))
340 LOG.error(cls.lb_mem_ports_client.list_ports())
341 raise
342
343 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]344 def _create_networks(cls):
345 """Creates networks, subnets, and routers used in tests.
346
347 The following are expected to be defined and available to the tests:
348 cls.lb_member_vip_net
349 cls.lb_member_vip_subnet
350 cls.lb_member_vip_ipv6_subnet (optional)
351 cls.lb_member_1_net
352 cls.lb_member_1_subnet
353 cls.lb_member_1_ipv6_subnet (optional)
354 cls.lb_member_2_net
355 cls.lb_member_2_subnet
356 cls.lb_member_2_ipv6_subnet (optional)
357 """
358
359 # Create tenant VIP network
360 network_kwargs = {
361 'name': data_utils.rand_name("lb_member_vip_network")}
362 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]363 # Note: Allowed Address Pairs requires port security
364 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]365 result = cls.lb_mem_net_client.create_network(**network_kwargs)
366 cls.lb_member_vip_net = result['network']
367 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
368 cls.addClassResourceCleanup(
369 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]370 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]371 cls.lb_mem_net_client.show_network,
372 cls.lb_member_vip_net['id'])
373
374 # Create tenant VIP subnet
375 subnet_kwargs = {
376 'name': data_utils.rand_name("lb_member_vip_subnet"),
377 'network_id': cls.lb_member_vip_net['id'],
378 'cidr': CONF.load_balancer.vip_subnet_cidr,
379 'ip_version': 4}
380 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
381 cls.lb_member_vip_subnet = result['subnet']
382 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
383 cls.addClassResourceCleanup(
384 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]385 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]386 cls.lb_mem_subnet_client.show_subnet,
387 cls.lb_member_vip_subnet['id'])
388
389 # Create tenant VIP IPv6 subnet
390 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]391 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]392 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
393 subnet_kwargs = {
394 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
395 'network_id': cls.lb_member_vip_net['id'],
396 'ip_version': 6}
397
398 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
399 # the subnetpool's cidr is routable from the devstack node
400 # through the default router
401 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
402 if subnetpool_name:
403 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
404 name=subnetpool_name)['subnetpools']
405 if len(subnetpool) == 1:
406 subnetpool = subnetpool[0]
407 subnet_kwargs['subnetpool_id'] = subnetpool['id']
408 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
409
410 if 'subnetpool_id' not in subnet_kwargs:
411 subnet_kwargs['cidr'] = (
412 CONF.load_balancer.vip_ipv6_subnet_cidr)
413
414 result = cls.lb_mem_subnet_client.create_subnet(
415 **subnet_kwargs)
416 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
417 cls.lb_member_vip_ipv6_subnet = result['subnet']
418 cls.addClassResourceCleanup(
419 waiters.wait_for_not_found,
420 cls._logging_delete_subnet,
421 cls.lb_mem_subnet_client.show_subnet,
422 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]423
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]424 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
425 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]426
427 # Create tenant member 1 network
428 network_kwargs = {
429 'name': data_utils.rand_name("lb_member_1_network")}
430 if CONF.network_feature_enabled.port_security:
431 if CONF.load_balancer.enable_security_groups:
432 network_kwargs['port_security_enabled'] = True
433 else:
434 network_kwargs['port_security_enabled'] = False
435 result = cls.lb_mem_net_client.create_network(**network_kwargs)
436 cls.lb_member_1_net = result['network']
437 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
438 cls.addClassResourceCleanup(
439 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]440 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]441 cls.lb_mem_net_client.show_network,
442 cls.lb_member_1_net['id'])
443
444 # Create tenant member 1 subnet
445 subnet_kwargs = {
446 'name': data_utils.rand_name("lb_member_1_subnet"),
447 'network_id': cls.lb_member_1_net['id'],
448 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
449 'ip_version': 4}
450 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
451 cls.lb_member_1_subnet = result['subnet']
452 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
453 cls.addClassResourceCleanup(
454 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]455 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]456 cls.lb_mem_subnet_client.show_subnet,
457 cls.lb_member_1_subnet['id'])
458
459 # Create tenant member 1 ipv6 subnet
460 if CONF.load_balancer.test_with_ipv6:
461 subnet_kwargs = {
462 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
463 'network_id': cls.lb_member_1_net['id'],
464 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
465 'ip_version': 6}
