Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 57655e5cb0a477f1a1fadf6fca1a9adbd9d4c22b / . / octavia_tempest_plugin / tests / test_base.py
blob: a04f1cba484e2fd78c3ea3d834bed0280154437c [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]18import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import string
21import subprocess
22import tempfile
23
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]24from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]25from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]26from oslo_log import log as logging
27from oslo_utils import uuidutils
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]28from tempest import clients
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest import config
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]30from tempest.lib import auth
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]31from tempest.lib.common.utils import data_utils
32from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]33from tempest.lib import exceptions
34from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]35import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]37from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]38from octavia_tempest_plugin.common import constants as const
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]39import octavia_tempest_plugin.services.load_balancer.v2 as lbv2
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]40from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]41from octavia_tempest_plugin.tests import validators
42from octavia_tempest_plugin.tests import waiters
43
44CONF = config.CONF
45LOG = logging.getLogger(__name__)
46
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]47RETRY_ATTEMPTS = 15
48RETRY_INITIAL_DELAY = 1
49RETRY_BACKOFF = 1
50RETRY_MAX = 5
51
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]52
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]53class LoadBalancerBaseTest(validators.ValidatorsMixin,
54 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]55 """Base class for load balancer tests."""
56
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]57 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
58 credentials = [
59 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
60 ['lb_member', CONF.load_balancer.member_role],
61 ['lb_member2', CONF.load_balancer.member_role]]
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]62 elif CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]63 credentials = [
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]64 'admin', 'primary',
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]65 ['lb_admin', 'admin'],
66 ['lb_observer', 'reader'],
67 ['lb_global_observer', 'reader'],
68 ['lb_member', 'member'],
69 ['lb_member2', 'member']]
70 # Note: an additional non-member user is added in setup_credentials
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]71 else:
72 credentials = [
73 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
74 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
75 ['lb_global_observer', CONF.load_balancer.global_observer_role,
76 'reader'],
Michael Johnson9e9f5262023-01-18 17:59:17 +0000[diff] [blame]77 # Note: Some projects are now requiring the 'member' role by
78 # default (nova for example) so make sure our creds have this role
79 ['lb_member', CONF.load_balancer.member_role, 'member'],
80 ['lb_member2', CONF.load_balancer.member_role, 'member']]
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]81
82 # If scope enforcement is enabled, add in the system scope credentials.
83 # The project scope is already handled by the above credentials.
84 if CONF.enforce_scope.octavia:
85 credentials.extend(['system_admin', 'system_reader'])
86
87 # A tuple of credentials that will be allocated by tempest using the
88 # 'credentials' list above. These are used to build RBAC test lists.
89 allocated_creds = []
90 for cred in credentials:
91 if isinstance(cred, list):
92 allocated_creds.append('os_roles_' + cred[0])
93 else:
94 allocated_creds.append('os_' + cred)
95 # Tests shall not mess with the list of allocated credentials
96 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]97
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]98 webserver1_response = 1
99 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]100 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]101
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]102 SRC_PORT_NUMBER_MIN = 32768
103 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]104 src_port_number = SRC_PORT_NUMBER_MIN
105
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]106 @classmethod
107 def skip_checks(cls):
108 """Check if we should skip all of the children tests."""
109 super(LoadBalancerBaseTest, cls).skip_checks()
110
111 service_list = {
112 'load_balancer': CONF.service_available.load_balancer,
113 }
114
115 live_service_list = {
116 'compute': CONF.service_available.nova,
117 'image': CONF.service_available.glance,
118 'neutron': CONF.service_available.neutron
119 }
120
121 if not CONF.load_balancer.test_with_noop:
122 service_list.update(live_service_list)
123
124 for service, available in service_list.items():
125 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]126 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]127 "available.".format(cls.__name__, service))
128 raise cls.skipException(skip_msg)
129
130 # We must be able to reach our VIP and instances
131 if not (CONF.network.project_networks_reachable
132 or CONF.network.public_network_id):
133 msg = ('Either project_networks_reachable must be "true", or '
134 'public_network_id must be defined.')
135 raise cls.skipException(msg)
136
137 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]138 def _setup_new_user_role_client(cls, project_id, role_name):
139 user = {
140 'name': data_utils.rand_name('user'),
141 'password': data_utils.rand_password()
142 }
143 user_id = cls.os_admin.users_v3_client.create_user(
144 **user)['user']['id']
145 cls._created_users.append(user_id)
146 roles = cls.os_admin.roles_v3_client.list_roles(
147 name=role_name)['roles']
148 if len(roles) == 0:
149 role = {
150 'name': role_name
151 }
152 role_id = cls.os_admin.roles_v3_client.create_role(
153 **role)['role']['id']
154 cls._created_roles.append(role_id)
155 else:
156 role_id = roles[0]['id']
157 cls.os_admin.roles_v3_client.create_user_role_on_project(
158 project_id, user_id, role_id
159 )
160 creds = auth.KeystoneV3Credentials(
161 user_id=user_id,
162 password=user['password'],
163 project_id=project_id
164 )
165 auth_provider = clients.get_auth_provider(creds)
166 creds = auth_provider.fill_credentials()
167 return clients.Manager(credentials=creds)
168
169 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]170 def setup_credentials(cls):
171 """Setup test credentials and network resources."""
172 # Do not auto create network resources
173 cls.set_network_resources()
174 super(LoadBalancerBaseTest, cls).setup_credentials()
175
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]176 cls._created_projects = []
177 cls._created_users = []
178 cls._created_roles = []
179
180 non_dyn_users = []
181
182 if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
183 # Create a non-member user for keystone_default_roles
184 # When using dynamic credentials, tempest cannot create a user
185 # without a role, it always adds at least the "member" role.
