Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 664310bf2eb2df47d4c9562030a8a65548b4e4cf / . / octavia_tempest_plugin / tests / test_base.py
blob: ea8ad547f18da8a703d82e20481fd436a1b5ae36 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]33from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]35from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36from octavia_tempest_plugin.tests import validators
37from octavia_tempest_plugin.tests import waiters
38
39CONF = config.CONF
40LOG = logging.getLogger(__name__)
41
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]42
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]43class LoadBalancerBaseTest(validators.ValidatorsMixin,
44 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]45 """Base class for load balancer tests."""
46
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]47 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
48 credentials = [
49 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
50 ['lb_member', CONF.load_balancer.member_role],
51 ['lb_member2', CONF.load_balancer.member_role]]
52 elif CONF.load_balancer.enforce_new_defaults:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]53 credentials = [
54 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
55 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
56 ['lb_global_observer', CONF.load_balancer.global_observer_role,
57 'reader'],
58 ['lb_member', CONF.load_balancer.member_role, 'member'],
59 ['lb_member2', CONF.load_balancer.member_role, 'member'],
60 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
61 else:
62 credentials = [
63 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
64 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
65 ['lb_global_observer', CONF.load_balancer.global_observer_role,
66 'reader'],
67 ['lb_member', CONF.load_balancer.member_role],
68 ['lb_member2', CONF.load_balancer.member_role]]
69
70 # If scope enforcement is enabled, add in the system scope credentials.
71 # The project scope is already handled by the above credentials.
72 if CONF.enforce_scope.octavia:
73 credentials.extend(['system_admin', 'system_reader'])
74
75 # A tuple of credentials that will be allocated by tempest using the
76 # 'credentials' list above. These are used to build RBAC test lists.
77 allocated_creds = []
78 for cred in credentials:
79 if isinstance(cred, list):
80 allocated_creds.append('os_roles_' + cred[0])
81 else:
82 allocated_creds.append('os_' + cred)
83 # Tests shall not mess with the list of allocated credentials
84 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]85
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]86 webserver1_response = 1
87 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]88 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]89
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]90 SRC_PORT_NUMBER_MIN = 32768
91 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]92 src_port_number = SRC_PORT_NUMBER_MIN
93
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]94 @classmethod
95 def skip_checks(cls):
96 """Check if we should skip all of the children tests."""
97 super(LoadBalancerBaseTest, cls).skip_checks()
98
99 service_list = {
100 'load_balancer': CONF.service_available.load_balancer,
101 }
102
103 live_service_list = {
104 'compute': CONF.service_available.nova,
105 'image': CONF.service_available.glance,
106 'neutron': CONF.service_available.neutron
107 }
108
109 if not CONF.load_balancer.test_with_noop:
110 service_list.update(live_service_list)
111
112 for service, available in service_list.items():
113 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]114 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]115 "available.".format(cls.__name__, service))
116 raise cls.skipException(skip_msg)
117
118 # We must be able to reach our VIP and instances
119 if not (CONF.network.project_networks_reachable
120 or CONF.network.public_network_id):
121 msg = ('Either project_networks_reachable must be "true", or '
122 'public_network_id must be defined.')
123 raise cls.skipException(msg)
124
125 @classmethod
126 def setup_credentials(cls):
127 """Setup test credentials and network resources."""
128 # Do not auto create network resources
129 cls.set_network_resources()
130 super(LoadBalancerBaseTest, cls).setup_credentials()
131
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]132 # Log the user roles for this test run
133 role_name_cache = {}
134 for cred in cls.credentials:
135 user_roles = []
136 if isinstance(cred, list):
137 user_name = cred[0]
138 cred_obj = getattr(cls, 'os_roles_' + cred[0])
139 else:
140 user_name = cred
141 cred_obj = getattr(cls, 'os_' + cred)
142 params = {'user.id': cred_obj.credentials.user_id,
143 'project.id': cred_obj.credentials.project_id}
144 roles = cls.os_admin.role_assignments_client.list_role_assignments(
145 **params)['role_assignments']
146 for role in roles:
147 role_id = role['role']['id']
148 try:
149 role_name = role_name_cache[role_id]
150 except KeyError:
151 role_name = cls.os_admin.roles_v3_client.show_role(
152 role_id)['role']['name']
153 role_name_cache[role_id] = role_name
154 user_roles.append([role_name, role['scope']])
155 LOG.info("User %s has roles: %s", user_name, user_roles)
156
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]157 @classmethod
158 def setup_clients(cls):
159 """Setup client aliases."""
