Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 67ecd6757dd62fda909428dce46815ae7584a1fd / . / octavia_tempest_plugin / tests / test_base.py
blob: e182d588fdcba2528d8e836b2c38bdbd49ae8f6b [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
33from octavia_tempest_plugin import clients
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]34from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]35from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]36from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]37from octavia_tempest_plugin.tests import validators
38from octavia_tempest_plugin.tests import waiters
39
40CONF = config.CONF
41LOG = logging.getLogger(__name__)
42
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]43RETRY_ATTEMPTS = 15
44RETRY_INITIAL_DELAY = 1
45RETRY_BACKOFF = 1
46RETRY_MAX = 5
47
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]48
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]49class LoadBalancerBaseTest(validators.ValidatorsMixin,
50 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]51 """Base class for load balancer tests."""
52
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]53 if CONF.load_balancer.enforce_new_defaults:
54 credentials = [
55 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
56 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
57 ['lb_global_observer', CONF.load_balancer.global_observer_role,
58 'reader'],
59 ['lb_member', CONF.load_balancer.member_role, 'member'],
60 ['lb_member2', CONF.load_balancer.member_role, 'member'],
61 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
62 else:
63 credentials = [
64 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
65 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
66 ['lb_global_observer', CONF.load_balancer.global_observer_role,
67 'reader'],
68 ['lb_member', CONF.load_balancer.member_role],
69 ['lb_member2', CONF.load_balancer.member_role]]
70
71 # If scope enforcement is enabled, add in the system scope credentials.
72 # The project scope is already handled by the above credentials.
73 if CONF.enforce_scope.octavia:
74 credentials.extend(['system_admin', 'system_reader'])
75
76 # A tuple of credentials that will be allocated by tempest using the
77 # 'credentials' list above. These are used to build RBAC test lists.
78 allocated_creds = []
79 for cred in credentials:
80 if isinstance(cred, list):
81 allocated_creds.append('os_roles_' + cred[0])
82 else:
83 allocated_creds.append('os_' + cred)
84 # Tests shall not mess with the list of allocated credentials
85 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]86
87 client_manager = clients.ManagerV2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]88 webserver1_response = 1
89 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]90 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]91
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]92 SRC_PORT_NUMBER_MIN = 32768
93 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]94 src_port_number = SRC_PORT_NUMBER_MIN
95
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]96 @classmethod
97 def skip_checks(cls):
98 """Check if we should skip all of the children tests."""
99 super(LoadBalancerBaseTest, cls).skip_checks()
100
101 service_list = {
102 'load_balancer': CONF.service_available.load_balancer,
103 }
104
105 live_service_list = {
106 'compute': CONF.service_available.nova,
107 'image': CONF.service_available.glance,
108 'neutron': CONF.service_available.neutron
109 }
110
111 if not CONF.load_balancer.test_with_noop:
112 service_list.update(live_service_list)
113
114 for service, available in service_list.items():
115 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]116 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]117 "available.".format(cls.__name__, service))
118 raise cls.skipException(skip_msg)
119
120 # We must be able to reach our VIP and instances
121 if not (CONF.network.project_networks_reachable
122 or CONF.network.public_network_id):
123 msg = ('Either project_networks_reachable must be "true", or '
124 'public_network_id must be defined.')
125 raise cls.skipException(msg)
126
127 @classmethod
128 def setup_credentials(cls):
129 """Setup test credentials and network resources."""
130 # Do not auto create network resources
131 cls.set_network_resources()
132 super(LoadBalancerBaseTest, cls).setup_credentials()
133
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]134 # Log the user roles for this test run
135 role_name_cache = {}
136 for cred in cls.credentials:
137 user_roles = []
138 if isinstance(cred, list):
139 user_name = cred[0]
140 cred_obj = getattr(cls, 'os_roles_' + cred[0])
141 else:
142 user_name = cred
143 cred_obj = getattr(cls, 'os_' + cred)
144 params = {'user.id': cred_obj.credentials.user_id,
145 'project.id': cred_obj.credentials.project_id}
146 roles = cls.os_admin.role_assignments_client.list_role_assignments(
147 **params)['role_assignments']
148 for role in roles:
149 role_id = role['role']['id']
150 try:
151 role_name = role_name_cache[role_id]
152 except KeyError:
153 role_name = cls.os_admin.roles_v3_client.show_role(
154 role_id)['role']['name']
155 role_name_cache[role_id] = role_name
156 user_roles.append([role_name, role['scope']])
157 LOG.info("User %s has roles: %s", user_name, user_roles)
158
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]159 @classmethod
160 def setup_clients(cls):
161 """Setup client aliases."""
