Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 530a88a434400c2255e43b0993c36ea1a6778e17 / . / octavia_tempest_plugin / tests / test_base.py
blob: f0477f48f89cd62f515f4fe5e491fafc613958ae [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]18import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import string
21import subprocess
22import tempfile
23
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]24from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]25from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]26from oslo_log import log as logging
27from oslo_utils import uuidutils
28from tempest import config
29from tempest.lib.common.utils import data_utils
30from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]31from tempest.lib import exceptions
32from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]33import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]35from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]37from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]38from octavia_tempest_plugin.tests import validators
39from octavia_tempest_plugin.tests import waiters
40
41CONF = config.CONF
42LOG = logging.getLogger(__name__)
43
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]44RETRY_ATTEMPTS = 15
45RETRY_INITIAL_DELAY = 1
46RETRY_BACKOFF = 1
47RETRY_MAX = 5
48
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]49
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]50class LoadBalancerBaseTest(validators.ValidatorsMixin,
51 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]52 """Base class for load balancer tests."""
53
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]54 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
55 credentials = [
56 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
57 ['lb_member', CONF.load_balancer.member_role],
58 ['lb_member2', CONF.load_balancer.member_role]]
59 elif CONF.load_balancer.enforce_new_defaults:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]60 credentials = [
61 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
62 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
63 ['lb_global_observer', CONF.load_balancer.global_observer_role,
64 'reader'],
65 ['lb_member', CONF.load_balancer.member_role, 'member'],
66 ['lb_member2', CONF.load_balancer.member_role, 'member'],
67 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
68 else:
69 credentials = [
70 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
71 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
72 ['lb_global_observer', CONF.load_balancer.global_observer_role,
73 'reader'],
74 ['lb_member', CONF.load_balancer.member_role],
75 ['lb_member2', CONF.load_balancer.member_role]]
76
77 # If scope enforcement is enabled, add in the system scope credentials.
78 # The project scope is already handled by the above credentials.
79 if CONF.enforce_scope.octavia:
80 credentials.extend(['system_admin', 'system_reader'])
81
82 # A tuple of credentials that will be allocated by tempest using the
83 # 'credentials' list above. These are used to build RBAC test lists.
84 allocated_creds = []
85 for cred in credentials:
86 if isinstance(cred, list):
87 allocated_creds.append('os_roles_' + cred[0])
88 else:
89 allocated_creds.append('os_' + cred)
90 # Tests shall not mess with the list of allocated credentials
91 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]92
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]93 webserver1_response = 1
94 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]95 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]96
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]97 SRC_PORT_NUMBER_MIN = 32768
98 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]99 src_port_number = SRC_PORT_NUMBER_MIN
100
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]101 @classmethod
102 def skip_checks(cls):
103 """Check if we should skip all of the children tests."""
104 super(LoadBalancerBaseTest, cls).skip_checks()
105
106 service_list = {
107 'load_balancer': CONF.service_available.load_balancer,
108 }
109
110 live_service_list = {
111 'compute': CONF.service_available.nova,
112 'image': CONF.service_available.glance,
113 'neutron': CONF.service_available.neutron
114 }
115
116 if not CONF.load_balancer.test_with_noop:
117 service_list.update(live_service_list)
118
119 for service, available in service_list.items():
120 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]121 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]122 "available.".format(cls.__name__, service))
123 raise cls.skipException(skip_msg)
124
125 # We must be able to reach our VIP and instances
126 if not (CONF.network.project_networks_reachable
127 or CONF.network.public_network_id):
128 msg = ('Either project_networks_reachable must be "true", or '
129 'public_network_id must be defined.')
130 raise cls.skipException(msg)
131
132 @classmethod
133 def setup_credentials(cls):
134 """Setup test credentials and network resources."""
135 # Do not auto create network resources
136 cls.set_network_resources()
137 super(LoadBalancerBaseTest, cls).setup_credentials()
138
Bas de Bruijne530a88a2022-12-15 11:12:45 -0400[diff] [blame^]139 if not CONF.load_balancer.log_user_roles:
140 return
141
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]142 # Log the user roles for this test run
143 role_name_cache = {}
144 for cred in cls.credentials:
145 user_roles = []
146 if isinstance(cred, list):
147 user_name = cred[0]
148 cred_obj = getattr(cls, 'os_roles_' + cred[0])
149 else:
150 user_name = cred
151 cred_obj = getattr(cls, 'os_' + cred)
152 params = {'user.id': cred_obj.credentials.user_id,
153 'project.id': cred_obj.credentials.project_id}
154 roles = cls.os_admin.role_assignments_client.list_role_assignments(
155 **params)['role_assignments']
156 for role in roles:
157 role_id = role['role']['id']
158 try:
159 role_name = role_name_cache[role_id]
160 except KeyError:
161 role_name = cls.os_admin.roles_v3_client.show_role(
162 role_id)['role']['name']
163 role_name_cache[role_id] = role_name
164 user_roles.append([role_name, role['scope']])
165 LOG.info("User %s has roles: %s", user_name, user_roles)
166
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]167 @classmethod
168 def setup_clients(cls):
169 """Setup client aliases."""
