Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / a168ca4a501f062643cf1c65d79e3344fa2916f6 / . / octavia_tempest_plugin / tests / test_base.py
blob: 22db8863c89ea2a187cf1cbcf01d320574564703 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]18import re
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]20import string
21import subprocess
22import tempfile
23
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]24from cryptography.hazmat.primitives import serialization
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]25from oslo_config import cfg
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]26from oslo_log import log as logging
27from oslo_utils import uuidutils
28from tempest import config
29from tempest.lib.common.utils import data_utils
30from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]31from tempest.lib import exceptions
32from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]33import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]35from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]37from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]38from octavia_tempest_plugin.tests import validators
39from octavia_tempest_plugin.tests import waiters
40
41CONF = config.CONF
42LOG = logging.getLogger(__name__)
43
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]44
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]45class LoadBalancerBaseTest(validators.ValidatorsMixin,
46 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]47 """Base class for load balancer tests."""
48
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]49 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
50 credentials = [
51 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
52 ['lb_member', CONF.load_balancer.member_role],
53 ['lb_member2', CONF.load_balancer.member_role]]
54 elif CONF.load_balancer.enforce_new_defaults:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]55 credentials = [
56 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
57 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
58 ['lb_global_observer', CONF.load_balancer.global_observer_role,
59 'reader'],
60 ['lb_member', CONF.load_balancer.member_role, 'member'],
61 ['lb_member2', CONF.load_balancer.member_role, 'member'],
62 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
63 else:
64 credentials = [
65 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
66 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
67 ['lb_global_observer', CONF.load_balancer.global_observer_role,
68 'reader'],
69 ['lb_member', CONF.load_balancer.member_role],
70 ['lb_member2', CONF.load_balancer.member_role]]
71
72 # If scope enforcement is enabled, add in the system scope credentials.
73 # The project scope is already handled by the above credentials.
74 if CONF.enforce_scope.octavia:
75 credentials.extend(['system_admin', 'system_reader'])
76
77 # A tuple of credentials that will be allocated by tempest using the
78 # 'credentials' list above. These are used to build RBAC test lists.
79 allocated_creds = []
80 for cred in credentials:
81 if isinstance(cred, list):
82 allocated_creds.append('os_roles_' + cred[0])
83 else:
84 allocated_creds.append('os_' + cred)
85 # Tests shall not mess with the list of allocated credentials
86 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]87
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]88 webserver1_response = 1
89 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]90 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]91
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]92 SRC_PORT_NUMBER_MIN = 32768
93 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]94 src_port_number = SRC_PORT_NUMBER_MIN
95
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]96 @classmethod
97 def skip_checks(cls):
98 """Check if we should skip all of the children tests."""
99 super(LoadBalancerBaseTest, cls).skip_checks()
100
101 service_list = {
102 'load_balancer': CONF.service_available.load_balancer,
103 }
104
105 live_service_list = {
106 'compute': CONF.service_available.nova,
107 'image': CONF.service_available.glance,
108 'neutron': CONF.service_available.neutron
109 }
110
111 if not CONF.load_balancer.test_with_noop:
112 service_list.update(live_service_list)
113
114 for service, available in service_list.items():
115 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]116 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]117 "available.".format(cls.__name__, service))
118 raise cls.skipException(skip_msg)
119
120 # We must be able to reach our VIP and instances
121 if not (CONF.network.project_networks_reachable
122 or CONF.network.public_network_id):
123 msg = ('Either project_networks_reachable must be "true", or '
124 'public_network_id must be defined.')
125 raise cls.skipException(msg)
126
127 @classmethod
128 def setup_credentials(cls):
129 """Setup test credentials and network resources."""
130 # Do not auto create network resources
131 cls.set_network_resources()
132 super(LoadBalancerBaseTest, cls).setup_credentials()
133
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]134 # Log the user roles for this test run
135 role_name_cache = {}
136 for cred in cls.credentials:
137 user_roles = []
138 if isinstance(cred, list):
139 user_name = cred[0]
140 cred_obj = getattr(cls, 'os_roles_' + cred[0])
141 else:
142 user_name = cred
143 cred_obj = getattr(cls, 'os_' + cred)
144 params = {'user.id': cred_obj.credentials.user_id,
145 'project.id': cred_obj.credentials.project_id}
146 roles = cls.os_admin.role_assignments_client.list_role_assignments(
147 **params)['role_assignments']
148 for role in roles:
149 role_id = role['role']['id']
150 try:
151 role_name = role_name_cache[role_id]
152 except KeyError:
153 role_name = cls.os_admin.roles_v3_client.show_role(
154 role_id)['role']['name']
155 role_name_cache[role_id] = role_name
156 user_roles.append([role_name, role['scope']])
157 LOG.info("User %s has roles: %s", user_name, user_roles)
158
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]159 @classmethod
160 def setup_clients(cls):
161 """Setup client aliases."""
