Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 62a136d9597af64b69cc70be9c1173aecfb554de / . / octavia_tempest_plugin / tests / test_base.py
blob: 5ba258daa4c6732c06c9378dba5fe50d1e0aba6a [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]18import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import string
21import subprocess
22import tempfile
23
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]24from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]25from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]26from oslo_log import log as logging
27from oslo_utils import uuidutils
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]28from tempest import clients
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest import config
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]30from tempest.lib import auth
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]31from tempest.lib.common.utils import data_utils
32from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]33from tempest.lib import exceptions
34from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]35import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]37from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]38from octavia_tempest_plugin.common import constants as const
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]39import octavia_tempest_plugin.services.load_balancer.v2 as lbv2
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]40from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]41from octavia_tempest_plugin.tests import validators
42from octavia_tempest_plugin.tests import waiters
43
44CONF = config.CONF
45LOG = logging.getLogger(__name__)
46
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]47RETRY_ATTEMPTS = 15
48RETRY_INITIAL_DELAY = 1
49RETRY_BACKOFF = 1
50RETRY_MAX = 5
51
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]52
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]53class LoadBalancerBaseTest(validators.ValidatorsMixin,
54 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]55 """Base class for load balancer tests."""
56
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]57 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
58 credentials = [
59 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
60 ['lb_member', CONF.load_balancer.member_role],
61 ['lb_member2', CONF.load_balancer.member_role]]
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]62 elif CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]63 credentials = [
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]64 'admin', 'primary',
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]65 ['lb_admin', 'admin'],
66 ['lb_observer', 'reader'],
67 ['lb_global_observer', 'reader'],
68 ['lb_member', 'member'],
69 ['lb_member2', 'member']]
70 # Note: an additional non-member user is added in setup_credentials
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]71 else:
72 credentials = [
73 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
74 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
75 ['lb_global_observer', CONF.load_balancer.global_observer_role,
76 'reader'],
Michael Johnson9e9f5262023-01-18 17:59:17 +0000[diff] [blame]77 # Note: Some projects are now requiring the 'member' role by
78 # default (nova for example) so make sure our creds have this role
79 ['lb_member', CONF.load_balancer.member_role, 'member'],
80 ['lb_member2', CONF.load_balancer.member_role, 'member']]
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]81
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]82 # A tuple of credentials that will be allocated by tempest using the
83 # 'credentials' list above. These are used to build RBAC test lists.
84 allocated_creds = []
85 for cred in credentials:
86 if isinstance(cred, list):
87 allocated_creds.append('os_roles_' + cred[0])
88 else:
89 allocated_creds.append('os_' + cred)
90 # Tests shall not mess with the list of allocated credentials
91 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]92
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]93 webserver1_response = 1
94 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]95 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]96
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]97 SRC_PORT_NUMBER_MIN = 32768
98 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]99 src_port_number = SRC_PORT_NUMBER_MIN
100
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]101 @classmethod
102 def skip_checks(cls):
103 """Check if we should skip all of the children tests."""
104 super(LoadBalancerBaseTest, cls).skip_checks()
105
106 service_list = {
107 'load_balancer': CONF.service_available.load_balancer,
108 }
109
110 live_service_list = {
111 'compute': CONF.service_available.nova,
112 'image': CONF.service_available.glance,
113 'neutron': CONF.service_available.neutron
114 }
115
116 if not CONF.load_balancer.test_with_noop:
117 service_list.update(live_service_list)
118
119 for service, available in service_list.items():
120 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]121 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]122 "available.".format(cls.__name__, service))
123 raise cls.skipException(skip_msg)
124
125 # We must be able to reach our VIP and instances
126 if not (CONF.network.project_networks_reachable
127 or CONF.network.public_network_id):
128 msg = ('Either project_networks_reachable must be "true", or '
129 'public_network_id must be defined.')
130 raise cls.skipException(msg)
131
132 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]133 def _setup_new_user_role_client(cls, project_id, role_name):
134 user = {
135 'name': data_utils.rand_name('user'),
136 'password': data_utils.rand_password()
137 }
138 user_id = cls.os_admin.users_v3_client.create_user(
139 **user)['user']['id']
140 cls._created_users.append(user_id)
141 roles = cls.os_admin.roles_v3_client.list_roles(
142 name=role_name)['roles']
143 if len(roles) == 0:
144 role = {
145 'name': role_name
146 }
147 role_id = cls.os_admin.roles_v3_client.create_role(
148 **role)['role']['id']
149 cls._created_roles.append(role_id)
150 else:
151 role_id = roles[0]['id']
152 cls.os_admin.roles_v3_client.create_user_role_on_project(
153 project_id, user_id, role_id
154 )
155 creds = auth.KeystoneV3Credentials(
156 user_id=user_id,
157 password=user['password'],
158 project_id=project_id
159 )
160 auth_provider = clients.get_auth_provider(creds)
161 creds = auth_provider.fill_credentials()
162 return clients.Manager(credentials=creds)
163
164 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]165 def setup_credentials(cls):
166 """Setup test credentials and network resources."""
167 # Do not auto create network resources
168 cls.set_network_resources()
169 super(LoadBalancerBaseTest, cls).setup_credentials()
170
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]171 cls._created_projects = []
172 cls._created_users = []
173 cls._created_roles = []
174
175 non_dyn_users = []
176
177 if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
178 # Create a non-member user for keystone_default_roles
179 # When using dynamic credentials, tempest cannot create a user
180 # without a role, it always adds at least the "member" role.