170 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]171 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]172 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
173 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
174 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
175 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
176 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
177 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
178 cls.lb_mem_SGr_client = (
179 cls.os_roles_lb_member.security_group_rules_client)
180 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
181 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]182 cls.mem_lb_client = (
183 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
184 cls.mem_listener_client = (
185 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
186 cls.mem_pool_client = (
187 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
188 cls.mem_member_client = (
189 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]190 cls.mem_healthmonitor_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]191 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
192 cls.mem_l7policy_client = (
193 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
194 cls.mem_l7rule_client = (
195 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
196 cls.lb_admin_amphora_client = lb_admin_prefix.AmphoraClient()
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]197 cls.lb_admin_flavor_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]198 lb_admin_prefix.FlavorProfileClient())
199 cls.lb_admin_flavor_client = lb_admin_prefix.FlavorClient()
200 cls.mem_flavor_client = (
201 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
202 cls.mem_provider_client = (
203 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]204 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]205 cls.os_admin_routers_client = cls.os_admin.routers_client
206 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]207 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]208 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]209 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]210 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]211 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]212 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]213 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]214 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]215 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]216 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]217
218 @classmethod
219 def resource_setup(cls):
220 """Setup resources needed by the tests."""
221 super(LoadBalancerBaseTest, cls).resource_setup()
222
223 conf_lb = CONF.load_balancer
224
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]225 cls.api_version = cls.mem_lb_client.get_max_api_version()
226
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]227 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
228 raise exceptions.InvalidConfiguration(
229 "Configuration value test_network_override must be "
230 "specified if test_subnet_override is used.")
231
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]232 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]233 # Get loadbalancing algorithms supported by provider driver.
234 try:
235 algorithms = const.SUPPORTED_LB_ALGORITHMS[
236 CONF.load_balancer.provider]
237 except KeyError:
238 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
239 # Set default algorithm as first from the list.
240 cls.lb_algorithm = algorithms[0]
241
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]242 show_subnet = cls.lb_mem_subnet_client.show_subnet
243 if CONF.load_balancer.test_with_noop:
244 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
245 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
246 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
247 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
248 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
249 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
250 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]251 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]252 cls.lb_member_vip_ipv6_subnet = {'id':
253 uuidutils.generate_uuid()}
254 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
255 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]256 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]257 return
258 elif CONF.load_balancer.test_network_override:
259 if conf_lb.test_subnet_override:
260 override_subnet = show_subnet(conf_lb.test_subnet_override)
261 else:
262 override_subnet = None
263
264 show_net = cls.lb_mem_net_client.show_network
265 override_network = show_net(conf_lb.test_network_override)
266 override_network = override_network.get('network')
267
268 cls.lb_member_vip_net = override_network
269 cls.lb_member_vip_subnet = override_subnet
270 cls.lb_member_1_net = override_network
271 cls.lb_member_1_subnet = override_subnet
272 cls.lb_member_2_net = override_network
273 cls.lb_member_2_subnet = override_subnet
274
275 if (CONF.load_balancer.test_with_ipv6 and
276 conf_lb.test_IPv6_subnet_override):
277 override_ipv6_subnet = show_subnet(
278 conf_lb.test_IPv6_subnet_override)
279 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
280 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
281 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]282 cls.lb_member_vip_ipv6_subnet_stateful = False
283 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
284 'dhcpv6-stateful'):
285 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]286 else:
287 cls.lb_member_vip_ipv6_subnet = None
288 cls.lb_member_1_ipv6_subnet = None
289 cls.lb_member_2_ipv6_subnet = None
290 else:
291 cls._create_networks()
292
293 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
294 cls.lb_member_vip_net[const.ID]))
295 if cls.lb_member_vip_subnet:
296 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
297 cls.lb_member_vip_subnet[const.ID]))
298 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
299 cls.lb_member_1_net[const.ID]))
300 if cls.lb_member_1_subnet:
301 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
302 cls.lb_member_1_subnet[const.ID]))
303 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
304 cls.lb_member_2_net[const.ID]))
305 if cls.lb_member_2_subnet:
306 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
307 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]308 if CONF.load_balancer.test_with_ipv6:
309 if cls.lb_member_vip_ipv6_subnet:
310 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
311 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
312 if cls.lb_member_1_ipv6_subnet:
313 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
314 cls.lb_member_1_ipv6_subnet[const.ID]))
315 if cls.lb_member_2_ipv6_subnet:
316 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
317 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]318
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]319 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]320 # Neutron can be slow to clean up ports from the subnets/networks.
321 # Retry this delete a few times if we get a "Conflict" error to give
322 # neutron time to fully cleanup the ports.
323 @tenacity.retry(
324 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
325 wait=tenacity.wait_incrementing(
326 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
327 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
328 def _logging_delete_network(cls, net_id):
329 try:
330 cls.lb_mem_net_client.delete_network(net_id)
331 except Exception:
332 LOG.error('Unable to delete network {}. Active ports:'.format(
333 net_id))
334 LOG.error(cls.lb_mem_ports_client.list_ports())
335 raise
336
337 @classmethod
338 # Neutron can be slow to clean up ports from the subnets/networks.
339 # Retry this delete a few times if we get a "Conflict" error to give
340 # neutron time to fully cleanup the ports.
341 @tenacity.retry(
342 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
343 wait=tenacity.wait_incrementing(
344 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
345 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
346 def _logging_delete_subnet(cls, subnet_id):
347 try:
348 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
349 except Exception:
350 LOG.error('Unable to delete subnet {}. Active ports:'.format(
351 subnet_id))
352 LOG.error(cls.lb_mem_ports_client.list_ports())
353 raise
354
355 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]356 def _create_networks(cls):
357 """Creates networks, subnets, and routers used in tests.
