Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 3fdafac99b3a4741e52a97f452634dcc8195d07b / . / octavia_tempest_plugin / tests / test_base.py
blob: a63c5aacc420058b193ec5b6229ce53905cbd4d6 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame]16import netaddr
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]17import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]18import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]19import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]21import string
22import subprocess
23import tempfile
24
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]25from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]26from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]27from oslo_log import log as logging
28from oslo_utils import uuidutils
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]29from tempest import clients
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]30from tempest import config
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]31from tempest.lib import auth
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32from tempest.lib.common.utils import data_utils
33from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34from tempest.lib import exceptions
35from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]36import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]37
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]38from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]39from octavia_tempest_plugin.common import constants as const
Ilya Bumarskoveff9bae2023-03-16 14:12:09 +0400[diff] [blame]40from octavia_tempest_plugin import config as config_octavia
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]41import octavia_tempest_plugin.services.load_balancer.v2 as lbv2
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]42from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]43from octavia_tempest_plugin.tests import validators
44from octavia_tempest_plugin.tests import waiters
45
46CONF = config.CONF
47LOG = logging.getLogger(__name__)
48
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]49RETRY_ATTEMPTS = 15
50RETRY_INITIAL_DELAY = 1
51RETRY_BACKOFF = 1
52RETRY_MAX = 5
53
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]54
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]55class LoadBalancerBaseTest(validators.ValidatorsMixin,
56 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]57 """Base class for load balancer tests."""
58
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]59 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
60 credentials = [
61 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
62 ['lb_member', CONF.load_balancer.member_role],
63 ['lb_member2', CONF.load_balancer.member_role]]
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]64 elif CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]65 credentials = [
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]66 'admin', 'primary',
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]67 ['lb_admin', 'admin'],
68 ['lb_observer', 'reader'],
69 ['lb_global_observer', 'reader'],
70 ['lb_member', 'member'],
71 ['lb_member2', 'member']]
72 # Note: an additional non-member user is added in setup_credentials
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]73 else:
74 credentials = [
75 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
76 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
77 ['lb_global_observer', CONF.load_balancer.global_observer_role,
78 'reader'],
Michael Johnson9e9f5262023-01-18 17:59:17 +0000[diff] [blame]79 # Note: Some projects are now requiring the 'member' role by
80 # default (nova for example) so make sure our creds have this role
81 ['lb_member', CONF.load_balancer.member_role, 'member'],
82 ['lb_member2', CONF.load_balancer.member_role, 'member']]
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]83
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]84 # A tuple of credentials that will be allocated by tempest using the
85 # 'credentials' list above. These are used to build RBAC test lists.
86 allocated_creds = []
87 for cred in credentials:
88 if isinstance(cred, list):
89 allocated_creds.append('os_roles_' + cred[0])
90 else:
91 allocated_creds.append('os_' + cred)
92 # Tests shall not mess with the list of allocated credentials
93 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]94
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]95 webserver1_response = 1
96 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]97 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]98
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]99 SRC_PORT_NUMBER_MIN = 32768
100 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]101 src_port_number = SRC_PORT_NUMBER_MIN
102
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]103 @classmethod
104 def skip_checks(cls):
105 """Check if we should skip all of the children tests."""
106 super(LoadBalancerBaseTest, cls).skip_checks()
107
108 service_list = {
109 'load_balancer': CONF.service_available.load_balancer,
110 }
111
112 live_service_list = {
113 'compute': CONF.service_available.nova,
114 'image': CONF.service_available.glance,
115 'neutron': CONF.service_available.neutron
116 }
117
118 if not CONF.load_balancer.test_with_noop:
119 service_list.update(live_service_list)
120
121 for service, available in service_list.items():
122 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]123 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]124 "available.".format(cls.__name__, service))
125 raise cls.skipException(skip_msg)
126
127 # We must be able to reach our VIP and instances
128 if not (CONF.network.project_networks_reachable
129 or CONF.network.public_network_id):
130 msg = ('Either project_networks_reachable must be "true", or '
131 'public_network_id must be defined.')
132 raise cls.skipException(msg)
133
134 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]135 def _setup_new_user_role_client(cls, project_id, role_name):
136 user = {
137 'name': data_utils.rand_name('user'),
138 'password': data_utils.rand_password()
139 }
140 user_id = cls.os_admin.users_v3_client.create_user(
141 **user)['user']['id']
142 cls._created_users.append(user_id)
143 roles = cls.os_admin.roles_v3_client.list_roles(
144 name=role_name)['roles']
145 if len(roles) == 0:
146 role = {
147 'name': role_name
148 }
149 role_id = cls.os_admin.roles_v3_client.create_role(
150 **role)['role']['id']
151 cls._created_roles.append(role_id)
152 else:
153 role_id = roles[0]['id']
154 cls.os_admin.roles_v3_client.create_user_role_on_project(
155 project_id, user_id, role_id
156 )
157 creds = auth.KeystoneV3Credentials(
158 user_id=user_id,
159 password=user['password'],
160 project_id=project_id
161 )
162 auth_provider = clients.get_auth_provider(creds)
163 creds = auth_provider.fill_credentials()
164 return clients.Manager(credentials=creds)
165
166 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]167 def setup_credentials(cls):
168 """Setup test credentials and network resources."""
169 # Do not auto create network resources
170 cls.set_network_resources()
171 super(LoadBalancerBaseTest, cls).setup_credentials()
172
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]173 cls._created_projects = []
174 cls._created_users = []
175 cls._created_roles = []
176
177 non_dyn_users = []
178
179 if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
180 # Create a non-member user for keystone_default_roles
181 # When using dynamic credentials, tempest cannot create a user
182 # without a role, it always adds at least the "member" role.
