Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 6978e02f0dc7f9b5bc387743d86d963ee51bbd89 / . / octavia_tempest_plugin / tests / test_base.py
blob: f22edbb389ad1fdf1bafe081e53f6112613c5b7c [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame^]16import netaddr
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]17import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]18import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]19import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]21import string
22import subprocess
23import tempfile
24
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]25from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]26from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]27from oslo_log import log as logging
28from oslo_utils import uuidutils
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]29from tempest import clients
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]30from tempest import config
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]31from tempest.lib import auth
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32from tempest.lib.common.utils import data_utils
33from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34from tempest.lib import exceptions
35from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]36import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]37
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]38from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]39from octavia_tempest_plugin.common import constants as const
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]40import octavia_tempest_plugin.services.load_balancer.v2 as lbv2
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]41from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]42from octavia_tempest_plugin.tests import validators
43from octavia_tempest_plugin.tests import waiters
44
45CONF = config.CONF
46LOG = logging.getLogger(__name__)
47
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]48RETRY_ATTEMPTS = 15
49RETRY_INITIAL_DELAY = 1
50RETRY_BACKOFF = 1
51RETRY_MAX = 5
52
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]53
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]54class LoadBalancerBaseTest(validators.ValidatorsMixin,
55 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]56 """Base class for load balancer tests."""
57
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]58 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
59 credentials = [
60 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
61 ['lb_member', CONF.load_balancer.member_role],
62 ['lb_member2', CONF.load_balancer.member_role]]
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]63 elif CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]64 credentials = [
Michael Johnson6dac8ff2023-03-09 00:04:37 +0000[diff] [blame]65 'admin', 'primary',
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]66 ['lb_admin', 'admin'],
67 ['lb_observer', 'reader'],
68 ['lb_global_observer', 'reader'],
69 ['lb_member', 'member'],
70 ['lb_member2', 'member']]
71 # Note: an additional non-member user is added in setup_credentials
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]72 else:
73 credentials = [
74 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
75 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
76 ['lb_global_observer', CONF.load_balancer.global_observer_role,
77 'reader'],
Michael Johnson9e9f5262023-01-18 17:59:17 +0000[diff] [blame]78 # Note: Some projects are now requiring the 'member' role by
79 # default (nova for example) so make sure our creds have this role
80 ['lb_member', CONF.load_balancer.member_role, 'member'],
81 ['lb_member2', CONF.load_balancer.member_role, 'member']]
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]82
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]83 # A tuple of credentials that will be allocated by tempest using the
84 # 'credentials' list above. These are used to build RBAC test lists.
85 allocated_creds = []
86 for cred in credentials:
87 if isinstance(cred, list):
88 allocated_creds.append('os_roles_' + cred[0])
89 else:
90 allocated_creds.append('os_' + cred)
91 # Tests shall not mess with the list of allocated credentials
92 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]93
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]94 webserver1_response = 1
95 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]96 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]97
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]98 SRC_PORT_NUMBER_MIN = 32768
99 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]100 src_port_number = SRC_PORT_NUMBER_MIN
101
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]102 @classmethod
103 def skip_checks(cls):
104 """Check if we should skip all of the children tests."""
105 super(LoadBalancerBaseTest, cls).skip_checks()
106
107 service_list = {
108 'load_balancer': CONF.service_available.load_balancer,
109 }
110
111 live_service_list = {
112 'compute': CONF.service_available.nova,
113 'image': CONF.service_available.glance,
114 'neutron': CONF.service_available.neutron
115 }
116
117 if not CONF.load_balancer.test_with_noop:
118 service_list.update(live_service_list)
119
120 for service, available in service_list.items():
121 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]122 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]123 "available.".format(cls.__name__, service))
124 raise cls.skipException(skip_msg)
125
126 # We must be able to reach our VIP and instances
127 if not (CONF.network.project_networks_reachable
128 or CONF.network.public_network_id):
129 msg = ('Either project_networks_reachable must be "true", or '
130 'public_network_id must be defined.')
131 raise cls.skipException(msg)
132
133 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]134 def _setup_new_user_role_client(cls, project_id, role_name):
135 user = {
136 'name': data_utils.rand_name('user'),
137 'password': data_utils.rand_password()
138 }
139 user_id = cls.os_admin.users_v3_client.create_user(
140 **user)['user']['id']
141 cls._created_users.append(user_id)
142 roles = cls.os_admin.roles_v3_client.list_roles(
143 name=role_name)['roles']
144 if len(roles) == 0:
145 role = {
146 'name': role_name
147 }
148 role_id = cls.os_admin.roles_v3_client.create_role(
149 **role)['role']['id']
150 cls._created_roles.append(role_id)
151 else:
152 role_id = roles[0]['id']
153 cls.os_admin.roles_v3_client.create_user_role_on_project(
154 project_id, user_id, role_id
155 )
156 creds = auth.KeystoneV3Credentials(
157 user_id=user_id,
158 password=user['password'],
159 project_id=project_id
160 )
161 auth_provider = clients.get_auth_provider(creds)
162 creds = auth_provider.fill_credentials()
163 return clients.Manager(credentials=creds)
164
165 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]166 def setup_credentials(cls):
167 """Setup test credentials and network resources."""
168 # Do not auto create network resources
169 cls.set_network_resources()
170 super(LoadBalancerBaseTest, cls).setup_credentials()
171
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]172 cls._created_projects = []
173 cls._created_users = []
174 cls._created_roles = []
175
176 non_dyn_users = []
177
178 if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
179 # Create a non-member user for keystone_default_roles
180 # When using dynamic credentials, tempest cannot create a user
181 # without a role, it always adds at least the "member" role.