186 # We manually create the user with a temporary role
187 project_id = cls.os_admin.projects_client.create_project(
188 data_utils.rand_name()
189 )['project']['id']
190 cls._created_projects.append(project_id)
191 cls.os_not_member = cls._setup_new_user_role_client(
192 project_id,
193 data_utils.rand_name('role'))
194 cls.allocated_creds.append('os_not_member')
195 non_dyn_users.append('not_member')
196
197 # Tests shall not mess with the list of allocated credentials
198 cls.allocated_credentials = tuple(cls.allocated_creds)
199
Bas de Bruijne530a88a2022-12-15 11:12:45 -0400[diff] [blame]200 if not CONF.load_balancer.log_user_roles:
201 return
202
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]203 # Log the user roles for this test run
204 role_name_cache = {}
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]205 for cred in cls.credentials + non_dyn_users:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]206 user_roles = []
207 if isinstance(cred, list):
208 user_name = cred[0]
209 cred_obj = getattr(cls, 'os_roles_' + cred[0])
210 else:
211 user_name = cred
212 cred_obj = getattr(cls, 'os_' + cred)
213 params = {'user.id': cred_obj.credentials.user_id,
214 'project.id': cred_obj.credentials.project_id}
215 roles = cls.os_admin.role_assignments_client.list_role_assignments(
216 **params)['role_assignments']
217 for role in roles:
218 role_id = role['role']['id']
219 try:
220 role_name = role_name_cache[role_id]
221 except KeyError:
222 role_name = cls.os_admin.roles_v3_client.show_role(
223 role_id)['role']['name']
224 role_name_cache[role_id] = role_name
225 user_roles.append([role_name, role['scope']])
226 LOG.info("User %s has roles: %s", user_name, user_roles)
227
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]228 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]229 def clear_credentials(cls):
230 for user_id in cls._created_users:
231 cls.os_admin.users_v3_client.delete_user(user_id)
232 for project_id in cls._created_projects:
233 cls.os_admin.projects_client.delete_project(project_id)
234 for role_id in cls._created_roles:
235 cls.os_admin.roles_v3_client.delete_role(role_id)
236 super().clear_credentials()
237
238 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]239 def setup_clients(cls):
240 """Setup client aliases."""
241 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]242 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]243 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
244 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
245 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
246 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
247 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
248 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
249 cls.lb_mem_SGr_client = (
250 cls.os_roles_lb_member.security_group_rules_client)
251 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
252 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]253 cls.mem_lb_client: lbv2.LoadbalancerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]254 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]255 cls.mem_listener_client: lbv2.ListenerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]256 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]257 cls.mem_pool_client: lbv2.PoolClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]258 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]259 cls.mem_member_client: lbv2.MemberClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]260 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]261 cls.mem_healthmonitor_client: lbv2.HealthMonitorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]262 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]263 cls.mem_l7policy_client: lbv2.L7PolicyClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]264 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]265 cls.mem_l7rule_client: lbv2.L7RuleClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]266 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]267 cls.lb_admin_amphora_client: lbv2.AmphoraClient = (
268 lb_admin_prefix.AmphoraClient())
269 cls.lb_admin_flavor_profile_client: lbv2.FlavorProfileClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]270 lb_admin_prefix.FlavorProfileClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]271 cls.lb_admin_flavor_client: lbv2.FlavorClient = (
272 lb_admin_prefix.FlavorClient())
273 cls.mem_flavor_client: lbv2.FlavorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]274 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]275 cls.mem_provider_client: lbv2.ProviderClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]276 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]277 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]278 cls.os_admin_routers_client = cls.os_admin.routers_client
279 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]280 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]281 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]282 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]283 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]284 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]285 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]286 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]287 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]288 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]289 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Gregory Thiemonge5010dc02021-02-02 14:59:27 +0100[diff] [blame]290 cls.os_admin_compute_flavors_client = cls.os_admin.flavors_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]291
292 @classmethod
293 def resource_setup(cls):
294 """Setup resources needed by the tests."""
295 super(LoadBalancerBaseTest, cls).resource_setup()
296
297 conf_lb = CONF.load_balancer
298
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]299 cls.api_version = cls.mem_lb_client.get_max_api_version()
300
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]301 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
302 raise exceptions.InvalidConfiguration(
303 "Configuration value test_network_override must be "
304 "specified if test_subnet_override is used.")
305
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]306 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]307 # Get loadbalancing algorithms supported by provider driver.
308 try:
309 algorithms = const.SUPPORTED_LB_ALGORITHMS[
310 CONF.load_balancer.provider]
311 except KeyError:
312 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
313 # Set default algorithm as first from the list.
314 cls.lb_algorithm = algorithms[0]
315
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]316 show_subnet = cls.lb_mem_subnet_client.show_subnet
317 if CONF.load_balancer.test_with_noop:
318 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
319 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
320 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
321 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
322 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
323 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
324 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]325 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]326 cls.lb_member_vip_ipv6_subnet = {'id':
327 uuidutils.generate_uuid()}
328 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
329 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]330 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]331 return
332 elif CONF.load_balancer.test_network_override:
333 if conf_lb.test_subnet_override:
334 override_subnet = show_subnet(conf_lb.test_subnet_override)
335 else:
336 override_subnet = None
337
338 show_net = cls.lb_mem_net_client.show_network
339 override_network = show_net(conf_lb.test_network_override)
340 override_network = override_network.get('network')
341
342 cls.lb_member_vip_net = override_network
343 cls.lb_member_vip_subnet = override_subnet
344 cls.lb_member_1_net = override_network
345 cls.lb_member_1_subnet = override_subnet
346 cls.lb_member_2_net = override_network
347 cls.lb_member_2_subnet = override_subnet
348
349 if (CONF.load_balancer.test_with_ipv6 and
350 conf_lb.test_IPv6_subnet_override):
351 override_ipv6_subnet = show_subnet(
352 conf_lb.test_IPv6_subnet_override)
353 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
354 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
355 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]356 cls.lb_member_vip_ipv6_subnet_stateful = False
357 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
358 'dhcpv6-stateful'):
359 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]360 else:
361 cls.lb_member_vip_ipv6_subnet = None
362 cls.lb_member_1_ipv6_subnet = None
363 cls.lb_member_2_ipv6_subnet = None
364 else:
365 cls._create_networks()
366
367 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
368 cls.lb_member_vip_net[const.ID]))
369 if cls.lb_member_vip_subnet:
370 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
371 cls.lb_member_vip_subnet[const.ID]))
372 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
373 cls.lb_member_1_net[const.ID]))
374 if cls.lb_member_1_subnet:
375 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
376 cls.lb_member_1_subnet[const.ID]))
377 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
378 cls.lb_member_2_net[const.ID]))
379 if cls.lb_member_2_subnet:
380 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
381 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]382 if CONF.load_balancer.test_with_ipv6:
383 if cls.lb_member_vip_ipv6_subnet:
384 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
385 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
386 if cls.lb_member_1_ipv6_subnet:
387 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
388 cls.lb_member_1_ipv6_subnet[const.ID]))
389 if cls.lb_member_2_ipv6_subnet:
390 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
391 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]392
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]393 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]394 # Neutron can be slow to clean up ports from the subnets/networks.