160 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]161 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]162 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
163 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
164 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
165 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
166 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
167 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
168 cls.lb_mem_SGr_client = (
169 cls.os_roles_lb_member.security_group_rules_client)
170 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
171 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]172 cls.mem_lb_client = (
173 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
174 cls.mem_listener_client = (
175 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
176 cls.mem_pool_client = (
177 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
178 cls.mem_member_client = (
179 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]180 cls.mem_healthmonitor_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]181 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
182 cls.mem_l7policy_client = (
183 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
184 cls.mem_l7rule_client = (
185 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
186 cls.lb_admin_amphora_client = lb_admin_prefix.AmphoraClient()
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]187 cls.lb_admin_flavor_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]188 lb_admin_prefix.FlavorProfileClient())
189 cls.lb_admin_flavor_client = lb_admin_prefix.FlavorClient()
190 cls.mem_flavor_client = (
191 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
192 cls.mem_provider_client = (
193 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]194 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]195 cls.os_admin_routers_client = cls.os_admin.routers_client
196 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]197 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]198 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]199 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]200 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]201 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]202 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]203 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]204 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]205 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]206 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]207
208 @classmethod
209 def resource_setup(cls):
210 """Setup resources needed by the tests."""
211 super(LoadBalancerBaseTest, cls).resource_setup()
212
213 conf_lb = CONF.load_balancer
214
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]215 cls.api_version = cls.mem_lb_client.get_max_api_version()
216
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]217 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
218 raise exceptions.InvalidConfiguration(
219 "Configuration value test_network_override must be "
220 "specified if test_subnet_override is used.")
221
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]222 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]223 # Get loadbalancing algorithms supported by provider driver.
224 try:
225 algorithms = const.SUPPORTED_LB_ALGORITHMS[
226 CONF.load_balancer.provider]
227 except KeyError:
228 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
229 # Set default algorithm as first from the list.
230 cls.lb_algorithm = algorithms[0]
231
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]232 show_subnet = cls.lb_mem_subnet_client.show_subnet
233 if CONF.load_balancer.test_with_noop:
234 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
235 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
236 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
237 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
238 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
239 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
240 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]241 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]242 cls.lb_member_vip_ipv6_subnet = {'id':
243 uuidutils.generate_uuid()}
244 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
245 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]246 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]247 return
248 elif CONF.load_balancer.test_network_override:
249 if conf_lb.test_subnet_override:
250 override_subnet = show_subnet(conf_lb.test_subnet_override)
251 else:
252 override_subnet = None
253
254 show_net = cls.lb_mem_net_client.show_network
255 override_network = show_net(conf_lb.test_network_override)
256 override_network = override_network.get('network')
257
258 cls.lb_member_vip_net = override_network
259 cls.lb_member_vip_subnet = override_subnet
260 cls.lb_member_1_net = override_network
261 cls.lb_member_1_subnet = override_subnet
262 cls.lb_member_2_net = override_network
263 cls.lb_member_2_subnet = override_subnet
264
265 if (CONF.load_balancer.test_with_ipv6 and
Michael Polenchuk664310b2022-01-18 15:44:56 +0400[diff] [blame^]266 conf_lb.test_ipv6_subnet_override):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]267 override_ipv6_subnet = show_subnet(
Michael Polenchuk664310b2022-01-18 15:44:56 +0400[diff] [blame^]268 conf_lb.test_ipv6_subnet_override)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]269 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
270 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
271 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]272 cls.lb_member_vip_ipv6_subnet_stateful = False
273 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
274 'dhcpv6-stateful'):
275 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]276 else:
277 cls.lb_member_vip_ipv6_subnet = None
278 cls.lb_member_1_ipv6_subnet = None
279 cls.lb_member_2_ipv6_subnet = None
280 else:
281 cls._create_networks()
282
283 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
284 cls.lb_member_vip_net[const.ID]))
285 if cls.lb_member_vip_subnet:
286 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
287 cls.lb_member_vip_subnet[const.ID]))
288 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
289 cls.lb_member_1_net[const.ID]))
290 if cls.lb_member_1_subnet:
291 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
292 cls.lb_member_1_subnet[const.ID]))
293 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
294 cls.lb_member_2_net[const.ID]))
295 if cls.lb_member_2_subnet:
296 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
297 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]298 if CONF.load_balancer.test_with_ipv6:
299 if cls.lb_member_vip_ipv6_subnet:
300 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
301 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
302 if cls.lb_member_1_ipv6_subnet:
303 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
304 cls.lb_member_1_ipv6_subnet[const.ID]))
305 if cls.lb_member_2_ipv6_subnet:
306 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
307 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]308
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]309 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]310 # Neutron can be slow to clean up ports from the subnets/networks.
311 # Retry this delete a few times if we get a "Conflict" error to give
312 # neutron time to fully cleanup the ports.
313 @tenacity.retry(
314 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
315 wait=tenacity.wait_incrementing(
Vasyl Saienkod57ca632021-05-12 16:30:26 +0300[diff] [blame]316 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
317 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]318 def _logging_delete_network(cls, net_id):
319 try:
320 cls.lb_mem_net_client.delete_network(net_id)
321 except Exception:
322 LOG.error('Unable to delete network {}. Active ports:'.format(
323 net_id))
324 LOG.error(cls.lb_mem_ports_client.list_ports())
325 raise
326
327 @classmethod
328 # Neutron can be slow to clean up ports from the subnets/networks.
329 # Retry this delete a few times if we get a "Conflict" error to give
330 # neutron time to fully cleanup the ports.