182 # We manually create the user with a temporary role
183 project_id = cls.os_admin.projects_client.create_project(
184 data_utils.rand_name()
185 )['project']['id']
186 cls._created_projects.append(project_id)
187 cls.os_not_member = cls._setup_new_user_role_client(
188 project_id,
189 data_utils.rand_name('role'))
190 cls.allocated_creds.append('os_not_member')
191 non_dyn_users.append('not_member')
192
193 # Tests shall not mess with the list of allocated credentials
194 cls.allocated_credentials = tuple(cls.allocated_creds)
195
Bas de Bruijne530a88a2022-12-15 11:12:45 -0400[diff] [blame]196 if not CONF.load_balancer.log_user_roles:
197 return
198
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]199 # Log the user roles for this test run
200 role_name_cache = {}
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]201 for cred in cls.credentials + non_dyn_users:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]202 user_roles = []
203 if isinstance(cred, list):
204 user_name = cred[0]
205 cred_obj = getattr(cls, 'os_roles_' + cred[0])
206 else:
207 user_name = cred
208 cred_obj = getattr(cls, 'os_' + cred)
209 params = {'user.id': cred_obj.credentials.user_id,
Rodolfo Alonso Hernandezb5969972025-02-17 14:23:38 +0000[diff] [blame]210 'scope.project.id': cred_obj.credentials.project_id}
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]211 roles = cls.os_admin.role_assignments_client.list_role_assignments(
212 **params)['role_assignments']
213 for role in roles:
214 role_id = role['role']['id']
215 try:
216 role_name = role_name_cache[role_id]
217 except KeyError:
218 role_name = cls.os_admin.roles_v3_client.show_role(
219 role_id)['role']['name']
220 role_name_cache[role_id] = role_name
221 user_roles.append([role_name, role['scope']])
222 LOG.info("User %s has roles: %s", user_name, user_roles)
223
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]224 @classmethod
Gregory Thiemongecba3b222024-05-16 02:57:08 -0400[diff] [blame]225 def clear_credentials(cls):
226 for user_id in cls._created_users:
227 cls.os_admin.users_v3_client.delete_user(user_id)
228 for project_id in cls._created_projects:
229 cls.os_admin.projects_client.delete_project(project_id)
230 for role_id in cls._created_roles:
231 cls.os_admin.roles_v3_client.delete_role(role_id)
232 super().clear_credentials()
233
234 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]235 def setup_clients(cls):
236 """Setup client aliases."""
237 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]238 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]239 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
240 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
241 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
242 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
243 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
244 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
245 cls.lb_mem_SGr_client = (
246 cls.os_roles_lb_member.security_group_rules_client)
247 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
248 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]249 cls.mem_lb_client: lbv2.LoadbalancerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]250 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]251 cls.mem_listener_client: lbv2.ListenerClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]252 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]253 cls.mem_pool_client: lbv2.PoolClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]254 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]255 cls.mem_member_client: lbv2.MemberClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]256 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]257 cls.mem_healthmonitor_client: lbv2.HealthMonitorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]258 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]259 cls.mem_l7policy_client: lbv2.L7PolicyClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]260 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]261 cls.mem_l7rule_client: lbv2.L7RuleClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]262 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]263 cls.lb_admin_amphora_client: lbv2.AmphoraClient = (
264 lb_admin_prefix.AmphoraClient())
265 cls.lb_admin_flavor_profile_client: lbv2.FlavorProfileClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]266 lb_admin_prefix.FlavorProfileClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]267 cls.lb_admin_flavor_client: lbv2.FlavorClient = (
268 lb_admin_prefix.FlavorClient())
269 cls.mem_flavor_client: lbv2.FlavorClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]270 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
Tom Weiningerc03e9c32024-04-23 14:07:04 +0200[diff] [blame]271 cls.mem_provider_client: lbv2.ProviderClient = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]272 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]273 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]274 cls.os_admin_routers_client = cls.os_admin.routers_client
275 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]276 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]277 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]278 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]279 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]280 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]281 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]282 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]283 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]284 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]285 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Gregory Thiemonge5010dc02021-02-02 14:59:27 +0100[diff] [blame]286 cls.os_admin_compute_flavors_client = cls.os_admin.flavors_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]287
288 @classmethod
289 def resource_setup(cls):
290 """Setup resources needed by the tests."""
291 super(LoadBalancerBaseTest, cls).resource_setup()
292
293 conf_lb = CONF.load_balancer
294
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]295 cls.api_version = cls.mem_lb_client.get_max_api_version()
296
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]297 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
298 raise exceptions.InvalidConfiguration(
299 "Configuration value test_network_override must be "
300 "specified if test_subnet_override is used.")
301
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]302 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]303 # Get loadbalancing algorithms supported by provider driver.
304 try:
305 algorithms = const.SUPPORTED_LB_ALGORITHMS[
306 CONF.load_balancer.provider]
307 except KeyError:
308 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
309 # Set default algorithm as first from the list.
310 cls.lb_algorithm = algorithms[0]
311
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]312 show_subnet = cls.lb_mem_subnet_client.show_subnet
313 if CONF.load_balancer.test_with_noop:
314 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
315 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
316 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
317 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
318 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
319 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
320 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]321 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]322 cls.lb_member_vip_ipv6_subnet = {'id':
323 uuidutils.generate_uuid()}
324 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
325 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]326 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]327 return
328 elif CONF.load_balancer.test_network_override:
329 if conf_lb.test_subnet_override:
330 override_subnet = show_subnet(conf_lb.test_subnet_override)
331 else:
332 override_subnet = None
333
334 show_net = cls.lb_mem_net_client.show_network
335 override_network = show_net(conf_lb.test_network_override)
336 override_network = override_network.get('network')
337
338 cls.lb_member_vip_net = override_network
339 cls.lb_member_vip_subnet = override_subnet
340 cls.lb_member_1_net = override_network
341 cls.lb_member_1_subnet = override_subnet
342 cls.lb_member_2_net = override_network
343 cls.lb_member_2_subnet = override_subnet
344
345 if (CONF.load_balancer.test_with_ipv6 and
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]346 conf_lb.test_ipv6_subnet_override):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]347 override_ipv6_subnet = show_subnet(
Michael Polenchuke1f3ed52022-01-18 15:44:56 +0400[diff] [blame]348 conf_lb.test_ipv6_subnet_override)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]349 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
350 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
351 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]352 cls.lb_member_vip_ipv6_subnet_stateful = False
353 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
354 'dhcpv6-stateful'):
355 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]356 else:
357 cls.lb_member_vip_ipv6_subnet = None
358 cls.lb_member_1_ipv6_subnet = None
359 cls.lb_member_2_ipv6_subnet = None
360 else:
361 cls._create_networks()
362
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]363 LOG.debug('Octavia Setup: lb_member_vip_net = %s',
364 cls.lb_member_vip_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]365 if cls.lb_member_vip_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]366 LOG.debug('Octavia Setup: lb_member_vip_subnet = %s',
367 cls.lb_member_vip_subnet[const.ID])
368 LOG.debug('Octavia Setup: lb_member_1_net = %s',
369 cls.lb_member_1_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]370 if cls.lb_member_1_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]371 LOG.debug('Octavia Setup: lb_member_1_subnet = %s',
372 cls.lb_member_1_subnet[const.ID])
373 LOG.debug('Octavia Setup: lb_member_2_net = %s',
374 cls.lb_member_2_net[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]375 if cls.lb_member_2_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]376 LOG.debug('Octavia Setup: lb_member_2_subnet = %s',
377 cls.lb_member_2_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]378 if CONF.load_balancer.test_with_ipv6:
379 if cls.lb_member_vip_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]380 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = %s',
381 cls.lb_member_vip_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]382 if cls.lb_member_1_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]383 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = %s',
384 cls.lb_member_1_ipv6_subnet[const.ID])
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]385 if cls.lb_member_2_ipv6_subnet:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]386 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = %s',
387 cls.lb_member_2_ipv6_subnet[const.ID])
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]388
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]389 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]390 # Neutron can be slow to clean up ports from the subnets/networks.