395 # Retry this delete a few times if we get a "Conflict" error to give
396 # neutron time to fully cleanup the ports.
397 @tenacity.retry(
398 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
399 wait=tenacity.wait_incrementing(
400 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
401 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
402 def _logging_delete_network(cls, net_id):
403 try:
404 cls.lb_mem_net_client.delete_network(net_id)
405 except Exception:
406 LOG.error('Unable to delete network {}. Active ports:'.format(
407 net_id))
408 LOG.error(cls.lb_mem_ports_client.list_ports())
409 raise
410
411 @classmethod
412 # Neutron can be slow to clean up ports from the subnets/networks.
413 # Retry this delete a few times if we get a "Conflict" error to give
414 # neutron time to fully cleanup the ports.
415 @tenacity.retry(
416 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
417 wait=tenacity.wait_incrementing(
418 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
419 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
420 def _logging_delete_subnet(cls, subnet_id):
421 try:
422 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
423 except Exception:
424 LOG.error('Unable to delete subnet {}. Active ports:'.format(
425 subnet_id))
426 LOG.error(cls.lb_mem_ports_client.list_ports())
427 raise
428
429 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]430 def _create_networks(cls):
431 """Creates networks, subnets, and routers used in tests.
432
433 The following are expected to be defined and available to the tests:
434 cls.lb_member_vip_net
435 cls.lb_member_vip_subnet
436 cls.lb_member_vip_ipv6_subnet (optional)
437 cls.lb_member_1_net
438 cls.lb_member_1_subnet
439 cls.lb_member_1_ipv6_subnet (optional)
440 cls.lb_member_2_net
441 cls.lb_member_2_subnet
442 cls.lb_member_2_ipv6_subnet (optional)
443 """
444
445 # Create tenant VIP network
446 network_kwargs = {
447 'name': data_utils.rand_name("lb_member_vip_network")}
448 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]449 # Note: Allowed Address Pairs requires port security
450 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]451 result = cls.lb_mem_net_client.create_network(**network_kwargs)
452 cls.lb_member_vip_net = result['network']
453 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
454 cls.addClassResourceCleanup(
455 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]456 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]457 cls.lb_mem_net_client.show_network,
458 cls.lb_member_vip_net['id'])
459
460 # Create tenant VIP subnet
461 subnet_kwargs = {
462 'name': data_utils.rand_name("lb_member_vip_subnet"),
463 'network_id': cls.lb_member_vip_net['id'],
464 'cidr': CONF.load_balancer.vip_subnet_cidr,
465 'ip_version': 4}
466 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
467 cls.lb_member_vip_subnet = result['subnet']
468 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
469 cls.addClassResourceCleanup(
470 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]471 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]472 cls.lb_mem_subnet_client.show_subnet,
473 cls.lb_member_vip_subnet['id'])
474
475 # Create tenant VIP IPv6 subnet
476 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]477 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]478 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
479 subnet_kwargs = {
480 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
481 'network_id': cls.lb_member_vip_net['id'],
482 'ip_version': 6}
483
484 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
485 # the subnetpool's cidr is routable from the devstack node
486 # through the default router
487 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
488 if subnetpool_name:
489 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
490 name=subnetpool_name)['subnetpools']
491 if len(subnetpool) == 1:
492 subnetpool = subnetpool[0]
493 subnet_kwargs['subnetpool_id'] = subnetpool['id']
494 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
495
496 if 'subnetpool_id' not in subnet_kwargs:
497 subnet_kwargs['cidr'] = (
498 CONF.load_balancer.vip_ipv6_subnet_cidr)
499
500 result = cls.lb_mem_subnet_client.create_subnet(
501 **subnet_kwargs)
502 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
503 cls.lb_member_vip_ipv6_subnet = result['subnet']
504 cls.addClassResourceCleanup(
505 waiters.wait_for_not_found,
506 cls._logging_delete_subnet,
507 cls.lb_mem_subnet_client.show_subnet,
508 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]509
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]510 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
511 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]512
513 # Create tenant member 1 network
514 network_kwargs = {
515 'name': data_utils.rand_name("lb_member_1_network")}
516 if CONF.network_feature_enabled.port_security:
517 if CONF.load_balancer.enable_security_groups:
518 network_kwargs['port_security_enabled'] = True
519 else:
520 network_kwargs['port_security_enabled'] = False
521 result = cls.lb_mem_net_client.create_network(**network_kwargs)
522 cls.lb_member_1_net = result['network']
523 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
524 cls.addClassResourceCleanup(
525 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]526 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]527 cls.lb_mem_net_client.show_network,
528 cls.lb_member_1_net['id'])
529
530 # Create tenant member 1 subnet
531 subnet_kwargs = {
532 'name': data_utils.rand_name("lb_member_1_subnet"),
533 'network_id': cls.lb_member_1_net['id'],
534 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
535 'ip_version': 4}
536 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
537 cls.lb_member_1_subnet = result['subnet']
538 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
539 cls.addClassResourceCleanup(
540 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]541 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]542 cls.lb_mem_subnet_client.show_subnet,
543 cls.lb_member_1_subnet['id'])
544
545 # Create tenant member 1 ipv6 subnet
546 if CONF.load_balancer.test_with_ipv6:
547 subnet_kwargs = {
548 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