358
359 The following are expected to be defined and available to the tests:
360 cls.lb_member_vip_net
361 cls.lb_member_vip_subnet
362 cls.lb_member_vip_ipv6_subnet (optional)
363 cls.lb_member_1_net
364 cls.lb_member_1_subnet
365 cls.lb_member_1_ipv6_subnet (optional)
366 cls.lb_member_2_net
367 cls.lb_member_2_subnet
368 cls.lb_member_2_ipv6_subnet (optional)
369 """
370
371 # Create tenant VIP network
372 network_kwargs = {
373 'name': data_utils.rand_name("lb_member_vip_network")}
374 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]375 # Note: Allowed Address Pairs requires port security
376 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]377 result = cls.lb_mem_net_client.create_network(**network_kwargs)
378 cls.lb_member_vip_net = result['network']
379 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
380 cls.addClassResourceCleanup(
381 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]382 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]383 cls.lb_mem_net_client.show_network,
384 cls.lb_member_vip_net['id'])
385
386 # Create tenant VIP subnet
387 subnet_kwargs = {
388 'name': data_utils.rand_name("lb_member_vip_subnet"),
389 'network_id': cls.lb_member_vip_net['id'],
390 'cidr': CONF.load_balancer.vip_subnet_cidr,
391 'ip_version': 4}
392 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
393 cls.lb_member_vip_subnet = result['subnet']
394 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
395 cls.addClassResourceCleanup(
396 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]397 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]398 cls.lb_mem_subnet_client.show_subnet,
399 cls.lb_member_vip_subnet['id'])
400
401 # Create tenant VIP IPv6 subnet
402 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]403 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]404 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
405 subnet_kwargs = {
406 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
407 'network_id': cls.lb_member_vip_net['id'],
408 'ip_version': 6}
409
410 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
411 # the subnetpool's cidr is routable from the devstack node
412 # through the default router
413 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
414 if subnetpool_name:
415 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
416 name=subnetpool_name)['subnetpools']
417 if len(subnetpool) == 1:
418 subnetpool = subnetpool[0]
419 subnet_kwargs['subnetpool_id'] = subnetpool['id']
420 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
421
422 if 'subnetpool_id' not in subnet_kwargs:
423 subnet_kwargs['cidr'] = (
424 CONF.load_balancer.vip_ipv6_subnet_cidr)
425
426 result = cls.lb_mem_subnet_client.create_subnet(
427 **subnet_kwargs)
428 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
429 cls.lb_member_vip_ipv6_subnet = result['subnet']
430 cls.addClassResourceCleanup(
431 waiters.wait_for_not_found,
432 cls._logging_delete_subnet,
433 cls.lb_mem_subnet_client.show_subnet,
434 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]435
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]436 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
437 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]438
439 # Create tenant member 1 network
440 network_kwargs = {
441 'name': data_utils.rand_name("lb_member_1_network")}
442 if CONF.network_feature_enabled.port_security:
443 if CONF.load_balancer.enable_security_groups:
444 network_kwargs['port_security_enabled'] = True
445 else:
446 network_kwargs['port_security_enabled'] = False
447 result = cls.lb_mem_net_client.create_network(**network_kwargs)
448 cls.lb_member_1_net = result['network']
449 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
450 cls.addClassResourceCleanup(
451 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]452 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]453 cls.lb_mem_net_client.show_network,
454 cls.lb_member_1_net['id'])
455
456 # Create tenant member 1 subnet
457 subnet_kwargs = {
458 'name': data_utils.rand_name("lb_member_1_subnet"),
459 'network_id': cls.lb_member_1_net['id'],
460 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
461 'ip_version': 4}
462 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
463 cls.lb_member_1_subnet = result['subnet']
464 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
465 cls.addClassResourceCleanup(
466 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]467 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]468 cls.lb_mem_subnet_client.show_subnet,
469 cls.lb_member_1_subnet['id'])
470
471 # Create tenant member 1 ipv6 subnet
472 if CONF.load_balancer.test_with_ipv6:
473 subnet_kwargs = {
474 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
475 'network_id': cls.lb_member_1_net['id'],
476 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
477 'ip_version': 6}
478 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]479 cls.lb_member_1_subnet_prefix = (
480 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
481 )
482 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]483 cls.lb_member_1_ipv6_subnet = result['subnet']
484 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
485 cls.lb_member_1_ipv6_subnet))
486 cls.addClassResourceCleanup(
487 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]488 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]489 cls.lb_mem_subnet_client.show_subnet,
490 cls.lb_member_1_ipv6_subnet['id'])
491
492 # Create tenant member 2 network
493 network_kwargs = {
494 'name': data_utils.rand_name("lb_member_2_network")}
495 if CONF.network_feature_enabled.port_security:
496 if CONF.load_balancer.enable_security_groups:
497 network_kwargs['port_security_enabled'] = True
498 else:
499 network_kwargs['port_security_enabled'] = False
500 result = cls.lb_mem_net_client.create_network(**network_kwargs)
501 cls.lb_member_2_net = result['network']
502 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
503 cls.addClassResourceCleanup(
504 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]505 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]506 cls.lb_mem_net_client.show_network,
507 cls.lb_member_2_net['id'])
508
509 # Create tenant member 2 subnet
510 subnet_kwargs = {
511 'name': data_utils.rand_name("lb_member_2_subnet"),
512 'network_id': cls.lb_member_2_net['id'],
513 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
514 'ip_version': 4}
515 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
516 cls.lb_member_2_subnet = result['subnet']
517 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
518 cls.addClassResourceCleanup(
519 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]520 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]521 cls.lb_mem_subnet_client.show_subnet,
522 cls.lb_member_2_subnet['id'])
523
524 # Create tenant member 2 ipv6 subnet
525 if CONF.load_balancer.test_with_ipv6:
526 subnet_kwargs = {
527 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