162 super(LoadBalancerBaseTest, cls).setup_clients()
163 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
164 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
165 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
166 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
167 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
168 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
169 cls.lb_mem_SGr_client = (
170 cls.os_roles_lb_member.security_group_rules_client)
171 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
172 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
173 cls.mem_lb_client = cls.os_roles_lb_member.loadbalancer_client
Jude Crossfbbd2b42017-08-09 15:21:04 -0700[diff] [blame]174 cls.mem_listener_client = cls.os_roles_lb_member.listener_client
Adam Harwell8ffce3e2018-05-01 21:18:44 -0700[diff] [blame]175 cls.mem_pool_client = cls.os_roles_lb_member.pool_client
Adam Harwellde3e0542018-05-03 18:21:06 -0700[diff] [blame]176 cls.mem_member_client = cls.os_roles_lb_member.member_client
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]177 cls.mem_healthmonitor_client = (
178 cls.os_roles_lb_member.healthmonitor_client)
Adam Harwell446f8be2018-05-24 16:51:03 -0700[diff] [blame]179 cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]180 cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
Michael Johnson2b10e0a2019-01-25 15:42:13 -0800[diff] [blame]181 cls.lb_admin_amphora_client = cls.os_roles_lb_admin.amphora_client
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]182 cls.lb_admin_flavor_profile_client = (
183 cls.os_roles_lb_admin.flavor_profile_client)
Michael Johnsona2d03072019-01-14 17:18:21 -0800[diff] [blame]184 cls.lb_admin_flavor_client = cls.os_roles_lb_admin.flavor_client
185 cls.mem_flavor_client = cls.os_roles_lb_member.flavor_client
Michael Johnsonfc223fe2019-01-15 16:40:05 -0800[diff] [blame]186 cls.mem_provider_client = cls.os_roles_lb_member.provider_client
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]187 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]188 cls.os_admin_routers_client = cls.os_admin.routers_client
189 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]190 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson77df0322019-01-15 18:27:58 -0800[diff] [blame]191 cls.os_roles_lb_admin.flavor_capabilities_client)
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]192 cls.lb_admin_availability_zone_capabilities_client = (
193 cls.os_roles_lb_admin.availability_zone_capabilities_client)
194 cls.lb_admin_availability_zone_profile_client = (
195 cls.os_roles_lb_admin.availability_zone_profile_client)
196 cls.lb_admin_availability_zone_client = (
197 cls.os_roles_lb_admin.availability_zone_client)
198 cls.mem_availability_zone_client = (
199 cls.os_roles_lb_member.availability_zone_client)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]200
201 @classmethod
202 def resource_setup(cls):
203 """Setup resources needed by the tests."""
204 super(LoadBalancerBaseTest, cls).resource_setup()
205
206 conf_lb = CONF.load_balancer
207
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]208 cls.api_version = cls.mem_lb_client.get_max_api_version()
209
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]210 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
211 raise exceptions.InvalidConfiguration(
212 "Configuration value test_network_override must be "
213 "specified if test_subnet_override is used.")
214
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]215 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]216 # Get loadbalancing algorithms supported by provider driver.
217 try:
218 algorithms = const.SUPPORTED_LB_ALGORITHMS[
219 CONF.load_balancer.provider]
220 except KeyError:
221 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
222 # Set default algorithm as first from the list.
223 cls.lb_algorithm = algorithms[0]
224
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]225 show_subnet = cls.lb_mem_subnet_client.show_subnet
226 if CONF.load_balancer.test_with_noop:
227 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
228 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
229 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
230 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
231 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
232 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
233 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]234 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]235 cls.lb_member_vip_ipv6_subnet = {'id':
236 uuidutils.generate_uuid()}
237 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
238 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]239 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]240 return
241 elif CONF.load_balancer.test_network_override:
242 if conf_lb.test_subnet_override:
243 override_subnet = show_subnet(conf_lb.test_subnet_override)
244 else:
245 override_subnet = None
246
247 show_net = cls.lb_mem_net_client.show_network
248 override_network = show_net(conf_lb.test_network_override)
249 override_network = override_network.get('network')
250
251 cls.lb_member_vip_net = override_network
252 cls.lb_member_vip_subnet = override_subnet
253 cls.lb_member_1_net = override_network
254 cls.lb_member_1_subnet = override_subnet
255 cls.lb_member_2_net = override_network
256 cls.lb_member_2_subnet = override_subnet
257
258 if (CONF.load_balancer.test_with_ipv6 and
259 conf_lb.test_IPv6_subnet_override):
260 override_ipv6_subnet = show_subnet(
261 conf_lb.test_IPv6_subnet_override)
262 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
263 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
264 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]265 cls.lb_member_vip_ipv6_subnet_stateful = False
266 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
267 'dhcpv6-stateful'):
268 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]269 else:
270 cls.lb_member_vip_ipv6_subnet = None
271 cls.lb_member_1_ipv6_subnet = None
272 cls.lb_member_2_ipv6_subnet = None
273 else:
274 cls._create_networks()
275
276 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
277 cls.lb_member_vip_net[const.ID]))
278 if cls.lb_member_vip_subnet:
279 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
280 cls.lb_member_vip_subnet[const.ID]))
281 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
282 cls.lb_member_1_net[const.ID]))
283 if cls.lb_member_1_subnet:
284 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
285 cls.lb_member_1_subnet[const.ID]))
286 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
287 cls.lb_member_2_net[const.ID]))
288 if cls.lb_member_2_subnet:
289 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
290 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]291 if CONF.load_balancer.test_with_ipv6:
292 if cls.lb_member_vip_ipv6_subnet:
293 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
294 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
295 if cls.lb_member_1_ipv6_subnet:
296 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
297 cls.lb_member_1_ipv6_subnet[const.ID]))
298 if cls.lb_member_2_ipv6_subnet:
299 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
300 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]301
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]302 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]303 # Neutron can be slow to clean up ports from the subnets/networks.