549 'network_id': cls.lb_member_1_net['id'],
550 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
551 'ip_version': 6}
552 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]553 cls.lb_member_1_subnet_prefix = (
554 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
555 )
556 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]557 cls.lb_member_1_ipv6_subnet = result['subnet']
558 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
559 cls.lb_member_1_ipv6_subnet))
560 cls.addClassResourceCleanup(
561 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]562 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]563 cls.lb_mem_subnet_client.show_subnet,
564 cls.lb_member_1_ipv6_subnet['id'])
565
566 # Create tenant member 2 network
567 network_kwargs = {
568 'name': data_utils.rand_name("lb_member_2_network")}
569 if CONF.network_feature_enabled.port_security:
570 if CONF.load_balancer.enable_security_groups:
571 network_kwargs['port_security_enabled'] = True
572 else:
573 network_kwargs['port_security_enabled'] = False
574 result = cls.lb_mem_net_client.create_network(**network_kwargs)
575 cls.lb_member_2_net = result['network']
576 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
577 cls.addClassResourceCleanup(
578 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]579 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]580 cls.lb_mem_net_client.show_network,
581 cls.lb_member_2_net['id'])
582
583 # Create tenant member 2 subnet
584 subnet_kwargs = {
585 'name': data_utils.rand_name("lb_member_2_subnet"),
586 'network_id': cls.lb_member_2_net['id'],
587 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
588 'ip_version': 4}
589 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
590 cls.lb_member_2_subnet = result['subnet']
591 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
592 cls.addClassResourceCleanup(
593 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]594 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]595 cls.lb_mem_subnet_client.show_subnet,
596 cls.lb_member_2_subnet['id'])
597
598 # Create tenant member 2 ipv6 subnet
599 if CONF.load_balancer.test_with_ipv6:
600 subnet_kwargs = {
601 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
602 'network_id': cls.lb_member_2_net['id'],
603 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
604 'ip_version': 6}
605 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]606 cls.lb_member_2_subnet_prefix = (
607 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
608 )
609 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]610 cls.lb_member_2_ipv6_subnet = result['subnet']
611 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
612 cls.lb_member_2_ipv6_subnet))
613 cls.addClassResourceCleanup(
614 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]615 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]616 cls.lb_mem_subnet_client.show_subnet,
617 cls.lb_member_2_ipv6_subnet['id'])
618
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]619 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]620 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
621 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]622 if not ip_version:
623 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]624 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]625 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]626 while ip_index in cls.used_ips:
627 ip_index = data_utils.rand_int_id(start=10, end=100)
628 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]629 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]630 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]631 if CONF.load_balancer.test_with_noop:
632 lb_vip_address = '198.18.33.33'
633 else:
634 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
635 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
636 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]637 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]638 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]639 if CONF.load_balancer.test_with_noop:
640 lb_vip_address = '2001:db8:33:33:33:33:33:33'
641 else:
642 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
643 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
644 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]645 # If the subnet is IPv6 slaac or dhcpv6-stateless
646 # neutron does not allow a fixed IP
647 if not cls.lb_member_vip_ipv6_subnet_stateful:
648 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]649 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]650 if use_fixed_ip:
651 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]652 if CONF.load_balancer.test_with_noop:
653 lb_kwargs[const.VIP_NETWORK_ID] = (
654 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]655 if ip_version == 6:
656 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]657 else:
658 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
659 lb_kwargs[const.VIP_SUBNET_ID] = None
660
Gregory Thiemongeece5ab42020-10-29 08:46:05 +0100[diff] [blame]661 def _validate_listener_protocol(self, protocol, raise_if_unsupported=True):
662 if (protocol == const.SCTP and
663 not self.mem_listener_client.is_version_supported(
664 self.api_version, '2.23')):
665 if raise_if_unsupported:
666 raise self.skipException('SCTP listener protocol '
667 'is only available on Octavia '
668 'API version 2.23 or newer.')
669 return False
670 return True
671
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]672
673class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
674 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]675 def remote_client_args(cls):
676 # In case we're using octavia-tempest-plugin with old tempest releases
677 # (for instance on stable/train) that don't support ssh_key_type, catch
678 # the exception and don't pass any argument
679 args = {}
680 try:
681 args['ssh_key_type'] = CONF.validation.ssh_key_type
682 except cfg.NoSuchOptError:
683 pass
684 return args
685
686 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]687 def resource_setup(cls):
688 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
689 # If validation is disabled in this cloud, we won't be able to
690 # start the webservers, so don't even boot them.