528 'network_id': cls.lb_member_2_net['id'],
529 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
530 'ip_version': 6}
531 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]532 cls.lb_member_2_subnet_prefix = (
533 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
534 )
535 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]536 cls.lb_member_2_ipv6_subnet = result['subnet']
537 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
538 cls.lb_member_2_ipv6_subnet))
539 cls.addClassResourceCleanup(
540 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]541 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]542 cls.lb_mem_subnet_client.show_subnet,
543 cls.lb_member_2_ipv6_subnet['id'])
544
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]545 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]546 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
547 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]548 if not ip_version:
549 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]550 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]551 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]552 while ip_index in cls.used_ips:
553 ip_index = data_utils.rand_int_id(start=10, end=100)
554 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]555 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]556 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]557 if CONF.load_balancer.test_with_noop:
558 lb_vip_address = '198.18.33.33'
559 else:
560 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
561 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
562 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]563 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]564 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]565 if CONF.load_balancer.test_with_noop:
566 lb_vip_address = '2001:db8:33:33:33:33:33:33'
567 else:
568 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
569 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
570 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]571 # If the subnet is IPv6 slaac or dhcpv6-stateless
572 # neutron does not allow a fixed IP
573 if not cls.lb_member_vip_ipv6_subnet_stateful:
574 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]575 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]576 if use_fixed_ip:
577 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]578 if CONF.load_balancer.test_with_noop:
579 lb_kwargs[const.VIP_NETWORK_ID] = (
580 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]581 if ip_version == 6:
582 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]583 else:
584 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
585 lb_kwargs[const.VIP_SUBNET_ID] = None
586
587
588class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
589 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]590 def remote_client_args(cls):
591 # In case we're using octavia-tempest-plugin with old tempest releases
592 # (for instance on stable/train) that don't support ssh_key_type, catch
593 # the exception and don't pass any argument
594 args = {}
595 try:
596 args['ssh_key_type'] = CONF.validation.ssh_key_type
597 except cfg.NoSuchOptError:
598 pass
599 return args
600
601 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]602 def resource_setup(cls):
603 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
604 # If validation is disabled in this cloud, we won't be able to
605 # start the webservers, so don't even boot them.
606 if not CONF.validation.run_validation:
607 return
608
609 # Create a keypair for the webservers
610 keypair_name = data_utils.rand_name('lb_member_keypair')
611 result = cls.lb_mem_keypairs_client.create_keypair(
612 name=keypair_name)
613 cls.lb_member_keypair = result['keypair']
614 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
615 cls.addClassResourceCleanup(
616 waiters.wait_for_not_found,
617 cls.lb_mem_keypairs_client.delete_keypair,
618 cls.lb_mem_keypairs_client.show_keypair,
619 keypair_name)
620
621 if (CONF.load_balancer.enable_security_groups and
622 CONF.network_feature_enabled.port_security):
623 # Set up the security group for the webservers
624 SG_name = data_utils.rand_name('lb_member_SG')
625 cls.lb_member_sec_group = (
626 cls.lb_mem_SG_client.create_security_group(
627 name=SG_name)['security_group'])
628 cls.addClassResourceCleanup(
629 waiters.wait_for_not_found,
630 cls.lb_mem_SG_client.delete_security_group,
631 cls.lb_mem_SG_client.show_security_group,
632 cls.lb_member_sec_group['id'])
633
634 # Create a security group rule to allow 80-81 (test webservers)
635 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
636 direction='ingress',
637 security_group_id=cls.lb_member_sec_group['id'],
638 protocol='tcp',
639 ethertype='IPv4',
640 port_range_min=80,
641 port_range_max=81)['security_group_rule']
642 cls.addClassResourceCleanup(
643 waiters.wait_for_not_found,
644 cls.lb_mem_SGr_client.delete_security_group_rule,
645 cls.lb_mem_SGr_client.show_security_group_rule,
646 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]647 # Create a security group rule to allow UDP 80-81 (test webservers)
648 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
649 direction='ingress',
650 security_group_id=cls.lb_member_sec_group['id'],
651 protocol='udp',
652 ethertype='IPv4',
653 port_range_min=80,
654 port_range_max=81)['security_group_rule']
655 cls.addClassResourceCleanup(
656 waiters.wait_for_not_found,
657 cls.lb_mem_SGr_client.delete_security_group_rule,
658 cls.lb_mem_SGr_client.show_security_group_rule,
659 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]660 # Create a security group rule to allow 443 (test webservers)
661 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
662 direction='ingress',
663 security_group_id=cls.lb_member_sec_group['id'],
664 protocol='tcp',
665 ethertype='IPv4',
666 port_range_min=443,
667 port_range_max=443)['security_group_rule']
668 cls.addClassResourceCleanup(
669 waiters.wait_for_not_found,
670 cls.lb_mem_SGr_client.delete_security_group_rule,
671 cls.lb_mem_SGr_client.show_security_group_rule,
672 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]673 # Create a security group rule to allow 9443 (test webservers)
674 # Used in the pool backend encryption client authentication tests
675 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
676 direction='ingress',
677 security_group_id=cls.lb_member_sec_group['id'],
678 protocol='tcp',
679 ethertype='IPv4',
680 port_range_min=9443,
681 port_range_max=9443)['security_group_rule']
682 cls.addClassResourceCleanup(
683 waiters.wait_for_not_found,
684 cls.lb_mem_SGr_client.delete_security_group_rule,
685 cls.lb_mem_SGr_client.show_security_group_rule,
686 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]687 # Create a security group rule to allow UDP 9999 (test webservers)
688 # Port 9999 is used to illustrate health monitor ERRORs on closed
689 # ports.