304 # Retry this delete a few times if we get a "Conflict" error to give
305 # neutron time to fully cleanup the ports.
306 @tenacity.retry(
307 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
308 wait=tenacity.wait_incrementing(
309 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
310 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
311 def _logging_delete_network(cls, net_id):
312 try:
313 cls.lb_mem_net_client.delete_network(net_id)
314 except Exception:
315 LOG.error('Unable to delete network {}. Active ports:'.format(
316 net_id))
317 LOG.error(cls.lb_mem_ports_client.list_ports())
318 raise
319
320 @classmethod
321 # Neutron can be slow to clean up ports from the subnets/networks.
322 # Retry this delete a few times if we get a "Conflict" error to give
323 # neutron time to fully cleanup the ports.
324 @tenacity.retry(
325 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
326 wait=tenacity.wait_incrementing(
327 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
328 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
329 def _logging_delete_subnet(cls, subnet_id):
330 try:
331 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
332 except Exception:
333 LOG.error('Unable to delete subnet {}. Active ports:'.format(
334 subnet_id))
335 LOG.error(cls.lb_mem_ports_client.list_ports())
336 raise
337
338 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]339 def _create_networks(cls):
340 """Creates networks, subnets, and routers used in tests.
341
342 The following are expected to be defined and available to the tests:
343 cls.lb_member_vip_net
344 cls.lb_member_vip_subnet
345 cls.lb_member_vip_ipv6_subnet (optional)
346 cls.lb_member_1_net
347 cls.lb_member_1_subnet
348 cls.lb_member_1_ipv6_subnet (optional)
349 cls.lb_member_2_net
350 cls.lb_member_2_subnet
351 cls.lb_member_2_ipv6_subnet (optional)
352 """
353
354 # Create tenant VIP network
355 network_kwargs = {
356 'name': data_utils.rand_name("lb_member_vip_network")}
357 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]358 # Note: Allowed Address Pairs requires port security
359 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]360 result = cls.lb_mem_net_client.create_network(**network_kwargs)
361 cls.lb_member_vip_net = result['network']
362 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
363 cls.addClassResourceCleanup(
364 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]365 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]366 cls.lb_mem_net_client.show_network,
367 cls.lb_member_vip_net['id'])
368
369 # Create tenant VIP subnet
370 subnet_kwargs = {
371 'name': data_utils.rand_name("lb_member_vip_subnet"),
372 'network_id': cls.lb_member_vip_net['id'],
373 'cidr': CONF.load_balancer.vip_subnet_cidr,
374 'ip_version': 4}
375 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
376 cls.lb_member_vip_subnet = result['subnet']
377 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
378 cls.addClassResourceCleanup(
379 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]380 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]381 cls.lb_mem_subnet_client.show_subnet,
382 cls.lb_member_vip_subnet['id'])
383
384 # Create tenant VIP IPv6 subnet
385 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]386 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]387 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
388 subnet_kwargs = {
389 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
390 'network_id': cls.lb_member_vip_net['id'],
391 'ip_version': 6}
392
393 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
394 # the subnetpool's cidr is routable from the devstack node
395 # through the default router
396 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
397 if subnetpool_name:
398 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
399 name=subnetpool_name)['subnetpools']
400 if len(subnetpool) == 1:
401 subnetpool = subnetpool[0]
402 subnet_kwargs['subnetpool_id'] = subnetpool['id']
403 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
404
405 if 'subnetpool_id' not in subnet_kwargs:
406 subnet_kwargs['cidr'] = (
407 CONF.load_balancer.vip_ipv6_subnet_cidr)
408
409 result = cls.lb_mem_subnet_client.create_subnet(
410 **subnet_kwargs)
411 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
412 cls.lb_member_vip_ipv6_subnet = result['subnet']
413 cls.addClassResourceCleanup(
414 waiters.wait_for_not_found,
415 cls._logging_delete_subnet,
416 cls.lb_mem_subnet_client.show_subnet,
417 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]418
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]419 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
420 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]421
422 # Create tenant member 1 network
423 network_kwargs = {
424 'name': data_utils.rand_name("lb_member_1_network")}
425 if CONF.network_feature_enabled.port_security:
426 if CONF.load_balancer.enable_security_groups:
427 network_kwargs['port_security_enabled'] = True
428 else:
429 network_kwargs['port_security_enabled'] = False
430 result = cls.lb_mem_net_client.create_network(**network_kwargs)
431 cls.lb_member_1_net = result['network']
432 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
433 cls.addClassResourceCleanup(
434 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]435 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]436 cls.lb_mem_net_client.show_network,
437 cls.lb_member_1_net['id'])
438
439 # Create tenant member 1 subnet
440 subnet_kwargs = {
441 'name': data_utils.rand_name("lb_member_1_subnet"),
442 'network_id': cls.lb_member_1_net['id'],
443 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
444 'ip_version': 4}
445 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