183 # We manually create the user with a temporary role
184 project_id = cls.os_admin.projects_client.create_project(
185 data_utils.rand_name()
186 )['project']['id']
187 cls._created_projects.append(project_id)
188 cls.os_not_member = cls._setup_new_user_role_client(
189 project_id,
190 data_utils.rand_name('role'))
191 cls.allocated_creds.append('os_not_member')
192 non_dyn_users.append('not_member')
193
194 # Tests shall not mess with the list of allocated credentials
195 cls.allocated_credentials = tuple(cls.allocated_creds)
196
Bas de Bruijne530a88a2022-12-15 11:12:45 -0400[diff] [blame]197 if not CONF.load_balancer.log_user_roles:
198 return
199
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]200 # Log the user roles for this test run
201 role_name_cache = {}
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]202 for cred in cls.credentials + non_dyn_users:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]203 user_roles = []
204 if isinstance(cred, list):
205 user_name = cred[0]
206 cred_obj = getattr(cls, 'os_roles_' + cred[0])
207 else:
208 user_name = cred
209 cred_obj = getattr(cls, 'os_' + cred)
210 params = {'user.id': cred_obj.credentials.user_id,
Rodolfo Alonso Hernandezb5969972025-02-17 14:23:38 +0000[diff] [blame]211 'scope.project.id': cred_obj.credentials.project_id}
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]212 roles = cls.os_admin.role_assignments_client.list_role_assignments(
213 **params)['role_assignments']
214 for role in roles:
215 role_id = role['role']['id']
216 try:
217 role_name = role_name_cache[role_id]
218 except KeyError:
219 role_name = cls.os_admin.roles_v3_client.show_role(
220 role_id)['role']['name']
221 role_name_cache[role_id] = role_name
222 user_roles.append([role_name, role['scope']])
223 LOG.info("User %s has roles: %s", user_name, user_roles)
224
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]225 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]226 def clear_credentials(cls):
227 for user_id in cls._created_users:
228 cls.os_admin.users_v3_client.delete_user(user_id)
229 for project_id in cls._created_projects:
230 cls.os_admin.projects_client.delete_project(project_id)
231 for role_id in cls._created_roles:
232 cls.os_admin.roles_v3_client.delete_role(role_id)
233 super().clear_credentials()
234
235 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]236 def setup_clients(cls):
237 """Setup client aliases."""
238 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]239 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]240 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
241 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
242 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
243 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
244 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
245 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
246 cls.lb_mem_SGr_client = (
247 cls.os_roles_lb_member.security_group_rules_client)
248 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
249 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]250 cls.mem_lb_client: lbv2.LoadbalancerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]251 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]252 cls.mem_listener_client: lbv2.ListenerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]253 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]254 cls.mem_pool_client: lbv2.PoolClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]255 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]256 cls.mem_member_client: lbv2.MemberClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]257 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]258 cls.mem_healthmonitor_client: lbv2.HealthMonitorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]259 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]260 cls.mem_l7policy_client: lbv2.L7PolicyClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]261 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]262 cls.mem_l7rule_client: lbv2.L7RuleClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]263 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]264 cls.lb_admin_amphora_client: lbv2.AmphoraClient = (
265 lb_admin_prefix.AmphoraClient())
266 cls.lb_admin_flavor_profile_client: lbv2.FlavorProfileClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]267 lb_admin_prefix.FlavorProfileClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]268 cls.lb_admin_flavor_client: lbv2.FlavorClient = (
269 lb_admin_prefix.FlavorClient())
270 cls.mem_flavor_client: lbv2.FlavorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]271 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]272 cls.mem_provider_client: lbv2.ProviderClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]273 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]274 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]275 cls.os_admin_routers_client = cls.os_admin.routers_client
276 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]277 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]278 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]279 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]280 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]281 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]282 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]283 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]284 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]285 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]286 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Gregory Thiemonge5010dc02021-02-02 14:59:27 +0100[diff] [blame]287 cls.os_admin_compute_flavors_client = cls.os_admin.flavors_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]288
289 @classmethod
290 def resource_setup(cls):
291 """Setup resources needed by the tests."""
292 super(LoadBalancerBaseTest, cls).resource_setup()
293
294 conf_lb = CONF.load_balancer
295
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]296 cls.api_version = cls.mem_lb_client.get_max_api_version()
297
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]298 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
299 raise exceptions.InvalidConfiguration(
300 "Configuration value test_network_override must be "
301 "specified if test_subnet_override is used.")
302
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]303 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]304 # Get loadbalancing algorithms supported by provider driver.
305 try:
306 algorithms = const.SUPPORTED_LB_ALGORITHMS[
307 CONF.load_balancer.provider]
308 except KeyError:
309 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
310 # Set default algorithm as first from the list.
311 cls.lb_algorithm = algorithms[0]
312
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]313 show_subnet = cls.lb_mem_subnet_client.show_subnet
314 if CONF.load_balancer.test_with_noop:
315 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
316 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
317 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
318 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
319 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
320 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
321 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]322 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]323 cls.lb_member_vip_ipv6_subnet = {'id':
324 uuidutils.generate_uuid()}
325 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
326 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]327 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]328 return
329 elif CONF.load_balancer.test_network_override:
330 if conf_lb.test_subnet_override:
331 override_subnet = show_subnet(conf_lb.test_subnet_override)
332 else:
333 override_subnet = None
334
335 show_net = cls.lb_mem_net_client.show_network
336 override_network = show_net(conf_lb.test_network_override)
337 override_network = override_network.get('network')
338
339 cls.lb_member_vip_net = override_network
340 cls.lb_member_vip_subnet = override_subnet
341 cls.lb_member_1_net = override_network
342 cls.lb_member_1_subnet = override_subnet
343 cls.lb_member_2_net = override_network
344 cls.lb_member_2_subnet = override_subnet
345
346 if (CONF.load_balancer.test_with_ipv6 and
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]347 conf_lb.test_ipv6_subnet_override):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]348 override_ipv6_subnet = show_subnet(
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]349 conf_lb.test_ipv6_subnet_override)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]350 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
351 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
352 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]353 cls.lb_member_vip_ipv6_subnet_stateful = False
354 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
355 'dhcpv6-stateful'):
356 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]357 else:
358 cls.lb_member_vip_ipv6_subnet = None
359 cls.lb_member_1_ipv6_subnet = None
360 cls.lb_member_2_ipv6_subnet = None
361 else:
362 cls._create_networks()
363
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]364 LOG.debug('Octavia Setup: lb_member_vip_net = %s',
365 cls.lb_member_vip_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]366 if cls.lb_member_vip_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]367 LOG.debug('Octavia Setup: lb_member_vip_subnet = %s',
368 cls.lb_member_vip_subnet[const.ID])
369 LOG.debug('Octavia Setup: lb_member_1_net = %s',
370 cls.lb_member_1_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]371 if cls.lb_member_1_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]372 LOG.debug('Octavia Setup: lb_member_1_subnet = %s',
373 cls.lb_member_1_subnet[const.ID])
374 LOG.debug('Octavia Setup: lb_member_2_net = %s',
375 cls.lb_member_2_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]376 if cls.lb_member_2_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]377 LOG.debug('Octavia Setup: lb_member_2_subnet = %s',
378 cls.lb_member_2_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]379 if CONF.load_balancer.test_with_ipv6:
380 if cls.lb_member_vip_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]381 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = %s',
382 cls.lb_member_vip_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]383 if cls.lb_member_1_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]384 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = %s',
385 cls.lb_member_1_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]386 if cls.lb_member_2_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]387 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = %s',
388 cls.lb_member_2_ipv6_subnet[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]389
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]390 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]391 # Neutron can be slow to clean up ports from the subnets/networks.