691 if not CONF.validation.run_validation:
692 return
693
694 # Create a keypair for the webservers
695 keypair_name = data_utils.rand_name('lb_member_keypair')
696 result = cls.lb_mem_keypairs_client.create_keypair(
697 name=keypair_name)
698 cls.lb_member_keypair = result['keypair']
699 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
700 cls.addClassResourceCleanup(
701 waiters.wait_for_not_found,
702 cls.lb_mem_keypairs_client.delete_keypair,
703 cls.lb_mem_keypairs_client.show_keypair,
704 keypair_name)
705
706 if (CONF.load_balancer.enable_security_groups and
707 CONF.network_feature_enabled.port_security):
708 # Set up the security group for the webservers
709 SG_name = data_utils.rand_name('lb_member_SG')
710 cls.lb_member_sec_group = (
711 cls.lb_mem_SG_client.create_security_group(
712 name=SG_name)['security_group'])
713 cls.addClassResourceCleanup(
714 waiters.wait_for_not_found,
715 cls.lb_mem_SG_client.delete_security_group,
716 cls.lb_mem_SG_client.show_security_group,
717 cls.lb_member_sec_group['id'])
718
719 # Create a security group rule to allow 80-81 (test webservers)
720 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
721 direction='ingress',
722 security_group_id=cls.lb_member_sec_group['id'],
723 protocol='tcp',
724 ethertype='IPv4',
725 port_range_min=80,
726 port_range_max=81)['security_group_rule']
727 cls.addClassResourceCleanup(
728 waiters.wait_for_not_found,
729 cls.lb_mem_SGr_client.delete_security_group_rule,
730 cls.lb_mem_SGr_client.show_security_group_rule,
731 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]732 # Create a security group rule to allow UDP 80-81 (test webservers)
733 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
734 direction='ingress',
735 security_group_id=cls.lb_member_sec_group['id'],
736 protocol='udp',
737 ethertype='IPv4',
738 port_range_min=80,
739 port_range_max=81)['security_group_rule']
740 cls.addClassResourceCleanup(
741 waiters.wait_for_not_found,
742 cls.lb_mem_SGr_client.delete_security_group_rule,
743 cls.lb_mem_SGr_client.show_security_group_rule,
744 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]745 # Create a security group rule to allow 443 (test webservers)
746 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
747 direction='ingress',
748 security_group_id=cls.lb_member_sec_group['id'],
749 protocol='tcp',
750 ethertype='IPv4',
751 port_range_min=443,
752 port_range_max=443)['security_group_rule']
753 cls.addClassResourceCleanup(
754 waiters.wait_for_not_found,
755 cls.lb_mem_SGr_client.delete_security_group_rule,
756 cls.lb_mem_SGr_client.show_security_group_rule,
757 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]758 # Create a security group rule to allow 9443 (test webservers)
759 # Used in the pool backend encryption client authentication tests
760 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
761 direction='ingress',
762 security_group_id=cls.lb_member_sec_group['id'],
763 protocol='tcp',
764 ethertype='IPv4',
765 port_range_min=9443,
766 port_range_max=9443)['security_group_rule']
767 cls.addClassResourceCleanup(
768 waiters.wait_for_not_found,
769 cls.lb_mem_SGr_client.delete_security_group_rule,
770 cls.lb_mem_SGr_client.show_security_group_rule,
771 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]772 # Create a security group rule to allow UDP 9999 (test webservers)
773 # Port 9999 is used to illustrate health monitor ERRORs on closed
774 # ports.
775 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
776 direction='ingress',
777 security_group_id=cls.lb_member_sec_group['id'],
778 protocol='udp',
779 ethertype='IPv4',
780 port_range_min=9999,
781 port_range_max=9999)['security_group_rule']
782 cls.addClassResourceCleanup(
783 waiters.wait_for_not_found,
784 cls.lb_mem_SGr_client.delete_security_group_rule,
785 cls.lb_mem_SGr_client.show_security_group_rule,
786 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]787 # Create a security group rule to allow 22 (ssh)
788 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
789 direction='ingress',
790 security_group_id=cls.lb_member_sec_group['id'],
791 protocol='tcp',
792 ethertype='IPv4',
793 port_range_min=22,
794 port_range_max=22)['security_group_rule']
795 cls.addClassResourceCleanup(
796 waiters.wait_for_not_found,
797 cls.lb_mem_SGr_client.delete_security_group_rule,
798 cls.lb_mem_SGr_client.show_security_group_rule,
799 SGr['id'])
800 if CONF.load_balancer.test_with_ipv6:
801 # Create a security group rule to allow 80-81 (test webservers)
802 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
803 direction='ingress',
804 security_group_id=cls.lb_member_sec_group['id'],
805 protocol='tcp',
806 ethertype='IPv6',
807 port_range_min=80,
808 port_range_max=81)['security_group_rule']
809 cls.addClassResourceCleanup(
810 waiters.wait_for_not_found,
811 cls.lb_mem_SGr_client.delete_security_group_rule,
812 cls.lb_mem_SGr_client.show_security_group_rule,
813 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]814 # Create a security group rule to allow UDP 80-81 (test
815 # webservers)
816 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
817 direction='ingress',
818 security_group_id=cls.lb_member_sec_group['id'],
819 protocol='udp',
820 ethertype='IPv6',
821 port_range_min=80,
822 port_range_max=81)['security_group_rule']
823 cls.addClassResourceCleanup(
824 waiters.wait_for_not_found,
825 cls.lb_mem_SGr_client.delete_security_group_rule,
826 cls.lb_mem_SGr_client.show_security_group_rule,
827 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]828 # Create a security group rule to allow 443 (test webservers)
829 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
830 direction='ingress',
831 security_group_id=cls.lb_member_sec_group['id'],
832 protocol='tcp',
833 ethertype='IPv6',
834 port_range_min=443,
835 port_range_max=443)['security_group_rule']
836 cls.addClassResourceCleanup(
837 waiters.wait_for_not_found,
838 cls.lb_mem_SGr_client.delete_security_group_rule,
839 cls.lb_mem_SGr_client.show_security_group_rule,
840 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]841 # Create a security group rule to allow 9443 (test webservers)
842 # Used in the pool encryption client authentication tests
843 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
844 direction='ingress',
845 security_group_id=cls.lb_member_sec_group['id'],
846 protocol='tcp',
847 ethertype='IPv6',
848 port_range_min=9443,
849 port_range_max=9443)['security_group_rule']
850 cls.addClassResourceCleanup(
851 waiters.wait_for_not_found,
852 cls.lb_mem_SGr_client.delete_security_group_rule,
853 cls.lb_mem_SGr_client.show_security_group_rule,
854 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]855 # Create a security group rule to allow 22 (ssh)
856 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
857 direction='ingress',
858 security_group_id=cls.lb_member_sec_group['id'],