446 cls.lb_member_1_subnet = result['subnet']
447 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
448 cls.addClassResourceCleanup(
449 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]450 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]451 cls.lb_mem_subnet_client.show_subnet,
452 cls.lb_member_1_subnet['id'])
453
454 # Create tenant member 1 ipv6 subnet
455 if CONF.load_balancer.test_with_ipv6:
456 subnet_kwargs = {
457 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
458 'network_id': cls.lb_member_1_net['id'],
459 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
460 'ip_version': 6}
461 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]462 cls.lb_member_1_subnet_prefix = (
463 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
464 )
465 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]466 cls.lb_member_1_ipv6_subnet = result['subnet']
467 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
468 cls.lb_member_1_ipv6_subnet))
469 cls.addClassResourceCleanup(
470 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]471 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]472 cls.lb_mem_subnet_client.show_subnet,
473 cls.lb_member_1_ipv6_subnet['id'])
474
475 # Create tenant member 2 network
476 network_kwargs = {
477 'name': data_utils.rand_name("lb_member_2_network")}
478 if CONF.network_feature_enabled.port_security:
479 if CONF.load_balancer.enable_security_groups:
480 network_kwargs['port_security_enabled'] = True
481 else:
482 network_kwargs['port_security_enabled'] = False
483 result = cls.lb_mem_net_client.create_network(**network_kwargs)
484 cls.lb_member_2_net = result['network']
485 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
486 cls.addClassResourceCleanup(
487 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]488 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]489 cls.lb_mem_net_client.show_network,
490 cls.lb_member_2_net['id'])
491
492 # Create tenant member 2 subnet
493 subnet_kwargs = {
494 'name': data_utils.rand_name("lb_member_2_subnet"),
495 'network_id': cls.lb_member_2_net['id'],
496 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
497 'ip_version': 4}
498 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
499 cls.lb_member_2_subnet = result['subnet']
500 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
501 cls.addClassResourceCleanup(
502 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]503 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]504 cls.lb_mem_subnet_client.show_subnet,
505 cls.lb_member_2_subnet['id'])
506
507 # Create tenant member 2 ipv6 subnet
508 if CONF.load_balancer.test_with_ipv6:
509 subnet_kwargs = {
510 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
511 'network_id': cls.lb_member_2_net['id'],
512 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
513 'ip_version': 6}
514 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]515 cls.lb_member_2_subnet_prefix = (
516 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
517 )
518 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]519 cls.lb_member_2_ipv6_subnet = result['subnet']
520 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
521 cls.lb_member_2_ipv6_subnet))
522 cls.addClassResourceCleanup(
523 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]524 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]525 cls.lb_mem_subnet_client.show_subnet,
526 cls.lb_member_2_ipv6_subnet['id'])
527
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]528 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]529 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
530 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]531 if not ip_version:
532 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]533 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]534 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]535 while ip_index in cls.used_ips:
536 ip_index = data_utils.rand_int_id(start=10, end=100)
537 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]538 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]539 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]540 if CONF.load_balancer.test_with_noop:
541 lb_vip_address = '198.18.33.33'
542 else:
543 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
544 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
545 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]546 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]547 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]548 if CONF.load_balancer.test_with_noop:
549 lb_vip_address = '2001:db8:33:33:33:33:33:33'
550 else:
551 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
552 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
553 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]554 # If the subnet is IPv6 slaac or dhcpv6-stateless
555 # neutron does not allow a fixed IP
556 if not cls.lb_member_vip_ipv6_subnet_stateful:
557 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]558 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]559 if use_fixed_ip:
560 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]561 if CONF.load_balancer.test_with_noop:
562 lb_kwargs[const.VIP_NETWORK_ID] = (
563 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]564 if ip_version == 6:
565 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]566 else:
567 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
568 lb_kwargs[const.VIP_SUBNET_ID] = None
569
570
571class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
572 @classmethod
573 def resource_setup(cls):
574 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
575 # If validation is disabled in this cloud, we won't be able to
576 # start the webservers, so don't even boot them.