392 # Retry this delete a few times if we get a "Conflict" error to give
393 # neutron time to fully cleanup the ports.
394 @tenacity.retry(
395 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
396 wait=tenacity.wait_incrementing(
397 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
398 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
399 def _logging_delete_network(cls, net_id):
400 try:
401 cls.lb_mem_net_client.delete_network(net_id)
402 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]403 LOG.error('Unable to delete network %s. Active ports:', net_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]404 LOG.error(cls.lb_mem_ports_client.list_ports())
405 raise
406
407 @classmethod
408 # Neutron can be slow to clean up ports from the subnets/networks.
409 # Retry this delete a few times if we get a "Conflict" error to give
410 # neutron time to fully cleanup the ports.
411 @tenacity.retry(
412 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
413 wait=tenacity.wait_incrementing(
414 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
415 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
416 def _logging_delete_subnet(cls, subnet_id):
417 try:
418 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
419 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]420 LOG.error('Unable to delete subnet %s. Active ports:', subnet_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]421 LOG.error(cls.lb_mem_ports_client.list_ports())
422 raise
423
424 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]425 def _create_networks(cls):
426 """Creates networks, subnets, and routers used in tests.
427
428 The following are expected to be defined and available to the tests:
429 cls.lb_member_vip_net
430 cls.lb_member_vip_subnet
431 cls.lb_member_vip_ipv6_subnet (optional)
432 cls.lb_member_1_net
433 cls.lb_member_1_subnet
434 cls.lb_member_1_ipv6_subnet (optional)
435 cls.lb_member_2_net
436 cls.lb_member_2_subnet
437 cls.lb_member_2_ipv6_subnet (optional)
438 """
439
440 # Create tenant VIP network
441 network_kwargs = {
442 'name': data_utils.rand_name("lb_member_vip_network")}
443 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]444 # Note: Allowed Address Pairs requires port security
445 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]446 result = cls.lb_mem_net_client.create_network(**network_kwargs)
447 cls.lb_member_vip_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]448 LOG.info('lb_member_vip_net: %s', cls.lb_member_vip_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]449 cls.addClassResourceCleanup(
450 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]451 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]452 cls.lb_mem_net_client.show_network,
453 cls.lb_member_vip_net['id'])
454
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame]455 # Add allocation pool to prevent IP address conflicts with portprober
456 cidr = netaddr.IPNetwork(CONF.load_balancer.vip_subnet_cidr)
457 pool_start = ipaddress.ip_address(str(cidr[101]))
458 pool_end = ipaddress.ip_address(str(cidr[254]))
459 allocation_pools = [{'start': str(pool_start), 'end': str(pool_end)}]
460
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]461 # Create tenant VIP subnet
462 subnet_kwargs = {
463 'name': data_utils.rand_name("lb_member_vip_subnet"),
464 'network_id': cls.lb_member_vip_net['id'],
465 'cidr': CONF.load_balancer.vip_subnet_cidr,
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame]466 'ip_version': 4,
467 'allocation_pools': allocation_pools
468 }
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]469 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
470 cls.lb_member_vip_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]471 LOG.info('lb_member_vip_subnet: %s', cls.lb_member_vip_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]472 cls.addClassResourceCleanup(
473 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]474 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]475 cls.lb_mem_subnet_client.show_subnet,
476 cls.lb_member_vip_subnet['id'])
477
478 # Create tenant VIP IPv6 subnet
479 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]480 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]481 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
482 subnet_kwargs = {
483 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
484 'network_id': cls.lb_member_vip_net['id'],
485 'ip_version': 6}
486
487 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
488 # the subnetpool's cidr is routable from the devstack node
489 # through the default router
490 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
491 if subnetpool_name:
492 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
493 name=subnetpool_name)['subnetpools']
494 if len(subnetpool) == 1:
495 subnetpool = subnetpool[0]
496 subnet_kwargs['subnetpool_id'] = subnetpool['id']
497 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
498
499 if 'subnetpool_id' not in subnet_kwargs:
500 subnet_kwargs['cidr'] = (
501 CONF.load_balancer.vip_ipv6_subnet_cidr)
502
503 result = cls.lb_mem_subnet_client.create_subnet(
504 **subnet_kwargs)
505 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
506 cls.lb_member_vip_ipv6_subnet = result['subnet']
507 cls.addClassResourceCleanup(
508 waiters.wait_for_not_found,
509 cls._logging_delete_subnet,
510 cls.lb_mem_subnet_client.show_subnet,
511 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]512
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]513 LOG.info('lb_member_vip_ipv6_subnet: %s',
514 cls.lb_member_vip_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]515
516 # Create tenant member 1 network
517 network_kwargs = {
518 'name': data_utils.rand_name("lb_member_1_network")}
519 if CONF.network_feature_enabled.port_security:
520 if CONF.load_balancer.enable_security_groups:
521 network_kwargs['port_security_enabled'] = True
522 else:
523 network_kwargs['port_security_enabled'] = False
524 result = cls.lb_mem_net_client.create_network(**network_kwargs)
525 cls.lb_member_1_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]526 LOG.info('lb_member_1_net: %s', cls.lb_member_1_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]527 cls.addClassResourceCleanup(
528 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]529 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]530 cls.lb_mem_net_client.show_network,
531 cls.lb_member_1_net['id'])
532
533 # Create tenant member 1 subnet
534 subnet_kwargs = {
535 'name': data_utils.rand_name("lb_member_1_subnet"),
536 'network_id': cls.lb_member_1_net['id'],
537 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
538 'ip_version': 4}
539 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
540 cls.lb_member_1_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]541 LOG.info('lb_member_1_subnet: %s', cls.lb_member_1_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]542 cls.addClassResourceCleanup(
543 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]544 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]545 cls.lb_mem_subnet_client.show_subnet,
546 cls.lb_member_1_subnet['id'])
547
548 # Create tenant member 1 ipv6 subnet
549 if CONF.load_balancer.test_with_ipv6:
550 subnet_kwargs = {
551 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
552 'network_id': cls.lb_member_1_net['id'],
553 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
554 'ip_version': 6}
555 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]556 cls.lb_member_1_subnet_prefix = (
557 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
558 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]559 assert (cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]560 cls.lb_member_1_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]561 LOG.info('lb_member_1_ipv6_subnet: %s',