162 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]163 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]164 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
165 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
166 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
167 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
168 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
169 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
170 cls.lb_mem_SGr_client = (
171 cls.os_roles_lb_member.security_group_rules_client)
172 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
173 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]174 cls.mem_lb_client = (
175 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
176 cls.mem_listener_client = (
177 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
178 cls.mem_pool_client = (
179 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
180 cls.mem_member_client = (
181 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]182 cls.mem_healthmonitor_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]183 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
184 cls.mem_l7policy_client = (
185 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
186 cls.mem_l7rule_client = (
187 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
188 cls.lb_admin_amphora_client = lb_admin_prefix.AmphoraClient()
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]189 cls.lb_admin_flavor_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]190 lb_admin_prefix.FlavorProfileClient())
191 cls.lb_admin_flavor_client = lb_admin_prefix.FlavorClient()
192 cls.mem_flavor_client = (
193 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
194 cls.mem_provider_client = (
195 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]196 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]197 cls.os_admin_routers_client = cls.os_admin.routers_client
198 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]199 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]200 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]201 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]202 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]203 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]204 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]205 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]206 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]207 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]208 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]209
210 @classmethod
211 def resource_setup(cls):
212 """Setup resources needed by the tests."""
213 super(LoadBalancerBaseTest, cls).resource_setup()
214
215 conf_lb = CONF.load_balancer
216
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]217 cls.api_version = cls.mem_lb_client.get_max_api_version()
218
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]219 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
220 raise exceptions.InvalidConfiguration(
221 "Configuration value test_network_override must be "
222 "specified if test_subnet_override is used.")
223
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]224 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]225 # Get loadbalancing algorithms supported by provider driver.
226 try:
227 algorithms = const.SUPPORTED_LB_ALGORITHMS[
228 CONF.load_balancer.provider]
229 except KeyError:
230 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
231 # Set default algorithm as first from the list.
232 cls.lb_algorithm = algorithms[0]
233
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]234 show_subnet = cls.lb_mem_subnet_client.show_subnet
235 if CONF.load_balancer.test_with_noop:
236 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
237 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
238 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
239 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
240 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
241 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
242 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]243 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]244 cls.lb_member_vip_ipv6_subnet = {'id':
245 uuidutils.generate_uuid()}
246 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
247 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]248 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]249 return
250 elif CONF.load_balancer.test_network_override:
251 if conf_lb.test_subnet_override:
252 override_subnet = show_subnet(conf_lb.test_subnet_override)
253 else:
254 override_subnet = None
255
256 show_net = cls.lb_mem_net_client.show_network
257 override_network = show_net(conf_lb.test_network_override)
258 override_network = override_network.get('network')
259
260 cls.lb_member_vip_net = override_network
261 cls.lb_member_vip_subnet = override_subnet
262 cls.lb_member_1_net = override_network
263 cls.lb_member_1_subnet = override_subnet
264 cls.lb_member_2_net = override_network
265 cls.lb_member_2_subnet = override_subnet
266
267 if (CONF.load_balancer.test_with_ipv6 and
268 conf_lb.test_IPv6_subnet_override):
269 override_ipv6_subnet = show_subnet(
270 conf_lb.test_IPv6_subnet_override)
271 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
272 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
273 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]274 cls.lb_member_vip_ipv6_subnet_stateful = False
275 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
276 'dhcpv6-stateful'):
277 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]278 else:
279 cls.lb_member_vip_ipv6_subnet = None
280 cls.lb_member_1_ipv6_subnet = None
281 cls.lb_member_2_ipv6_subnet = None
282 else:
283 cls._create_networks()
284
285 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
286 cls.lb_member_vip_net[const.ID]))
287 if cls.lb_member_vip_subnet:
288 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
289 cls.lb_member_vip_subnet[const.ID]))
290 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
291 cls.lb_member_1_net[const.ID]))
292 if cls.lb_member_1_subnet:
293 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
294 cls.lb_member_1_subnet[const.ID]))
295 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
296 cls.lb_member_2_net[const.ID]))
297 if cls.lb_member_2_subnet:
298 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
299 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]300 if CONF.load_balancer.test_with_ipv6:
301 if cls.lb_member_vip_ipv6_subnet:
302 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
303 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
304 if cls.lb_member_1_ipv6_subnet:
305 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
306 cls.lb_member_1_ipv6_subnet[const.ID]))
307 if cls.lb_member_2_ipv6_subnet:
308 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
309 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]310
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]311 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]312 # Neutron can be slow to clean up ports from the subnets/networks.
313 # Retry this delete a few times if we get a "Conflict" error to give
314 # neutron time to fully cleanup the ports.
315 @tenacity.retry(
316 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
317 wait=tenacity.wait_incrementing(
Vasyl Saienkoa168ca42021-05-12 16:30:26 +0300[diff] [blame^]318 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
319 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]320 def _logging_delete_network(cls, net_id):
321 try:
322 cls.lb_mem_net_client.delete_network(net_id)
323 except Exception:
324 LOG.error('Unable to delete network {}. Active ports:'.format(
325 net_id))
326 LOG.error(cls.lb_mem_ports_client.list_ports())
327 raise
328
329 @classmethod
330 # Neutron can be slow to clean up ports from the subnets/networks.
331 # Retry this delete a few times if we get a "Conflict" error to give
332 # neutron time to fully cleanup the ports.
333 @tenacity.retry(
334 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
335 wait=tenacity.wait_incrementing(
Vasyl Saienkoa168ca42021-05-12 16:30:26 +0300[diff] [blame^]336 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
337 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]338 def _logging_delete_subnet(cls, subnet_id):
339 try:
340 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
341 except Exception:
342 LOG.error('Unable to delete subnet {}. Active ports:'.format(
343 subnet_id))
344 LOG.error(cls.lb_mem_ports_client.list_ports())
345 raise
346
347 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]348 def _create_networks(cls):
349 """Creates networks, subnets, and routers used in tests.