181 # We manually create the user with a temporary role
182 project_id = cls.os_admin.projects_client.create_project(
183 data_utils.rand_name()
184 )['project']['id']
185 cls._created_projects.append(project_id)
186 cls.os_not_member = cls._setup_new_user_role_client(
187 project_id,
188 data_utils.rand_name('role'))
189 cls.allocated_creds.append('os_not_member')
190 non_dyn_users.append('not_member')
191
192 # Tests shall not mess with the list of allocated credentials
193 cls.allocated_credentials = tuple(cls.allocated_creds)
194
Bas de Bruijne530a88a2022-12-15 11:12:45 -0400[diff] [blame]195 if not CONF.load_balancer.log_user_roles:
196 return
197
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]198 # Log the user roles for this test run
199 role_name_cache = {}
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]200 for cred in cls.credentials + non_dyn_users:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]201 user_roles = []
202 if isinstance(cred, list):
203 user_name = cred[0]
204 cred_obj = getattr(cls, 'os_roles_' + cred[0])
205 else:
206 user_name = cred
207 cred_obj = getattr(cls, 'os_' + cred)
208 params = {'user.id': cred_obj.credentials.user_id,
Rodolfo Alonso Hernandezb5969972025-02-17 14:23:38 +0000[diff] [blame]209 'scope.project.id': cred_obj.credentials.project_id}
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]210 roles = cls.os_admin.role_assignments_client.list_role_assignments(
211 **params)['role_assignments']
212 for role in roles:
213 role_id = role['role']['id']
214 try:
215 role_name = role_name_cache[role_id]
216 except KeyError:
217 role_name = cls.os_admin.roles_v3_client.show_role(
218 role_id)['role']['name']
219 role_name_cache[role_id] = role_name
220 user_roles.append([role_name, role['scope']])
221 LOG.info("User %s has roles: %s", user_name, user_roles)
222
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]223 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]224 def clear_credentials(cls):
225 for user_id in cls._created_users:
226 cls.os_admin.users_v3_client.delete_user(user_id)
227 for project_id in cls._created_projects:
228 cls.os_admin.projects_client.delete_project(project_id)
229 for role_id in cls._created_roles:
230 cls.os_admin.roles_v3_client.delete_role(role_id)
231 super().clear_credentials()
232
233 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]234 def setup_clients(cls):
235 """Setup client aliases."""
236 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]237 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]238 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
239 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
240 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
241 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
242 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
243 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
244 cls.lb_mem_SGr_client = (
245 cls.os_roles_lb_member.security_group_rules_client)
246 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
247 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]248 cls.mem_lb_client: lbv2.LoadbalancerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]249 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]250 cls.mem_listener_client: lbv2.ListenerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]251 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]252 cls.mem_pool_client: lbv2.PoolClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]253 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]254 cls.mem_member_client: lbv2.MemberClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]255 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]256 cls.mem_healthmonitor_client: lbv2.HealthMonitorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]257 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]258 cls.mem_l7policy_client: lbv2.L7PolicyClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]259 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]260 cls.mem_l7rule_client: lbv2.L7RuleClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]261 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]262 cls.lb_admin_amphora_client: lbv2.AmphoraClient = (
263 lb_admin_prefix.AmphoraClient())
264 cls.lb_admin_flavor_profile_client: lbv2.FlavorProfileClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]265 lb_admin_prefix.FlavorProfileClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]266 cls.lb_admin_flavor_client: lbv2.FlavorClient = (
267 lb_admin_prefix.FlavorClient())
268 cls.mem_flavor_client: lbv2.FlavorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]269 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]270 cls.mem_provider_client: lbv2.ProviderClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]271 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]272 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]273 cls.os_admin_routers_client = cls.os_admin.routers_client
274 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]275 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]276 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]277 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]278 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]279 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]280 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]281 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]282 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]283 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]284 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Gregory Thiemonge5010dc02021-02-02 14:59:27 +0100[diff] [blame]285 cls.os_admin_compute_flavors_client = cls.os_admin.flavors_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]286
287 @classmethod
288 def resource_setup(cls):
289 """Setup resources needed by the tests."""
290 super(LoadBalancerBaseTest, cls).resource_setup()
291
292 conf_lb = CONF.load_balancer
293
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]294 cls.api_version = cls.mem_lb_client.get_max_api_version()
295
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]296 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
297 raise exceptions.InvalidConfiguration(
298 "Configuration value test_network_override must be "
299 "specified if test_subnet_override is used.")
300
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]301 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]302 # Get loadbalancing algorithms supported by provider driver.
303 try:
304 algorithms = const.SUPPORTED_LB_ALGORITHMS[
305 CONF.load_balancer.provider]
306 except KeyError:
307 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
308 # Set default algorithm as first from the list.
309 cls.lb_algorithm = algorithms[0]
310
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]311 show_subnet = cls.lb_mem_subnet_client.show_subnet
312 if CONF.load_balancer.test_with_noop:
313 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
314 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
315 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
316 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
317 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
318 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
319 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]320 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]321 cls.lb_member_vip_ipv6_subnet = {'id':
322 uuidutils.generate_uuid()}
323 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
324 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]325 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]326 return
327 elif CONF.load_balancer.test_network_override:
328 if conf_lb.test_subnet_override:
329 override_subnet = show_subnet(conf_lb.test_subnet_override)
330 else:
331 override_subnet = None
332
333 show_net = cls.lb_mem_net_client.show_network
334 override_network = show_net(conf_lb.test_network_override)
335 override_network = override_network.get('network')
336
337 cls.lb_member_vip_net = override_network
338 cls.lb_member_vip_subnet = override_subnet
339 cls.lb_member_1_net = override_network
340 cls.lb_member_1_subnet = override_subnet
341 cls.lb_member_2_net = override_network
342 cls.lb_member_2_subnet = override_subnet
343
344 if (CONF.load_balancer.test_with_ipv6 and
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]345 conf_lb.test_ipv6_subnet_override):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]346 override_ipv6_subnet = show_subnet(
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]347 conf_lb.test_ipv6_subnet_override)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]348 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
349 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
350 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]351 cls.lb_member_vip_ipv6_subnet_stateful = False
352 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
353 'dhcpv6-stateful'):
354 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]355 else:
356 cls.lb_member_vip_ipv6_subnet = None
357 cls.lb_member_1_ipv6_subnet = None
358 cls.lb_member_2_ipv6_subnet = None
359 else:
360 cls._create_networks()
361
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]362 LOG.debug('Octavia Setup: lb_member_vip_net = %s',
363 cls.lb_member_vip_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]364 if cls.lb_member_vip_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]365 LOG.debug('Octavia Setup: lb_member_vip_subnet = %s',
366 cls.lb_member_vip_subnet[const.ID])
367 LOG.debug('Octavia Setup: lb_member_1_net = %s',
368 cls.lb_member_1_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]369 if cls.lb_member_1_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]370 LOG.debug('Octavia Setup: lb_member_1_subnet = %s',
371 cls.lb_member_1_subnet[const.ID])
372 LOG.debug('Octavia Setup: lb_member_2_net = %s',
373 cls.lb_member_2_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]374 if cls.lb_member_2_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]375 LOG.debug('Octavia Setup: lb_member_2_subnet = %s',
376 cls.lb_member_2_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]377 if CONF.load_balancer.test_with_ipv6:
378 if cls.lb_member_vip_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]379 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = %s',
380 cls.lb_member_vip_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]381 if cls.lb_member_1_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]382 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = %s',
383 cls.lb_member_1_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]384 if cls.lb_member_2_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]385 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = %s',
386 cls.lb_member_2_ipv6_subnet[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]387
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]388 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]389 # Neutron can be slow to clean up ports from the subnets/networks.