331 @tenacity.retry(
332 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
333 wait=tenacity.wait_incrementing(
Vasyl Saienkod57ca632021-05-12 16:30:26 +0300[diff] [blame]334 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
335 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]336 def _logging_delete_subnet(cls, subnet_id):
337 try:
338 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
339 except Exception:
340 LOG.error('Unable to delete subnet {}. Active ports:'.format(
341 subnet_id))
342 LOG.error(cls.lb_mem_ports_client.list_ports())
343 raise
344
345 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]346 def _create_networks(cls):
347 """Creates networks, subnets, and routers used in tests.
348
349 The following are expected to be defined and available to the tests:
350 cls.lb_member_vip_net
351 cls.lb_member_vip_subnet
352 cls.lb_member_vip_ipv6_subnet (optional)
353 cls.lb_member_1_net
354 cls.lb_member_1_subnet
355 cls.lb_member_1_ipv6_subnet (optional)
356 cls.lb_member_2_net
357 cls.lb_member_2_subnet
358 cls.lb_member_2_ipv6_subnet (optional)
359 """
360
361 # Create tenant VIP network
362 network_kwargs = {
363 'name': data_utils.rand_name("lb_member_vip_network")}
364 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]365 # Note: Allowed Address Pairs requires port security
366 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]367 result = cls.lb_mem_net_client.create_network(**network_kwargs)
368 cls.lb_member_vip_net = result['network']
369 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
370 cls.addClassResourceCleanup(
371 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]372 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]373 cls.lb_mem_net_client.show_network,
374 cls.lb_member_vip_net['id'])
375
376 # Create tenant VIP subnet
377 subnet_kwargs = {
378 'name': data_utils.rand_name("lb_member_vip_subnet"),
379 'network_id': cls.lb_member_vip_net['id'],
380 'cidr': CONF.load_balancer.vip_subnet_cidr,
381 'ip_version': 4}
382 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
383 cls.lb_member_vip_subnet = result['subnet']
384 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
385 cls.addClassResourceCleanup(
386 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]387 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]388 cls.lb_mem_subnet_client.show_subnet,
389 cls.lb_member_vip_subnet['id'])
390
391 # Create tenant VIP IPv6 subnet
392 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]393 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]394 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
395 subnet_kwargs = {
396 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
397 'network_id': cls.lb_member_vip_net['id'],
398 'ip_version': 6}
399
400 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
401 # the subnetpool's cidr is routable from the devstack node
402 # through the default router
403 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
404 if subnetpool_name:
405 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
406 name=subnetpool_name)['subnetpools']
407 if len(subnetpool) == 1:
408 subnetpool = subnetpool[0]
409 subnet_kwargs['subnetpool_id'] = subnetpool['id']
410 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
411
412 if 'subnetpool_id' not in subnet_kwargs:
413 subnet_kwargs['cidr'] = (
414 CONF.load_balancer.vip_ipv6_subnet_cidr)
415
416 result = cls.lb_mem_subnet_client.create_subnet(
417 **subnet_kwargs)
418 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
419 cls.lb_member_vip_ipv6_subnet = result['subnet']
420 cls.addClassResourceCleanup(
421 waiters.wait_for_not_found,
422 cls._logging_delete_subnet,
423 cls.lb_mem_subnet_client.show_subnet,
424 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]425
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]426 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
427 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]428
429 # Create tenant member 1 network
430 network_kwargs = {
431 'name': data_utils.rand_name("lb_member_1_network")}
432 if CONF.network_feature_enabled.port_security:
433 if CONF.load_balancer.enable_security_groups:
434 network_kwargs['port_security_enabled'] = True
435 else:
436 network_kwargs['port_security_enabled'] = False
437 result = cls.lb_mem_net_client.create_network(**network_kwargs)
438 cls.lb_member_1_net = result['network']
439 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
440 cls.addClassResourceCleanup(
441 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]442 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]443 cls.lb_mem_net_client.show_network,
444 cls.lb_member_1_net['id'])
445
446 # Create tenant member 1 subnet
447 subnet_kwargs = {
448 'name': data_utils.rand_name("lb_member_1_subnet"),
449 'network_id': cls.lb_member_1_net['id'],
450 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
451 'ip_version': 4}
452 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
453 cls.lb_member_1_subnet = result['subnet']
454 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
455 cls.addClassResourceCleanup(
456 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]457 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]458 cls.lb_mem_subnet_client.show_subnet,
459 cls.lb_member_1_subnet['id'])
460
461 # Create tenant member 1 ipv6 subnet
462 if CONF.load_balancer.test_with_ipv6:
463 subnet_kwargs = {
464 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
465 'network_id': cls.lb_member_1_net['id'],
466 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
467 'ip_version': 6}
468 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]469 cls.lb_member_1_subnet_prefix = (
470 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
471 )
472 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]473 cls.lb_member_1_ipv6_subnet = result['subnet']
474 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
475 cls.lb_member_1_ipv6_subnet))
476 cls.addClassResourceCleanup(
477 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]478 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]479 cls.lb_mem_subnet_client.show_subnet,