350
351 The following are expected to be defined and available to the tests:
352 cls.lb_member_vip_net
353 cls.lb_member_vip_subnet
354 cls.lb_member_vip_ipv6_subnet (optional)
355 cls.lb_member_1_net
356 cls.lb_member_1_subnet
357 cls.lb_member_1_ipv6_subnet (optional)
358 cls.lb_member_2_net
359 cls.lb_member_2_subnet
360 cls.lb_member_2_ipv6_subnet (optional)
361 """
362
363 # Create tenant VIP network
364 network_kwargs = {
365 'name': data_utils.rand_name("lb_member_vip_network")}
366 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]367 # Note: Allowed Address Pairs requires port security
368 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]369 result = cls.lb_mem_net_client.create_network(**network_kwargs)
370 cls.lb_member_vip_net = result['network']
371 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
372 cls.addClassResourceCleanup(
373 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]374 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]375 cls.lb_mem_net_client.show_network,
376 cls.lb_member_vip_net['id'])
377
378 # Create tenant VIP subnet
379 subnet_kwargs = {
380 'name': data_utils.rand_name("lb_member_vip_subnet"),
381 'network_id': cls.lb_member_vip_net['id'],
382 'cidr': CONF.load_balancer.vip_subnet_cidr,
383 'ip_version': 4}
384 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
385 cls.lb_member_vip_subnet = result['subnet']
386 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
387 cls.addClassResourceCleanup(
388 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]389 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]390 cls.lb_mem_subnet_client.show_subnet,
391 cls.lb_member_vip_subnet['id'])
392
393 # Create tenant VIP IPv6 subnet
394 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]395 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]396 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
397 subnet_kwargs = {
398 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
399 'network_id': cls.lb_member_vip_net['id'],
400 'ip_version': 6}
401
402 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
403 # the subnetpool's cidr is routable from the devstack node
404 # through the default router
405 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
406 if subnetpool_name:
407 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
408 name=subnetpool_name)['subnetpools']
409 if len(subnetpool) == 1:
410 subnetpool = subnetpool[0]
411 subnet_kwargs['subnetpool_id'] = subnetpool['id']
412 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
413
414 if 'subnetpool_id' not in subnet_kwargs:
415 subnet_kwargs['cidr'] = (
416 CONF.load_balancer.vip_ipv6_subnet_cidr)
417
418 result = cls.lb_mem_subnet_client.create_subnet(
419 **subnet_kwargs)
420 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
421 cls.lb_member_vip_ipv6_subnet = result['subnet']
422 cls.addClassResourceCleanup(
423 waiters.wait_for_not_found,
424 cls._logging_delete_subnet,
425 cls.lb_mem_subnet_client.show_subnet,
426 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]427
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]428 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
429 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]430
431 # Create tenant member 1 network
432 network_kwargs = {
433 'name': data_utils.rand_name("lb_member_1_network")}
434 if CONF.network_feature_enabled.port_security:
435 if CONF.load_balancer.enable_security_groups:
436 network_kwargs['port_security_enabled'] = True
437 else:
438 network_kwargs['port_security_enabled'] = False
439 result = cls.lb_mem_net_client.create_network(**network_kwargs)
440 cls.lb_member_1_net = result['network']
441 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
442 cls.addClassResourceCleanup(
443 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]444 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]445 cls.lb_mem_net_client.show_network,
446 cls.lb_member_1_net['id'])
447
448 # Create tenant member 1 subnet
449 subnet_kwargs = {
450 'name': data_utils.rand_name("lb_member_1_subnet"),
451 'network_id': cls.lb_member_1_net['id'],
452 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
453 'ip_version': 4}
454 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
455 cls.lb_member_1_subnet = result['subnet']
456 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
457 cls.addClassResourceCleanup(
458 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]459 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]460 cls.lb_mem_subnet_client.show_subnet,
461 cls.lb_member_1_subnet['id'])
462
463 # Create tenant member 1 ipv6 subnet
464 if CONF.load_balancer.test_with_ipv6:
465 subnet_kwargs = {
466 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
467 'network_id': cls.lb_member_1_net['id'],
468 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
469 'ip_version': 6}
470 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]471 cls.lb_member_1_subnet_prefix = (
472 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
473 )
474 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]475 cls.lb_member_1_ipv6_subnet = result['subnet']
476 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
477 cls.lb_member_1_ipv6_subnet))
478 cls.addClassResourceCleanup(
479 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]480 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]481 cls.lb_mem_subnet_client.show_subnet,
482 cls.lb_member_1_ipv6_subnet['id'])
483
484 # Create tenant member 2 network
485 network_kwargs = {
486 'name': data_utils.rand_name("lb_member_2_network")}
487 if CONF.network_feature_enabled.port_security:
488 if CONF.load_balancer.enable_security_groups:
489 network_kwargs['port_security_enabled'] = True
490 else:
491 network_kwargs['port_security_enabled'] = False
492 result = cls.lb_mem_net_client.create_network(**network_kwargs)
493 cls.lb_member_2_net = result['network']
494 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
495 cls.addClassResourceCleanup(