859 protocol='tcp',
860 ethertype='IPv6',
861 port_range_min=22,
862 port_range_max=22)['security_group_rule']
863 cls.addClassResourceCleanup(
864 waiters.wait_for_not_found,
865 cls.lb_mem_SGr_client.delete_security_group_rule,
866 cls.lb_mem_SGr_client.show_security_group_rule,
867 SGr['id'])
868
869 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
870
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]871 # Setup backend member reencryption PKI
872 cls._create_backend_reencryption_pki()
873
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]874 # Create webserver 1 instance
875 server_details = cls._create_webserver('lb_member_webserver1',
876 cls.lb_member_1_net)
877
878 cls.lb_member_webserver1 = server_details['server']
879 cls.webserver1_ip = server_details.get('ipv4_address')
880 cls.webserver1_ipv6 = server_details.get('ipv6_address')
881 cls.webserver1_public_ip = server_details['public_ipv4_address']
882
883 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
884 cls.lb_member_webserver1[const.ID]))
885 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
886 cls.webserver1_ip))
887 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
888 cls.webserver1_ipv6))
889 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
890 cls.webserver1_public_ip))
891
892 # Create webserver 2 instance
893 server_details = cls._create_webserver('lb_member_webserver2',
894 cls.lb_member_2_net)
895
896 cls.lb_member_webserver2 = server_details['server']
897 cls.webserver2_ip = server_details.get('ipv4_address')
898 cls.webserver2_ipv6 = server_details.get('ipv6_address')
899 cls.webserver2_public_ip = server_details['public_ipv4_address']
900
901 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
902 cls.lb_member_webserver2[const.ID]))
903 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
904 cls.webserver2_ip))
905 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
906 cls.webserver2_ipv6))
907 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
908 cls.webserver2_public_ip))
909
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]910 if CONF.load_balancer.test_with_ipv6:
911 # Enable the IPv6 nic in webserver 1
912 cls._enable_ipv6_nic_webserver(
913 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
914 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
915
916 # Enable the IPv6 nic in webserver 2
917 cls._enable_ipv6_nic_webserver(
918 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
919 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
920
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]921 # Set up serving on webserver 1
922 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]923 cls.lb_member_keypair['private_key'],
924 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]925
926 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]927 cls._validate_webserver(cls.webserver1_public_ip,
928 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]929
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]930 # Validate udp server 1
931 cls._validate_udp_server(cls.webserver1_public_ip,
932 cls.webserver1_response)
933
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]934 # Set up serving on webserver 2
935 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]936 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]937 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]938
939 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]940 cls._validate_webserver(cls.webserver2_public_ip,
941 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]942
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]943 # Validate udp server 2
944 cls._validate_udp_server(cls.webserver2_public_ip,
945 cls.webserver2_response)
946
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]947 @classmethod
948 def _create_networks(cls):
949 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]950 # Create a router for the subnets (required for the floating IP)
951 router_name = data_utils.rand_name("lb_member_router")
952 result = cls.lb_mem_routers_client.create_router(
953 name=router_name, admin_state_up=True,
954 external_gateway_info=dict(
955 network_id=CONF.network.public_network_id))
956 cls.lb_member_router = result['router']
957 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
958 cls.addClassResourceCleanup(
959 waiters.wait_for_not_found,
960 cls.lb_mem_routers_client.delete_router,
961 cls.lb_mem_routers_client.show_router,
962 cls.lb_member_router['id'])
963
964 # Add VIP subnet to router
965 cls.lb_mem_routers_client.add_router_interface(
966 cls.lb_member_router['id'],
967 subnet_id=cls.lb_member_vip_subnet['id'])
968 cls.addClassResourceCleanup(
969 waiters.wait_for_not_found,
970 cls.lb_mem_routers_client.remove_router_interface,
971 cls.lb_mem_routers_client.remove_router_interface,
972 cls.lb_member_router['id'],
973 subnet_id=cls.lb_member_vip_subnet['id'])
974
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]975 if (CONF.load_balancer.test_with_ipv6 and
976 CONF.load_balancer.default_router and
977 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
978
979 router_name = CONF.load_balancer.default_router
980 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
981 # plug the subnet into the default router
982 router = cls.os_admin.routers_client.list_routers(
983 name=router_name)['routers']
984
985 if len(router) == 1:
986 router = router[0]
987
988 # Add IPv6 VIP subnet to router1
989 cls.os_admin_routers_client.add_router_interface(
990 router['id'],
991 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
992 cls.addClassResourceCleanup(
993 waiters.wait_for_not_found,
994 cls.os_admin_routers_client.remove_router_interface,
995 cls.os_admin_routers_client.remove_router_interface,
996 router['id'],
997 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
998
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]999 # Add member subnet 1 to router
1000 cls.lb_mem_routers_client.add_router_interface(
1001 cls.lb_member_router['id'],
1002 subnet_id=cls.lb_member_1_subnet['id'])
1003 cls.addClassResourceCleanup(
1004 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1005 cls.lb_mem_routers_client.remove_router_interface,
1006 cls.lb_mem_routers_client.remove_router_interface,
1007 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
1008
1009 # Add member subnet 2 to router
1010 cls.lb_mem_routers_client.add_router_interface(
1011 cls.lb_member_router['id'],
1012 subnet_id=cls.lb_member_2_subnet['id'])
1013 cls.addClassResourceCleanup(
1014 waiters.wait_for_not_found,
1015 cls.lb_mem_routers_client.remove_router_interface,
1016 cls.lb_mem_routers_client.remove_router_interface,
1017 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
1018
1019 @classmethod
1020 def _create_webserver(cls, name, network):
1021 """Creates a webserver with two ports.