466 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]467 cls.lb_member_1_subnet_prefix = (
468 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
469 )
470 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]471 cls.lb_member_1_ipv6_subnet = result['subnet']
472 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
473 cls.lb_member_1_ipv6_subnet))
474 cls.addClassResourceCleanup(
475 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]476 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]477 cls.lb_mem_subnet_client.show_subnet,
478 cls.lb_member_1_ipv6_subnet['id'])
479
480 # Create tenant member 2 network
481 network_kwargs = {
482 'name': data_utils.rand_name("lb_member_2_network")}
483 if CONF.network_feature_enabled.port_security:
484 if CONF.load_balancer.enable_security_groups:
485 network_kwargs['port_security_enabled'] = True
486 else:
487 network_kwargs['port_security_enabled'] = False
488 result = cls.lb_mem_net_client.create_network(**network_kwargs)
489 cls.lb_member_2_net = result['network']
490 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
491 cls.addClassResourceCleanup(
492 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]493 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]494 cls.lb_mem_net_client.show_network,
495 cls.lb_member_2_net['id'])
496
497 # Create tenant member 2 subnet
498 subnet_kwargs = {
499 'name': data_utils.rand_name("lb_member_2_subnet"),
500 'network_id': cls.lb_member_2_net['id'],
501 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
502 'ip_version': 4}
503 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
504 cls.lb_member_2_subnet = result['subnet']
505 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
506 cls.addClassResourceCleanup(
507 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]508 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]509 cls.lb_mem_subnet_client.show_subnet,
510 cls.lb_member_2_subnet['id'])
511
512 # Create tenant member 2 ipv6 subnet
513 if CONF.load_balancer.test_with_ipv6:
514 subnet_kwargs = {
515 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
516 'network_id': cls.lb_member_2_net['id'],
517 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
518 'ip_version': 6}
519 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]520 cls.lb_member_2_subnet_prefix = (
521 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
522 )
523 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]524 cls.lb_member_2_ipv6_subnet = result['subnet']
525 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
526 cls.lb_member_2_ipv6_subnet))
527 cls.addClassResourceCleanup(
528 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]529 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]530 cls.lb_mem_subnet_client.show_subnet,
531 cls.lb_member_2_ipv6_subnet['id'])
532
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]533 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]534 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
535 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]536 if not ip_version:
537 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]538 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]539 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]540 while ip_index in cls.used_ips:
541 ip_index = data_utils.rand_int_id(start=10, end=100)
542 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]543 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]544 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]545 if CONF.load_balancer.test_with_noop:
546 lb_vip_address = '198.18.33.33'
547 else:
548 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
549 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
550 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]551 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]552 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]553 if CONF.load_balancer.test_with_noop:
554 lb_vip_address = '2001:db8:33:33:33:33:33:33'
555 else:
556 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
557 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
558 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]559 # If the subnet is IPv6 slaac or dhcpv6-stateless
560 # neutron does not allow a fixed IP
561 if not cls.lb_member_vip_ipv6_subnet_stateful:
562 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]563 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]564 if use_fixed_ip:
565 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]566 if CONF.load_balancer.test_with_noop:
567 lb_kwargs[const.VIP_NETWORK_ID] = (
568 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]569 if ip_version == 6:
570 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]571 else:
572 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
573 lb_kwargs[const.VIP_SUBNET_ID] = None
574
575
576class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
577 @classmethod
578 def resource_setup(cls):
579 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
580 # If validation is disabled in this cloud, we won't be able to
581 # start the webservers, so don't even boot them.