391 # Retry this delete a few times if we get a "Conflict" error to give
392 # neutron time to fully cleanup the ports.
393 @tenacity.retry(
394 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
395 wait=tenacity.wait_incrementing(
396 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
397 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
398 def _logging_delete_network(cls, net_id):
399 try:
400 cls.lb_mem_net_client.delete_network(net_id)
401 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]402 LOG.error('Unable to delete network %s. Active ports:', net_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]403 LOG.error(cls.lb_mem_ports_client.list_ports())
404 raise
405
406 @classmethod
407 # Neutron can be slow to clean up ports from the subnets/networks.
408 # Retry this delete a few times if we get a "Conflict" error to give
409 # neutron time to fully cleanup the ports.
410 @tenacity.retry(
411 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
412 wait=tenacity.wait_incrementing(
413 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
414 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
415 def _logging_delete_subnet(cls, subnet_id):
416 try:
417 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
418 except Exception:
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]419 LOG.error('Unable to delete subnet %s. Active ports:', subnet_id)
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]420 LOG.error(cls.lb_mem_ports_client.list_ports())
421 raise
422
423 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]424 def _create_networks(cls):
425 """Creates networks, subnets, and routers used in tests.
426
427 The following are expected to be defined and available to the tests:
428 cls.lb_member_vip_net
429 cls.lb_member_vip_subnet
430 cls.lb_member_vip_ipv6_subnet (optional)
431 cls.lb_member_1_net
432 cls.lb_member_1_subnet
433 cls.lb_member_1_ipv6_subnet (optional)
434 cls.lb_member_2_net
435 cls.lb_member_2_subnet
436 cls.lb_member_2_ipv6_subnet (optional)
437 """
438
439 # Create tenant VIP network
440 network_kwargs = {
441 'name': data_utils.rand_name("lb_member_vip_network")}
442 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]443 # Note: Allowed Address Pairs requires port security
444 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]445 result = cls.lb_mem_net_client.create_network(**network_kwargs)
446 cls.lb_member_vip_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]447 LOG.info('lb_member_vip_net: %s', cls.lb_member_vip_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]448 cls.addClassResourceCleanup(
449 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]450 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]451 cls.lb_mem_net_client.show_network,
452 cls.lb_member_vip_net['id'])
453
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame^]454 # Add allocation pool to prevent IP address conflicts with portprober
455 cidr = netaddr.IPNetwork(CONF.load_balancer.vip_subnet_cidr)
456 pool_start = ipaddress.ip_address(str(cidr[101]))
457 pool_end = ipaddress.ip_address(str(cidr[254]))
458 allocation_pools = [{'start': str(pool_start), 'end': str(pool_end)}]
459
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]460 # Create tenant VIP subnet
461 subnet_kwargs = {
462 'name': data_utils.rand_name("lb_member_vip_subnet"),
463 'network_id': cls.lb_member_vip_net['id'],
464 'cidr': CONF.load_balancer.vip_subnet_cidr,
rbubyr6978e022025-03-18 14:58:39 +0100[diff] [blame^]465 'ip_version': 4,
466 'allocation_pools': allocation_pools
467 }
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]468 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
469 cls.lb_member_vip_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]470 LOG.info('lb_member_vip_subnet: %s', cls.lb_member_vip_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]471 cls.addClassResourceCleanup(
472 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]473 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]474 cls.lb_mem_subnet_client.show_subnet,
475 cls.lb_member_vip_subnet['id'])
476
477 # Create tenant VIP IPv6 subnet
478 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]479 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]480 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
481 subnet_kwargs = {
482 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
483 'network_id': cls.lb_member_vip_net['id'],
484 'ip_version': 6}
485
486 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
487 # the subnetpool's cidr is routable from the devstack node
488 # through the default router
489 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
490 if subnetpool_name:
491 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
492 name=subnetpool_name)['subnetpools']
493 if len(subnetpool) == 1:
494 subnetpool = subnetpool[0]
495 subnet_kwargs['subnetpool_id'] = subnetpool['id']
496 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
497
498 if 'subnetpool_id' not in subnet_kwargs:
499 subnet_kwargs['cidr'] = (
500 CONF.load_balancer.vip_ipv6_subnet_cidr)
501
502 result = cls.lb_mem_subnet_client.create_subnet(
503 **subnet_kwargs)
504 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
505 cls.lb_member_vip_ipv6_subnet = result['subnet']
506 cls.addClassResourceCleanup(
507 waiters.wait_for_not_found,
508 cls._logging_delete_subnet,
509 cls.lb_mem_subnet_client.show_subnet,
510 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]511
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]512 LOG.info('lb_member_vip_ipv6_subnet: %s',
513 cls.lb_member_vip_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]514
515 # Create tenant member 1 network
516 network_kwargs = {
517 'name': data_utils.rand_name("lb_member_1_network")}
518 if CONF.network_feature_enabled.port_security:
519 if CONF.load_balancer.enable_security_groups:
520 network_kwargs['port_security_enabled'] = True
521 else:
522 network_kwargs['port_security_enabled'] = False
523 result = cls.lb_mem_net_client.create_network(**network_kwargs)
524 cls.lb_member_1_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]525 LOG.info('lb_member_1_net: %s', cls.lb_member_1_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]526 cls.addClassResourceCleanup(
527 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]528 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]529 cls.lb_mem_net_client.show_network,
530 cls.lb_member_1_net['id'])
531
532 # Create tenant member 1 subnet
533 subnet_kwargs = {
534 'name': data_utils.rand_name("lb_member_1_subnet"),
535 'network_id': cls.lb_member_1_net['id'],
536 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
537 'ip_version': 4}
538 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
539 cls.lb_member_1_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]540 LOG.info('lb_member_1_subnet: %s', cls.lb_member_1_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]541 cls.addClassResourceCleanup(
542 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]543 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]544 cls.lb_mem_subnet_client.show_subnet,
545 cls.lb_member_1_subnet['id'])
546
547 # Create tenant member 1 ipv6 subnet
548 if CONF.load_balancer.test_with_ipv6:
549 subnet_kwargs = {
550 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
551 'network_id': cls.lb_member_1_net['id'],
552 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
553 'ip_version': 6}
554 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]555 cls.lb_member_1_subnet_prefix = (
556 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