1022
1023 webserver_details dictionary contains:
1024 server - The compute server object
1025 ipv4_address - The IPv4 address for the server (optional)
1026 ipv6_address - The IPv6 address for the server (optional)
1027 public_ipv4_address - The publicly accessible IPv4 address for the
1028 server, this may be a floating IP (optional)
1029
1030 :param name: The name of the server to create.
1031 :param network: The network to boot the server on.
1032 :returns: webserver_details dictionary.
1033 """
1034 server_kwargs = {
1035 'name': data_utils.rand_name(name),
1036 'flavorRef': CONF.compute.flavor_ref,
1037 'imageRef': CONF.compute.image_ref,
1038 'key_name': cls.lb_member_keypair['name']}
1039 if (CONF.load_balancer.enable_security_groups and
1040 CONF.network_feature_enabled.port_security):
1041 server_kwargs['security_groups'] = [
1042 {'name': cls.lb_member_sec_group['name']}]
1043 if not CONF.load_balancer.disable_boot_network:
1044 server_kwargs['networks'] = [{'uuid': network['id']}]
1045
1046 # Replace the name for clouds that have limitations
1047 if CONF.load_balancer.random_server_name_length:
1048 r = random.SystemRandom()
1049 server_kwargs['name'] = "m{}".format("".join(
1050 [r.choice(string.ascii_uppercase + string.digits)
1051 for _ in range(
1052 CONF.load_balancer.random_server_name_length - 1)]
1053 ))
1054 if CONF.load_balancer.availability_zone:
1055 server_kwargs['availability_zone'] = (
1056 CONF.load_balancer.availability_zone)
1057
1058 server = cls.lb_mem_servers_client.create_server(
1059 **server_kwargs)['server']
1060 cls.addClassResourceCleanup(
1061 waiters.wait_for_not_found,
1062 cls.lb_mem_servers_client.delete_server,
1063 cls.lb_mem_servers_client.show_server,
1064 server['id'])
1065 server = waiters.wait_for_status(
1066 cls.lb_mem_servers_client.show_server,
1067 server['id'], 'status', 'ACTIVE',
1068 CONF.load_balancer.build_interval,
1069 CONF.load_balancer.build_timeout,
1070 root_tag='server')
1071 webserver_details = {'server': server}
1072 LOG.info('Created server: {}'.format(server))
1073
1074 addresses = server['addresses']
1075 if CONF.load_balancer.disable_boot_network:
1076 instance_network = addresses.values()[0]
1077 else:
1078 instance_network = addresses[network['name']]
1079 for addr in instance_network:
1080 if addr['version'] == 4:
1081 webserver_details['ipv4_address'] = addr['addr']
1082 if addr['version'] == 6:
1083 webserver_details['ipv6_address'] = addr['addr']
1084
1085 if CONF.validation.connect_method == 'floating':
1086 result = cls.lb_mem_ports_client.list_ports(
1087 network_id=network['id'],
1088 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1089 port_id = result['ports'][0]['id']
1090 result = cls.lb_mem_float_ip_client.create_floatingip(
1091 floating_network_id=CONF.network.public_network_id,
1092 port_id=port_id)
1093 floating_ip = result['floatingip']
1094 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
1095 cls.addClassResourceCleanup(
1096 waiters.wait_for_not_found,
1097 cls.lb_mem_float_ip_client.delete_floatingip,
1098 cls.lb_mem_float_ip_client.show_floatingip,
1099 floatingip_id=floating_ip['id'])
1100 webserver_details['public_ipv4_address'] = (
1101 floating_ip['floating_ip_address'])
1102 else:
1103 webserver_details['public_ipv4_address'] = (
1104 instance_network[0]['addr'])
1105
1106 return webserver_details
1107
1108 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1109 def _get_openssh_version(cls):
1110 p = subprocess.Popen(["ssh", "-V"],
1111 stdout=subprocess.PIPE,
1112 stderr=subprocess.PIPE)
1113 output = p.communicate()[1]
1114
1115 try:
1116 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1117 version_maj = int(m.group(1))
1118 version_min = int(m.group(2))
1119 return version_maj, version_min
1120 except Exception:
1121 return None, None
1122
1123 @classmethod
1124 def _need_scp_protocol(cls):
1125 # When using scp >= 8.7, force the use of the SCP protocol,
1126 # the new default (SFTP protocol) doesn't work with
1127 # cirros VMs.