582 if not CONF.validation.run_validation:
583 return
584
585 # Create a keypair for the webservers
586 keypair_name = data_utils.rand_name('lb_member_keypair')
587 result = cls.lb_mem_keypairs_client.create_keypair(
588 name=keypair_name)
589 cls.lb_member_keypair = result['keypair']
590 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
591 cls.addClassResourceCleanup(
592 waiters.wait_for_not_found,
593 cls.lb_mem_keypairs_client.delete_keypair,
594 cls.lb_mem_keypairs_client.show_keypair,
595 keypair_name)
596
597 if (CONF.load_balancer.enable_security_groups and
598 CONF.network_feature_enabled.port_security):
599 # Set up the security group for the webservers
600 SG_name = data_utils.rand_name('lb_member_SG')
601 cls.lb_member_sec_group = (
602 cls.lb_mem_SG_client.create_security_group(
603 name=SG_name)['security_group'])
604 cls.addClassResourceCleanup(
605 waiters.wait_for_not_found,
606 cls.lb_mem_SG_client.delete_security_group,
607 cls.lb_mem_SG_client.show_security_group,
608 cls.lb_member_sec_group['id'])
609
610 # Create a security group rule to allow 80-81 (test webservers)
611 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
612 direction='ingress',
613 security_group_id=cls.lb_member_sec_group['id'],
614 protocol='tcp',
615 ethertype='IPv4',
616 port_range_min=80,
617 port_range_max=81)['security_group_rule']
618 cls.addClassResourceCleanup(
619 waiters.wait_for_not_found,
620 cls.lb_mem_SGr_client.delete_security_group_rule,
621 cls.lb_mem_SGr_client.show_security_group_rule,
622 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]623 # Create a security group rule to allow UDP 80-81 (test webservers)
624 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
625 direction='ingress',
626 security_group_id=cls.lb_member_sec_group['id'],
627 protocol='udp',
628 ethertype='IPv4',
629 port_range_min=80,
630 port_range_max=81)['security_group_rule']
631 cls.addClassResourceCleanup(
632 waiters.wait_for_not_found,
633 cls.lb_mem_SGr_client.delete_security_group_rule,
634 cls.lb_mem_SGr_client.show_security_group_rule,
635 SGr['id'])
636 # Create a security group rule to allow UDP 9999 (test webservers)
637 # Port 9999 is used to illustrate health monitor ERRORs on closed
638 # ports.
639 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
640 direction='ingress',
641 security_group_id=cls.lb_member_sec_group['id'],
642 protocol='udp',
643 ethertype='IPv4',
644 port_range_min=9999,
645 port_range_max=9999)['security_group_rule']
646 cls.addClassResourceCleanup(
647 waiters.wait_for_not_found,
648 cls.lb_mem_SGr_client.delete_security_group_rule,
649 cls.lb_mem_SGr_client.show_security_group_rule,
650 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]651 # Create a security group rule to allow 22 (ssh)
652 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
653 direction='ingress',
654 security_group_id=cls.lb_member_sec_group['id'],
655 protocol='tcp',
656 ethertype='IPv4',
657 port_range_min=22,
658 port_range_max=22)['security_group_rule']
659 cls.addClassResourceCleanup(
660 waiters.wait_for_not_found,
661 cls.lb_mem_SGr_client.delete_security_group_rule,
662 cls.lb_mem_SGr_client.show_security_group_rule,
663 SGr['id'])
664 if CONF.load_balancer.test_with_ipv6:
665 # Create a security group rule to allow 80-81 (test webservers)
666 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
667 direction='ingress',
668 security_group_id=cls.lb_member_sec_group['id'],
669 protocol='tcp',
670 ethertype='IPv6',
671 port_range_min=80,
672 port_range_max=81)['security_group_rule']
673 cls.addClassResourceCleanup(
674 waiters.wait_for_not_found,
675 cls.lb_mem_SGr_client.delete_security_group_rule,
676 cls.lb_mem_SGr_client.show_security_group_rule,
677 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]678 # Create a security group rule to allow UDP 80-81 (test
679 # webservers)
680 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
681 direction='ingress',
682 security_group_id=cls.lb_member_sec_group['id'],
683 protocol='udp',
684 ethertype='IPv6',
685 port_range_min=80,
686 port_range_max=81)['security_group_rule']
687 cls.addClassResourceCleanup(
688 waiters.wait_for_not_found,
689 cls.lb_mem_SGr_client.delete_security_group_rule,
690 cls.lb_mem_SGr_client.show_security_group_rule,
691 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]692 # Create a security group rule to allow 22 (ssh)
693 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
694 direction='ingress',
695 security_group_id=cls.lb_member_sec_group['id'],
696 protocol='tcp',
697 ethertype='IPv6',
698 port_range_min=22,
699 port_range_max=22)['security_group_rule']