390 # Retry this delete a few times if we get a "Conflict" error to give
391 # neutron time to fully cleanup the ports.
392 @tenacity.retry(
393 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
394 wait=tenacity.wait_incrementing(
395 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
396 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
397 def _logging_delete_network(cls, net_id):
398 try:
399 cls.lb_mem_net_client.delete_network(net_id)
400 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]401 LOG.error('Unable to delete network %s. Active ports:', net_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]402 LOG.error(cls.lb_mem_ports_client.list_ports())
403 raise
404
405 @classmethod
406 # Neutron can be slow to clean up ports from the subnets/networks.
407 # Retry this delete a few times if we get a "Conflict" error to give
408 # neutron time to fully cleanup the ports.
409 @tenacity.retry(
410 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
411 wait=tenacity.wait_incrementing(
412 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
413 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
414 def _logging_delete_subnet(cls, subnet_id):
415 try:
416 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
417 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]418 LOG.error('Unable to delete subnet %s. Active ports:', subnet_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]419 LOG.error(cls.lb_mem_ports_client.list_ports())
420 raise
421
422 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]423 def _create_networks(cls):
424 """Creates networks, subnets, and routers used in tests.
425
426 The following are expected to be defined and available to the tests:
427 cls.lb_member_vip_net
428 cls.lb_member_vip_subnet
429 cls.lb_member_vip_ipv6_subnet (optional)
430 cls.lb_member_1_net
431 cls.lb_member_1_subnet
432 cls.lb_member_1_ipv6_subnet (optional)
433 cls.lb_member_2_net
434 cls.lb_member_2_subnet
435 cls.lb_member_2_ipv6_subnet (optional)
436 """
437
438 # Create tenant VIP network
439 network_kwargs = {
440 'name': data_utils.rand_name("lb_member_vip_network")}
441 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]442 # Note: Allowed Address Pairs requires port security
443 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]444 result = cls.lb_mem_net_client.create_network(**network_kwargs)
445 cls.lb_member_vip_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]446 LOG.info('lb_member_vip_net: %s', cls.lb_member_vip_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]447 cls.addClassResourceCleanup(
448 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]449 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]450 cls.lb_mem_net_client.show_network,
451 cls.lb_member_vip_net['id'])
452
453 # Create tenant VIP subnet
454 subnet_kwargs = {
455 'name': data_utils.rand_name("lb_member_vip_subnet"),
456 'network_id': cls.lb_member_vip_net['id'],
457 'cidr': CONF.load_balancer.vip_subnet_cidr,
458 'ip_version': 4}
459 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
460 cls.lb_member_vip_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]461 LOG.info('lb_member_vip_subnet: %s', cls.lb_member_vip_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]462 cls.addClassResourceCleanup(
463 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]464 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]465 cls.lb_mem_subnet_client.show_subnet,
466 cls.lb_member_vip_subnet['id'])
467
468 # Create tenant VIP IPv6 subnet
469 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]470 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]471 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
472 subnet_kwargs = {
473 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
474 'network_id': cls.lb_member_vip_net['id'],
475 'ip_version': 6}
476
477 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
478 # the subnetpool's cidr is routable from the devstack node
479 # through the default router
480 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
481 if subnetpool_name:
482 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
483 name=subnetpool_name)['subnetpools']
484 if len(subnetpool) == 1:
485 subnetpool = subnetpool[0]
486 subnet_kwargs['subnetpool_id'] = subnetpool['id']
487 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
488
489 if 'subnetpool_id' not in subnet_kwargs:
490 subnet_kwargs['cidr'] = (
491 CONF.load_balancer.vip_ipv6_subnet_cidr)
492
493 result = cls.lb_mem_subnet_client.create_subnet(
494 **subnet_kwargs)
495 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
496 cls.lb_member_vip_ipv6_subnet = result['subnet']
497 cls.addClassResourceCleanup(
498 waiters.wait_for_not_found,
499 cls._logging_delete_subnet,
500 cls.lb_mem_subnet_client.show_subnet,
501 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]502
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]503 LOG.info('lb_member_vip_ipv6_subnet: %s',
504 cls.lb_member_vip_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]505
506 # Create tenant member 1 network
507 network_kwargs = {
508 'name': data_utils.rand_name("lb_member_1_network")}
509 if CONF.network_feature_enabled.port_security:
510 if CONF.load_balancer.enable_security_groups:
511 network_kwargs['port_security_enabled'] = True
512 else:
513 network_kwargs['port_security_enabled'] = False
514 result = cls.lb_mem_net_client.create_network(**network_kwargs)
515 cls.lb_member_1_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]516 LOG.info('lb_member_1_net: %s', cls.lb_member_1_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]517 cls.addClassResourceCleanup(
518 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]519 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]520 cls.lb_mem_net_client.show_network,
521 cls.lb_member_1_net['id'])
522
523 # Create tenant member 1 subnet
524 subnet_kwargs = {
525 'name': data_utils.rand_name("lb_member_1_subnet"),
526 'network_id': cls.lb_member_1_net['id'],
527 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
528 'ip_version': 4}
529 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
530 cls.lb_member_1_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]531 LOG.info('lb_member_1_subnet: %s', cls.lb_member_1_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]532 cls.addClassResourceCleanup(
533 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]534 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]535 cls.lb_mem_subnet_client.show_subnet,
536 cls.lb_member_1_subnet['id'])
537
538 # Create tenant member 1 ipv6 subnet
539 if CONF.load_balancer.test_with_ipv6:
540 subnet_kwargs = {
541 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
542 'network_id': cls.lb_member_1_net['id'],
543 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
544 'ip_version': 6}
545 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]546 cls.lb_member_1_subnet_prefix = (
547 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
548 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]549 assert (cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]550 cls.lb_member_1_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]551 LOG.info('lb_member_1_ipv6_subnet: %s',
552 cls.lb_member_1_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]553 cls.addClassResourceCleanup(