557 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]558 assert (cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]559 cls.lb_member_1_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]560 LOG.info('lb_member_1_ipv6_subnet: %s',
561 cls.lb_member_1_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]562 cls.addClassResourceCleanup(
563 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]564 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]565 cls.lb_mem_subnet_client.show_subnet,
566 cls.lb_member_1_ipv6_subnet['id'])
567
568 # Create tenant member 2 network
569 network_kwargs = {
570 'name': data_utils.rand_name("lb_member_2_network")}
571 if CONF.network_feature_enabled.port_security:
572 if CONF.load_balancer.enable_security_groups:
573 network_kwargs['port_security_enabled'] = True
574 else:
575 network_kwargs['port_security_enabled'] = False
576 result = cls.lb_mem_net_client.create_network(**network_kwargs)
577 cls.lb_member_2_net = result['network']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]578 LOG.info('lb_member_2_net: %s', cls.lb_member_2_net)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]579 cls.addClassResourceCleanup(
580 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]581 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]582 cls.lb_mem_net_client.show_network,
583 cls.lb_member_2_net['id'])
584
585 # Create tenant member 2 subnet
586 subnet_kwargs = {
587 'name': data_utils.rand_name("lb_member_2_subnet"),
588 'network_id': cls.lb_member_2_net['id'],
589 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
590 'ip_version': 4}
591 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
592 cls.lb_member_2_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]593 LOG.info('lb_member_2_subnet: %s', cls.lb_member_2_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]594 cls.addClassResourceCleanup(
595 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]596 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]597 cls.lb_mem_subnet_client.show_subnet,
598 cls.lb_member_2_subnet['id'])
599
600 # Create tenant member 2 ipv6 subnet
601 if CONF.load_balancer.test_with_ipv6:
602 subnet_kwargs = {
603 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
604 'network_id': cls.lb_member_2_net['id'],
605 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
606 'ip_version': 6}
607 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]608 cls.lb_member_2_subnet_prefix = (
609 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
610 )
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]611 assert (cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]612 cls.lb_member_2_ipv6_subnet = result['subnet']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]613 LOG.info('lb_member_2_ipv6_subnet: %s',
614 cls.lb_member_2_ipv6_subnet)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]615 cls.addClassResourceCleanup(
616 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]617 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]618 cls.lb_mem_subnet_client.show_subnet,
619 cls.lb_member_2_ipv6_subnet['id'])
620
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]621 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]622 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
623 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]624 if not ip_version:
625 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]626 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]627 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]628 while ip_index in cls.used_ips:
629 ip_index = data_utils.rand_int_id(start=10, end=100)
630 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]631 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]632 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]633 if CONF.load_balancer.test_with_noop:
634 lb_vip_address = '198.18.33.33'
635 else:
636 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
637 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
638 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]639 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]640 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]641 if CONF.load_balancer.test_with_noop:
642 lb_vip_address = '2001:db8:33:33:33:33:33:33'
643 else:
644 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
645 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
646 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]647 # If the subnet is IPv6 slaac or dhcpv6-stateless
648 # neutron does not allow a fixed IP
649 if not cls.lb_member_vip_ipv6_subnet_stateful:
650 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]651 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]652 if use_fixed_ip:
653 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]654 if CONF.load_balancer.test_with_noop:
655 lb_kwargs[const.VIP_NETWORK_ID] = (
656 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]657 if ip_version == 6:
658 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]659 else:
660 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
661 lb_kwargs[const.VIP_SUBNET_ID] = None
662
Gregory Thiemongeece5ab42020-10-29 08:46:05 +0100[diff] [blame]663 def _validate_listener_protocol(self, protocol, raise_if_unsupported=True):
664 if (protocol == const.SCTP and
665 not self.mem_listener_client.is_version_supported(
666 self.api_version, '2.23')):
667 if raise_if_unsupported:
668 raise self.skipException('SCTP listener protocol '
669 'is only available on Octavia '
670 'API version 2.23 or newer.')
671 return False
672 return True
673
ibumarskovd17e3da2020-09-03 18:21:29 +0400[diff] [blame]674 @classmethod
675 def check_tf_compatibility(cls, protocol=None, algorithm=None):
676 # TungstenFabric supported protocols and algorithms
677 tf_protocols = [const.HTTP, const.HTTPS, const.TCP, const.UDP,
678 const.TERMINATED_HTTPS]
679 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
680 const.LB_ALGORITHM_LEAST_CONNECTIONS,
681 const.LB_ALGORITHM_SOURCE_IP]
682
683 if algorithm and algorithm not in tf_algorithms:
684 raise cls.skipException(
685 'TungstenFabric does not support {} algorithm.'
686 ''.format(algorithm))
687 if protocol and protocol not in tf_protocols:
688 raise cls.skipException(
689 'TungstenFabric does not support {} protocol.'
690 ''.format(protocol))
691
692 @classmethod
693 def _tf_create_listener(cls, name, proto, port, lb_id):
694 listener_kwargs = {
695 const.NAME: name,
696 const.PROTOCOL: proto,
697 const.PROTOCOL_PORT: port,
698 const.LOADBALANCER_ID: lb_id,
699 }
700 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
701 return listener
702
703 @classmethod
704 def _tf_get_free_port(cls, lb_id):
705 port = 8081
706 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
707 listeners = lb[const.LISTENERS]
708 if not listeners:
709 return port
710 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
711 const.PROTOCOL_PORT] for x in listeners]
712 while port in ports:
713 port = port + 1
714 return port
715
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]716
717class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
718 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]719 def remote_client_args(cls):
720 # In case we're using octavia-tempest-plugin with old tempest releases
721 # (for instance on stable/train) that don't support ssh_key_type, catch
722 # the exception and don't pass any argument
723 args = {}
724 try:
725 args['ssh_key_type'] = CONF.validation.ssh_key_type
726 except cfg.NoSuchOptError:
727 pass
728 return args
729
730 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]731 def resource_setup(cls):
732 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
733 # If validation is disabled in this cloud, we won't be able to
734 # start the webservers, so don't even boot them.