690 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
691 direction='ingress',
692 security_group_id=cls.lb_member_sec_group['id'],
693 protocol='udp',
694 ethertype='IPv4',
695 port_range_min=9999,
696 port_range_max=9999)['security_group_rule']
697 cls.addClassResourceCleanup(
698 waiters.wait_for_not_found,
699 cls.lb_mem_SGr_client.delete_security_group_rule,
700 cls.lb_mem_SGr_client.show_security_group_rule,
701 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]702 # Create a security group rule to allow 22 (ssh)
703 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
704 direction='ingress',
705 security_group_id=cls.lb_member_sec_group['id'],
706 protocol='tcp',
707 ethertype='IPv4',
708 port_range_min=22,
709 port_range_max=22)['security_group_rule']
710 cls.addClassResourceCleanup(
711 waiters.wait_for_not_found,
712 cls.lb_mem_SGr_client.delete_security_group_rule,
713 cls.lb_mem_SGr_client.show_security_group_rule,
714 SGr['id'])
715 if CONF.load_balancer.test_with_ipv6:
716 # Create a security group rule to allow 80-81 (test webservers)
717 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
718 direction='ingress',
719 security_group_id=cls.lb_member_sec_group['id'],
720 protocol='tcp',
721 ethertype='IPv6',
722 port_range_min=80,
723 port_range_max=81)['security_group_rule']
724 cls.addClassResourceCleanup(
725 waiters.wait_for_not_found,
726 cls.lb_mem_SGr_client.delete_security_group_rule,
727 cls.lb_mem_SGr_client.show_security_group_rule,
728 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]729 # Create a security group rule to allow UDP 80-81 (test
730 # webservers)
731 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
732 direction='ingress',
733 security_group_id=cls.lb_member_sec_group['id'],
734 protocol='udp',
735 ethertype='IPv6',
736 port_range_min=80,
737 port_range_max=81)['security_group_rule']
738 cls.addClassResourceCleanup(
739 waiters.wait_for_not_found,
740 cls.lb_mem_SGr_client.delete_security_group_rule,
741 cls.lb_mem_SGr_client.show_security_group_rule,
742 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]743 # Create a security group rule to allow 443 (test webservers)
744 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
745 direction='ingress',
746 security_group_id=cls.lb_member_sec_group['id'],
747 protocol='tcp',
748 ethertype='IPv6',
749 port_range_min=443,
750 port_range_max=443)['security_group_rule']
751 cls.addClassResourceCleanup(
752 waiters.wait_for_not_found,
753 cls.lb_mem_SGr_client.delete_security_group_rule,
754 cls.lb_mem_SGr_client.show_security_group_rule,
755 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]756 # Create a security group rule to allow 9443 (test webservers)
757 # Used in the pool encryption client authentication tests
758 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
759 direction='ingress',
760 security_group_id=cls.lb_member_sec_group['id'],
761 protocol='tcp',
762 ethertype='IPv6',
763 port_range_min=9443,
764 port_range_max=9443)['security_group_rule']
765 cls.addClassResourceCleanup(
766 waiters.wait_for_not_found,
767 cls.lb_mem_SGr_client.delete_security_group_rule,
768 cls.lb_mem_SGr_client.show_security_group_rule,
769 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]770 # Create a security group rule to allow 22 (ssh)
771 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
772 direction='ingress',
773 security_group_id=cls.lb_member_sec_group['id'],
774 protocol='tcp',
775 ethertype='IPv6',
776 port_range_min=22,
777 port_range_max=22)['security_group_rule']
778 cls.addClassResourceCleanup(
779 waiters.wait_for_not_found,
780 cls.lb_mem_SGr_client.delete_security_group_rule,
781 cls.lb_mem_SGr_client.show_security_group_rule,
782 SGr['id'])
783
784 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
785
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]786 # Setup backend member reencryption PKI
787 cls._create_backend_reencryption_pki()
788
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]789 # Create webserver 1 instance
790 server_details = cls._create_webserver('lb_member_webserver1',
791 cls.lb_member_1_net)
792
793 cls.lb_member_webserver1 = server_details['server']
794 cls.webserver1_ip = server_details.get('ipv4_address')
795 cls.webserver1_ipv6 = server_details.get('ipv6_address')
796 cls.webserver1_public_ip = server_details['public_ipv4_address']
797
798 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
799 cls.lb_member_webserver1[const.ID]))
800 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
801 cls.webserver1_ip))
802 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
803 cls.webserver1_ipv6))
804 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
805 cls.webserver1_public_ip))
806
807 # Create webserver 2 instance
808 server_details = cls._create_webserver('lb_member_webserver2',
809 cls.lb_member_2_net)
810
811 cls.lb_member_webserver2 = server_details['server']
812 cls.webserver2_ip = server_details.get('ipv4_address')
813 cls.webserver2_ipv6 = server_details.get('ipv6_address')
814 cls.webserver2_public_ip = server_details['public_ipv4_address']
815
816 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
817 cls.lb_member_webserver2[const.ID]))
818 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
819 cls.webserver2_ip))
820 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
821 cls.webserver2_ipv6))