562 cls.lb_member_1_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]563 cls.addClassResourceCleanup(
564 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]565 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]566 cls.lb_mem_subnet_client.show_subnet,
567 cls.lb_member_1_ipv6_subnet['id'])
568
569 # Create tenant member 2 network
570 network_kwargs = {
571 'name': data_utils.rand_name("lb_member_2_network")}
572 if CONF.network_feature_enabled.port_security:
573 if CONF.load_balancer.enable_security_groups:
574 network_kwargs['port_security_enabled'] = True
575 else:
576 network_kwargs['port_security_enabled'] = False
577 result = cls.lb_mem_net_client.create_network(**network_kwargs)
578 cls.lb_member_2_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]579 LOG.info('lb_member_2_net: %s', cls.lb_member_2_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]580 cls.addClassResourceCleanup(
581 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]582 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]583 cls.lb_mem_net_client.show_network,
584 cls.lb_member_2_net['id'])
585
586 # Create tenant member 2 subnet
587 subnet_kwargs = {
588 'name': data_utils.rand_name("lb_member_2_subnet"),
589 'network_id': cls.lb_member_2_net['id'],
590 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
591 'ip_version': 4}
592 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
593 cls.lb_member_2_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]594 LOG.info('lb_member_2_subnet: %s', cls.lb_member_2_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]595 cls.addClassResourceCleanup(
596 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]597 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]598 cls.lb_mem_subnet_client.show_subnet,
599 cls.lb_member_2_subnet['id'])
600
601 # Create tenant member 2 ipv6 subnet
602 if CONF.load_balancer.test_with_ipv6:
603 subnet_kwargs = {
604 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
605 'network_id': cls.lb_member_2_net['id'],
606 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
607 'ip_version': 6}
608 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]609 cls.lb_member_2_subnet_prefix = (
610 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
611 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]612 assert (cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]613 cls.lb_member_2_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]614 LOG.info('lb_member_2_ipv6_subnet: %s',
615 cls.lb_member_2_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]616 cls.addClassResourceCleanup(
617 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]618 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]619 cls.lb_mem_subnet_client.show_subnet,
620 cls.lb_member_2_ipv6_subnet['id'])
621
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]622 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]623 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
624 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]625 if not ip_version:
626 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]627 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]628 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]629 while ip_index in cls.used_ips:
630 ip_index = data_utils.rand_int_id(start=10, end=100)
631 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]632 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]633 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]634 if CONF.load_balancer.test_with_noop:
635 lb_vip_address = '198.18.33.33'
636 else:
637 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
638 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
639 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]640 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]641 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]642 if CONF.load_balancer.test_with_noop:
643 lb_vip_address = '2001:db8:33:33:33:33:33:33'
644 else:
645 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
646 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
647 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]648 # If the subnet is IPv6 slaac or dhcpv6-stateless
649 # neutron does not allow a fixed IP
650 if not cls.lb_member_vip_ipv6_subnet_stateful:
651 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]652 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]653 if use_fixed_ip:
654 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]655 if CONF.load_balancer.test_with_noop:
656 lb_kwargs[const.VIP_NETWORK_ID] = (
657 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]658 if ip_version == 6:
659 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]660 else:
661 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
662 lb_kwargs[const.VIP_SUBNET_ID] = None
663
Gregory Thiemongeece5ab42020-10-29 08:46:05 +0100[diff] [blame]664 def _validate_listener_protocol(self, protocol, raise_if_unsupported=True):
665 if (protocol == const.SCTP and
666 not self.mem_listener_client.is_version_supported(
667 self.api_version, '2.23')):
668 if raise_if_unsupported:
669 raise self.skipException('SCTP listener protocol '
670 'is only available on Octavia '
671 'API version 2.23 or newer.')
672 return False
Gleb Zimin8dd3b782024-10-07 12:10:00 +0200[diff] [blame]673 if CONF.load_balancer.provider == 'tungstenfabric':
674 self.check_tf_compatibility(protocol=protocol)
Gregory Thiemongeece5ab42020-10-29 08:46:05 +0100[diff] [blame]675 return True
676
ibumarskovd17e3da2020-09-03 18:21:29 +0400[diff] [blame]677 @classmethod
678 def check_tf_compatibility(cls, protocol=None, algorithm=None):
679 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov62a136d2021-02-03 16:16:42 +0400[diff] [blame]680 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskovd17e3da2020-09-03 18:21:29 +0400[diff] [blame]681 const.TERMINATED_HTTPS]
682 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
683 const.LB_ALGORITHM_LEAST_CONNECTIONS,
684 const.LB_ALGORITHM_SOURCE_IP]
685
686 if algorithm and algorithm not in tf_algorithms:
687 raise cls.skipException(
688 'TungstenFabric does not support {} algorithm.'
689 ''.format(algorithm))
690 if protocol and protocol not in tf_protocols:
691 raise cls.skipException(
692 'TungstenFabric does not support {} protocol.'
693 ''.format(protocol))
694
695 @classmethod
696 def _tf_create_listener(cls, name, proto, port, lb_id):
697 listener_kwargs = {
698 const.NAME: name,
699 const.PROTOCOL: proto,
700 const.PROTOCOL_PORT: port,
701 const.LOADBALANCER_ID: lb_id,
702 }
703 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
704 return listener
705
706 @classmethod
707 def _tf_get_free_port(cls, lb_id):
708 port = 8081
709 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
710 listeners = lb[const.LISTENERS]
711 if not listeners:
712 return port
713 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
714 const.PROTOCOL_PORT] for x in listeners]
715 while port in ports:
716 port = port + 1
717 return port
718
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]719
720class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
721 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]722 def remote_client_args(cls):
723 # In case we're using octavia-tempest-plugin with old tempest releases
724 # (for instance on stable/train) that don't support ssh_key_type, catch
725 # the exception and don't pass any argument
726 args = {}
727 try:
728 args['ssh_key_type'] = CONF.validation.ssh_key_type
729 except cfg.NoSuchOptError:
730 pass
731 return args
732
733 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]734 def resource_setup(cls):
735 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
736 # If validation is disabled in this cloud, we won't be able to
737 # start the webservers, so don't even boot them.