577 if not CONF.validation.run_validation:
578 return
579
580 # Create a keypair for the webservers
581 keypair_name = data_utils.rand_name('lb_member_keypair')
582 result = cls.lb_mem_keypairs_client.create_keypair(
583 name=keypair_name)
584 cls.lb_member_keypair = result['keypair']
585 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
586 cls.addClassResourceCleanup(
587 waiters.wait_for_not_found,
588 cls.lb_mem_keypairs_client.delete_keypair,
589 cls.lb_mem_keypairs_client.show_keypair,
590 keypair_name)
591
592 if (CONF.load_balancer.enable_security_groups and
593 CONF.network_feature_enabled.port_security):
594 # Set up the security group for the webservers
595 SG_name = data_utils.rand_name('lb_member_SG')
596 cls.lb_member_sec_group = (
597 cls.lb_mem_SG_client.create_security_group(
598 name=SG_name)['security_group'])
599 cls.addClassResourceCleanup(
600 waiters.wait_for_not_found,
601 cls.lb_mem_SG_client.delete_security_group,
602 cls.lb_mem_SG_client.show_security_group,
603 cls.lb_member_sec_group['id'])
604
605 # Create a security group rule to allow 80-81 (test webservers)
606 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
607 direction='ingress',
608 security_group_id=cls.lb_member_sec_group['id'],
609 protocol='tcp',
610 ethertype='IPv4',
611 port_range_min=80,
612 port_range_max=81)['security_group_rule']
613 cls.addClassResourceCleanup(
614 waiters.wait_for_not_found,
615 cls.lb_mem_SGr_client.delete_security_group_rule,
616 cls.lb_mem_SGr_client.show_security_group_rule,
617 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]618 # Create a security group rule to allow UDP 80-81 (test webservers)
619 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
620 direction='ingress',
621 security_group_id=cls.lb_member_sec_group['id'],
622 protocol='udp',
623 ethertype='IPv4',
624 port_range_min=80,
625 port_range_max=81)['security_group_rule']
626 cls.addClassResourceCleanup(
627 waiters.wait_for_not_found,
628 cls.lb_mem_SGr_client.delete_security_group_rule,
629 cls.lb_mem_SGr_client.show_security_group_rule,
630 SGr['id'])
631 # Create a security group rule to allow UDP 9999 (test webservers)
632 # Port 9999 is used to illustrate health monitor ERRORs on closed
633 # ports.
634 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
635 direction='ingress',
636 security_group_id=cls.lb_member_sec_group['id'],
637 protocol='udp',
638 ethertype='IPv4',
639 port_range_min=9999,
640 port_range_max=9999)['security_group_rule']
641 cls.addClassResourceCleanup(
642 waiters.wait_for_not_found,
643 cls.lb_mem_SGr_client.delete_security_group_rule,
644 cls.lb_mem_SGr_client.show_security_group_rule,
645 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]646 # Create a security group rule to allow 22 (ssh)
647 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
648 direction='ingress',
649 security_group_id=cls.lb_member_sec_group['id'],
650 protocol='tcp',
651 ethertype='IPv4',
652 port_range_min=22,
653 port_range_max=22)['security_group_rule']
654 cls.addClassResourceCleanup(
655 waiters.wait_for_not_found,
656 cls.lb_mem_SGr_client.delete_security_group_rule,
657 cls.lb_mem_SGr_client.show_security_group_rule,
658 SGr['id'])
659 if CONF.load_balancer.test_with_ipv6:
660 # Create a security group rule to allow 80-81 (test webservers)
661 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
662 direction='ingress',
663 security_group_id=cls.lb_member_sec_group['id'],
664 protocol='tcp',
665 ethertype='IPv6',
666 port_range_min=80,
667 port_range_max=81)['security_group_rule']
668 cls.addClassResourceCleanup(
669 waiters.wait_for_not_found,
670 cls.lb_mem_SGr_client.delete_security_group_rule,
671 cls.lb_mem_SGr_client.show_security_group_rule,
672 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]673 # Create a security group rule to allow UDP 80-81 (test
674 # webservers)
675 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
676 direction='ingress',
677 security_group_id=cls.lb_member_sec_group['id'],
678 protocol='udp',
679 ethertype='IPv6',
680 port_range_min=80,
681 port_range_max=81)['security_group_rule']
682 cls.addClassResourceCleanup(
683 waiters.wait_for_not_found,
684 cls.lb_mem_SGr_client.delete_security_group_rule,
685 cls.lb_mem_SGr_client.show_security_group_rule,
686 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]687 # Create a security group rule to allow 22 (ssh)
688 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
689 direction='ingress',
690 security_group_id=cls.lb_member_sec_group['id'],
691 protocol='tcp',
692 ethertype='IPv6',
693 port_range_min=22,
694 port_range_max=22)['security_group_rule']
695 cls.addClassResourceCleanup(
696 waiters.wait_for_not_found,
697 cls.lb_mem_SGr_client.delete_security_group_rule,
698 cls.lb_mem_SGr_client.show_security_group_rule,
699 SGr['id'])
700
701 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
702
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]703 # Setup backend member reencryption PKI
704 cls._create_backend_reencryption_pki()
705
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]706 # Create webserver 1 instance
707 server_details = cls._create_webserver('lb_member_webserver1',
708 cls.lb_member_1_net)
709
710 cls.lb_member_webserver1 = server_details['server']
711 cls.webserver1_ip = server_details.get('ipv4_address')
712 cls.webserver1_ipv6 = server_details.get('ipv6_address')
713 cls.webserver1_public_ip = server_details['public_ipv4_address']
714
715 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
716 cls.lb_member_webserver1[const.ID]))
717 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
718 cls.webserver1_ip))
719 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
720 cls.webserver1_ipv6))
721 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
722 cls.webserver1_public_ip))
723
724 # Create webserver 2 instance