822 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
823 cls.webserver2_public_ip))
824
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]825 if CONF.load_balancer.test_with_ipv6:
826 # Enable the IPv6 nic in webserver 1
827 cls._enable_ipv6_nic_webserver(
828 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
829 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
830
831 # Enable the IPv6 nic in webserver 2
832 cls._enable_ipv6_nic_webserver(
833 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
834 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
835
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]836 # Set up serving on webserver 1
837 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]838 cls.lb_member_keypair['private_key'],
839 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]840
841 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]842 cls._validate_webserver(cls.webserver1_public_ip,
843 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]844
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]845 # Validate udp server 1
846 cls._validate_udp_server(cls.webserver1_public_ip,
847 cls.webserver1_response)
848
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]849 # Set up serving on webserver 2
850 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]851 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]852 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]853
854 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]855 cls._validate_webserver(cls.webserver2_public_ip,
856 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]857
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]858 # Validate udp server 2
859 cls._validate_udp_server(cls.webserver2_public_ip,
860 cls.webserver2_response)
861
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]862 @classmethod
863 def _create_networks(cls):
864 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]865 # Create a router for the subnets (required for the floating IP)
866 router_name = data_utils.rand_name("lb_member_router")
867 result = cls.lb_mem_routers_client.create_router(
868 name=router_name, admin_state_up=True,
869 external_gateway_info=dict(
870 network_id=CONF.network.public_network_id))
871 cls.lb_member_router = result['router']
872 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
873 cls.addClassResourceCleanup(
874 waiters.wait_for_not_found,
875 cls.lb_mem_routers_client.delete_router,
876 cls.lb_mem_routers_client.show_router,
877 cls.lb_member_router['id'])
878
879 # Add VIP subnet to router
880 cls.lb_mem_routers_client.add_router_interface(
881 cls.lb_member_router['id'],
882 subnet_id=cls.lb_member_vip_subnet['id'])
883 cls.addClassResourceCleanup(
884 waiters.wait_for_not_found,
885 cls.lb_mem_routers_client.remove_router_interface,
886 cls.lb_mem_routers_client.remove_router_interface,
887 cls.lb_member_router['id'],
888 subnet_id=cls.lb_member_vip_subnet['id'])
889
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]890 if (CONF.load_balancer.test_with_ipv6 and
891 CONF.load_balancer.default_router and
892 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
893
894 router_name = CONF.load_balancer.default_router
895 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
896 # plug the subnet into the default router
897 router = cls.os_admin.routers_client.list_routers(
898 name=router_name)['routers']
899
900 if len(router) == 1:
901 router = router[0]
902
903 # Add IPv6 VIP subnet to router1
904 cls.os_admin_routers_client.add_router_interface(
905 router['id'],
906 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
907 cls.addClassResourceCleanup(
908 waiters.wait_for_not_found,
909 cls.os_admin_routers_client.remove_router_interface,
910 cls.os_admin_routers_client.remove_router_interface,
911 router['id'],
912 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
913
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]914 # Add member subnet 1 to router
915 cls.lb_mem_routers_client.add_router_interface(
916 cls.lb_member_router['id'],
917 subnet_id=cls.lb_member_1_subnet['id'])
918 cls.addClassResourceCleanup(
919 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]920 cls.lb_mem_routers_client.remove_router_interface,
921 cls.lb_mem_routers_client.remove_router_interface,
922 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
923
924 # Add member subnet 2 to router
925 cls.lb_mem_routers_client.add_router_interface(
926 cls.lb_member_router['id'],
927 subnet_id=cls.lb_member_2_subnet['id'])
928 cls.addClassResourceCleanup(
929 waiters.wait_for_not_found,
930 cls.lb_mem_routers_client.remove_router_interface,
931 cls.lb_mem_routers_client.remove_router_interface,
932 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
933
934 @classmethod
935 def _create_webserver(cls, name, network):
936 """Creates a webserver with two ports.
937
938 webserver_details dictionary contains:
939 server - The compute server object
940 ipv4_address - The IPv4 address for the server (optional)
941 ipv6_address - The IPv6 address for the server (optional)
942 public_ipv4_address - The publicly accessible IPv4 address for the
943 server, this may be a floating IP (optional)
944
945 :param name: The name of the server to create.
946 :param network: The network to boot the server on.
947 :returns: webserver_details dictionary.