496 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]497 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]498 cls.lb_mem_net_client.show_network,
499 cls.lb_member_2_net['id'])
500
501 # Create tenant member 2 subnet
502 subnet_kwargs = {
503 'name': data_utils.rand_name("lb_member_2_subnet"),
504 'network_id': cls.lb_member_2_net['id'],
505 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
506 'ip_version': 4}
507 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
508 cls.lb_member_2_subnet = result['subnet']
509 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
510 cls.addClassResourceCleanup(
511 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]512 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]513 cls.lb_mem_subnet_client.show_subnet,
514 cls.lb_member_2_subnet['id'])
515
516 # Create tenant member 2 ipv6 subnet
517 if CONF.load_balancer.test_with_ipv6:
518 subnet_kwargs = {
519 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
520 'network_id': cls.lb_member_2_net['id'],
521 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
522 'ip_version': 6}
523 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]524 cls.lb_member_2_subnet_prefix = (
525 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
526 )
527 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]528 cls.lb_member_2_ipv6_subnet = result['subnet']
529 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
530 cls.lb_member_2_ipv6_subnet))
531 cls.addClassResourceCleanup(
532 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]533 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]534 cls.lb_mem_subnet_client.show_subnet,
535 cls.lb_member_2_ipv6_subnet['id'])
536
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]537 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]538 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
539 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]540 if not ip_version:
541 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]542 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]543 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]544 while ip_index in cls.used_ips:
545 ip_index = data_utils.rand_int_id(start=10, end=100)
546 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]547 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]548 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]549 if CONF.load_balancer.test_with_noop:
550 lb_vip_address = '198.18.33.33'
551 else:
552 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
553 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
554 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]555 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]556 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]557 if CONF.load_balancer.test_with_noop:
558 lb_vip_address = '2001:db8:33:33:33:33:33:33'
559 else:
560 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
561 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
562 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]563 # If the subnet is IPv6 slaac or dhcpv6-stateless
564 # neutron does not allow a fixed IP
565 if not cls.lb_member_vip_ipv6_subnet_stateful:
566 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]567 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]568 if use_fixed_ip:
569 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]570 if CONF.load_balancer.test_with_noop:
571 lb_kwargs[const.VIP_NETWORK_ID] = (
572 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]573 if ip_version == 6:
574 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]575 else:
576 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
577 lb_kwargs[const.VIP_SUBNET_ID] = None
578
ibumarskovcb804b12020-09-03 18:21:29 +0400[diff] [blame]579 @classmethod
580 def check_tf_compatibility(cls, protocol=None, algorithm=None):
581 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov3a252d22021-02-03 16:16:42 +0400[diff] [blame]582 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskovcb804b12020-09-03 18:21:29 +0400[diff] [blame]583 const.TERMINATED_HTTPS]
584 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
585 const.LB_ALGORITHM_LEAST_CONNECTIONS,
586 const.LB_ALGORITHM_SOURCE_IP]
587
588 if algorithm and algorithm not in tf_algorithms:
589 raise cls.skipException(
590 'TungstenFabric does not support {} algorithm.'
591 ''.format(algorithm))
592 if protocol and protocol not in tf_protocols:
593 raise cls.skipException(
594 'TungstenFabric does not support {} protocol.'
595 ''.format(protocol))
596
597 @classmethod
598 def _tf_create_listener(cls, name, proto, port, lb_id):
599 listener_kwargs = {
600 const.NAME: name,
601 const.PROTOCOL: proto,
602 const.PROTOCOL_PORT: port,
603 const.LOADBALANCER_ID: lb_id,
604 }
605 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
606 return listener
607
608 @classmethod
609 def _tf_get_free_port(cls, lb_id):
610 port = 8081
611 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
612 listeners = lb[const.LISTENERS]
613 if not listeners:
614 return port
615 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
616 const.PROTOCOL_PORT] for x in listeners]
617 while port in ports:
618 port = port + 1
619 return port
620
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]621
622class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
623 @classmethod
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]624 def remote_client_args(cls):
625 # In case we're using octavia-tempest-plugin with old tempest releases
626 # (for instance on stable/train) that don't support ssh_key_type, catch
627 # the exception and don't pass any argument
628 args = {}
629 try:
630 args['ssh_key_type'] = CONF.validation.ssh_key_type
631 except cfg.NoSuchOptError:
632 pass
633 return args
634
635 @classmethod
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]636 def resource_setup(cls):
637 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
638 # If validation is disabled in this cloud, we won't be able to
639 # start the webservers, so don't even boot them.