480 cls.lb_member_1_ipv6_subnet['id'])
481
482 # Create tenant member 2 network
483 network_kwargs = {
484 'name': data_utils.rand_name("lb_member_2_network")}
485 if CONF.network_feature_enabled.port_security:
486 if CONF.load_balancer.enable_security_groups:
487 network_kwargs['port_security_enabled'] = True
488 else:
489 network_kwargs['port_security_enabled'] = False
490 result = cls.lb_mem_net_client.create_network(**network_kwargs)
491 cls.lb_member_2_net = result['network']
492 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
493 cls.addClassResourceCleanup(
494 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]495 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]496 cls.lb_mem_net_client.show_network,
497 cls.lb_member_2_net['id'])
498
499 # Create tenant member 2 subnet
500 subnet_kwargs = {
501 'name': data_utils.rand_name("lb_member_2_subnet"),
502 'network_id': cls.lb_member_2_net['id'],
503 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
504 'ip_version': 4}
505 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
506 cls.lb_member_2_subnet = result['subnet']
507 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
508 cls.addClassResourceCleanup(
509 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]510 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]511 cls.lb_mem_subnet_client.show_subnet,
512 cls.lb_member_2_subnet['id'])
513
514 # Create tenant member 2 ipv6 subnet
515 if CONF.load_balancer.test_with_ipv6:
516 subnet_kwargs = {
517 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
518 'network_id': cls.lb_member_2_net['id'],
519 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
520 'ip_version': 6}
521 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]522 cls.lb_member_2_subnet_prefix = (
523 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
524 )
525 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]526 cls.lb_member_2_ipv6_subnet = result['subnet']
527 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
528 cls.lb_member_2_ipv6_subnet))
529 cls.addClassResourceCleanup(
530 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]531 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]532 cls.lb_mem_subnet_client.show_subnet,
533 cls.lb_member_2_ipv6_subnet['id'])
534
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]535 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]536 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
537 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]538 if not ip_version:
539 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]540 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]541 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]542 while ip_index in cls.used_ips:
543 ip_index = data_utils.rand_int_id(start=10, end=100)
544 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]545 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]546 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]547 if CONF.load_balancer.test_with_noop:
548 lb_vip_address = '198.18.33.33'
549 else:
550 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
551 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
552 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]553 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]554 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]555 if CONF.load_balancer.test_with_noop:
556 lb_vip_address = '2001:db8:33:33:33:33:33:33'
557 else:
558 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
559 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
560 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]561 # If the subnet is IPv6 slaac or dhcpv6-stateless
562 # neutron does not allow a fixed IP
563 if not cls.lb_member_vip_ipv6_subnet_stateful:
564 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]565 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]566 if use_fixed_ip:
567 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]568 if CONF.load_balancer.test_with_noop:
569 lb_kwargs[const.VIP_NETWORK_ID] = (
570 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]571 if ip_version == 6:
572 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]573 else:
574 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
575 lb_kwargs[const.VIP_SUBNET_ID] = None
576
ibumarskov3d850c12020-09-03 18:21:29 +0400[diff] [blame]577 @classmethod
578 def check_tf_compatibility(cls, protocol=None, algorithm=None):
579 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov38b0a622021-02-03 16:16:42 +0400[diff] [blame]580 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskov3d850c12020-09-03 18:21:29 +0400[diff] [blame]581 const.TERMINATED_HTTPS]
582 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
583 const.LB_ALGORITHM_LEAST_CONNECTIONS,
584 const.LB_ALGORITHM_SOURCE_IP]
585
586 if algorithm and algorithm not in tf_algorithms:
587 raise cls.skipException(
588 'TungstenFabric does not support {} algorithm.'
589 ''.format(algorithm))
590 if protocol and protocol not in tf_protocols:
591 raise cls.skipException(
592 'TungstenFabric does not support {} protocol.'
593 ''.format(protocol))
594
595 @classmethod
596 def _tf_create_listener(cls, name, proto, port, lb_id):
597 listener_kwargs = {
598 const.NAME: name,
599 const.PROTOCOL: proto,
600 const.PROTOCOL_PORT: port,
601 const.LOADBALANCER_ID: lb_id,
602 }
603 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
604 return listener
605
606 @classmethod
607 def _tf_get_free_port(cls, lb_id):
608 port = 8081
609 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
610 listeners = lb[const.LISTENERS]
611 if not listeners:
612 return port
613 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
614 const.PROTOCOL_PORT] for x in listeners]
615 while port in ports:
616 port = port + 1
617 return port
618
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]619
620class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
621 @classmethod
622 def resource_setup(cls):
623 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
624 # If validation is disabled in this cloud, we won't be able to
625 # start the webservers, so don't even boot them.