1128 ssh_version = cls._get_openssh_version()
1129 LOG.debug("ssh_version = {}".format(ssh_version))
1130 return (ssh_version[0] > 8 or
1131 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1132
1133 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1134 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1135 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1136 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1137
1138 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1139 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1140 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1141 linux_client.validate_authentication()
1142
1143 with tempfile.NamedTemporaryFile() as key:
1144 key.write(ssh_key.encode('utf-8'))
1145 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1146 ssh_extra_args = (
1147 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1148 if cls._need_scp_protocol():
1149 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1150 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1151 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1152 "-o StrictHostKeyChecking=no "
1153 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1154 "-i {2} {3} {4}@{5}:{6}").format(
1155 CONF.load_balancer.scp_connection_timeout,
1156 CONF.load_balancer.scp_connection_attempts,
1157 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1158 ip_address, const.TEST_SERVER_BINARY,
1159 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1160 args = shlex.split(cmd)
1161 subprocess_args = {'stdout': subprocess.PIPE,
1162 'stderr': subprocess.STDOUT,
1163 'cwd': None}
1164 proc = subprocess.Popen(args, **subprocess_args)
1165 stdout, stderr = proc.communicate()
1166 if proc.returncode != 0:
1167 raise exceptions.CommandFailed(proc.returncode, cmd,
1168 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1169
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1170 cls._load_member_pki_content(ip_address, key,
1171 revoke_cert=revoke_cert)
1172
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1173 # Enabling memory overcommit allows to run golang static binaries
1174 # compiled with a recent golang toolchain (>=1.11). Those binaries
1175 # allocate a large amount of virtual memory at init time, and this
1176 # allocation fails in tempest's nano flavor (64MB of RAM)
1177 # (golang issue reported in https://github.com/golang/go/issues/28114,
1178 # follow-up: https://github.com/golang/go/issues/28081)
1179 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1180 linux_client.exec_command('sudo sh -c "echo 1 > '
1181 '/proc/sys/vm/overcommit_memory"')
1182
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1183 # The initial process also supports HTTPS and HTTPS with client auth
1184 linux_client.exec_command(
1185 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1186 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1187 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1188 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1189
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1190 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1191 '-id {1}'.format(const.TEST_SERVER_BINARY,
1192 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1193
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1194 # Cirros does not configure the assigned IPv6 address by default
1195 # so enable it manually like tempest does here:
1196 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1197 @classmethod
1198 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1199 ipv6_address, ipv6_prefix):
1200 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1201 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1202 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1203 linux_client.validate_authentication()
1204
1205 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1206 'eth0'.format(ipv6_address, ipv6_prefix))
1207
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1208 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1209 def _validate_webserver(cls, ip_address, start_id):
1210 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1211 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1212 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1213 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1214
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1215 @classmethod
1216 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1217 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1218 if res != str(start_id):
1219 raise Exception("Response from test server doesn't match the "
1220 "expected value ({0} != {1}).".format(
1221 res, str(start_id)))
1222
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1223 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1224 if res != str(start_id + 1):
1225 raise Exception("Response from test server doesn't match the "
1226 "expected value ({0} != {1}).".format(
1227 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1228
1229 @classmethod
1230 def _create_backend_reencryption_pki(cls):
1231 # Create a CA self-signed cert and key for the member test servers
1232 cls.member_ca_cert, cls.member_ca_key = (
1233 cert_utils.generate_ca_cert_and_key())
1234
1235 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1236 serialization.Encoding.PEM))
1237 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1238 encoding=serialization.Encoding.PEM,
1239 format=serialization.PrivateFormat.TraditionalOpenSSL,
1240 encryption_algorithm=serialization.NoEncryption()))
1241 LOG.debug('Member CA public Key: %s',
1242 cls.member_ca_key.public_key().public_bytes(
1243 encoding=serialization.Encoding.PEM,
1244 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1245
1246 # Create the member client authentication CA
1247 cls.member_client_ca_cert, member_client_ca_key = (
1248 cert_utils.generate_ca_cert_and_key())
1249
1250 # Create client cert and key
1251 cls.member_client_cn = uuidutils.generate_uuid()
1252 cls.member_client_cert, cls.member_client_key = (
1253 cert_utils.generate_client_cert_and_key(
1254 cls.member_client_ca_cert, member_client_ca_key,
1255 cls.member_client_cn))
1256 # Note: We are not revoking a client cert here as we don't need to
1257 # test the backend web server CRL checking.
1258
1259 @classmethod
1260 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1261 # Create webserver certificate and key
1262 cert, key = cert_utils.generate_server_cert_and_key(
1263 cls.member_ca_cert, cls.member_ca_key, ip_address)
1264
1265 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1266 serialization.Encoding.PEM))
1267 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1268 encoding=serialization.Encoding.PEM,
1269 format=serialization.PrivateFormat.TraditionalOpenSSL,
1270 encryption_algorithm=serialization.NoEncryption()))
1271 public_key = key.public_key()
1272 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1273 encoding=serialization.Encoding.PEM,
1274 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1275
1276 # Create a CRL with a revoked certificate
1277 if revoke_cert:
1278 # Create a CRL with webserver 2 revoked
1279 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1280 cls.member_ca_cert, cls.member_ca_key, cert)
1281
1282 # Load the certificate, key, and client CA certificate into the
1283 # test server.
1284 with tempfile.TemporaryDirectory() as tmpdir:
1285 os.umask(0)
1286 files_to_send = []
1287 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1288 files_to_send.append(cert_filename)
1289 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1290 0o700), 'w') as fh:
1291 fh.write(cert.public_bytes(
1292 serialization.Encoding.PEM).decode('utf-8'))
1293 fh.flush()
1294 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1295 files_to_send.append(key_filename)
1296 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1297 0o700), 'w') as fh:
1298 fh.write(key.private_bytes(
1299 encoding=serialization.Encoding.PEM,
1300 format=serialization.PrivateFormat.TraditionalOpenSSL,
1301 encryption_algorithm=serialization.NoEncryption()).decode(
1302 'utf-8'))
1303 fh.flush()
1304 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1305 files_to_send.append(client_ca_filename)
1306 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1307 0o700), 'w') as fh:
1308 fh.write(cls.member_client_ca_cert.public_bytes(
1309 serialization.Encoding.PEM).decode('utf-8'))
1310 fh.flush()
1311
1312 # For security, we don't want to use a shell that can glob
1313 # the file names, so iterate over them.
1314 subprocess_args = {'stdout': subprocess.PIPE,
1315 'stderr': subprocess.STDOUT,
1316 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1317 ssh_extra_args = (
1318 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1319 if cls._need_scp_protocol():
1320 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1321 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1322 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1323 "-o StrictHostKeyChecking=no "
1324 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1325 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1326 CONF.load_balancer.scp_connection_timeout,
1327 CONF.load_balancer.scp_connection_attempts,
1328 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1329 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1330 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1331 args = shlex.split(cmd)
1332 proc = subprocess.Popen(args, **subprocess_args)
1333 stdout, stderr = proc.communicate()
1334 if proc.returncode != 0:
1335 raise exceptions.CommandFailed(proc.returncode, cmd,
1336 stdout, stderr)