725 server_details = cls._create_webserver('lb_member_webserver2',
726 cls.lb_member_2_net)
727
728 cls.lb_member_webserver2 = server_details['server']
729 cls.webserver2_ip = server_details.get('ipv4_address')
730 cls.webserver2_ipv6 = server_details.get('ipv6_address')
731 cls.webserver2_public_ip = server_details['public_ipv4_address']
732
733 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
734 cls.lb_member_webserver2[const.ID]))
735 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
736 cls.webserver2_ip))
737 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
738 cls.webserver2_ipv6))
739 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
740 cls.webserver2_public_ip))
741
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]742 if CONF.load_balancer.test_with_ipv6:
743 # Enable the IPv6 nic in webserver 1
744 cls._enable_ipv6_nic_webserver(
745 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
746 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
747
748 # Enable the IPv6 nic in webserver 2
749 cls._enable_ipv6_nic_webserver(
750 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
751 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
752
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]753 # Set up serving on webserver 1
754 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]755 cls.lb_member_keypair['private_key'],
756 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]757
758 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]759 cls._validate_webserver(cls.webserver1_public_ip,
760 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]761
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]762 # Validate udp server 1
763 cls._validate_udp_server(cls.webserver1_public_ip,
764 cls.webserver1_response)
765
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]766 # Set up serving on webserver 2
767 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]768 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]769 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]770
771 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]772 cls._validate_webserver(cls.webserver2_public_ip,
773 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]774
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]775 # Validate udp server 2
776 cls._validate_udp_server(cls.webserver2_public_ip,
777 cls.webserver2_response)
778
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]779 @classmethod
780 def _create_networks(cls):
781 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]782 # Create a router for the subnets (required for the floating IP)
783 router_name = data_utils.rand_name("lb_member_router")
784 result = cls.lb_mem_routers_client.create_router(
785 name=router_name, admin_state_up=True,
786 external_gateway_info=dict(
787 network_id=CONF.network.public_network_id))
788 cls.lb_member_router = result['router']
789 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
790 cls.addClassResourceCleanup(
791 waiters.wait_for_not_found,
792 cls.lb_mem_routers_client.delete_router,
793 cls.lb_mem_routers_client.show_router,
794 cls.lb_member_router['id'])
795
796 # Add VIP subnet to router
797 cls.lb_mem_routers_client.add_router_interface(
798 cls.lb_member_router['id'],
799 subnet_id=cls.lb_member_vip_subnet['id'])
800 cls.addClassResourceCleanup(
801 waiters.wait_for_not_found,
802 cls.lb_mem_routers_client.remove_router_interface,
803 cls.lb_mem_routers_client.remove_router_interface,
804 cls.lb_member_router['id'],
805 subnet_id=cls.lb_member_vip_subnet['id'])
806
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]807 if (CONF.load_balancer.test_with_ipv6 and
808 CONF.load_balancer.default_router and
809 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
810
811 router_name = CONF.load_balancer.default_router
812 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
813 # plug the subnet into the default router
814 router = cls.os_admin.routers_client.list_routers(
815 name=router_name)['routers']
816
817 if len(router) == 1:
818 router = router[0]
819
820 # Add IPv6 VIP subnet to router1
821 cls.os_admin_routers_client.add_router_interface(
822 router['id'],
823 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
824 cls.addClassResourceCleanup(
825 waiters.wait_for_not_found,
826 cls.os_admin_routers_client.remove_router_interface,
827 cls.os_admin_routers_client.remove_router_interface,
828 router['id'],
829 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
830
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]831 # Add member subnet 1 to router
832 cls.lb_mem_routers_client.add_router_interface(
833 cls.lb_member_router['id'],
834 subnet_id=cls.lb_member_1_subnet['id'])
835 cls.addClassResourceCleanup(
836 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]837 cls.lb_mem_routers_client.remove_router_interface,
838 cls.lb_mem_routers_client.remove_router_interface,
839 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
840
841 # Add member subnet 2 to router
842 cls.lb_mem_routers_client.add_router_interface(
843 cls.lb_member_router['id'],
844 subnet_id=cls.lb_member_2_subnet['id'])
845 cls.addClassResourceCleanup(
846 waiters.wait_for_not_found,
847 cls.lb_mem_routers_client.remove_router_interface,
848 cls.lb_mem_routers_client.remove_router_interface,
849 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
850
851 @classmethod
852 def _create_webserver(cls, name, network):
853 """Creates a webserver with two ports.
854
855 webserver_details dictionary contains:
856 server - The compute server object
857 ipv4_address - The IPv4 address for the server (optional)
858 ipv6_address - The IPv6 address for the server (optional)
859 public_ipv4_address - The publicly accessible IPv4 address for the
860 server, this may be a floating IP (optional)
861
862 :param name: The name of the server to create.