735 if not CONF.validation.run_validation:
736 return
737
738 # Create a keypair for the webservers
739 keypair_name = data_utils.rand_name('lb_member_keypair')
740 result = cls.lb_mem_keypairs_client.create_keypair(
741 name=keypair_name)
742 cls.lb_member_keypair = result['keypair']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]743 LOG.info('lb_member_keypair: %s', cls.lb_member_keypair)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]744 cls.addClassResourceCleanup(
745 waiters.wait_for_not_found,
746 cls.lb_mem_keypairs_client.delete_keypair,
747 cls.lb_mem_keypairs_client.show_keypair,
748 keypair_name)
749
750 if (CONF.load_balancer.enable_security_groups and
751 CONF.network_feature_enabled.port_security):
752 # Set up the security group for the webservers
753 SG_name = data_utils.rand_name('lb_member_SG')
754 cls.lb_member_sec_group = (
755 cls.lb_mem_SG_client.create_security_group(
756 name=SG_name)['security_group'])
757 cls.addClassResourceCleanup(
758 waiters.wait_for_not_found,
759 cls.lb_mem_SG_client.delete_security_group,
760 cls.lb_mem_SG_client.show_security_group,
761 cls.lb_member_sec_group['id'])
762
763 # Create a security group rule to allow 80-81 (test webservers)
764 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
765 direction='ingress',
766 security_group_id=cls.lb_member_sec_group['id'],
767 protocol='tcp',
768 ethertype='IPv4',
769 port_range_min=80,
770 port_range_max=81)['security_group_rule']
771 cls.addClassResourceCleanup(
772 waiters.wait_for_not_found,
773 cls.lb_mem_SGr_client.delete_security_group_rule,
774 cls.lb_mem_SGr_client.show_security_group_rule,
775 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]776 # Create a security group rule to allow UDP 80-81 (test webservers)
777 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
778 direction='ingress',
779 security_group_id=cls.lb_member_sec_group['id'],
780 protocol='udp',
781 ethertype='IPv4',
782 port_range_min=80,
783 port_range_max=81)['security_group_rule']
784 cls.addClassResourceCleanup(
785 waiters.wait_for_not_found,
786 cls.lb_mem_SGr_client.delete_security_group_rule,
787 cls.lb_mem_SGr_client.show_security_group_rule,
788 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]789 # Create a security group rule to allow 443 (test webservers)
790 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
791 direction='ingress',
792 security_group_id=cls.lb_member_sec_group['id'],
793 protocol='tcp',
794 ethertype='IPv4',
795 port_range_min=443,
796 port_range_max=443)['security_group_rule']
797 cls.addClassResourceCleanup(
798 waiters.wait_for_not_found,
799 cls.lb_mem_SGr_client.delete_security_group_rule,
800 cls.lb_mem_SGr_client.show_security_group_rule,
801 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]802 # Create a security group rule to allow 9443 (test webservers)
803 # Used in the pool backend encryption client authentication tests
804 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
805 direction='ingress',
806 security_group_id=cls.lb_member_sec_group['id'],
807 protocol='tcp',
808 ethertype='IPv4',
809 port_range_min=9443,
810 port_range_max=9443)['security_group_rule']
811 cls.addClassResourceCleanup(
812 waiters.wait_for_not_found,
813 cls.lb_mem_SGr_client.delete_security_group_rule,
814 cls.lb_mem_SGr_client.show_security_group_rule,
815 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]816 # Create a security group rule to allow UDP 9999 (test webservers)
817 # Port 9999 is used to illustrate health monitor ERRORs on closed
818 # ports.
819 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
820 direction='ingress',
821 security_group_id=cls.lb_member_sec_group['id'],
822 protocol='udp',
823 ethertype='IPv4',
824 port_range_min=9999,
825 port_range_max=9999)['security_group_rule']
826 cls.addClassResourceCleanup(
827 waiters.wait_for_not_found,
828 cls.lb_mem_SGr_client.delete_security_group_rule,
829 cls.lb_mem_SGr_client.show_security_group_rule,
830 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]831 # Create a security group rule to allow 22 (ssh)
832 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
833 direction='ingress',
834 security_group_id=cls.lb_member_sec_group['id'],
835 protocol='tcp',
836 ethertype='IPv4',
837 port_range_min=22,
838 port_range_max=22)['security_group_rule']
839 cls.addClassResourceCleanup(
840 waiters.wait_for_not_found,
841 cls.lb_mem_SGr_client.delete_security_group_rule,
842 cls.lb_mem_SGr_client.show_security_group_rule,
843 SGr['id'])
844 if CONF.load_balancer.test_with_ipv6:
845 # Create a security group rule to allow 80-81 (test webservers)
846 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
847 direction='ingress',
848 security_group_id=cls.lb_member_sec_group['id'],
849 protocol='tcp',
850 ethertype='IPv6',
851 port_range_min=80,
852 port_range_max=81)['security_group_rule']
853 cls.addClassResourceCleanup(
854 waiters.wait_for_not_found,
855 cls.lb_mem_SGr_client.delete_security_group_rule,
856 cls.lb_mem_SGr_client.show_security_group_rule,
857 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]858 # Create a security group rule to allow UDP 80-81 (test
859 # webservers)
860 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
861 direction='ingress',
862 security_group_id=cls.lb_member_sec_group['id'],
863 protocol='udp',
864 ethertype='IPv6',
865 port_range_min=80,
866 port_range_max=81)['security_group_rule']
867 cls.addClassResourceCleanup(
868 waiters.wait_for_not_found,
869 cls.lb_mem_SGr_client.delete_security_group_rule,
870 cls.lb_mem_SGr_client.show_security_group_rule,
871 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]872 # Create a security group rule to allow 443 (test webservers)
873 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
874 direction='ingress',
875 security_group_id=cls.lb_member_sec_group['id'],
876 protocol='tcp',
877 ethertype='IPv6',
878 port_range_min=443,
879 port_range_max=443)['security_group_rule']
880 cls.addClassResourceCleanup(
881 waiters.wait_for_not_found,
882 cls.lb_mem_SGr_client.delete_security_group_rule,
883 cls.lb_mem_SGr_client.show_security_group_rule,
884 SGr['id'])
Michael Johnson031ecca2020-10-29 16:45:32 -0700[diff] [blame]885 # Create a security group rule to allow 9443 (test webservers)
886 # Used in the pool encryption client authentication tests
887 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
888 direction='ingress',
889 security_group_id=cls.lb_member_sec_group['id'],
890 protocol='tcp',
891 ethertype='IPv6',
892 port_range_min=9443,
893 port_range_max=9443)['security_group_rule']
894 cls.addClassResourceCleanup(
895 waiters.wait_for_not_found,
896 cls.lb_mem_SGr_client.delete_security_group_rule,
897 cls.lb_mem_SGr_client.show_security_group_rule,
898 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]899 # Create a security group rule to allow 22 (ssh)
900 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
901 direction='ingress',
902 security_group_id=cls.lb_member_sec_group['id'],
903 protocol='tcp',
904 ethertype='IPv6',
905 port_range_min=22,
906 port_range_max=22)['security_group_rule']