554 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]555 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]556 cls.lb_mem_subnet_client.show_subnet,
557 cls.lb_member_1_ipv6_subnet['id'])
558
559 # Create tenant member 2 network
560 network_kwargs = {
561 'name': data_utils.rand_name("lb_member_2_network")}
562 if CONF.network_feature_enabled.port_security:
563 if CONF.load_balancer.enable_security_groups:
564 network_kwargs['port_security_enabled'] = True
565 else:
566 network_kwargs['port_security_enabled'] = False
567 result = cls.lb_mem_net_client.create_network(**network_kwargs)
568 cls.lb_member_2_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]569 LOG.info('lb_member_2_net: %s', cls.lb_member_2_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]570 cls.addClassResourceCleanup(
571 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]572 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]573 cls.lb_mem_net_client.show_network,
574 cls.lb_member_2_net['id'])
575
576 # Create tenant member 2 subnet
577 subnet_kwargs = {
578 'name': data_utils.rand_name("lb_member_2_subnet"),
579 'network_id': cls.lb_member_2_net['id'],
580 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
581 'ip_version': 4}
582 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
583 cls.lb_member_2_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]584 LOG.info('lb_member_2_subnet: %s', cls.lb_member_2_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]585 cls.addClassResourceCleanup(
586 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]587 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]588 cls.lb_mem_subnet_client.show_subnet,
589 cls.lb_member_2_subnet['id'])
590
591 # Create tenant member 2 ipv6 subnet
592 if CONF.load_balancer.test_with_ipv6:
593 subnet_kwargs = {
594 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
595 'network_id': cls.lb_member_2_net['id'],
596 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
597 'ip_version': 6}
598 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]599 cls.lb_member_2_subnet_prefix = (
600 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
601 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]602 assert (cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]603 cls.lb_member_2_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]604 LOG.info('lb_member_2_ipv6_subnet: %s',
605 cls.lb_member_2_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]606 cls.addClassResourceCleanup(
607 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]608 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]609 cls.lb_mem_subnet_client.show_subnet,
610 cls.lb_member_2_ipv6_subnet['id'])
611
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]612 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]613 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
614 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]615 if not ip_version:
616 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]617 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]618 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]619 while ip_index in cls.used_ips:
620 ip_index = data_utils.rand_int_id(start=10, end=100)
621 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]622 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]623 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]624 if CONF.load_balancer.test_with_noop:
625 lb_vip_address = '198.18.33.33'
626 else:
627 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
628 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
629 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]630 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]631 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]632 if CONF.load_balancer.test_with_noop:
633 lb_vip_address = '2001:db8:33:33:33:33:33:33'
634 else:
635 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
636 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
637 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]638 # If the subnet is IPv6 slaac or dhcpv6-stateless
639 # neutron does not allow a fixed IP
640 if not cls.lb_member_vip_ipv6_subnet_stateful:
641 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]642 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]643 if use_fixed_ip:
644 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]645 if CONF.load_balancer.test_with_noop:
646 lb_kwargs[const.VIP_NETWORK_ID] = (
647 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]648 if ip_version == 6:
649 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]650 else:
651 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
652 lb_kwargs[const.VIP_SUBNET_ID] = None
653
Gregory Thiemongeece5ab42020-10-29 08:46:05 +0100[diff] [blame]654 def _validate_listener_protocol(self, protocol, raise_if_unsupported=True):
655 if (protocol == const.SCTP and
656 not self.mem_listener_client.is_version_supported(
657 self.api_version, '2.23')):
658 if raise_if_unsupported:
659 raise self.skipException('SCTP listener protocol '
660 'is only available on Octavia '
661 'API version 2.23 or newer.')
662 return False
663 return True
664
ibumarskovd17e3da2020-09-03 18:21:29 +0400[diff] [blame]665 @classmethod
666 def check_tf_compatibility(cls, protocol=None, algorithm=None):
667 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov62a136d2021-02-03 16:16:42 +0400[diff] [blame^]668 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskovd17e3da2020-09-03 18:21:29 +0400[diff] [blame]669 const.TERMINATED_HTTPS]
670 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
671 const.LB_ALGORITHM_LEAST_CONNECTIONS,
672 const.LB_ALGORITHM_SOURCE_IP]
673
674 if algorithm and algorithm not in tf_algorithms:
675 raise cls.skipException(
676 'TungstenFabric does not support {} algorithm.'
677 ''.format(algorithm))
678 if protocol and protocol not in tf_protocols:
679 raise cls.skipException(
680 'TungstenFabric does not support {} protocol.'
681 ''.format(protocol))
682
683 @classmethod
684 def _tf_create_listener(cls, name, proto, port, lb_id):
685 listener_kwargs = {
686 const.NAME: name,
687 const.PROTOCOL: proto,
688 const.PROTOCOL_PORT: port,
689 const.LOADBALANCER_ID: lb_id,
690 }
691 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
692 return listener
693
694 @classmethod
695 def _tf_get_free_port(cls, lb_id):
696 port = 8081
697 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
698 listeners = lb[const.LISTENERS]
699 if not listeners:
700 return port
701 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
702 const.PROTOCOL_PORT] for x in listeners]
703 while port in ports:
704 port = port + 1
705 return port
706
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]707
708class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
709 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]710 def remote_client_args(cls):
711 # In case we're using octavia-tempest-plugin with old tempest releases
712 # (for instance on stable/train) that don't support ssh_key_type, catch
713 # the exception and don't pass any argument
714 args = {}
715 try:
716 args['ssh_key_type'] = CONF.validation.ssh_key_type
717 except cfg.NoSuchOptError:
718 pass
719 return args
720
721 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]722 def resource_setup(cls):
723 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
724 # If validation is disabled in this cloud, we won't be able to
725 # start the webservers, so don't even boot them.