948 """
949 server_kwargs = {
950 'name': data_utils.rand_name(name),
951 'flavorRef': CONF.compute.flavor_ref,
952 'imageRef': CONF.compute.image_ref,
953 'key_name': cls.lb_member_keypair['name']}
954 if (CONF.load_balancer.enable_security_groups and
955 CONF.network_feature_enabled.port_security):
956 server_kwargs['security_groups'] = [
957 {'name': cls.lb_member_sec_group['name']}]
958 if not CONF.load_balancer.disable_boot_network:
959 server_kwargs['networks'] = [{'uuid': network['id']}]
960
961 # Replace the name for clouds that have limitations
962 if CONF.load_balancer.random_server_name_length:
963 r = random.SystemRandom()
964 server_kwargs['name'] = "m{}".format("".join(
965 [r.choice(string.ascii_uppercase + string.digits)
966 for _ in range(
967 CONF.load_balancer.random_server_name_length - 1)]
968 ))
969 if CONF.load_balancer.availability_zone:
970 server_kwargs['availability_zone'] = (
971 CONF.load_balancer.availability_zone)
972
973 server = cls.lb_mem_servers_client.create_server(
974 **server_kwargs)['server']
975 cls.addClassResourceCleanup(
976 waiters.wait_for_not_found,
977 cls.lb_mem_servers_client.delete_server,
978 cls.lb_mem_servers_client.show_server,
979 server['id'])
980 server = waiters.wait_for_status(
981 cls.lb_mem_servers_client.show_server,
982 server['id'], 'status', 'ACTIVE',
983 CONF.load_balancer.build_interval,
984 CONF.load_balancer.build_timeout,
985 root_tag='server')
986 webserver_details = {'server': server}
987 LOG.info('Created server: {}'.format(server))
988
989 addresses = server['addresses']
990 if CONF.load_balancer.disable_boot_network:
991 instance_network = addresses.values()[0]
992 else:
993 instance_network = addresses[network['name']]
994 for addr in instance_network:
995 if addr['version'] == 4:
996 webserver_details['ipv4_address'] = addr['addr']
997 if addr['version'] == 6:
998 webserver_details['ipv6_address'] = addr['addr']
999
1000 if CONF.validation.connect_method == 'floating':
1001 result = cls.lb_mem_ports_client.list_ports(
1002 network_id=network['id'],
1003 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1004 port_id = result['ports'][0]['id']
1005 result = cls.lb_mem_float_ip_client.create_floatingip(
1006 floating_network_id=CONF.network.public_network_id,
1007 port_id=port_id)
1008 floating_ip = result['floatingip']
1009 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
1010 cls.addClassResourceCleanup(
1011 waiters.wait_for_not_found,
1012 cls.lb_mem_float_ip_client.delete_floatingip,
1013 cls.lb_mem_float_ip_client.show_floatingip,
1014 floatingip_id=floating_ip['id'])
1015 webserver_details['public_ipv4_address'] = (
1016 floating_ip['floating_ip_address'])
1017 else:
1018 webserver_details['public_ipv4_address'] = (
1019 instance_network[0]['addr'])
1020
1021 return webserver_details
1022
1023 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1024 def _get_openssh_version(cls):
1025 p = subprocess.Popen(["ssh", "-V"],
1026 stdout=subprocess.PIPE,
1027 stderr=subprocess.PIPE)
1028 output = p.communicate()[1]
1029
1030 try:
1031 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1032 version_maj = int(m.group(1))
1033 version_min = int(m.group(2))
1034 return version_maj, version_min
1035 except Exception:
1036 return None, None
1037
1038 @classmethod
1039 def _need_scp_protocol(cls):
1040 # When using scp >= 8.7, force the use of the SCP protocol,
1041 # the new default (SFTP protocol) doesn't work with
1042 # cirros VMs.
1043 ssh_version = cls._get_openssh_version()
1044 LOG.debug("ssh_version = {}".format(ssh_version))
1045 return (ssh_version[0] > 8 or
1046 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1047
1048 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1049 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1050 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1051 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1052
1053 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1054 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1055 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1056 linux_client.validate_authentication()
1057
1058 with tempfile.NamedTemporaryFile() as key:
1059 key.write(ssh_key.encode('utf-8'))
1060 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1061 ssh_extra_args = (
1062 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1063 if cls._need_scp_protocol():
1064 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1065 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1066 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1067 "-o StrictHostKeyChecking=no "
1068 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1069 "-i {2} {3} {4}@{5}:{6}").format(
1070 CONF.load_balancer.scp_connection_timeout,
1071 CONF.load_balancer.scp_connection_attempts,
1072 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1073 ip_address, const.TEST_SERVER_BINARY,
1074 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1075 args = shlex.split(cmd)
1076 subprocess_args = {'stdout': subprocess.PIPE,
1077 'stderr': subprocess.STDOUT,
1078 'cwd': None}
1079 proc = subprocess.Popen(args, **subprocess_args)
1080 stdout, stderr = proc.communicate()
1081 if proc.returncode != 0:
1082 raise exceptions.CommandFailed(proc.returncode, cmd,
1083 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1084
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1085 cls._load_member_pki_content(ip_address, key,
1086 revoke_cert=revoke_cert)
1087
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1088 # Enabling memory overcommit allows to run golang static binaries
1089 # compiled with a recent golang toolchain (>=1.11). Those binaries
1090 # allocate a large amount of virtual memory at init time, and this
1091 # allocation fails in tempest's nano flavor (64MB of RAM)
1092 # (golang issue reported in https://github.com/golang/go/issues/28114,
1093 # follow-up: https://github.com/golang/go/issues/28081)
1094 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1095 linux_client.exec_command('sudo sh -c "echo 1 > '
1096 '/proc/sys/vm/overcommit_memory"')
1097
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1098 # The initial process also supports HTTPS and HTTPS with client auth
1099 linux_client.exec_command(
1100 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1101 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1102 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1103 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1104