907 cls.addClassResourceCleanup(
908 waiters.wait_for_not_found,
909 cls.lb_mem_SGr_client.delete_security_group_rule,
910 cls.lb_mem_SGr_client.show_security_group_rule,
911 SGr['id'])
912
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]913 LOG.info('lb_member_sec_group: %s', cls.lb_member_sec_group)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]914
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]915 # Setup backend member reencryption PKI
916 cls._create_backend_reencryption_pki()
917
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]918 # Create webserver 1 instance
919 server_details = cls._create_webserver('lb_member_webserver1',
920 cls.lb_member_1_net)
921
922 cls.lb_member_webserver1 = server_details['server']
923 cls.webserver1_ip = server_details.get('ipv4_address')
924 cls.webserver1_ipv6 = server_details.get('ipv6_address')
925 cls.webserver1_public_ip = server_details['public_ipv4_address']
926
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]927 LOG.debug('Octavia Setup: lb_member_webserver1 = %s',
928 cls.lb_member_webserver1[const.ID])
929 LOG.debug('Octavia Setup: webserver1_ip = %s', cls.webserver1_ip)
930 LOG.debug('Octavia Setup: webserver1_ipv6 = %s', cls.webserver1_ipv6)
931 LOG.debug('Octavia Setup: webserver1_public_ip = %s',
932 cls.webserver1_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]933
934 # Create webserver 2 instance
935 server_details = cls._create_webserver('lb_member_webserver2',
936 cls.lb_member_2_net)
937
938 cls.lb_member_webserver2 = server_details['server']
939 cls.webserver2_ip = server_details.get('ipv4_address')
940 cls.webserver2_ipv6 = server_details.get('ipv6_address')
941 cls.webserver2_public_ip = server_details['public_ipv4_address']
942
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]943 LOG.debug('Octavia Setup: lb_member_webserver2 = %s',
944 cls.lb_member_webserver2[const.ID])
945 LOG.debug('Octavia Setup: webserver2_ip = %s', cls.webserver2_ip)
946 LOG.debug('Octavia Setup: webserver2_ipv6 = %s', cls.webserver2_ipv6)
947 LOG.debug('Octavia Setup: webserver2_public_ip = %s',
948 cls.webserver2_public_ip)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]949
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]950 if CONF.load_balancer.test_with_ipv6:
951 # Enable the IPv6 nic in webserver 1
952 cls._enable_ipv6_nic_webserver(
953 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
954 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
955
956 # Enable the IPv6 nic in webserver 2
957 cls._enable_ipv6_nic_webserver(
958 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
959 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
960
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]961 # Set up serving on webserver 1
962 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]963 cls.lb_member_keypair['private_key'],
964 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]965
966 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]967 cls._validate_webserver(cls.webserver1_public_ip,
968 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]969
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]970 # Validate udp server 1
971 cls._validate_udp_server(cls.webserver1_public_ip,
972 cls.webserver1_response)
973
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]974 # Set up serving on webserver 2
975 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]976 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]977 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]978
979 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]980 cls._validate_webserver(cls.webserver2_public_ip,
981 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]982
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]983 # Validate udp server 2
984 cls._validate_udp_server(cls.webserver2_public_ip,
985 cls.webserver2_response)
986
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]987 @classmethod
988 def _create_networks(cls):
989 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]990 # Create a router for the subnets (required for the floating IP)
991 router_name = data_utils.rand_name("lb_member_router")
992 result = cls.lb_mem_routers_client.create_router(
993 name=router_name, admin_state_up=True,
994 external_gateway_info=dict(
995 network_id=CONF.network.public_network_id))
996 cls.lb_member_router = result['router']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]997 LOG.info('lb_member_router: %s', cls.lb_member_router)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]998 cls.addClassResourceCleanup(
999 waiters.wait_for_not_found,
1000 cls.lb_mem_routers_client.delete_router,
1001 cls.lb_mem_routers_client.show_router,
1002 cls.lb_member_router['id'])
1003
1004 # Add VIP subnet to router
1005 cls.lb_mem_routers_client.add_router_interface(
1006 cls.lb_member_router['id'],
1007 subnet_id=cls.lb_member_vip_subnet['id'])
1008 cls.addClassResourceCleanup(
1009 waiters.wait_for_not_found,
1010 cls.lb_mem_routers_client.remove_router_interface,
1011 cls.lb_mem_routers_client.remove_router_interface,
1012 cls.lb_member_router['id'],
1013 subnet_id=cls.lb_member_vip_subnet['id'])
1014
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]1015 if (CONF.load_balancer.test_with_ipv6 and
1016 CONF.load_balancer.default_router and
1017 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
1018
1019 router_name = CONF.load_balancer.default_router
1020 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
1021 # plug the subnet into the default router
1022 router = cls.os_admin.routers_client.list_routers(
1023 name=router_name)['routers']
1024
1025 if len(router) == 1:
1026 router = router[0]
1027
1028 # Add IPv6 VIP subnet to router1
1029 cls.os_admin_routers_client.add_router_interface(
1030 router['id'],
1031 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1032 cls.addClassResourceCleanup(
1033 waiters.wait_for_not_found,
1034 cls.os_admin_routers_client.remove_router_interface,
1035 cls.os_admin_routers_client.remove_router_interface,
1036 router['id'],
1037 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
1038
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1039 # Add member subnet 1 to router
1040 cls.lb_mem_routers_client.add_router_interface(
1041 cls.lb_member_router['id'],
1042 subnet_id=cls.lb_member_1_subnet['id'])
1043 cls.addClassResourceCleanup(
1044 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1045 cls.lb_mem_routers_client.remove_router_interface,
1046 cls.lb_mem_routers_client.remove_router_interface,
1047 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
1048
1049 # Add member subnet 2 to router
1050 cls.lb_mem_routers_client.add_router_interface(
1051 cls.lb_member_router['id'],
1052 subnet_id=cls.lb_member_2_subnet['id'])
1053 cls.addClassResourceCleanup(
1054 waiters.wait_for_not_found,
1055 cls.lb_mem_routers_client.remove_router_interface,
1056 cls.lb_mem_routers_client.remove_router_interface,
1057 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
1058
1059 @classmethod
1060 def _create_webserver(cls, name, network):
1061 """Creates a webserver with two ports.