626 if not CONF.validation.run_validation:
627 return
628
629 # Create a keypair for the webservers
630 keypair_name = data_utils.rand_name('lb_member_keypair')
631 result = cls.lb_mem_keypairs_client.create_keypair(
632 name=keypair_name)
633 cls.lb_member_keypair = result['keypair']
634 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
635 cls.addClassResourceCleanup(
636 waiters.wait_for_not_found,
637 cls.lb_mem_keypairs_client.delete_keypair,
638 cls.lb_mem_keypairs_client.show_keypair,
639 keypair_name)
640
641 if (CONF.load_balancer.enable_security_groups and
642 CONF.network_feature_enabled.port_security):
643 # Set up the security group for the webservers
644 SG_name = data_utils.rand_name('lb_member_SG')
645 cls.lb_member_sec_group = (
646 cls.lb_mem_SG_client.create_security_group(
647 name=SG_name)['security_group'])
648 cls.addClassResourceCleanup(
649 waiters.wait_for_not_found,
650 cls.lb_mem_SG_client.delete_security_group,
651 cls.lb_mem_SG_client.show_security_group,
652 cls.lb_member_sec_group['id'])
653
654 # Create a security group rule to allow 80-81 (test webservers)
655 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
656 direction='ingress',
657 security_group_id=cls.lb_member_sec_group['id'],
658 protocol='tcp',
659 ethertype='IPv4',
660 port_range_min=80,
661 port_range_max=81)['security_group_rule']
662 cls.addClassResourceCleanup(
663 waiters.wait_for_not_found,
664 cls.lb_mem_SGr_client.delete_security_group_rule,
665 cls.lb_mem_SGr_client.show_security_group_rule,
666 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]667 # Create a security group rule to allow UDP 80-81 (test webservers)
668 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
669 direction='ingress',
670 security_group_id=cls.lb_member_sec_group['id'],
671 protocol='udp',
672 ethertype='IPv4',
673 port_range_min=80,
674 port_range_max=81)['security_group_rule']
675 cls.addClassResourceCleanup(
676 waiters.wait_for_not_found,
677 cls.lb_mem_SGr_client.delete_security_group_rule,
678 cls.lb_mem_SGr_client.show_security_group_rule,
679 SGr['id'])
680 # Create a security group rule to allow UDP 9999 (test webservers)
681 # Port 9999 is used to illustrate health monitor ERRORs on closed
682 # ports.
683 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
684 direction='ingress',
685 security_group_id=cls.lb_member_sec_group['id'],
686 protocol='udp',
687 ethertype='IPv4',
688 port_range_min=9999,
689 port_range_max=9999)['security_group_rule']
690 cls.addClassResourceCleanup(
691 waiters.wait_for_not_found,
692 cls.lb_mem_SGr_client.delete_security_group_rule,
693 cls.lb_mem_SGr_client.show_security_group_rule,
694 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]695 # Create a security group rule to allow 22 (ssh)
696 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
697 direction='ingress',
698 security_group_id=cls.lb_member_sec_group['id'],
699 protocol='tcp',
700 ethertype='IPv4',
701 port_range_min=22,
702 port_range_max=22)['security_group_rule']
703 cls.addClassResourceCleanup(
704 waiters.wait_for_not_found,
705 cls.lb_mem_SGr_client.delete_security_group_rule,
706 cls.lb_mem_SGr_client.show_security_group_rule,
707 SGr['id'])
708 if CONF.load_balancer.test_with_ipv6:
709 # Create a security group rule to allow 80-81 (test webservers)
710 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
711 direction='ingress',
712 security_group_id=cls.lb_member_sec_group['id'],
713 protocol='tcp',
714 ethertype='IPv6',
715 port_range_min=80,
716 port_range_max=81)['security_group_rule']
717 cls.addClassResourceCleanup(
718 waiters.wait_for_not_found,
719 cls.lb_mem_SGr_client.delete_security_group_rule,
720 cls.lb_mem_SGr_client.show_security_group_rule,
721 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]722 # Create a security group rule to allow UDP 80-81 (test
723 # webservers)
724 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
725 direction='ingress',
726 security_group_id=cls.lb_member_sec_group['id'],
727 protocol='udp',
728 ethertype='IPv6',
729 port_range_min=80,
730 port_range_max=81)['security_group_rule']
731 cls.addClassResourceCleanup(
732 waiters.wait_for_not_found,
733 cls.lb_mem_SGr_client.delete_security_group_rule,
734 cls.lb_mem_SGr_client.show_security_group_rule,
735 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]736 # Create a security group rule to allow 22 (ssh)
737 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
738 direction='ingress',
739 security_group_id=cls.lb_member_sec_group['id'],
740 protocol='tcp',
741 ethertype='IPv6',
742 port_range_min=22,
743 port_range_max=22)['security_group_rule']
744 cls.addClassResourceCleanup(
745 waiters.wait_for_not_found,
746 cls.lb_mem_SGr_client.delete_security_group_rule,
747 cls.lb_mem_SGr_client.show_security_group_rule,
748 SGr['id'])
749
750 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
751
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]752 # Setup backend member reencryption PKI
753 cls._create_backend_reencryption_pki()
754
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]755 # Create webserver 1 instance
756 server_details = cls._create_webserver('lb_member_webserver1',
757 cls.lb_member_1_net)
758
759 cls.lb_member_webserver1 = server_details['server']
760 cls.webserver1_ip = server_details.get('ipv4_address')
761 cls.webserver1_ipv6 = server_details.get('ipv6_address')
762 cls.webserver1_public_ip = server_details['public_ipv4_address']
763
764 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
765 cls.lb_member_webserver1[const.ID]))
766 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
767 cls.webserver1_ip))
768 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
769 cls.webserver1_ipv6))
770 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
771 cls.webserver1_public_ip))
772
773 # Create webserver 2 instance