738 if not CONF.validation.run_validation:
739 return
740
741 # Create a keypair for the webservers
742 keypair_name = data_utils.rand_name('lb_member_keypair')
743 result = cls.lb_mem_keypairs_client.create_keypair(
744 name=keypair_name)
745 cls.lb_member_keypair = result['keypair']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]746 LOG.info('lb_member_keypair: %s', cls.lb_member_keypair)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]747 cls.addClassResourceCleanup(
748 waiters.wait_for_not_found,
749 cls.lb_mem_keypairs_client.delete_keypair,
750 cls.lb_mem_keypairs_client.show_keypair,
751 keypair_name)
752
753 if (CONF.load_balancer.enable_security_groups and
754 CONF.network_feature_enabled.port_security):
755 # Set up the security group for the webservers
756 SG_name = data_utils.rand_name('lb_member_SG')
757 cls.lb_member_sec_group = (
758 cls.lb_mem_SG_client.create_security_group(
759 name=SG_name)['security_group'])
760 cls.addClassResourceCleanup(
761 waiters.wait_for_not_found,
762 cls.lb_mem_SG_client.delete_security_group,
763 cls.lb_mem_SG_client.show_security_group,
764 cls.lb_member_sec_group['id'])
765
766 # Create a security group rule to allow 80-81 (test webservers)
767 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
768 direction='ingress',
769 security_group_id=cls.lb_member_sec_group['id'],
770 protocol='tcp',
771 ethertype='IPv4',
772 port_range_min=80,
773 port_range_max=81)['security_group_rule']
774 cls.addClassResourceCleanup(
775 waiters.wait_for_not_found,
776 cls.lb_mem_SGr_client.delete_security_group_rule,
777 cls.lb_mem_SGr_client.show_security_group_rule,
778 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]779 # Create a security group rule to allow UDP 80-81 (test webservers)
780 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
781 direction='ingress',
782 security_group_id=cls.lb_member_sec_group['id'],
783 protocol='udp',
784 ethertype='IPv4',
785 port_range_min=80,
786 port_range_max=81)['security_group_rule']
787 cls.addClassResourceCleanup(
788 waiters.wait_for_not_found,
789 cls.lb_mem_SGr_client.delete_security_group_rule,
790 cls.lb_mem_SGr_client.show_security_group_rule,
791 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]792 # Create a security group rule to allow 443 (test webservers)
793 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
794 direction='ingress',
795 security_group_id=cls.lb_member_sec_group['id'],
796 protocol='tcp',
797 ethertype='IPv4',
798 port_range_min=443,
799 port_range_max=443)['security_group_rule']
800 cls.addClassResourceCleanup(
801 waiters.wait_for_not_found,
802 cls.lb_mem_SGr_client.delete_security_group_rule,
803 cls.lb_mem_SGr_client.show_security_group_rule,
804 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]805 # Create a security group rule to allow 9443 (test webservers)
806 # Used in the pool backend encryption client authentication tests
807 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
808 direction='ingress',
809 security_group_id=cls.lb_member_sec_group['id'],
810 protocol='tcp',
811 ethertype='IPv4',
812 port_range_min=9443,
813 port_range_max=9443)['security_group_rule']
814 cls.addClassResourceCleanup(
815 waiters.wait_for_not_found,
816 cls.lb_mem_SGr_client.delete_security_group_rule,
817 cls.lb_mem_SGr_client.show_security_group_rule,
818 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]819 # Create a security group rule to allow UDP 9999 (test webservers)
820 # Port 9999 is used to illustrate health monitor ERRORs on closed
821 # ports.
822 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
823 direction='ingress',
824 security_group_id=cls.lb_member_sec_group['id'],
825 protocol='udp',
826 ethertype='IPv4',
827 port_range_min=9999,
828 port_range_max=9999)['security_group_rule']
829 cls.addClassResourceCleanup(
830 waiters.wait_for_not_found,
831 cls.lb_mem_SGr_client.delete_security_group_rule,
832 cls.lb_mem_SGr_client.show_security_group_rule,
833 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]834 # Create a security group rule to allow 22 (ssh)
835 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
836 direction='ingress',
837 security_group_id=cls.lb_member_sec_group['id'],
838 protocol='tcp',
839 ethertype='IPv4',
840 port_range_min=22,
841 port_range_max=22)['security_group_rule']
842 cls.addClassResourceCleanup(
843 waiters.wait_for_not_found,
844 cls.lb_mem_SGr_client.delete_security_group_rule,
845 cls.lb_mem_SGr_client.show_security_group_rule,
846 SGr['id'])
847 if CONF.load_balancer.test_with_ipv6:
848 # Create a security group rule to allow 80-81 (test webservers)
849 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
850 direction='ingress',
851 security_group_id=cls.lb_member_sec_group['id'],
852 protocol='tcp',
853 ethertype='IPv6',
854 port_range_min=80,
855 port_range_max=81)['security_group_rule']
856 cls.addClassResourceCleanup(
857 waiters.wait_for_not_found,
858 cls.lb_mem_SGr_client.delete_security_group_rule,
859 cls.lb_mem_SGr_client.show_security_group_rule,
860 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]861 # Create a security group rule to allow UDP 80-81 (test
862 # webservers)
863 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
864 direction='ingress',
865 security_group_id=cls.lb_member_sec_group['id'],
866 protocol='udp',
867 ethertype='IPv6',
868 port_range_min=80,
869 port_range_max=81)['security_group_rule']
870 cls.addClassResourceCleanup(
871 waiters.wait_for_not_found,
872 cls.lb_mem_SGr_client.delete_security_group_rule,
873 cls.lb_mem_SGr_client.show_security_group_rule,
874 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]875 # Create a security group rule to allow 443 (test webservers)
876 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
877 direction='ingress',
878 security_group_id=cls.lb_member_sec_group['id'],
879 protocol='tcp',
880 ethertype='IPv6',
881 port_range_min=443,
882 port_range_max=443)['security_group_rule']
883 cls.addClassResourceCleanup(
884 waiters.wait_for_not_found,
885 cls.lb_mem_SGr_client.delete_security_group_rule,
886 cls.lb_mem_SGr_client.show_security_group_rule,
887 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]888 # Create a security group rule to allow 9443 (test webservers)
889 # Used in the pool encryption client authentication tests
890 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
891 direction='ingress',
892 security_group_id=cls.lb_member_sec_group['id'],
893 protocol='tcp',
894 ethertype='IPv6',
895 port_range_min=9443,
896 port_range_max=9443)['security_group_rule']
897 cls.addClassResourceCleanup(
898 waiters.wait_for_not_found,
899 cls.lb_mem_SGr_client.delete_security_group_rule,
900 cls.lb_mem_SGr_client.show_security_group_rule,
901 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]902 # Create a security group rule to allow 22 (ssh)
903 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
904 direction='ingress',
905 security_group_id=cls.lb_member_sec_group['id'],
906 protocol='tcp',
907 ethertype='IPv6',
908 port_range_min=22,
909 port_range_max=22)['security_group_rule']
910 cls.addClassResourceCleanup(
911 waiters.wait_for_not_found,