700 cls.addClassResourceCleanup(
701 waiters.wait_for_not_found,
702 cls.lb_mem_SGr_client.delete_security_group_rule,
703 cls.lb_mem_SGr_client.show_security_group_rule,
704 SGr['id'])
705
706 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
707
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]708 # Setup backend member reencryption PKI
709 cls._create_backend_reencryption_pki()
710
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]711 # Create webserver 1 instance
712 server_details = cls._create_webserver('lb_member_webserver1',
713 cls.lb_member_1_net)
714
715 cls.lb_member_webserver1 = server_details['server']
716 cls.webserver1_ip = server_details.get('ipv4_address')
717 cls.webserver1_ipv6 = server_details.get('ipv6_address')
718 cls.webserver1_public_ip = server_details['public_ipv4_address']
719
720 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
721 cls.lb_member_webserver1[const.ID]))
722 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
723 cls.webserver1_ip))
724 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
725 cls.webserver1_ipv6))
726 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
727 cls.webserver1_public_ip))
728
729 # Create webserver 2 instance
730 server_details = cls._create_webserver('lb_member_webserver2',
731 cls.lb_member_2_net)
732
733 cls.lb_member_webserver2 = server_details['server']
734 cls.webserver2_ip = server_details.get('ipv4_address')
735 cls.webserver2_ipv6 = server_details.get('ipv6_address')
736 cls.webserver2_public_ip = server_details['public_ipv4_address']
737
738 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
739 cls.lb_member_webserver2[const.ID]))
740 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
741 cls.webserver2_ip))
742 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
743 cls.webserver2_ipv6))
744 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
745 cls.webserver2_public_ip))
746
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]747 if CONF.load_balancer.test_with_ipv6:
748 # Enable the IPv6 nic in webserver 1
749 cls._enable_ipv6_nic_webserver(
750 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
751 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
752
753 # Enable the IPv6 nic in webserver 2
754 cls._enable_ipv6_nic_webserver(
755 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
756 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
757
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]758 # Set up serving on webserver 1
759 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]760 cls.lb_member_keypair['private_key'],
761 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]762
763 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]764 cls._validate_webserver(cls.webserver1_public_ip,
765 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]766
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]767 # Validate udp server 1
768 cls._validate_udp_server(cls.webserver1_public_ip,
769 cls.webserver1_response)
770
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]771 # Set up serving on webserver 2
772 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]773 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]774 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]775
776 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]777 cls._validate_webserver(cls.webserver2_public_ip,
778 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]779
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]780 # Validate udp server 2
781 cls._validate_udp_server(cls.webserver2_public_ip,
782 cls.webserver2_response)
783
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]784 @classmethod
785 def _create_networks(cls):
786 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]787 # Create a router for the subnets (required for the floating IP)
788 router_name = data_utils.rand_name("lb_member_router")
789 result = cls.lb_mem_routers_client.create_router(
790 name=router_name, admin_state_up=True,
791 external_gateway_info=dict(
792 network_id=CONF.network.public_network_id))
793 cls.lb_member_router = result['router']
794 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
795 cls.addClassResourceCleanup(
796 waiters.wait_for_not_found,
797 cls.lb_mem_routers_client.delete_router,
798 cls.lb_mem_routers_client.show_router,
799 cls.lb_member_router['id'])
800
801 # Add VIP subnet to router
802 cls.lb_mem_routers_client.add_router_interface(
803 cls.lb_member_router['id'],
804 subnet_id=cls.lb_member_vip_subnet['id'])
805 cls.addClassResourceCleanup(
806 waiters.wait_for_not_found,
807 cls.lb_mem_routers_client.remove_router_interface,