774 server_details = cls._create_webserver('lb_member_webserver2',
775 cls.lb_member_2_net)
776
777 cls.lb_member_webserver2 = server_details['server']
778 cls.webserver2_ip = server_details.get('ipv4_address')
779 cls.webserver2_ipv6 = server_details.get('ipv6_address')
780 cls.webserver2_public_ip = server_details['public_ipv4_address']
781
782 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
783 cls.lb_member_webserver2[const.ID]))
784 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
785 cls.webserver2_ip))
786 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
787 cls.webserver2_ipv6))
788 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
789 cls.webserver2_public_ip))
790
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]791 if CONF.load_balancer.test_with_ipv6:
792 # Enable the IPv6 nic in webserver 1
793 cls._enable_ipv6_nic_webserver(
794 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
795 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
796
797 # Enable the IPv6 nic in webserver 2
798 cls._enable_ipv6_nic_webserver(
799 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
800 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
801
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]802 # Set up serving on webserver 1
803 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]804 cls.lb_member_keypair['private_key'],
805 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]806
807 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]808 cls._validate_webserver(cls.webserver1_public_ip,
809 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]810
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]811 # Validate udp server 1
812 cls._validate_udp_server(cls.webserver1_public_ip,
813 cls.webserver1_response)
814
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]815 # Set up serving on webserver 2
816 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]817 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]818 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]819
820 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]821 cls._validate_webserver(cls.webserver2_public_ip,
822 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]823
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]824 # Validate udp server 2
825 cls._validate_udp_server(cls.webserver2_public_ip,
826 cls.webserver2_response)
827
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]828 @classmethod
829 def _create_networks(cls):
830 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]831 # Create a router for the subnets (required for the floating IP)
832 router_name = data_utils.rand_name("lb_member_router")
833 result = cls.lb_mem_routers_client.create_router(
834 name=router_name, admin_state_up=True,
835 external_gateway_info=dict(
836 network_id=CONF.network.public_network_id))
837 cls.lb_member_router = result['router']
838 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
839 cls.addClassResourceCleanup(
840 waiters.wait_for_not_found,
841 cls.lb_mem_routers_client.delete_router,
842 cls.lb_mem_routers_client.show_router,
843 cls.lb_member_router['id'])
844
845 # Add VIP subnet to router
846 cls.lb_mem_routers_client.add_router_interface(
847 cls.lb_member_router['id'],
848 subnet_id=cls.lb_member_vip_subnet['id'])
849 cls.addClassResourceCleanup(
850 waiters.wait_for_not_found,
851 cls.lb_mem_routers_client.remove_router_interface,
852 cls.lb_mem_routers_client.remove_router_interface,
853 cls.lb_member_router['id'],
854 subnet_id=cls.lb_member_vip_subnet['id'])
855
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]856 if (CONF.load_balancer.test_with_ipv6 and
857 CONF.load_balancer.default_router and
858 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
859
860 router_name = CONF.load_balancer.default_router
861 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
862 # plug the subnet into the default router
863 router = cls.os_admin.routers_client.list_routers(
864 name=router_name)['routers']
865
866 if len(router) == 1:
867 router = router[0]
868
869 # Add IPv6 VIP subnet to router1
870 cls.os_admin_routers_client.add_router_interface(
871 router['id'],
872 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
873 cls.addClassResourceCleanup(
874 waiters.wait_for_not_found,
875 cls.os_admin_routers_client.remove_router_interface,
876 cls.os_admin_routers_client.remove_router_interface,
877 router['id'],
878 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
879
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]880 # Add member subnet 1 to router
881 cls.lb_mem_routers_client.add_router_interface(
882 cls.lb_member_router['id'],
883 subnet_id=cls.lb_member_1_subnet['id'])
884 cls.addClassResourceCleanup(
885 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]886 cls.lb_mem_routers_client.remove_router_interface,
887 cls.lb_mem_routers_client.remove_router_interface,
888 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
889
890 # Add member subnet 2 to router
891 cls.lb_mem_routers_client.add_router_interface(
892 cls.lb_member_router['id'],
893 subnet_id=cls.lb_member_2_subnet['id'])
894 cls.addClassResourceCleanup(
895 waiters.wait_for_not_found,
896 cls.lb_mem_routers_client.remove_router_interface,
897 cls.lb_mem_routers_client.remove_router_interface,
898 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
899
900 @classmethod
901 def _create_webserver(cls, name, network):
902 """Creates a webserver with two ports.
903
904 webserver_details dictionary contains:
905 server - The compute server object
906 ipv4_address - The IPv4 address for the server (optional)
907 ipv6_address - The IPv6 address for the server (optional)
908 public_ipv4_address - The publicly accessible IPv4 address for the
909 server, this may be a floating IP (optional)
910
911 :param name: The name of the server to create.