640 if not CONF.validation.run_validation:
641 return
642
643 # Create a keypair for the webservers
644 keypair_name = data_utils.rand_name('lb_member_keypair')
645 result = cls.lb_mem_keypairs_client.create_keypair(
646 name=keypair_name)
647 cls.lb_member_keypair = result['keypair']
648 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
649 cls.addClassResourceCleanup(
650 waiters.wait_for_not_found,
651 cls.lb_mem_keypairs_client.delete_keypair,
652 cls.lb_mem_keypairs_client.show_keypair,
653 keypair_name)
654
655 if (CONF.load_balancer.enable_security_groups and
656 CONF.network_feature_enabled.port_security):
657 # Set up the security group for the webservers
658 SG_name = data_utils.rand_name('lb_member_SG')
659 cls.lb_member_sec_group = (
660 cls.lb_mem_SG_client.create_security_group(
661 name=SG_name)['security_group'])
662 cls.addClassResourceCleanup(
663 waiters.wait_for_not_found,
664 cls.lb_mem_SG_client.delete_security_group,
665 cls.lb_mem_SG_client.show_security_group,
666 cls.lb_member_sec_group['id'])
667
668 # Create a security group rule to allow 80-81 (test webservers)
669 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
670 direction='ingress',
671 security_group_id=cls.lb_member_sec_group['id'],
672 protocol='tcp',
673 ethertype='IPv4',
674 port_range_min=80,
675 port_range_max=81)['security_group_rule']
676 cls.addClassResourceCleanup(
677 waiters.wait_for_not_found,
678 cls.lb_mem_SGr_client.delete_security_group_rule,
679 cls.lb_mem_SGr_client.show_security_group_rule,
680 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]681 # Create a security group rule to allow UDP 80-81 (test webservers)
682 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
683 direction='ingress',
684 security_group_id=cls.lb_member_sec_group['id'],
685 protocol='udp',
686 ethertype='IPv4',
687 port_range_min=80,
688 port_range_max=81)['security_group_rule']
689 cls.addClassResourceCleanup(
690 waiters.wait_for_not_found,
691 cls.lb_mem_SGr_client.delete_security_group_rule,
692 cls.lb_mem_SGr_client.show_security_group_rule,
693 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]694 # Create a security group rule to allow 443 (test webservers)
695 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
696 direction='ingress',
697 security_group_id=cls.lb_member_sec_group['id'],
698 protocol='tcp',
699 ethertype='IPv4',
700 port_range_min=443,
701 port_range_max=443)['security_group_rule']
702 cls.addClassResourceCleanup(
703 waiters.wait_for_not_found,
704 cls.lb_mem_SGr_client.delete_security_group_rule,
705 cls.lb_mem_SGr_client.show_security_group_rule,
706 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]707 # Create a security group rule to allow UDP 9999 (test webservers)
708 # Port 9999 is used to illustrate health monitor ERRORs on closed
709 # ports.
710 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
711 direction='ingress',
712 security_group_id=cls.lb_member_sec_group['id'],
713 protocol='udp',
714 ethertype='IPv4',
715 port_range_min=9999,
716 port_range_max=9999)['security_group_rule']
717 cls.addClassResourceCleanup(
718 waiters.wait_for_not_found,
719 cls.lb_mem_SGr_client.delete_security_group_rule,
720 cls.lb_mem_SGr_client.show_security_group_rule,
721 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]722 # Create a security group rule to allow 22 (ssh)
723 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
724 direction='ingress',
725 security_group_id=cls.lb_member_sec_group['id'],
726 protocol='tcp',
727 ethertype='IPv4',
728 port_range_min=22,
729 port_range_max=22)['security_group_rule']
730 cls.addClassResourceCleanup(
731 waiters.wait_for_not_found,
732 cls.lb_mem_SGr_client.delete_security_group_rule,
733 cls.lb_mem_SGr_client.show_security_group_rule,
734 SGr['id'])
735 if CONF.load_balancer.test_with_ipv6:
736 # Create a security group rule to allow 80-81 (test webservers)
737 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
738 direction='ingress',
739 security_group_id=cls.lb_member_sec_group['id'],
740 protocol='tcp',
741 ethertype='IPv6',
742 port_range_min=80,
743 port_range_max=81)['security_group_rule']
744 cls.addClassResourceCleanup(
745 waiters.wait_for_not_found,
746 cls.lb_mem_SGr_client.delete_security_group_rule,
747 cls.lb_mem_SGr_client.show_security_group_rule,
748 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]749 # Create a security group rule to allow UDP 80-81 (test
750 # webservers)
751 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
752 direction='ingress',
753 security_group_id=cls.lb_member_sec_group['id'],
754 protocol='udp',
755 ethertype='IPv6',
756 port_range_min=80,
757 port_range_max=81)['security_group_rule']
758 cls.addClassResourceCleanup(
759 waiters.wait_for_not_found,
760 cls.lb_mem_SGr_client.delete_security_group_rule,
761 cls.lb_mem_SGr_client.show_security_group_rule,
762 SGr['id'])
Michael Johnson74b6f2f2020-10-29 15:11:39 -0700[diff] [blame]763 # Create a security group rule to allow 443 (test webservers)
764 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
765 direction='ingress',
766 security_group_id=cls.lb_member_sec_group['id'],
767 protocol='tcp',
768 ethertype='IPv6',
769 port_range_min=443,
770 port_range_max=443)['security_group_rule']
771 cls.addClassResourceCleanup(
772 waiters.wait_for_not_found,
773 cls.lb_mem_SGr_client.delete_security_group_rule,
774 cls.lb_mem_SGr_client.show_security_group_rule,
775 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]776 # Create a security group rule to allow 22 (ssh)
777 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
778 direction='ingress',
779 security_group_id=cls.lb_member_sec_group['id'],
780 protocol='tcp',
781 ethertype='IPv6',
782 port_range_min=22,
783 port_range_max=22)['security_group_rule']
784 cls.addClassResourceCleanup(
785 waiters.wait_for_not_found,
786 cls.lb_mem_SGr_client.delete_security_group_rule,
787 cls.lb_mem_SGr_client.show_security_group_rule,
788 SGr['id'])
789
790 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
791
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]792 # Setup backend member reencryption PKI
793 cls._create_backend_reencryption_pki()
794
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]795 # Create webserver 1 instance
796 server_details = cls._create_webserver('lb_member_webserver1',
797 cls.lb_member_1_net)
798
799 cls.lb_member_webserver1 = server_details['server']
800 cls.webserver1_ip = server_details.get('ipv4_address')