726 if not CONF.validation.run_validation:
727 return
728
729 # Create a keypair for the webservers
730 keypair_name = data_utils.rand_name('lb_member_keypair')
731 result = cls.lb_mem_keypairs_client.create_keypair(
732 name=keypair_name)
733 cls.lb_member_keypair = result['keypair']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]734 LOG.info('lb_member_keypair: %s', cls.lb_member_keypair)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]735 cls.addClassResourceCleanup(
736 waiters.wait_for_not_found,
737 cls.lb_mem_keypairs_client.delete_keypair,
738 cls.lb_mem_keypairs_client.show_keypair,
739 keypair_name)
740
741 if (CONF.load_balancer.enable_security_groups and
742 CONF.network_feature_enabled.port_security):
743 # Set up the security group for the webservers
744 SG_name = data_utils.rand_name('lb_member_SG')
745 cls.lb_member_sec_group = (
746 cls.lb_mem_SG_client.create_security_group(
747 name=SG_name)['security_group'])
748 cls.addClassResourceCleanup(
749 waiters.wait_for_not_found,
750 cls.lb_mem_SG_client.delete_security_group,
751 cls.lb_mem_SG_client.show_security_group,
752 cls.lb_member_sec_group['id'])
753
754 # Create a security group rule to allow 80-81 (test webservers)
755 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
756 direction='ingress',
757 security_group_id=cls.lb_member_sec_group['id'],
758 protocol='tcp',
759 ethertype='IPv4',
760 port_range_min=80,
761 port_range_max=81)['security_group_rule']
762 cls.addClassResourceCleanup(
763 waiters.wait_for_not_found,
764 cls.lb_mem_SGr_client.delete_security_group_rule,
765 cls.lb_mem_SGr_client.show_security_group_rule,
766 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]767 # Create a security group rule to allow UDP 80-81 (test webservers)
768 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
769 direction='ingress',
770 security_group_id=cls.lb_member_sec_group['id'],
771 protocol='udp',
772 ethertype='IPv4',
773 port_range_min=80,
774 port_range_max=81)['security_group_rule']
775 cls.addClassResourceCleanup(
776 waiters.wait_for_not_found,
777 cls.lb_mem_SGr_client.delete_security_group_rule,
778 cls.lb_mem_SGr_client.show_security_group_rule,
779 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]780 # Create a security group rule to allow 443 (test webservers)
781 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
782 direction='ingress',
783 security_group_id=cls.lb_member_sec_group['id'],
784 protocol='tcp',
785 ethertype='IPv4',
786 port_range_min=443,
787 port_range_max=443)['security_group_rule']
788 cls.addClassResourceCleanup(
789 waiters.wait_for_not_found,
790 cls.lb_mem_SGr_client.delete_security_group_rule,
791 cls.lb_mem_SGr_client.show_security_group_rule,
792 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]793 # Create a security group rule to allow 9443 (test webservers)
794 # Used in the pool backend encryption client authentication tests
795 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
796 direction='ingress',
797 security_group_id=cls.lb_member_sec_group['id'],
798 protocol='tcp',
799 ethertype='IPv4',
800 port_range_min=9443,
801 port_range_max=9443)['security_group_rule']
802 cls.addClassResourceCleanup(
803 waiters.wait_for_not_found,
804 cls.lb_mem_SGr_client.delete_security_group_rule,
805 cls.lb_mem_SGr_client.show_security_group_rule,
806 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]807 # Create a security group rule to allow UDP 9999 (test webservers)
808 # Port 9999 is used to illustrate health monitor ERRORs on closed
809 # ports.
810 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
811 direction='ingress',
812 security_group_id=cls.lb_member_sec_group['id'],
813 protocol='udp',
814 ethertype='IPv4',
815 port_range_min=9999,
816 port_range_max=9999)['security_group_rule']
817 cls.addClassResourceCleanup(
818 waiters.wait_for_not_found,
819 cls.lb_mem_SGr_client.delete_security_group_rule,
820 cls.lb_mem_SGr_client.show_security_group_rule,
821 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]822 # Create a security group rule to allow 22 (ssh)
823 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
824 direction='ingress',
825 security_group_id=cls.lb_member_sec_group['id'],
826 protocol='tcp',
827 ethertype='IPv4',
828 port_range_min=22,
829 port_range_max=22)['security_group_rule']
830 cls.addClassResourceCleanup(
831 waiters.wait_for_not_found,
832 cls.lb_mem_SGr_client.delete_security_group_rule,
833 cls.lb_mem_SGr_client.show_security_group_rule,
834 SGr['id'])
835 if CONF.load_balancer.test_with_ipv6:
836 # Create a security group rule to allow 80-81 (test webservers)
837 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
838 direction='ingress',
839 security_group_id=cls.lb_member_sec_group['id'],
840 protocol='tcp',
841 ethertype='IPv6',
842 port_range_min=80,
843 port_range_max=81)['security_group_rule']
844 cls.addClassResourceCleanup(
845 waiters.wait_for_not_found,
846 cls.lb_mem_SGr_client.delete_security_group_rule,
847 cls.lb_mem_SGr_client.show_security_group_rule,
848 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]849 # Create a security group rule to allow UDP 80-81 (test
850 # webservers)
851 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
852 direction='ingress',
853 security_group_id=cls.lb_member_sec_group['id'],
854 protocol='udp',
855 ethertype='IPv6',
856 port_range_min=80,
857 port_range_max=81)['security_group_rule']
858 cls.addClassResourceCleanup(
859 waiters.wait_for_not_found,
860 cls.lb_mem_SGr_client.delete_security_group_rule,
861 cls.lb_mem_SGr_client.show_security_group_rule,
862 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]863 # Create a security group rule to allow 443 (test webservers)
864 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
865 direction='ingress',
866 security_group_id=cls.lb_member_sec_group['id'],
867 protocol='tcp',
868 ethertype='IPv6',
869 port_range_min=443,
870 port_range_max=443)['security_group_rule']
871 cls.addClassResourceCleanup(
872 waiters.wait_for_not_found,
873 cls.lb_mem_SGr_client.delete_security_group_rule,
874 cls.lb_mem_SGr_client.show_security_group_rule,
875 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]876 # Create a security group rule to allow 9443 (test webservers)
877 # Used in the pool encryption client authentication tests
878 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
879 direction='ingress',
880 security_group_id=cls.lb_member_sec_group['id'],
881 protocol='tcp',
882 ethertype='IPv6',
883 port_range_min=9443,
884 port_range_max=9443)['security_group_rule']
885 cls.addClassResourceCleanup(
886 waiters.wait_for_not_found,
887 cls.lb_mem_SGr_client.delete_security_group_rule,
888 cls.lb_mem_SGr_client.show_security_group_rule,
889 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]890 # Create a security group rule to allow 22 (ssh)
891 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
892 direction='ingress',
893 security_group_id=cls.lb_member_sec_group['id'],
894 protocol='tcp',
895 ethertype='IPv6',
896 port_range_min=22,
897 port_range_max=22)['security_group_rule']