912 cls.lb_mem_SGr_client.delete_security_group_rule,
913 cls.lb_mem_SGr_client.show_security_group_rule,
914 SGr['id'])
915
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]916 LOG.info('lb_member_sec_group: %s', cls.lb_member_sec_group)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]917
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]918 # Setup backend member reencryption PKI
919 cls._create_backend_reencryption_pki()
920
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]921 # Create webserver 1 instance
922 server_details = cls._create_webserver('lb_member_webserver1',
923 cls.lb_member_1_net)
924
925 cls.lb_member_webserver1 = server_details['server']
926 cls.webserver1_ip = server_details.get('ipv4_address')
927 cls.webserver1_ipv6 = server_details.get('ipv6_address')
928 cls.webserver1_public_ip = server_details['public_ipv4_address']
929
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]930 LOG.debug('Octavia Setup: lb_member_webserver1 = %s',
931 cls.lb_member_webserver1[const.ID])
932 LOG.debug('Octavia Setup: webserver1_ip = %s', cls.webserver1_ip)
933 LOG.debug('Octavia Setup: webserver1_ipv6 = %s', cls.webserver1_ipv6)
934 LOG.debug('Octavia Setup: webserver1_public_ip = %s',
935 cls.webserver1_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]936
937 # Create webserver 2 instance
938 server_details = cls._create_webserver('lb_member_webserver2',
939 cls.lb_member_2_net)
940
941 cls.lb_member_webserver2 = server_details['server']
942 cls.webserver2_ip = server_details.get('ipv4_address')
943 cls.webserver2_ipv6 = server_details.get('ipv6_address')
944 cls.webserver2_public_ip = server_details['public_ipv4_address']
945
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]946 LOG.debug('Octavia Setup: lb_member_webserver2 = %s',
947 cls.lb_member_webserver2[const.ID])
948 LOG.debug('Octavia Setup: webserver2_ip = %s', cls.webserver2_ip)
949 LOG.debug('Octavia Setup: webserver2_ipv6 = %s', cls.webserver2_ipv6)
950 LOG.debug('Octavia Setup: webserver2_public_ip = %s',
951 cls.webserver2_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]952
Ilya Bumarskoveff9bae2023-03-16 14:12:09 +0400[diff] [blame]953 if (CONF.load_balancer.test_with_ipv6 and not
954 config_octavia.is_tungstenfabric_backend_enabled()):
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]955 # Enable the IPv6 nic in webserver 1
956 cls._enable_ipv6_nic_webserver(
957 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
958 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
959
960 # Enable the IPv6 nic in webserver 2
961 cls._enable_ipv6_nic_webserver(
962 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
963 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
964
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]965 # Set up serving on webserver 1
966 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]967 cls.lb_member_keypair['private_key'],
968 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]969
970 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]971 cls._validate_webserver(cls.webserver1_public_ip,
972 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]973
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]974 # Validate udp server 1
975 cls._validate_udp_server(cls.webserver1_public_ip,
976 cls.webserver1_response)
977
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]978 # Set up serving on webserver 2
979 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]980 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]981 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]982
983 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]984 cls._validate_webserver(cls.webserver2_public_ip,
985 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]986
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]987 # Validate udp server 2
988 cls._validate_udp_server(cls.webserver2_public_ip,
989 cls.webserver2_response)
990
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]991 @classmethod
992 def _create_networks(cls):
993 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]994 # Create a router for the subnets (required for the floating IP)
995 router_name = data_utils.rand_name("lb_member_router")
996 result = cls.lb_mem_routers_client.create_router(
997 name=router_name, admin_state_up=True,
998 external_gateway_info=dict(
999 network_id=CONF.network.public_network_id))
1000 cls.lb_member_router = result['router']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1001 LOG.info('lb_member_router: %s', cls.lb_member_router)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1002 cls.addClassResourceCleanup(
1003 waiters.wait_for_not_found,
1004 cls.lb_mem_routers_client.delete_router,
1005 cls.lb_mem_routers_client.show_router,
1006 cls.lb_member_router['id'])
1007
1008 # Add VIP subnet to router
1009 cls.lb_mem_routers_client.add_router_interface(
1010 cls.lb_member_router['id'],
1011 subnet_id=cls.lb_member_vip_subnet['id'])
1012 cls.addClassResourceCleanup(
1013 waiters.wait_for_not_found,
1014 cls.lb_mem_routers_client.remove_router_interface,
1015 cls.lb_mem_routers_client.remove_router_interface,
1016 cls.lb_member_router['id'],
1017 subnet_id=cls.lb_member_vip_subnet['id'])
1018
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]1019 if (CONF.load_balancer.test_with_ipv6 and
1020 CONF.load_balancer.default_router and
1021 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
1022
1023 router_name = CONF.load_balancer.default_router
1024 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
1025 # plug the subnet into the default router
1026 router = cls.os_admin.routers_client.list_routers(
1027 name=router_name)['routers']
1028
1029 if len(router) == 1:
1030 router = router[0]
1031
1032 # Add IPv6 VIP subnet to router1
1033 cls.os_admin_routers_client.add_router_interface(
1034 router['id'],
1035 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1036 cls.addClassResourceCleanup(
1037 waiters.wait_for_not_found,
1038 cls.os_admin_routers_client.remove_router_interface,
1039 cls.os_admin_routers_client.remove_router_interface,
1040 router['id'],
1041 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1042
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1043 # Add member subnet 1 to router
1044 cls.lb_mem_routers_client.add_router_interface(
1045 cls.lb_member_router['id'],
1046 subnet_id=cls.lb_member_1_subnet['id'])
1047 cls.addClassResourceCleanup(
1048 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1049 cls.lb_mem_routers_client.remove_router_interface,
1050 cls.lb_mem_routers_client.remove_router_interface,
1051 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
1052
1053 # Add member subnet 2 to router
1054 cls.lb_mem_routers_client.add_router_interface(
1055 cls.lb_member_router['id'],
1056 subnet_id=cls.lb_member_2_subnet['id'])
1057 cls.addClassResourceCleanup(
1058 waiters.wait_for_not_found,
1059 cls.lb_mem_routers_client.remove_router_interface,
1060 cls.lb_mem_routers_client.remove_router_interface,
1061 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
1062
1063 @classmethod
1064 def _create_webserver(cls, name, network):
1065 """Creates a webserver with two ports.