801 cls.webserver1_ipv6 = server_details.get('ipv6_address')
802 cls.webserver1_public_ip = server_details['public_ipv4_address']
803
804 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
805 cls.lb_member_webserver1[const.ID]))
806 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
807 cls.webserver1_ip))
808 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
809 cls.webserver1_ipv6))
810 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
811 cls.webserver1_public_ip))
812
813 # Create webserver 2 instance
814 server_details = cls._create_webserver('lb_member_webserver2',
815 cls.lb_member_2_net)
816
817 cls.lb_member_webserver2 = server_details['server']
818 cls.webserver2_ip = server_details.get('ipv4_address')
819 cls.webserver2_ipv6 = server_details.get('ipv6_address')
820 cls.webserver2_public_ip = server_details['public_ipv4_address']
821
822 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
823 cls.lb_member_webserver2[const.ID]))
824 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
825 cls.webserver2_ip))
826 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
827 cls.webserver2_ipv6))
828 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
829 cls.webserver2_public_ip))
830
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]831 if CONF.load_balancer.test_with_ipv6:
832 # Enable the IPv6 nic in webserver 1
833 cls._enable_ipv6_nic_webserver(
834 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
835 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
836
837 # Enable the IPv6 nic in webserver 2
838 cls._enable_ipv6_nic_webserver(
839 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
840 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
841
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]842 # Set up serving on webserver 1
843 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]844 cls.lb_member_keypair['private_key'],
845 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]846
847 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]848 cls._validate_webserver(cls.webserver1_public_ip,
849 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]850
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]851 # Validate udp server 1
852 cls._validate_udp_server(cls.webserver1_public_ip,
853 cls.webserver1_response)
854
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]855 # Set up serving on webserver 2
856 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]857 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]858 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]859
860 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]861 cls._validate_webserver(cls.webserver2_public_ip,
862 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]863
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]864 # Validate udp server 2
865 cls._validate_udp_server(cls.webserver2_public_ip,
866 cls.webserver2_response)
867
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]868 @classmethod
869 def _create_networks(cls):
870 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]871 # Create a router for the subnets (required for the floating IP)
872 router_name = data_utils.rand_name("lb_member_router")
873 result = cls.lb_mem_routers_client.create_router(
874 name=router_name, admin_state_up=True,
875 external_gateway_info=dict(
876 network_id=CONF.network.public_network_id))
877 cls.lb_member_router = result['router']
878 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
879 cls.addClassResourceCleanup(
880 waiters.wait_for_not_found,
881 cls.lb_mem_routers_client.delete_router,
882 cls.lb_mem_routers_client.show_router,
883 cls.lb_member_router['id'])
884
885 # Add VIP subnet to router
886 cls.lb_mem_routers_client.add_router_interface(
887 cls.lb_member_router['id'],
888 subnet_id=cls.lb_member_vip_subnet['id'])
889 cls.addClassResourceCleanup(
890 waiters.wait_for_not_found,
891 cls.lb_mem_routers_client.remove_router_interface,
892 cls.lb_mem_routers_client.remove_router_interface,
893 cls.lb_member_router['id'],
894 subnet_id=cls.lb_member_vip_subnet['id'])
895
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]896 if (CONF.load_balancer.test_with_ipv6 and
897 CONF.load_balancer.default_router and
898 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
899
900 router_name = CONF.load_balancer.default_router
901 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
902 # plug the subnet into the default router
903 router = cls.os_admin.routers_client.list_routers(
904 name=router_name)['routers']
905
906 if len(router) == 1:
907 router = router[0]
908
909 # Add IPv6 VIP subnet to router1
910 cls.os_admin_routers_client.add_router_interface(
911 router['id'],
912 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
913 cls.addClassResourceCleanup(
914 waiters.wait_for_not_found,
915 cls.os_admin_routers_client.remove_router_interface,
916 cls.os_admin_routers_client.remove_router_interface,
917 router['id'],
918 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
919
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]920 # Add member subnet 1 to router
921 cls.lb_mem_routers_client.add_router_interface(
922 cls.lb_member_router['id'],
923 subnet_id=cls.lb_member_1_subnet['id'])
924 cls.addClassResourceCleanup(
925 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]926 cls.lb_mem_routers_client.remove_router_interface,
927 cls.lb_mem_routers_client.remove_router_interface,
928 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
929
930 # Add member subnet 2 to router
931 cls.lb_mem_routers_client.add_router_interface(
932 cls.lb_member_router['id'],
933 subnet_id=cls.lb_member_2_subnet['id'])
934 cls.addClassResourceCleanup(
935 waiters.wait_for_not_found,
936 cls.lb_mem_routers_client.remove_router_interface,
937 cls.lb_mem_routers_client.remove_router_interface,
938 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
939
940 @classmethod
941 def _create_webserver(cls, name, network):
942 """Creates a webserver with two ports.
943
944 webserver_details dictionary contains:
945 server - The compute server object
946 ipv4_address - The IPv4 address for the server (optional)
947 ipv6_address - The IPv6 address for the server (optional)
948 public_ipv4_address - The publicly accessible IPv4 address for the
949 server, this may be a floating IP (optional)
950
951 :param name: The name of the server to create.
952 :param network: The network to boot the server on.
953 :returns: webserver_details dictionary.