808 cls.lb_mem_routers_client.remove_router_interface,
809 cls.lb_member_router['id'],
810 subnet_id=cls.lb_member_vip_subnet['id'])
811
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]812 if (CONF.load_balancer.test_with_ipv6 and
813 CONF.load_balancer.default_router and
814 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
815
816 router_name = CONF.load_balancer.default_router
817 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
818 # plug the subnet into the default router
819 router = cls.os_admin.routers_client.list_routers(
820 name=router_name)['routers']
821
822 if len(router) == 1:
823 router = router[0]
824
825 # Add IPv6 VIP subnet to router1
826 cls.os_admin_routers_client.add_router_interface(
827 router['id'],
828 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
829 cls.addClassResourceCleanup(
830 waiters.wait_for_not_found,
831 cls.os_admin_routers_client.remove_router_interface,
832 cls.os_admin_routers_client.remove_router_interface,
833 router['id'],
834 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
835
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]836 # Add member subnet 1 to router
837 cls.lb_mem_routers_client.add_router_interface(
838 cls.lb_member_router['id'],
839 subnet_id=cls.lb_member_1_subnet['id'])
840 cls.addClassResourceCleanup(
841 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]842 cls.lb_mem_routers_client.remove_router_interface,
843 cls.lb_mem_routers_client.remove_router_interface,
844 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
845
846 # Add member subnet 2 to router
847 cls.lb_mem_routers_client.add_router_interface(
848 cls.lb_member_router['id'],
849 subnet_id=cls.lb_member_2_subnet['id'])
850 cls.addClassResourceCleanup(
851 waiters.wait_for_not_found,
852 cls.lb_mem_routers_client.remove_router_interface,
853 cls.lb_mem_routers_client.remove_router_interface,
854 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
855
856 @classmethod
857 def _create_webserver(cls, name, network):
858 """Creates a webserver with two ports.
859
860 webserver_details dictionary contains:
861 server - The compute server object
862 ipv4_address - The IPv4 address for the server (optional)
863 ipv6_address - The IPv6 address for the server (optional)
864 public_ipv4_address - The publicly accessible IPv4 address for the
865 server, this may be a floating IP (optional)
866
867 :param name: The name of the server to create.
868 :param network: The network to boot the server on.
869 :returns: webserver_details dictionary.
870 """
871 server_kwargs = {
872 'name': data_utils.rand_name(name),
873 'flavorRef': CONF.compute.flavor_ref,
874 'imageRef': CONF.compute.image_ref,
875 'key_name': cls.lb_member_keypair['name']}
876 if (CONF.load_balancer.enable_security_groups and
877 CONF.network_feature_enabled.port_security):
878 server_kwargs['security_groups'] = [
879 {'name': cls.lb_member_sec_group['name']}]
880 if not CONF.load_balancer.disable_boot_network:
881 server_kwargs['networks'] = [{'uuid': network['id']}]
882
883 # Replace the name for clouds that have limitations
884 if CONF.load_balancer.random_server_name_length:
885 r = random.SystemRandom()
886 server_kwargs['name'] = "m{}".format("".join(
887 [r.choice(string.ascii_uppercase + string.digits)
888 for _ in range(
889 CONF.load_balancer.random_server_name_length - 1)]
890 ))
891 if CONF.load_balancer.availability_zone:
892 server_kwargs['availability_zone'] = (
893 CONF.load_balancer.availability_zone)
894
895 server = cls.lb_mem_servers_client.create_server(
896 **server_kwargs)['server']
897 cls.addClassResourceCleanup(
898 waiters.wait_for_not_found,
899 cls.lb_mem_servers_client.delete_server,
900 cls.lb_mem_servers_client.show_server,
901 server['id'])
902 server = waiters.wait_for_status(
903 cls.lb_mem_servers_client.show_server,
904 server['id'], 'status', 'ACTIVE',
905 CONF.load_balancer.build_interval,
906 CONF.load_balancer.build_timeout,
907 root_tag='server')
908 webserver_details = {'server': server}
909 LOG.info('Created server: {}'.format(server))
910
911 addresses = server['addresses']
912 if CONF.load_balancer.disable_boot_network:
913 instance_network = addresses.values()[0]
914 else:
915 instance_network = addresses[network['name']]
916 for addr in instance_network:
917 if addr['version'] == 4:
918 webserver_details['ipv4_address'] = addr['addr']
919 if addr['version'] == 6:
920 webserver_details['ipv6_address'] = addr['addr']
921
922 if CONF.validation.connect_method == 'floating':
923 result = cls.lb_mem_ports_client.list_ports(
924 network_id=network['id'],
925 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
926 port_id = result['ports'][0]['id']