1066
1067 webserver_details dictionary contains:
1068 server - The compute server object
1069 ipv4_address - The IPv4 address for the server (optional)
1070 ipv6_address - The IPv6 address for the server (optional)
1071 public_ipv4_address - The publicly accessible IPv4 address for the
1072 server, this may be a floating IP (optional)
1073
1074 :param name: The name of the server to create.
1075 :param network: The network to boot the server on.
1076 :returns: webserver_details dictionary.
1077 """
1078 server_kwargs = {
1079 'name': data_utils.rand_name(name),
1080 'flavorRef': CONF.compute.flavor_ref,
1081 'imageRef': CONF.compute.image_ref,
1082 'key_name': cls.lb_member_keypair['name']}
1083 if (CONF.load_balancer.enable_security_groups and
1084 CONF.network_feature_enabled.port_security):
1085 server_kwargs['security_groups'] = [
1086 {'name': cls.lb_member_sec_group['name']}]
1087 if not CONF.load_balancer.disable_boot_network:
1088 server_kwargs['networks'] = [{'uuid': network['id']}]
1089
1090 # Replace the name for clouds that have limitations
1091 if CONF.load_balancer.random_server_name_length:
1092 r = random.SystemRandom()
1093 server_kwargs['name'] = "m{}".format("".join(
1094 [r.choice(string.ascii_uppercase + string.digits)
1095 for _ in range(
1096 CONF.load_balancer.random_server_name_length - 1)]
1097 ))
1098 if CONF.load_balancer.availability_zone:
1099 server_kwargs['availability_zone'] = (
1100 CONF.load_balancer.availability_zone)
1101
1102 server = cls.lb_mem_servers_client.create_server(
1103 **server_kwargs)['server']
1104 cls.addClassResourceCleanup(
1105 waiters.wait_for_not_found,
1106 cls.lb_mem_servers_client.delete_server,
1107 cls.lb_mem_servers_client.show_server,
1108 server['id'])
1109 server = waiters.wait_for_status(
1110 cls.lb_mem_servers_client.show_server,
1111 server['id'], 'status', 'ACTIVE',
1112 CONF.load_balancer.build_interval,
1113 CONF.load_balancer.build_timeout,
1114 root_tag='server')
1115 webserver_details = {'server': server}
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1116 LOG.info('Created server: %s', server)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1117
1118 addresses = server['addresses']
1119 if CONF.load_balancer.disable_boot_network:
1120 instance_network = addresses.values()[0]
1121 else:
1122 instance_network = addresses[network['name']]
1123 for addr in instance_network:
1124 if addr['version'] == 4:
1125 webserver_details['ipv4_address'] = addr['addr']
1126 if addr['version'] == 6:
1127 webserver_details['ipv6_address'] = addr['addr']
1128
1129 if CONF.validation.connect_method == 'floating':
1130 result = cls.lb_mem_ports_client.list_ports(
1131 network_id=network['id'],
1132 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1133 port_id = result['ports'][0]['id']
Ilya Bumarskoveff9bae2023-03-16 14:12:09 +0400[diff] [blame]1134 if config_octavia.is_tungstenfabric_backend_enabled():
1135 port = result['ports'][0]
1136 fixed_ip = None
1137 for ip in port["fixed_ips"]:
1138 if (type(ipaddress.ip_address(ip["ip_address"])) is
1139 ipaddress.IPv4Address):
1140 fixed_ip = ip["ip_address"]
1141 break
1142 assert fixed_ip is not None, (f"Port doesn't have ipv4 "
1143 f"address: {port['fixed_ips']}")
1144 result = cls.lb_mem_float_ip_client.create_floatingip(
1145 floating_network_id=CONF.network.public_network_id,
1146 port_id=port_id,
1147 fixed_ip_address=fixed_ip)
1148 else:
1149 result = cls.lb_mem_float_ip_client.create_floatingip(
1150 floating_network_id=CONF.network.public_network_id,
1151 port_id=port_id)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1152 floating_ip = result['floatingip']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1153 LOG.info('webserver1_floating_ip: %s', floating_ip)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1154 cls.addClassResourceCleanup(
1155 waiters.wait_for_not_found,
1156 cls.lb_mem_float_ip_client.delete_floatingip,
1157 cls.lb_mem_float_ip_client.show_floatingip,
1158 floatingip_id=floating_ip['id'])
1159 webserver_details['public_ipv4_address'] = (
1160 floating_ip['floating_ip_address'])
1161 else:
1162 webserver_details['public_ipv4_address'] = (
1163 instance_network[0]['addr'])
1164
1165 return webserver_details
1166
1167 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1168 def _get_openssh_version(cls):
1169 p = subprocess.Popen(["ssh", "-V"],
1170 stdout=subprocess.PIPE,
1171 stderr=subprocess.PIPE)
1172 output = p.communicate()[1]
1173
1174 try:
1175 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1176 version_maj = int(m.group(1))
1177 version_min = int(m.group(2))
1178 return version_maj, version_min
1179 except Exception:
1180 return None, None
1181
1182 @classmethod
1183 def _need_scp_protocol(cls):
1184 # When using scp >= 8.7, force the use of the SCP protocol,
1185 # the new default (SFTP protocol) doesn't work with
1186 # cirros VMs.