863 :param network: The network to boot the server on.
864 :returns: webserver_details dictionary.
865 """
866 server_kwargs = {
867 'name': data_utils.rand_name(name),
868 'flavorRef': CONF.compute.flavor_ref,
869 'imageRef': CONF.compute.image_ref,
870 'key_name': cls.lb_member_keypair['name']}
871 if (CONF.load_balancer.enable_security_groups and
872 CONF.network_feature_enabled.port_security):
873 server_kwargs['security_groups'] = [
874 {'name': cls.lb_member_sec_group['name']}]
875 if not CONF.load_balancer.disable_boot_network:
876 server_kwargs['networks'] = [{'uuid': network['id']}]
877
878 # Replace the name for clouds that have limitations
879 if CONF.load_balancer.random_server_name_length:
880 r = random.SystemRandom()
881 server_kwargs['name'] = "m{}".format("".join(
882 [r.choice(string.ascii_uppercase + string.digits)
883 for _ in range(
884 CONF.load_balancer.random_server_name_length - 1)]
885 ))
886 if CONF.load_balancer.availability_zone:
887 server_kwargs['availability_zone'] = (
888 CONF.load_balancer.availability_zone)
889
890 server = cls.lb_mem_servers_client.create_server(
891 **server_kwargs)['server']
892 cls.addClassResourceCleanup(
893 waiters.wait_for_not_found,
894 cls.lb_mem_servers_client.delete_server,
895 cls.lb_mem_servers_client.show_server,
896 server['id'])
897 server = waiters.wait_for_status(
898 cls.lb_mem_servers_client.show_server,
899 server['id'], 'status', 'ACTIVE',
900 CONF.load_balancer.build_interval,
901 CONF.load_balancer.build_timeout,
902 root_tag='server')
903 webserver_details = {'server': server}
904 LOG.info('Created server: {}'.format(server))
905
906 addresses = server['addresses']
907 if CONF.load_balancer.disable_boot_network:
908 instance_network = addresses.values()[0]
909 else:
910 instance_network = addresses[network['name']]
911 for addr in instance_network:
912 if addr['version'] == 4:
913 webserver_details['ipv4_address'] = addr['addr']
914 if addr['version'] == 6:
915 webserver_details['ipv6_address'] = addr['addr']
916
917 if CONF.validation.connect_method == 'floating':
918 result = cls.lb_mem_ports_client.list_ports(
919 network_id=network['id'],
920 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
921 port_id = result['ports'][0]['id']
922 result = cls.lb_mem_float_ip_client.create_floatingip(
923 floating_network_id=CONF.network.public_network_id,
924 port_id=port_id)
925 floating_ip = result['floatingip']
926 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
927 cls.addClassResourceCleanup(
928 waiters.wait_for_not_found,
929 cls.lb_mem_float_ip_client.delete_floatingip,
930 cls.lb_mem_float_ip_client.show_floatingip,
931 floatingip_id=floating_ip['id'])
932 webserver_details['public_ipv4_address'] = (
933 floating_ip['floating_ip_address'])
934 else:
935 webserver_details['public_ipv4_address'] = (
936 instance_network[0]['addr'])
937
938 return webserver_details
939
940 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]941 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
942 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]943 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]944
945 linux_client = remote_client.RemoteClient(
946 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
947 linux_client.validate_authentication()
948
949 with tempfile.NamedTemporaryFile() as key:
950 key.write(ssh_key.encode('utf-8'))
951 key.flush()
952 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
953 "-o StrictHostKeyChecking=no "
954 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
955 "-i {2} {3} {4}@{5}:{6}").format(
956 CONF.load_balancer.scp_connection_timeout,
957 CONF.load_balancer.scp_connection_attempts,
958 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]959 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]960 args = shlex.split(cmd)
961 subprocess_args = {'stdout': subprocess.PIPE,
962 'stderr': subprocess.STDOUT,
963 'cwd': None}
964 proc = subprocess.Popen(args, **subprocess_args)
965 stdout, stderr = proc.communicate()
966 if proc.returncode != 0:
967 raise exceptions.CommandFailed(proc.returncode, cmd,
968 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]969
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]970 cls._load_member_pki_content(ip_address, key,
971 revoke_cert=revoke_cert)
972
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]973 # Enabling memory overcommit allows to run golang static binaries
974 # compiled with a recent golang toolchain (>=1.11). Those binaries
975 # allocate a large amount of virtual memory at init time, and this
976 # allocation fails in tempest's nano flavor (64MB of RAM)
977 # (golang issue reported in https://github.com/golang/go/issues/28114,
978 # follow-up: https://github.com/golang/go/issues/28081)
979 # TODO(gthiemonge): Remove this call when golang issue is resolved.