927 result = cls.lb_mem_float_ip_client.create_floatingip(
928 floating_network_id=CONF.network.public_network_id,
929 port_id=port_id)
930 floating_ip = result['floatingip']
931 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
932 cls.addClassResourceCleanup(
933 waiters.wait_for_not_found,
934 cls.lb_mem_float_ip_client.delete_floatingip,
935 cls.lb_mem_float_ip_client.show_floatingip,
936 floatingip_id=floating_ip['id'])
937 webserver_details['public_ipv4_address'] = (
938 floating_ip['floating_ip_address'])
939 else:
940 webserver_details['public_ipv4_address'] = (
941 instance_network[0]['addr'])
942
943 return webserver_details
944
945 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]946 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
947 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]948 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]949
950 linux_client = remote_client.RemoteClient(
951 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
952 linux_client.validate_authentication()
953
954 with tempfile.NamedTemporaryFile() as key:
955 key.write(ssh_key.encode('utf-8'))
956 key.flush()
957 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
958 "-o StrictHostKeyChecking=no "
959 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
960 "-i {2} {3} {4}@{5}:{6}").format(
961 CONF.load_balancer.scp_connection_timeout,
962 CONF.load_balancer.scp_connection_attempts,
963 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]964 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]965 args = shlex.split(cmd)
966 subprocess_args = {'stdout': subprocess.PIPE,
967 'stderr': subprocess.STDOUT,
968 'cwd': None}
969 proc = subprocess.Popen(args, **subprocess_args)
970 stdout, stderr = proc.communicate()
971 if proc.returncode != 0:
972 raise exceptions.CommandFailed(proc.returncode, cmd,
973 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]974
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]975 cls._load_member_pki_content(ip_address, key,
976 revoke_cert=revoke_cert)
977
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]978 # Enabling memory overcommit allows to run golang static binaries
979 # compiled with a recent golang toolchain (>=1.11). Those binaries
980 # allocate a large amount of virtual memory at init time, and this
981 # allocation fails in tempest's nano flavor (64MB of RAM)
982 # (golang issue reported in https://github.com/golang/go/issues/28114,
983 # follow-up: https://github.com/golang/go/issues/28081)
984 # TODO(gthiemonge): Remove this call when golang issue is resolved.
985 linux_client.exec_command('sudo sh -c "echo 1 > '
986 '/proc/sys/vm/overcommit_memory"')
987
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]988 # The initial process also supports HTTPS and HTTPS with client auth
989 linux_client.exec_command(
990 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
991 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
992 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
993 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
994
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]995 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]996 '-id {1}'.format(const.TEST_SERVER_BINARY,
997 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]998
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]999 # Cirros does not configure the assigned IPv6 address by default
1000 # so enable it manually like tempest does here:
1001 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1002 @classmethod
1003 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1004 ipv6_address, ipv6_prefix):
1005 linux_client = remote_client.RemoteClient(
1006 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
1007 linux_client.validate_authentication()
1008
1009 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1010 'eth0'.format(ipv6_address, ipv6_prefix))
1011
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1012 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1013 def _validate_webserver(cls, ip_address, start_id):
1014 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1015 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1016 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1017 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1018
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1019 @classmethod
1020 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1021 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1022 if res != str(start_id):
1023 raise Exception("Response from test server doesn't match the "
1024 "expected value ({0} != {1}).".format(