1187 ssh_version = cls._get_openssh_version()
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1188 LOG.debug("ssh_version = %s", ssh_version)
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1189 return (ssh_version[0] > 8 or
1190 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1191
1192 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1193 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1194 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1195 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1196
1197 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1198 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1199 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1200 linux_client.validate_authentication()
1201
1202 with tempfile.NamedTemporaryFile() as key:
1203 key.write(ssh_key.encode('utf-8'))
1204 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1205 ssh_extra_args = (
1206 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1207 if cls._need_scp_protocol():
1208 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1209 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1210 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1211 "-o StrictHostKeyChecking=no "
1212 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1213 "-i {2} {3} {4}@{5}:{6}").format(
1214 CONF.load_balancer.scp_connection_timeout,
1215 CONF.load_balancer.scp_connection_attempts,
1216 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1217 ip_address, const.TEST_SERVER_BINARY,
1218 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1219 args = shlex.split(cmd)
1220 subprocess_args = {'stdout': subprocess.PIPE,
1221 'stderr': subprocess.STDOUT,
1222 'cwd': None}
1223 proc = subprocess.Popen(args, **subprocess_args)
1224 stdout, stderr = proc.communicate()
1225 if proc.returncode != 0:
1226 raise exceptions.CommandFailed(proc.returncode, cmd,
1227 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1228
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1229 cls._load_member_pki_content(ip_address, key,
1230 revoke_cert=revoke_cert)
1231
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1232 # Enabling memory overcommit allows to run golang static binaries
1233 # compiled with a recent golang toolchain (>=1.11). Those binaries
1234 # allocate a large amount of virtual memory at init time, and this
1235 # allocation fails in tempest's nano flavor (64MB of RAM)
1236 # (golang issue reported in https://github.com/golang/go/issues/28114,
1237 # follow-up: https://github.com/golang/go/issues/28081)
1238 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1239 linux_client.exec_command('sudo sh -c "echo 1 > '
1240 '/proc/sys/vm/overcommit_memory"')
1241
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1242 # The initial process also supports HTTPS and HTTPS with client auth
1243 linux_client.exec_command(
1244 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1245 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1246 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1247 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1248
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1249 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1250 '-id {1}'.format(const.TEST_SERVER_BINARY,
1251 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1252
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1253 # Cirros does not configure the assigned IPv6 address by default
1254 # so enable it manually like tempest does here:
1255 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1256 @classmethod
1257 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1258 ipv6_address, ipv6_prefix):
1259 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1260 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1261 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1262 linux_client.validate_authentication()
1263
1264 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1265 'eth0'.format(ipv6_address, ipv6_prefix))
1266
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1267 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1268 def _validate_webserver(cls, ip_address, start_id):
1269 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1270 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1271 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1272 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1273
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1274 @classmethod
1275 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1276 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1277 if res != str(start_id):
1278 raise Exception("Response from test server doesn't match the "
1279 "expected value ({0} != {1}).".format(
1280 res, str(start_id)))
1281
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1282 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1283 if res != str(start_id + 1):
1284 raise Exception("Response from test server doesn't match the "
1285 "expected value ({0} != {1}).".format(
1286 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1287
1288 @classmethod
1289 def _create_backend_reencryption_pki(cls):
1290 # Create a CA self-signed cert and key for the member test servers
1291 cls.member_ca_cert, cls.member_ca_key = (
1292 cert_utils.generate_ca_cert_and_key())
1293
1294 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1295 serialization.Encoding.PEM))
1296 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1297 encoding=serialization.Encoding.PEM,
1298 format=serialization.PrivateFormat.TraditionalOpenSSL,
1299 encryption_algorithm=serialization.NoEncryption()))
1300 LOG.debug('Member CA public Key: %s',
1301 cls.member_ca_key.public_key().public_bytes(
1302 encoding=serialization.Encoding.PEM,
1303 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1304
1305 # Create the member client authentication CA
1306 cls.member_client_ca_cert, member_client_ca_key = (
1307 cert_utils.generate_ca_cert_and_key())
1308
1309 # Create client cert and key
1310 cls.member_client_cn = uuidutils.generate_uuid()
1311 cls.member_client_cert, cls.member_client_key = (
1312 cert_utils.generate_client_cert_and_key(
1313 cls.member_client_ca_cert, member_client_ca_key,
1314 cls.member_client_cn))
1315 # Note: We are not revoking a client cert here as we don't need to
1316 # test the backend web server CRL checking.
1317
1318 @classmethod
1319 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1320 # Create webserver certificate and key
1321 cert, key = cert_utils.generate_server_cert_and_key(
1322 cls.member_ca_cert, cls.member_ca_key, ip_address)
1323
1324 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1325 serialization.Encoding.PEM))
1326 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1327 encoding=serialization.Encoding.PEM,
1328 format=serialization.PrivateFormat.TraditionalOpenSSL,
1329 encryption_algorithm=serialization.NoEncryption()))
1330 public_key = key.public_key()
1331 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1332 encoding=serialization.Encoding.PEM,
1333 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1334
1335 # Create a CRL with a revoked certificate
1336 if revoke_cert:
1337 # Create a CRL with webserver 2 revoked
1338 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1339 cls.member_ca_cert, cls.member_ca_key, cert)
1340
1341 # Load the certificate, key, and client CA certificate into the
1342 # test server.
1343 with tempfile.TemporaryDirectory() as tmpdir:
1344 os.umask(0)
1345 files_to_send = []
1346 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1347 files_to_send.append(cert_filename)
1348 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1349 0o700), 'w') as fh:
1350 fh.write(cert.public_bytes(
1351 serialization.Encoding.PEM).decode('utf-8'))
1352 fh.flush()
1353 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1354 files_to_send.append(key_filename)
1355 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1356 0o700), 'w') as fh:
1357 fh.write(key.private_bytes(
1358 encoding=serialization.Encoding.PEM,
1359 format=serialization.PrivateFormat.TraditionalOpenSSL,
1360 encryption_algorithm=serialization.NoEncryption()).decode(
1361 'utf-8'))
1362 fh.flush()
1363 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1364 files_to_send.append(client_ca_filename)
1365 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1366 0o700), 'w') as fh:
1367 fh.write(cls.member_client_ca_cert.public_bytes(
1368 serialization.Encoding.PEM).decode('utf-8'))
1369 fh.flush()
1370
1371 # For security, we don't want to use a shell that can glob
1372 # the file names, so iterate over them.
1373 subprocess_args = {'stdout': subprocess.PIPE,
1374 'stderr': subprocess.STDOUT,
1375 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1376 ssh_extra_args = (
1377 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1378 if cls._need_scp_protocol():
1379 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1380 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1381 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1382 "-o StrictHostKeyChecking=no "
1383 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1384 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1385 CONF.load_balancer.scp_connection_timeout,
1386 CONF.load_balancer.scp_connection_attempts,
1387 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1388 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1389 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1390 args = shlex.split(cmd)
1391 proc = subprocess.Popen(args, **subprocess_args)
1392 stdout, stderr = proc.communicate()
1393 if proc.returncode != 0:
1394 raise exceptions.CommandFailed(proc.returncode, cmd,
1395 stdout, stderr)