980 linux_client.exec_command('sudo sh -c "echo 1 > '
981 '/proc/sys/vm/overcommit_memory"')
982
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]983 # The initial process also supports HTTPS and HTTPS with client auth
984 linux_client.exec_command(
985 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
986 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
987 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
988 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
989
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]990 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]991 '-id {1}'.format(const.TEST_SERVER_BINARY,
992 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]993
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]994 # Cirros does not configure the assigned IPv6 address by default
995 # so enable it manually like tempest does here:
996 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
997 @classmethod
998 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
999 ipv6_address, ipv6_prefix):
1000 linux_client = remote_client.RemoteClient(
1001 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
1002 linux_client.validate_authentication()
1003
1004 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1005 'eth0'.format(ipv6_address, ipv6_prefix))
1006
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1007 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1008 def _validate_webserver(cls, ip_address, start_id):
1009 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1010 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1011 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1012 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1013
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1014 @classmethod
1015 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1016 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1017 if res != str(start_id):
1018 raise Exception("Response from test server doesn't match the "
1019 "expected value ({0} != {1}).".format(
1020 res, str(start_id)))
1021
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1022 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1023 if res != str(start_id + 1):
1024 raise Exception("Response from test server doesn't match the "
1025 "expected value ({0} != {1}).".format(
1026 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1027
1028 @classmethod
1029 def _create_backend_reencryption_pki(cls):
1030 # Create a CA self-signed cert and key for the member test servers
1031 cls.member_ca_cert, cls.member_ca_key = (
1032 cert_utils.generate_ca_cert_and_key())
1033
1034 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1035 serialization.Encoding.PEM))
1036 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1037 encoding=serialization.Encoding.PEM,
1038 format=serialization.PrivateFormat.TraditionalOpenSSL,
1039 encryption_algorithm=serialization.NoEncryption()))
1040 LOG.debug('Member CA public Key: %s',
1041 cls.member_ca_key.public_key().public_bytes(
1042 encoding=serialization.Encoding.PEM,
1043 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1044
1045 # Create the member client authentication CA
1046 cls.member_client_ca_cert, member_client_ca_key = (
1047 cert_utils.generate_ca_cert_and_key())
1048
1049 # Create client cert and key
1050 cls.member_client_cn = uuidutils.generate_uuid()
1051 cls.member_client_cert, cls.member_client_key = (
1052 cert_utils.generate_client_cert_and_key(
1053 cls.member_client_ca_cert, member_client_ca_key,
1054 cls.member_client_cn))
1055 # Note: We are not revoking a client cert here as we don't need to
1056 # test the backend web server CRL checking.
1057
1058 @classmethod
1059 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1060 # Create webserver certificate and key
1061 cert, key = cert_utils.generate_server_cert_and_key(
1062 cls.member_ca_cert, cls.member_ca_key, ip_address)
1063
1064 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1065 serialization.Encoding.PEM))
1066 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1067 encoding=serialization.Encoding.PEM,
1068 format=serialization.PrivateFormat.TraditionalOpenSSL,
1069 encryption_algorithm=serialization.NoEncryption()))
1070 public_key = key.public_key()
1071 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1072 encoding=serialization.Encoding.PEM,
1073 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1074
1075 # Create a CRL with a revoked certificate
1076 if revoke_cert:
1077 # Create a CRL with webserver 2 revoked
1078 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1079 cls.member_ca_cert, cls.member_ca_key, cert)
1080
1081 # Load the certificate, key, and client CA certificate into the
1082 # test server.
1083 with tempfile.TemporaryDirectory() as tmpdir:
1084 os.umask(0)
1085 files_to_send = []
1086 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1087 files_to_send.append(cert_filename)
1088 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1089 0o700), 'w') as fh:
1090 fh.write(cert.public_bytes(
1091 serialization.Encoding.PEM).decode('utf-8'))
1092 fh.flush()
1093 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1094 files_to_send.append(key_filename)
1095 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1096 0o700), 'w') as fh:
1097 fh.write(key.private_bytes(
1098 encoding=serialization.Encoding.PEM,
1099 format=serialization.PrivateFormat.TraditionalOpenSSL,
1100 encryption_algorithm=serialization.NoEncryption()).decode(
1101 'utf-8'))
1102 fh.flush()
1103 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1104 files_to_send.append(client_ca_filename)
1105 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1106 0o700), 'w') as fh:
1107 fh.write(cls.member_client_ca_cert.public_bytes(
1108 serialization.Encoding.PEM).decode('utf-8'))
1109 fh.flush()
1110
1111 # For security, we don't want to use a shell that can glob
1112 # the file names, so iterate over them.
1113 subprocess_args = {'stdout': subprocess.PIPE,
1114 'stderr': subprocess.STDOUT,
1115 'cwd': None}
1116 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1117 "-o StrictHostKeyChecking=no "
1118 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1119 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1120 CONF.load_balancer.scp_connection_timeout,
1121 CONF.load_balancer.scp_connection_attempts,
1122 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1123 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1124 args = shlex.split(cmd)
1125 proc = subprocess.Popen(args, **subprocess_args)
1126 stdout, stderr = proc.communicate()
1127 if proc.returncode != 0:
1128 raise exceptions.CommandFailed(proc.returncode, cmd,
1129 stdout, stderr)