1025 res, str(start_id)))
1026
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1027 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1028 if res != str(start_id + 1):
1029 raise Exception("Response from test server doesn't match the "
1030 "expected value ({0} != {1}).".format(
1031 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1032
1033 @classmethod
1034 def _create_backend_reencryption_pki(cls):
1035 # Create a CA self-signed cert and key for the member test servers
1036 cls.member_ca_cert, cls.member_ca_key = (
1037 cert_utils.generate_ca_cert_and_key())
1038
1039 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1040 serialization.Encoding.PEM))
1041 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1042 encoding=serialization.Encoding.PEM,
1043 format=serialization.PrivateFormat.TraditionalOpenSSL,
1044 encryption_algorithm=serialization.NoEncryption()))
1045 LOG.debug('Member CA public Key: %s',
1046 cls.member_ca_key.public_key().public_bytes(
1047 encoding=serialization.Encoding.PEM,
1048 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1049
1050 # Create the member client authentication CA
1051 cls.member_client_ca_cert, member_client_ca_key = (
1052 cert_utils.generate_ca_cert_and_key())
1053
1054 # Create client cert and key
1055 cls.member_client_cn = uuidutils.generate_uuid()
1056 cls.member_client_cert, cls.member_client_key = (
1057 cert_utils.generate_client_cert_and_key(
1058 cls.member_client_ca_cert, member_client_ca_key,
1059 cls.member_client_cn))
1060 # Note: We are not revoking a client cert here as we don't need to
1061 # test the backend web server CRL checking.
1062
1063 @classmethod
1064 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1065 # Create webserver certificate and key
1066 cert, key = cert_utils.generate_server_cert_and_key(
1067 cls.member_ca_cert, cls.member_ca_key, ip_address)
1068
1069 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1070 serialization.Encoding.PEM))
1071 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1072 encoding=serialization.Encoding.PEM,
1073 format=serialization.PrivateFormat.TraditionalOpenSSL,
1074 encryption_algorithm=serialization.NoEncryption()))
1075 public_key = key.public_key()
1076 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1077 encoding=serialization.Encoding.PEM,
1078 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1079
1080 # Create a CRL with a revoked certificate
1081 if revoke_cert:
1082 # Create a CRL with webserver 2 revoked
1083 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1084 cls.member_ca_cert, cls.member_ca_key, cert)
1085
1086 # Load the certificate, key, and client CA certificate into the
1087 # test server.
1088 with tempfile.TemporaryDirectory() as tmpdir:
1089 os.umask(0)
1090 files_to_send = []
1091 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1092 files_to_send.append(cert_filename)
1093 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1094 0o700), 'w') as fh:
1095 fh.write(cert.public_bytes(
1096 serialization.Encoding.PEM).decode('utf-8'))
1097 fh.flush()
1098 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1099 files_to_send.append(key_filename)
1100 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1101 0o700), 'w') as fh:
1102 fh.write(key.private_bytes(
1103 encoding=serialization.Encoding.PEM,
1104 format=serialization.PrivateFormat.TraditionalOpenSSL,
1105 encryption_algorithm=serialization.NoEncryption()).decode(
1106 'utf-8'))
1107 fh.flush()
1108 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1109 files_to_send.append(client_ca_filename)
1110 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1111 0o700), 'w') as fh:
1112 fh.write(cls.member_client_ca_cert.public_bytes(
1113 serialization.Encoding.PEM).decode('utf-8'))
1114 fh.flush()
1115
1116 # For security, we don't want to use a shell that can glob
1117 # the file names, so iterate over them.
1118 subprocess_args = {'stdout': subprocess.PIPE,
1119 'stderr': subprocess.STDOUT,
1120 'cwd': None}
1121 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1122 "-o StrictHostKeyChecking=no "
1123 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1124 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1125 CONF.load_balancer.scp_connection_timeout,
1126 CONF.load_balancer.scp_connection_attempts,
1127 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1128 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1129 args = shlex.split(cmd)
1130 proc = subprocess.Popen(args, **subprocess_args)
1131 stdout, stderr = proc.communicate()
1132 if proc.returncode != 0:
1133 raise exceptions.CommandFailed(proc.returncode, cmd,
1134 stdout, stderr)