954 """
955 server_kwargs = {
956 'name': data_utils.rand_name(name),
957 'flavorRef': CONF.compute.flavor_ref,
958 'imageRef': CONF.compute.image_ref,
959 'key_name': cls.lb_member_keypair['name']}
960 if (CONF.load_balancer.enable_security_groups and
961 CONF.network_feature_enabled.port_security):
962 server_kwargs['security_groups'] = [
963 {'name': cls.lb_member_sec_group['name']}]
964 if not CONF.load_balancer.disable_boot_network:
965 server_kwargs['networks'] = [{'uuid': network['id']}]
966
967 # Replace the name for clouds that have limitations
968 if CONF.load_balancer.random_server_name_length:
969 r = random.SystemRandom()
970 server_kwargs['name'] = "m{}".format("".join(
971 [r.choice(string.ascii_uppercase + string.digits)
972 for _ in range(
973 CONF.load_balancer.random_server_name_length - 1)]
974 ))
975 if CONF.load_balancer.availability_zone:
976 server_kwargs['availability_zone'] = (
977 CONF.load_balancer.availability_zone)
978
979 server = cls.lb_mem_servers_client.create_server(
980 **server_kwargs)['server']
981 cls.addClassResourceCleanup(
982 waiters.wait_for_not_found,
983 cls.lb_mem_servers_client.delete_server,
984 cls.lb_mem_servers_client.show_server,
985 server['id'])
986 server = waiters.wait_for_status(
987 cls.lb_mem_servers_client.show_server,
988 server['id'], 'status', 'ACTIVE',
989 CONF.load_balancer.build_interval,
990 CONF.load_balancer.build_timeout,
991 root_tag='server')
992 webserver_details = {'server': server}
993 LOG.info('Created server: {}'.format(server))
994
995 addresses = server['addresses']
996 if CONF.load_balancer.disable_boot_network:
997 instance_network = addresses.values()[0]
998 else:
999 instance_network = addresses[network['name']]
1000 for addr in instance_network:
1001 if addr['version'] == 4:
1002 webserver_details['ipv4_address'] = addr['addr']
1003 if addr['version'] == 6:
1004 webserver_details['ipv6_address'] = addr['addr']
1005
1006 if CONF.validation.connect_method == 'floating':
1007 result = cls.lb_mem_ports_client.list_ports(
1008 network_id=network['id'],
1009 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
1010 port_id = result['ports'][0]['id']
1011 result = cls.lb_mem_float_ip_client.create_floatingip(
1012 floating_network_id=CONF.network.public_network_id,
1013 port_id=port_id)
1014 floating_ip = result['floatingip']
1015 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
1016 cls.addClassResourceCleanup(
1017 waiters.wait_for_not_found,
1018 cls.lb_mem_float_ip_client.delete_floatingip,
1019 cls.lb_mem_float_ip_client.show_floatingip,
1020 floatingip_id=floating_ip['id'])
1021 webserver_details['public_ipv4_address'] = (
1022 floating_ip['floating_ip_address'])
1023 else:
1024 webserver_details['public_ipv4_address'] = (
1025 instance_network[0]['addr'])
1026
1027 return webserver_details
1028
1029 @classmethod
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1030 def _get_openssh_version(cls):
1031 p = subprocess.Popen(["ssh", "-V"],
1032 stdout=subprocess.PIPE,
1033 stderr=subprocess.PIPE)
1034 output = p.communicate()[1]
1035
1036 try:
1037 m = re.match(r"OpenSSH_(\d+)\.(\d+)", output.decode('utf-8'))
1038 version_maj = int(m.group(1))
1039 version_min = int(m.group(2))
1040 return version_maj, version_min
1041 except Exception:
1042 return None, None
1043
1044 @classmethod
1045 def _need_scp_protocol(cls):
1046 # When using scp >= 8.7, force the use of the SCP protocol,
1047 # the new default (SFTP protocol) doesn't work with
1048 # cirros VMs.