898 cls.addClassResourceCleanup(
899 waiters.wait_for_not_found,
900 cls.lb_mem_SGr_client.delete_security_group_rule,
901 cls.lb_mem_SGr_client.show_security_group_rule,
902 SGr['id'])
903
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]904 LOG.info('lb_member_sec_group: %s', cls.lb_member_sec_group)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]905
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]906 # Setup backend member reencryption PKI
907 cls._create_backend_reencryption_pki()
908
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]909 # Create webserver 1 instance
910 server_details = cls._create_webserver('lb_member_webserver1',
911 cls.lb_member_1_net)
912
913 cls.lb_member_webserver1 = server_details['server']
914 cls.webserver1_ip = server_details.get('ipv4_address')
915 cls.webserver1_ipv6 = server_details.get('ipv6_address')
916 cls.webserver1_public_ip = server_details['public_ipv4_address']
917
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]918 LOG.debug('Octavia Setup: lb_member_webserver1 = %s',
919 cls.lb_member_webserver1[const.ID])
920 LOG.debug('Octavia Setup: webserver1_ip = %s', cls.webserver1_ip)
921 LOG.debug('Octavia Setup: webserver1_ipv6 = %s', cls.webserver1_ipv6)
922 LOG.debug('Octavia Setup: webserver1_public_ip = %s',
923 cls.webserver1_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]924
925 # Create webserver 2 instance
926 server_details = cls._create_webserver('lb_member_webserver2',
927 cls.lb_member_2_net)
928
929 cls.lb_member_webserver2 = server_details['server']
930 cls.webserver2_ip = server_details.get('ipv4_address')
931 cls.webserver2_ipv6 = server_details.get('ipv6_address')
932 cls.webserver2_public_ip = server_details['public_ipv4_address']
933
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]934 LOG.debug('Octavia Setup: lb_member_webserver2 = %s',
935 cls.lb_member_webserver2[const.ID])
936 LOG.debug('Octavia Setup: webserver2_ip = %s', cls.webserver2_ip)
937 LOG.debug('Octavia Setup: webserver2_ipv6 = %s', cls.webserver2_ipv6)
938 LOG.debug('Octavia Setup: webserver2_public_ip = %s',
939 cls.webserver2_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]940
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]941 if CONF.load_balancer.test_with_ipv6:
942 # Enable the IPv6 nic in webserver 1
943 cls._enable_ipv6_nic_webserver(
944 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
945 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
946
947 # Enable the IPv6 nic in webserver 2
948 cls._enable_ipv6_nic_webserver(
949 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
950 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
951
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]952 # Set up serving on webserver 1
953 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]954 cls.lb_member_keypair['private_key'],
955 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]956
957 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]958 cls._validate_webserver(cls.webserver1_public_ip,
959 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]960
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]961 # Validate udp server 1
962 cls._validate_udp_server(cls.webserver1_public_ip,
963 cls.webserver1_response)
964
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]965 # Set up serving on webserver 2
966 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]967 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]968 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]969
970 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]971 cls._validate_webserver(cls.webserver2_public_ip,
972 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]973
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]974 # Validate udp server 2
975 cls._validate_udp_server(cls.webserver2_public_ip,
976 cls.webserver2_response)
977
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]978 @classmethod
979 def _create_networks(cls):
980 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]981 # Create a router for the subnets (required for the floating IP)
982 router_name = data_utils.rand_name("lb_member_router")
983 result = cls.lb_mem_routers_client.create_router(
984 name=router_name, admin_state_up=True,
985 external_gateway_info=dict(
986 network_id=CONF.network.public_network_id))
987 cls.lb_member_router = result['router']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]988 LOG.info('lb_member_router: %s', cls.lb_member_router)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]989 cls.addClassResourceCleanup(
990 waiters.wait_for_not_found,
991 cls.lb_mem_routers_client.delete_router,
992 cls.lb_mem_routers_client.show_router,
993 cls.lb_member_router['id'])
994
995 # Add VIP subnet to router
996 cls.lb_mem_routers_client.add_router_interface(
997 cls.lb_member_router['id'],
998 subnet_id=cls.lb_member_vip_subnet['id'])
999 cls.addClassResourceCleanup(
1000 waiters.wait_for_not_found,
1001 cls.lb_mem_routers_client.remove_router_interface,
1002 cls.lb_mem_routers_client.remove_router_interface,
1003 cls.lb_member_router['id'],
1004 subnet_id=cls.lb_member_vip_subnet['id'])
1005
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]1006 if (CONF.load_balancer.test_with_ipv6 and
1007 CONF.load_balancer.default_router and
1008 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
1009
1010 router_name = CONF.load_balancer.default_router
1011 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
1012 # plug the subnet into the default router
1013 router = cls.os_admin.routers_client.list_routers(
1014 name=router_name)['routers']
1015
1016 if len(router) == 1:
1017 router = router[0]
1018
1019 # Add IPv6 VIP subnet to router1
1020 cls.os_admin_routers_client.add_router_interface(
1021 router['id'],
1022 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1023 cls.addClassResourceCleanup(
1024 waiters.wait_for_not_found,
1025 cls.os_admin_routers_client.remove_router_interface,
1026 cls.os_admin_routers_client.remove_router_interface,
1027 router['id'],
1028 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1029
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1030 # Add member subnet 1 to router
1031 cls.lb_mem_routers_client.add_router_interface(
1032 cls.lb_member_router['id'],
1033 subnet_id=cls.lb_member_1_subnet['id'])
1034 cls.addClassResourceCleanup(
1035 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1036 cls.lb_mem_routers_client.remove_router_interface,
1037 cls.lb_mem_routers_client.remove_router_interface,
1038 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
1039
1040 # Add member subnet 2 to router
1041 cls.lb_mem_routers_client.add_router_interface(
1042 cls.lb_member_router['id'],
1043 subnet_id=cls.lb_member_2_subnet['id'])
1044 cls.addClassResourceCleanup(
1045 waiters.wait_for_not_found,
1046 cls.lb_mem_routers_client.remove_router_interface,
1047 cls.lb_mem_routers_client.remove_router_interface,
1048 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
1049
1050 @classmethod
1051 def _create_webserver(cls, name, network):
1052 """Creates a webserver with two ports.