912 :param network: The network to boot the server on.
913 :returns: webserver_details dictionary.
914 """
915 server_kwargs = {
916 'name': data_utils.rand_name(name),
917 'flavorRef': CONF.compute.flavor_ref,
918 'imageRef': CONF.compute.image_ref,
919 'key_name': cls.lb_member_keypair['name']}
920 if (CONF.load_balancer.enable_security_groups and
921 CONF.network_feature_enabled.port_security):
922 server_kwargs['security_groups'] = [
923 {'name': cls.lb_member_sec_group['name']}]
924 if not CONF.load_balancer.disable_boot_network:
925 server_kwargs['networks'] = [{'uuid': network['id']}]
926
927 # Replace the name for clouds that have limitations
928 if CONF.load_balancer.random_server_name_length:
929 r = random.SystemRandom()
930 server_kwargs['name'] = "m{}".format("".join(
931 [r.choice(string.ascii_uppercase + string.digits)
932 for _ in range(
933 CONF.load_balancer.random_server_name_length - 1)]
934 ))
935 if CONF.load_balancer.availability_zone:
936 server_kwargs['availability_zone'] = (
937 CONF.load_balancer.availability_zone)
938
939 server = cls.lb_mem_servers_client.create_server(
940 **server_kwargs)['server']
941 cls.addClassResourceCleanup(
942 waiters.wait_for_not_found,
943 cls.lb_mem_servers_client.delete_server,
944 cls.lb_mem_servers_client.show_server,
945 server['id'])
946 server = waiters.wait_for_status(
947 cls.lb_mem_servers_client.show_server,
948 server['id'], 'status', 'ACTIVE',
949 CONF.load_balancer.build_interval,
950 CONF.load_balancer.build_timeout,
951 root_tag='server')
952 webserver_details = {'server': server}
953 LOG.info('Created server: {}'.format(server))
954
955 addresses = server['addresses']
956 if CONF.load_balancer.disable_boot_network:
957 instance_network = addresses.values()[0]
958 else:
959 instance_network = addresses[network['name']]
960 for addr in instance_network:
961 if addr['version'] == 4:
962 webserver_details['ipv4_address'] = addr['addr']
963 if addr['version'] == 6:
964 webserver_details['ipv6_address'] = addr['addr']
965
966 if CONF.validation.connect_method == 'floating':
967 result = cls.lb_mem_ports_client.list_ports(
968 network_id=network['id'],
969 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
970 port_id = result['ports'][0]['id']
971 result = cls.lb_mem_float_ip_client.create_floatingip(
972 floating_network_id=CONF.network.public_network_id,
973 port_id=port_id)
974 floating_ip = result['floatingip']
975 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
976 cls.addClassResourceCleanup(
977 waiters.wait_for_not_found,
978 cls.lb_mem_float_ip_client.delete_floatingip,
979 cls.lb_mem_float_ip_client.show_floatingip,
980 floatingip_id=floating_ip['id'])
981 webserver_details['public_ipv4_address'] = (
982 floating_ip['floating_ip_address'])
983 else:
984 webserver_details['public_ipv4_address'] = (
985 instance_network[0]['addr'])
986
987 return webserver_details
988
989 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]990 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
991 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]992 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]993
994 linux_client = remote_client.RemoteClient(
995 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
996 linux_client.validate_authentication()
997
998 with tempfile.NamedTemporaryFile() as key:
999 key.write(ssh_key.encode('utf-8'))
1000 key.flush()
1001 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1002 "-o StrictHostKeyChecking=no "
1003 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1004 "-i {2} {3} {4}@{5}:{6}").format(
1005 CONF.load_balancer.scp_connection_timeout,
1006 CONF.load_balancer.scp_connection_attempts,
1007 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1008 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1009 args = shlex.split(cmd)
1010 subprocess_args = {'stdout': subprocess.PIPE,
1011 'stderr': subprocess.STDOUT,
1012 'cwd': None}
1013 proc = subprocess.Popen(args, **subprocess_args)
1014 stdout, stderr = proc.communicate()
1015 if proc.returncode != 0:
1016 raise exceptions.CommandFailed(proc.returncode, cmd,
1017 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1018
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1019 cls._load_member_pki_content(ip_address, key,
1020 revoke_cert=revoke_cert)
1021
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1022 # Enabling memory overcommit allows to run golang static binaries
1023 # compiled with a recent golang toolchain (>=1.11). Those binaries
1024 # allocate a large amount of virtual memory at init time, and this
1025 # allocation fails in tempest's nano flavor (64MB of RAM)
1026 # (golang issue reported in https://github.com/golang/go/issues/28114,
1027 # follow-up: https://github.com/golang/go/issues/28081)
1028 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1029 linux_client.exec_command('sudo sh -c "echo 1 > '
1030 '/proc/sys/vm/overcommit_memory"')
1031
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1032 # The initial process also supports HTTPS and HTTPS with client auth
1033 linux_client.exec_command(
1034 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1035 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1036 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1037 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1038
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1039 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1040 '-id {1}'.format(const.TEST_SERVER_BINARY,
1041 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1042
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1043 # Cirros does not configure the assigned IPv6 address by default
1044 # so enable it manually like tempest does here:
1045 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1046 @classmethod