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1105 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1106 '-id {1}'.format(const.TEST_SERVER_BINARY,
1107 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1108
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1109 # Cirros does not configure the assigned IPv6 address by default
1110 # so enable it manually like tempest does here:
1111 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1112 @classmethod
1113 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1114 ipv6_address, ipv6_prefix):
1115 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1116 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1117 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1118 linux_client.validate_authentication()
1119
1120 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1121 'eth0'.format(ipv6_address, ipv6_prefix))
1122
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1123 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1124 def _validate_webserver(cls, ip_address, start_id):
1125 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1126 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1127 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1128 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1129
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1130 @classmethod
1131 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1132 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1133 if res != str(start_id):
1134 raise Exception("Response from test server doesn't match the "
1135 "expected value ({0} != {1}).".format(
1136 res, str(start_id)))
1137
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1138 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1139 if res != str(start_id + 1):
1140 raise Exception("Response from test server doesn't match the "
1141 "expected value ({0} != {1}).".format(
1142 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1143
1144 @classmethod
1145 def _create_backend_reencryption_pki(cls):
1146 # Create a CA self-signed cert and key for the member test servers
1147 cls.member_ca_cert, cls.member_ca_key = (
1148 cert_utils.generate_ca_cert_and_key())
1149
1150 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1151 serialization.Encoding.PEM))
1152 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1153 encoding=serialization.Encoding.PEM,
1154 format=serialization.PrivateFormat.TraditionalOpenSSL,
1155 encryption_algorithm=serialization.NoEncryption()))
1156 LOG.debug('Member CA public Key: %s',
1157 cls.member_ca_key.public_key().public_bytes(
1158 encoding=serialization.Encoding.PEM,
1159 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1160
1161 # Create the member client authentication CA
1162 cls.member_client_ca_cert, member_client_ca_key = (
1163 cert_utils.generate_ca_cert_and_key())
1164
1165 # Create client cert and key
1166 cls.member_client_cn = uuidutils.generate_uuid()
1167 cls.member_client_cert, cls.member_client_key = (
1168 cert_utils.generate_client_cert_and_key(
1169 cls.member_client_ca_cert, member_client_ca_key,
1170 cls.member_client_cn))
1171 # Note: We are not revoking a client cert here as we don't need to
1172 # test the backend web server CRL checking.
1173
1174 @classmethod
1175 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1176 # Create webserver certificate and key
1177 cert, key = cert_utils.generate_server_cert_and_key(
1178 cls.member_ca_cert, cls.member_ca_key, ip_address)
1179
1180 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1181 serialization.Encoding.PEM))
1182 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1183 encoding=serialization.Encoding.PEM,
1184 format=serialization.PrivateFormat.TraditionalOpenSSL,
1185 encryption_algorithm=serialization.NoEncryption()))
1186 public_key = key.public_key()
1187 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1188 encoding=serialization.Encoding.PEM,
1189 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1190
1191 # Create a CRL with a revoked certificate
1192 if revoke_cert:
1193 # Create a CRL with webserver 2 revoked
1194 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1195 cls.member_ca_cert, cls.member_ca_key, cert)
1196
1197 # Load the certificate, key, and client CA certificate into the
1198 # test server.
1199 with tempfile.TemporaryDirectory() as tmpdir:
1200 os.umask(0)
1201 files_to_send = []
1202 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1203 files_to_send.append(cert_filename)
1204 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1205 0o700), 'w') as fh:
1206 fh.write(cert.public_bytes(
1207 serialization.Encoding.PEM).decode('utf-8'))
1208 fh.flush()
1209 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1210 files_to_send.append(key_filename)
1211 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1212 0o700), 'w') as fh:
1213 fh.write(key.private_bytes(
1214 encoding=serialization.Encoding.PEM,
1215 format=serialization.PrivateFormat.TraditionalOpenSSL,
1216 encryption_algorithm=serialization.NoEncryption()).decode(
1217 'utf-8'))
1218 fh.flush()
1219 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1220 files_to_send.append(client_ca_filename)
1221 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1222 0o700), 'w') as fh:
1223 fh.write(cls.member_client_ca_cert.public_bytes(
1224 serialization.Encoding.PEM).decode('utf-8'))
1225 fh.flush()
1226
1227 # For security, we don't want to use a shell that can glob
1228 # the file names, so iterate over them.
1229 subprocess_args = {'stdout': subprocess.PIPE,
1230 'stderr': subprocess.STDOUT,
1231 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1232 ssh_extra_args = (
1233 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1234 if cls._need_scp_protocol():
1235 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1236 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1237 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1238 "-o StrictHostKeyChecking=no "
1239 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1240 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1241 CONF.load_balancer.scp_connection_timeout,
1242 CONF.load_balancer.scp_connection_attempts,
1243 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1244 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1245 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1246 args = shlex.split(cmd)
1247 proc = subprocess.Popen(args, **subprocess_args)
1248 stdout, stderr = proc.communicate()
1249 if proc.returncode != 0:
1250 raise exceptions.CommandFailed(proc.returncode, cmd,
1251 stdout, stderr)