1062
1063 webserver_details dictionary contains:
1064 server - The compute server object
1065 ipv4_address - The IPv4 address for the server (optional)
1066 ipv6_address - The IPv6 address for the server (optional)
1067 public_ipv4_address - The publicly accessible IPv4 address for the
1068 server, this may be a floating IP (optional)
1069
1070 :param name: The name of the server to create.
1071 :param network: The network to boot the server on.
1072 :returns: webserver_details dictionary.
1073 """
1074 server_kwargs = {
1075 'name': data_utils.rand_name(name),
1076 'flavorRef': CONF.compute.flavor_ref,
1077 'imageRef': CONF.compute.image_ref,
1078 'key_name': cls.lb_member_keypair['name']}
1079 if (CONF.load_balancer.enable_security_groups and
1080 CONF.network_feature_enabled.port_security):
1081 server_kwargs['security_groups'] = [
1082 {'name': cls.lb_member_sec_group['name']}]
1083 if not CONF.load_balancer.disable_boot_network:
1084 server_kwargs['networks'] = [{'uuid': network['id']}]
1085
1086 # Replace the name for clouds that have limitations
1087 if CONF.load_balancer.random_server_name_length:
1088 r = random.SystemRandom()
1089 server_kwargs['name'] = "m{}".format("".join(
1090 [r.choice(string.ascii_uppercase + string.digits)
1091 for _ in range(
1092 CONF.load_balancer.random_server_name_length - 1)]
1093 ))
1094 if CONF.load_balancer.availability_zone:
1095 server_kwargs['availability_zone'] = (
1096 CONF.load_balancer.availability_zone)
1097
1098 server = cls.lb_mem_servers_client.create_server(
1099 **server_kwargs)['server']
1100 cls.addClassResourceCleanup(
1101 waiters.wait_for_not_found,
1102 cls.lb_mem_servers_client.delete_server,
1103 cls.lb_mem_servers_client.show_server,
1104 server['id'])
1105 server = waiters.wait_for_status(
1106 cls.lb_mem_servers_client.show_server,
1107 server['id'], 'status', 'ACTIVE',
1108 CONF.load_balancer.build_interval,
1109 CONF.load_balancer.build_timeout,
1110 root_tag='server')
1111 webserver_details = {'server': server}
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1112 LOG.info('Created server: %s', server)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1113
1114 addresses = server['addresses']
1115 if CONF.load_balancer.disable_boot_network:
1116 instance_network = addresses.values()[0]
1117 else:
1118 instance_network = addresses[network['name']]
1119 for addr in instance_network:
1120 if addr['version'] == 4:
1121 webserver_details['ipv4_address'] = addr['addr']
1122 if addr['version'] == 6:
1123 webserver_details['ipv6_address'] = addr['addr']
1124
1125 if CONF.validation.connect_method == 'floating':
1126 result = cls.lb_mem_ports_client.list_ports(
1127 network_id=network['id'],
1128 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1129 port_id = result['ports'][0]['id']
1130 result = cls.lb_mem_float_ip_client.create_floatingip(
1131 floating_network_id=CONF.network.public_network_id,
1132 port_id=port_id)
1133 floating_ip = result['floatingip']
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1134 LOG.info('webserver1_floating_ip: %s', floating_ip)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1135 cls.addClassResourceCleanup(
1136 waiters.wait_for_not_found,
1137 cls.lb_mem_float_ip_client.delete_floatingip,
1138 cls.lb_mem_float_ip_client.show_floatingip,
1139 floatingip_id=floating_ip['id'])
1140 webserver_details['public_ipv4_address'] = (
1141 floating_ip['floating_ip_address'])
1142 else:
1143 webserver_details['public_ipv4_address'] = (
1144 instance_network[0]['addr'])
1145
1146 return webserver_details
1147
1148 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1149 def _get_openssh_version(cls):
1150 p = subprocess.Popen(["ssh", "-V"],
1151 stdout=subprocess.PIPE,
1152 stderr=subprocess.PIPE)
1153 output = p.communicate()[1]
1154
1155 try:
1156 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1157 version_maj = int(m.group(1))
1158 version_min = int(m.group(2))
1159 return version_maj, version_min
1160 except Exception:
1161 return None, None
1162
1163 @classmethod
1164 def _need_scp_protocol(cls):
1165 # When using scp >= 8.7, force the use of the SCP protocol,
1166 # the new default (SFTP protocol) doesn't work with
1167 # cirros VMs.