1053
1054 webserver_details dictionary contains:
1055 server - The compute server object
1056 ipv4_address - The IPv4 address for the server (optional)
1057 ipv6_address - The IPv6 address for the server (optional)
1058 public_ipv4_address - The publicly accessible IPv4 address for the
1059 server, this may be a floating IP (optional)
1060
1061 :param name: The name of the server to create.
1062 :param network: The network to boot the server on.
1063 :returns: webserver_details dictionary.
1064 """
1065 server_kwargs = {
1066 'name': data_utils.rand_name(name),
1067 'flavorRef': CONF.compute.flavor_ref,
1068 'imageRef': CONF.compute.image_ref,
1069 'key_name': cls.lb_member_keypair['name']}
1070 if (CONF.load_balancer.enable_security_groups and
1071 CONF.network_feature_enabled.port_security):
1072 server_kwargs['security_groups'] = [
1073 {'name': cls.lb_member_sec_group['name']}]
1074 if not CONF.load_balancer.disable_boot_network:
1075 server_kwargs['networks'] = [{'uuid': network['id']}]
1076
1077 # Replace the name for clouds that have limitations
1078 if CONF.load_balancer.random_server_name_length:
1079 r = random.SystemRandom()
1080 server_kwargs['name'] = "m{}".format("".join(
1081 [r.choice(string.ascii_uppercase + string.digits)
1082 for _ in range(
1083 CONF.load_balancer.random_server_name_length - 1)]
1084 ))
1085 if CONF.load_balancer.availability_zone:
1086 server_kwargs['availability_zone'] = (
1087 CONF.load_balancer.availability_zone)
1088
1089 server = cls.lb_mem_servers_client.create_server(
1090 **server_kwargs)['server']
1091 cls.addClassResourceCleanup(
1092 waiters.wait_for_not_found,
1093 cls.lb_mem_servers_client.delete_server,
1094 cls.lb_mem_servers_client.show_server,
1095 server['id'])
1096 server = waiters.wait_for_status(
1097 cls.lb_mem_servers_client.show_server,
1098 server['id'], 'status', 'ACTIVE',
1099 CONF.load_balancer.build_interval,
1100 CONF.load_balancer.build_timeout,
1101 root_tag='server')
1102 webserver_details = {'server': server}
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1103 LOG.info('Created server: %s', server)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1104
1105 addresses = server['addresses']
1106 if CONF.load_balancer.disable_boot_network:
1107 instance_network = addresses.values()[0]
1108 else:
1109 instance_network = addresses[network['name']]
1110 for addr in instance_network:
1111 if addr['version'] == 4:
1112 webserver_details['ipv4_address'] = addr['addr']
1113 if addr['version'] == 6:
1114 webserver_details['ipv6_address'] = addr['addr']
1115
1116 if CONF.validation.connect_method == 'floating':
1117 result = cls.lb_mem_ports_client.list_ports(
1118 network_id=network['id'],
1119 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1120 port_id = result['ports'][0]['id']
1121 result = cls.lb_mem_float_ip_client.create_floatingip(
1122 floating_network_id=CONF.network.public_network_id,
1123 port_id=port_id)
1124 floating_ip = result['floatingip']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1125 LOG.info('webserver1_floating_ip: %s', floating_ip)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1126 cls.addClassResourceCleanup(
1127 waiters.wait_for_not_found,
1128 cls.lb_mem_float_ip_client.delete_floatingip,
1129 cls.lb_mem_float_ip_client.show_floatingip,
1130 floatingip_id=floating_ip['id'])
1131 webserver_details['public_ipv4_address'] = (
1132 floating_ip['floating_ip_address'])
1133 else:
1134 webserver_details['public_ipv4_address'] = (
1135 instance_network[0]['addr'])
1136
1137 return webserver_details
1138
1139 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1140 def _get_openssh_version(cls):
1141 p = subprocess.Popen(["ssh", "-V"],
1142 stdout=subprocess.PIPE,
1143 stderr=subprocess.PIPE)
1144 output = p.communicate()[1]
1145
1146 try:
1147 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1148 version_maj = int(m.group(1))
1149 version_min = int(m.group(2))
1150 return version_maj, version_min
1151 except Exception:
1152 return None, None
1153
1154 @classmethod
1155 def _need_scp_protocol(cls):
1156 # When using scp >= 8.7, force the use of the SCP protocol,
1157 # the new default (SFTP protocol) doesn't work with
1158 # cirros VMs.