1047 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1048 ipv6_address, ipv6_prefix):
1049 linux_client = remote_client.RemoteClient(
1050 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
1051 linux_client.validate_authentication()
1052
1053 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1054 'eth0'.format(ipv6_address, ipv6_prefix))
1055
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1056 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1057 def _validate_webserver(cls, ip_address, start_id):
1058 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1059 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1060 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1061 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1062
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1063 @classmethod
1064 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1065 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1066 if res != str(start_id):
1067 raise Exception("Response from test server doesn't match the "
1068 "expected value ({0} != {1}).".format(
1069 res, str(start_id)))
1070
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1071 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1072 if res != str(start_id + 1):
1073 raise Exception("Response from test server doesn't match the "
1074 "expected value ({0} != {1}).".format(
1075 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1076
1077 @classmethod
1078 def _create_backend_reencryption_pki(cls):
1079 # Create a CA self-signed cert and key for the member test servers
1080 cls.member_ca_cert, cls.member_ca_key = (
1081 cert_utils.generate_ca_cert_and_key())
1082
1083 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1084 serialization.Encoding.PEM))
1085 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1086 encoding=serialization.Encoding.PEM,
1087 format=serialization.PrivateFormat.TraditionalOpenSSL,
1088 encryption_algorithm=serialization.NoEncryption()))
1089 LOG.debug('Member CA public Key: %s',
1090 cls.member_ca_key.public_key().public_bytes(
1091 encoding=serialization.Encoding.PEM,
1092 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1093
1094 # Create the member client authentication CA
1095 cls.member_client_ca_cert, member_client_ca_key = (
1096 cert_utils.generate_ca_cert_and_key())
1097
1098 # Create client cert and key
1099 cls.member_client_cn = uuidutils.generate_uuid()
1100 cls.member_client_cert, cls.member_client_key = (
1101 cert_utils.generate_client_cert_and_key(
1102 cls.member_client_ca_cert, member_client_ca_key,
1103 cls.member_client_cn))
1104 # Note: We are not revoking a client cert here as we don't need to
1105 # test the backend web server CRL checking.
1106
1107 @classmethod
1108 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1109 # Create webserver certificate and key
1110 cert, key = cert_utils.generate_server_cert_and_key(
1111 cls.member_ca_cert, cls.member_ca_key, ip_address)
1112
1113 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1114 serialization.Encoding.PEM))
1115 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1116 encoding=serialization.Encoding.PEM,
1117 format=serialization.PrivateFormat.TraditionalOpenSSL,
1118 encryption_algorithm=serialization.NoEncryption()))
1119 public_key = key.public_key()
1120 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1121 encoding=serialization.Encoding.PEM,
1122 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1123
1124 # Create a CRL with a revoked certificate
1125 if revoke_cert:
1126 # Create a CRL with webserver 2 revoked
1127 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1128 cls.member_ca_cert, cls.member_ca_key, cert)
1129
1130 # Load the certificate, key, and client CA certificate into the
1131 # test server.
1132 with tempfile.TemporaryDirectory() as tmpdir:
1133 os.umask(0)
1134 files_to_send = []
1135 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1136 files_to_send.append(cert_filename)
1137 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1138 0o700), 'w') as fh:
1139 fh.write(cert.public_bytes(
1140 serialization.Encoding.PEM).decode('utf-8'))
1141 fh.flush()
1142 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1143 files_to_send.append(key_filename)
1144 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1145 0o700), 'w') as fh:
1146 fh.write(key.private_bytes(
1147 encoding=serialization.Encoding.PEM,
1148 format=serialization.PrivateFormat.TraditionalOpenSSL,
1149 encryption_algorithm=serialization.NoEncryption()).decode(
1150 'utf-8'))
1151 fh.flush()
1152 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1153 files_to_send.append(client_ca_filename)
1154 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1155 0o700), 'w') as fh:
1156 fh.write(cls.member_client_ca_cert.public_bytes(
1157 serialization.Encoding.PEM).decode('utf-8'))
1158 fh.flush()
1159
1160 # For security, we don't want to use a shell that can glob
1161 # the file names, so iterate over them.
1162 subprocess_args = {'stdout': subprocess.PIPE,
1163 'stderr': subprocess.STDOUT,
1164 'cwd': None}
1165 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1166 "-o StrictHostKeyChecking=no "
1167 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1168 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1169 CONF.load_balancer.scp_connection_timeout,
1170 CONF.load_balancer.scp_connection_attempts,
1171 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1172 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1173 args = shlex.split(cmd)
1174 proc = subprocess.Popen(args, **subprocess_args)
1175 stdout, stderr = proc.communicate()
1176 if proc.returncode != 0:
1177 raise exceptions.CommandFailed(proc.returncode, cmd,
1178 stdout, stderr)