1168 ssh_version = cls._get_openssh_version()
Michael Johnson77b8bae2024-11-08 01:39:29 +0000[diff] [blame]1169 LOG.debug("ssh_version = %s", ssh_version)
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1170 return (ssh_version[0] > 8 or
1171 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1172
1173 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1174 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1175 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1176 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1177
1178 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1179 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1180 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1181 linux_client.validate_authentication()
1182
1183 with tempfile.NamedTemporaryFile() as key:
1184 key.write(ssh_key.encode('utf-8'))
1185 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1186 ssh_extra_args = (
1187 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1188 if cls._need_scp_protocol():
1189 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1190 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1191 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1192 "-o StrictHostKeyChecking=no "
1193 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1194 "-i {2} {3} {4}@{5}:{6}").format(
1195 CONF.load_balancer.scp_connection_timeout,
1196 CONF.load_balancer.scp_connection_attempts,
1197 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1198 ip_address, const.TEST_SERVER_BINARY,
1199 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1200 args = shlex.split(cmd)
1201 subprocess_args = {'stdout': subprocess.PIPE,
1202 'stderr': subprocess.STDOUT,
1203 'cwd': None}
1204 proc = subprocess.Popen(args, **subprocess_args)
1205 stdout, stderr = proc.communicate()
1206 if proc.returncode != 0:
1207 raise exceptions.CommandFailed(proc.returncode, cmd,
1208 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1209
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1210 cls._load_member_pki_content(ip_address, key,
1211 revoke_cert=revoke_cert)
1212
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1213 # Enabling memory overcommit allows to run golang static binaries
1214 # compiled with a recent golang toolchain (>=1.11). Those binaries
1215 # allocate a large amount of virtual memory at init time, and this
1216 # allocation fails in tempest's nano flavor (64MB of RAM)
1217 # (golang issue reported in https://github.com/golang/go/issues/28114,
1218 # follow-up: https://github.com/golang/go/issues/28081)
1219 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1220 linux_client.exec_command('sudo sh -c "echo 1 > '
1221 '/proc/sys/vm/overcommit_memory"')
1222
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1223 # The initial process also supports HTTPS and HTTPS with client auth
1224 linux_client.exec_command(
1225 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1226 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1227 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1228 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1229
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1230 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1231 '-id {1}'.format(const.TEST_SERVER_BINARY,
1232 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1233
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1234 # Cirros does not configure the assigned IPv6 address by default
1235 # so enable it manually like tempest does here:
1236 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1237 @classmethod
1238 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1239 ipv6_address, ipv6_prefix):
1240 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1241 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1242 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1243 linux_client.validate_authentication()
1244
1245 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1246 'eth0'.format(ipv6_address, ipv6_prefix))
1247
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1248 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1249 def _validate_webserver(cls, ip_address, start_id):
1250 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1251 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1252 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1253 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1254
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1255 @classmethod
1256 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1257 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1258 if res != str(start_id):
1259 raise Exception("Response from test server doesn't match the "
1260 "expected value ({0} != {1}).".format(
1261 res, str(start_id)))
1262
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1263 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1264 if res != str(start_id + 1):
1265 raise Exception("Response from test server doesn't match the "
1266 "expected value ({0} != {1}).".format(
1267 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1268
1269 @classmethod
1270 def _create_backend_reencryption_pki(cls):
1271 # Create a CA self-signed cert and key for the member test servers
1272 cls.member_ca_cert, cls.member_ca_key = (
1273 cert_utils.generate_ca_cert_and_key())
1274
1275 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1276 serialization.Encoding.PEM))
1277 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1278 encoding=serialization.Encoding.PEM,
1279 format=serialization.PrivateFormat.TraditionalOpenSSL,
1280 encryption_algorithm=serialization.NoEncryption()))
1281 LOG.debug('Member CA public Key: %s',
1282 cls.member_ca_key.public_key().public_bytes(
1283 encoding=serialization.Encoding.PEM,
1284 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1285
1286 # Create the member client authentication CA
1287 cls.member_client_ca_cert, member_client_ca_key = (
1288 cert_utils.generate_ca_cert_and_key())
1289
1290 # Create client cert and key
1291 cls.member_client_cn = uuidutils.generate_uuid()
1292 cls.member_client_cert, cls.member_client_key = (
1293 cert_utils.generate_client_cert_and_key(
1294 cls.member_client_ca_cert, member_client_ca_key,
1295 cls.member_client_cn))
1296 # Note: We are not revoking a client cert here as we don't need to
1297 # test the backend web server CRL checking.
1298
1299 @classmethod
1300 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1301 # Create webserver certificate and key
1302 cert, key = cert_utils.generate_server_cert_and_key(
1303 cls.member_ca_cert, cls.member_ca_key, ip_address)
1304
1305 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1306 serialization.Encoding.PEM))
1307 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1308 encoding=serialization.Encoding.PEM,
1309 format=serialization.PrivateFormat.TraditionalOpenSSL,
1310 encryption_algorithm=serialization.NoEncryption()))
1311 public_key = key.public_key()
1312 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1313 encoding=serialization.Encoding.PEM,
1314 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1315
1316 # Create a CRL with a revoked certificate
1317 if revoke_cert:
1318 # Create a CRL with webserver 2 revoked
1319 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1320 cls.member_ca_cert, cls.member_ca_key, cert)
1321
1322 # Load the certificate, key, and client CA certificate into the
1323 # test server.
1324 with tempfile.TemporaryDirectory() as tmpdir:
1325 os.umask(0)
1326 files_to_send = []
1327 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1328 files_to_send.append(cert_filename)
1329 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1330 0o700), 'w') as fh:
1331 fh.write(cert.public_bytes(
1332 serialization.Encoding.PEM).decode('utf-8'))
1333 fh.flush()
1334 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1335 files_to_send.append(key_filename)
1336 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1337 0o700), 'w') as fh:
1338 fh.write(key.private_bytes(
1339 encoding=serialization.Encoding.PEM,
1340 format=serialization.PrivateFormat.TraditionalOpenSSL,
1341 encryption_algorithm=serialization.NoEncryption()).decode(
1342 'utf-8'))
1343 fh.flush()
1344 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1345 files_to_send.append(client_ca_filename)
1346 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1347 0o700), 'w') as fh:
1348 fh.write(cls.member_client_ca_cert.public_bytes(
1349 serialization.Encoding.PEM).decode('utf-8'))
1350 fh.flush()
1351
1352 # For security, we don't want to use a shell that can glob
1353 # the file names, so iterate over them.
1354 subprocess_args = {'stdout': subprocess.PIPE,
1355 'stderr': subprocess.STDOUT,
1356 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1357 ssh_extra_args = (
1358 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1359 if cls._need_scp_protocol():
1360 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1361 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1362 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1363 "-o StrictHostKeyChecking=no "
1364 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1365 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1366 CONF.load_balancer.scp_connection_timeout,
1367 CONF.load_balancer.scp_connection_attempts,
1368 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1369 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1370 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1371 args = shlex.split(cmd)
1372 proc = subprocess.Popen(args, **subprocess_args)
1373 stdout, stderr = proc.communicate()
1374 if proc.returncode != 0:
1375 raise exceptions.CommandFailed(proc.returncode, cmd,
1376 stdout, stderr)