1159 ssh_version = cls._get_openssh_version()
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1160 LOG.debug("ssh_version = %s", ssh_version)
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1161 return (ssh_version[0] > 8 or
1162 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1163
1164 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1165 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1166 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1167 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1168
1169 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1170 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1171 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1172 linux_client.validate_authentication()
1173
1174 with tempfile.NamedTemporaryFile() as key:
1175 key.write(ssh_key.encode('utf-8'))
1176 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1177 ssh_extra_args = (
1178 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1179 if cls._need_scp_protocol():
1180 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1181 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1182 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1183 "-o StrictHostKeyChecking=no "
1184 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1185 "-i {2} {3} {4}@{5}:{6}").format(
1186 CONF.load_balancer.scp_connection_timeout,
1187 CONF.load_balancer.scp_connection_attempts,
1188 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1189 ip_address, const.TEST_SERVER_BINARY,
1190 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1191 args = shlex.split(cmd)
1192 subprocess_args = {'stdout': subprocess.PIPE,
1193 'stderr': subprocess.STDOUT,
1194 'cwd': None}
1195 proc = subprocess.Popen(args, **subprocess_args)
1196 stdout, stderr = proc.communicate()
1197 if proc.returncode != 0:
1198 raise exceptions.CommandFailed(proc.returncode, cmd,
1199 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1200
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1201 cls._load_member_pki_content(ip_address, key,
1202 revoke_cert=revoke_cert)
1203
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1204 # Enabling memory overcommit allows to run golang static binaries
1205 # compiled with a recent golang toolchain (>=1.11). Those binaries
1206 # allocate a large amount of virtual memory at init time, and this
1207 # allocation fails in tempest's nano flavor (64MB of RAM)
1208 # (golang issue reported in https://github.com/golang/go/issues/28114,
1209 # follow-up: https://github.com/golang/go/issues/28081)
1210 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1211 linux_client.exec_command('sudo sh -c "echo 1 > '
1212 '/proc/sys/vm/overcommit_memory"')
1213
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1214 # The initial process also supports HTTPS and HTTPS with client auth
1215 linux_client.exec_command(
1216 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1217 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1218 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1219 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1220
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1221 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1222 '-id {1}'.format(const.TEST_SERVER_BINARY,
1223 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1224
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1225 # Cirros does not configure the assigned IPv6 address by default
1226 # so enable it manually like tempest does here:
1227 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1228 @classmethod
1229 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1230 ipv6_address, ipv6_prefix):
1231 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1232 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1233 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1234 linux_client.validate_authentication()
1235
1236 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1237 'eth0'.format(ipv6_address, ipv6_prefix))
1238
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1239 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1240 def _validate_webserver(cls, ip_address, start_id):
1241 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1242 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1243 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1244 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1245
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1246 @classmethod
1247 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1248 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1249 if res != str(start_id):
1250 raise Exception("Response from test server doesn't match the "
1251 "expected value ({0} != {1}).".format(
1252 res, str(start_id)))
1253
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1254 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1255 if res != str(start_id + 1):
1256 raise Exception("Response from test server doesn't match the "
1257 "expected value ({0} != {1}).".format(
1258 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1259
1260 @classmethod
1261 def _create_backend_reencryption_pki(cls):
1262 # Create a CA self-signed cert and key for the member test servers
1263 cls.member_ca_cert, cls.member_ca_key = (
1264 cert_utils.generate_ca_cert_and_key())
1265
1266 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1267 serialization.Encoding.PEM))
1268 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1269 encoding=serialization.Encoding.PEM,
1270 format=serialization.PrivateFormat.TraditionalOpenSSL,
1271 encryption_algorithm=serialization.NoEncryption()))
1272 LOG.debug('Member CA public Key: %s',
1273 cls.member_ca_key.public_key().public_bytes(
1274 encoding=serialization.Encoding.PEM,
1275 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1276
1277 # Create the member client authentication CA
1278 cls.member_client_ca_cert, member_client_ca_key = (
1279 cert_utils.generate_ca_cert_and_key())
1280
1281 # Create client cert and key
1282 cls.member_client_cn = uuidutils.generate_uuid()
1283 cls.member_client_cert, cls.member_client_key = (
1284 cert_utils.generate_client_cert_and_key(
1285 cls.member_client_ca_cert, member_client_ca_key,
1286 cls.member_client_cn))
1287 # Note: We are not revoking a client cert here as we don't need to
1288 # test the backend web server CRL checking.
1289
1290 @classmethod
1291 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1292 # Create webserver certificate and key
1293 cert, key = cert_utils.generate_server_cert_and_key(
1294 cls.member_ca_cert, cls.member_ca_key, ip_address)
1295
1296 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1297 serialization.Encoding.PEM))
1298 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1299 encoding=serialization.Encoding.PEM,
1300 format=serialization.PrivateFormat.TraditionalOpenSSL,
1301 encryption_algorithm=serialization.NoEncryption()))
1302 public_key = key.public_key()
1303 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1304 encoding=serialization.Encoding.PEM,
1305 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1306
1307 # Create a CRL with a revoked certificate
1308 if revoke_cert:
1309 # Create a CRL with webserver 2 revoked
1310 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1311 cls.member_ca_cert, cls.member_ca_key, cert)
1312
1313 # Load the certificate, key, and client CA certificate into the
1314 # test server.
1315 with tempfile.TemporaryDirectory() as tmpdir:
1316 os.umask(0)
1317 files_to_send = []
1318 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1319 files_to_send.append(cert_filename)
1320 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1321 0o700), 'w') as fh:
1322 fh.write(cert.public_bytes(
1323 serialization.Encoding.PEM).decode('utf-8'))
1324 fh.flush()
1325 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1326 files_to_send.append(key_filename)
1327 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1328 0o700), 'w') as fh:
1329 fh.write(key.private_bytes(
1330 encoding=serialization.Encoding.PEM,
1331 format=serialization.PrivateFormat.TraditionalOpenSSL,
1332 encryption_algorithm=serialization.NoEncryption()).decode(
1333 'utf-8'))
1334 fh.flush()
1335 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1336 files_to_send.append(client_ca_filename)
1337 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1338 0o700), 'w') as fh:
1339 fh.write(cls.member_client_ca_cert.public_bytes(
1340 serialization.Encoding.PEM).decode('utf-8'))
1341 fh.flush()
1342
1343 # For security, we don't want to use a shell that can glob
1344 # the file names, so iterate over them.
1345 subprocess_args = {'stdout': subprocess.PIPE,
1346 'stderr': subprocess.STDOUT,
1347 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1348 ssh_extra_args = (
1349 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1350 if cls._need_scp_protocol():
1351 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1352 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1353 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1354 "-o StrictHostKeyChecking=no "
1355 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1356 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1357 CONF.load_balancer.scp_connection_timeout,
1358 CONF.load_balancer.scp_connection_attempts,
1359 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1360 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1361 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1362 args = shlex.split(cmd)
1363 proc = subprocess.Popen(args, **subprocess_args)
1364 stdout, stderr = proc.communicate()
1365 if proc.returncode != 0:
1366 raise exceptions.CommandFailed(proc.returncode, cmd,
1367 stdout, stderr)