1049 ssh_version = cls._get_openssh_version()
1050 LOG.debug("ssh_version = {}".format(ssh_version))
1051 return (ssh_version[0] > 8 or
1052 (ssh_version[0] == 8 and ssh_version[1] >= 7))
1053
1054 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1055 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
1056 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]1057 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1058
1059 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1060 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1061 **cls.remote_client_args())
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1062 linux_client.validate_authentication()
1063
1064 with tempfile.NamedTemporaryFile() as key:
1065 key.write(ssh_key.encode('utf-8'))
1066 key.flush()
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1067 ssh_extra_args = (
1068 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1069 if cls._need_scp_protocol():
1070 ssh_extra_args += " -O"
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1071 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1072 "{7} "
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1073 "-o StrictHostKeyChecking=no "
1074 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1075 "-i {2} {3} {4}@{5}:{6}").format(
1076 CONF.load_balancer.scp_connection_timeout,
1077 CONF.load_balancer.scp_connection_attempts,
1078 key.name, local_file, CONF.validation.image_ssh_user,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1079 ip_address, const.TEST_SERVER_BINARY,
1080 ssh_extra_args)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1081 args = shlex.split(cmd)
1082 subprocess_args = {'stdout': subprocess.PIPE,
1083 'stderr': subprocess.STDOUT,
1084 'cwd': None}
1085 proc = subprocess.Popen(args, **subprocess_args)
1086 stdout, stderr = proc.communicate()
1087 if proc.returncode != 0:
1088 raise exceptions.CommandFailed(proc.returncode, cmd,
1089 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1090
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1091 cls._load_member_pki_content(ip_address, key,
1092 revoke_cert=revoke_cert)
1093
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1094 # Enabling memory overcommit allows to run golang static binaries
1095 # compiled with a recent golang toolchain (>=1.11). Those binaries
1096 # allocate a large amount of virtual memory at init time, and this
1097 # allocation fails in tempest's nano flavor (64MB of RAM)
1098 # (golang issue reported in https://github.com/golang/go/issues/28114,
1099 # follow-up: https://github.com/golang/go/issues/28081)
1100 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1101 linux_client.exec_command('sudo sh -c "echo 1 > '
1102 '/proc/sys/vm/overcommit_memory"')
1103
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1104 # The initial process also supports HTTPS and HTTPS with client auth
1105 linux_client.exec_command(
1106 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1107 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1108 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1109 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1110
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1111 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1112 '-id {1}'.format(const.TEST_SERVER_BINARY,
1113 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1114
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1115 # Cirros does not configure the assigned IPv6 address by default
1116 # so enable it manually like tempest does here:
1117 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1118 @classmethod
1119 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1120 ipv6_address, ipv6_prefix):
1121 linux_client = remote_client.RemoteClient(
Ade Leed0ea4062021-09-06 15:33:27 -0400[diff] [blame]1122 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key,
Gregory Thiemongeb0da4f32022-02-04 08:58:06 +0100[diff] [blame]1123 **cls.remote_client_args())
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1124 linux_client.validate_authentication()
1125
1126 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1127 'eth0'.format(ipv6_address, ipv6_prefix))
1128
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1129 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1130 def _validate_webserver(cls, ip_address, start_id):
1131 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1132 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1133 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1134 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1135
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1136 @classmethod
1137 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1138 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1139 if res != str(start_id):
1140 raise Exception("Response from test server doesn't match the "
1141 "expected value ({0} != {1}).".format(
1142 res, str(start_id)))
1143
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1144 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1145 if res != str(start_id + 1):
1146 raise Exception("Response from test server doesn't match the "
1147 "expected value ({0} != {1}).".format(
1148 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1149
1150 @classmethod
1151 def _create_backend_reencryption_pki(cls):
1152 # Create a CA self-signed cert and key for the member test servers
1153 cls.member_ca_cert, cls.member_ca_key = (
1154 cert_utils.generate_ca_cert_and_key())
1155
1156 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1157 serialization.Encoding.PEM))
1158 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1159 encoding=serialization.Encoding.PEM,
1160 format=serialization.PrivateFormat.TraditionalOpenSSL,
1161 encryption_algorithm=serialization.NoEncryption()))
1162 LOG.debug('Member CA public Key: %s',
1163 cls.member_ca_key.public_key().public_bytes(
1164 encoding=serialization.Encoding.PEM,
1165 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1166
1167 # Create the member client authentication CA
1168 cls.member_client_ca_cert, member_client_ca_key = (
1169 cert_utils.generate_ca_cert_and_key())
1170
1171 # Create client cert and key
1172 cls.member_client_cn = uuidutils.generate_uuid()
1173 cls.member_client_cert, cls.member_client_key = (
1174 cert_utils.generate_client_cert_and_key(
1175 cls.member_client_ca_cert, member_client_ca_key,
1176 cls.member_client_cn))
1177 # Note: We are not revoking a client cert here as we don't need to
1178 # test the backend web server CRL checking.
1179
1180 @classmethod
1181 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1182 # Create webserver certificate and key
1183 cert, key = cert_utils.generate_server_cert_and_key(
1184 cls.member_ca_cert, cls.member_ca_key, ip_address)
1185
1186 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1187 serialization.Encoding.PEM))
1188 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1189 encoding=serialization.Encoding.PEM,
1190 format=serialization.PrivateFormat.TraditionalOpenSSL,
1191 encryption_algorithm=serialization.NoEncryption()))
1192 public_key = key.public_key()
1193 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1194 encoding=serialization.Encoding.PEM,
1195 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1196
1197 # Create a CRL with a revoked certificate
1198 if revoke_cert:
1199 # Create a CRL with webserver 2 revoked
1200 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1201 cls.member_ca_cert, cls.member_ca_key, cert)
1202
1203 # Load the certificate, key, and client CA certificate into the
1204 # test server.
1205 with tempfile.TemporaryDirectory() as tmpdir:
1206 os.umask(0)
1207 files_to_send = []
1208 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1209 files_to_send.append(cert_filename)
1210 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1211 0o700), 'w') as fh:
1212 fh.write(cert.public_bytes(
1213 serialization.Encoding.PEM).decode('utf-8'))
1214 fh.flush()
1215 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1216 files_to_send.append(key_filename)
1217 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1218 0o700), 'w') as fh:
1219 fh.write(key.private_bytes(
1220 encoding=serialization.Encoding.PEM,
1221 format=serialization.PrivateFormat.TraditionalOpenSSL,
1222 encryption_algorithm=serialization.NoEncryption()).decode(
1223 'utf-8'))
1224 fh.flush()
1225 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1226 files_to_send.append(client_ca_filename)
1227 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1228 0o700), 'w') as fh:
1229 fh.write(cls.member_client_ca_cert.public_bytes(
1230 serialization.Encoding.PEM).decode('utf-8'))
1231 fh.flush()
1232
1233 # For security, we don't want to use a shell that can glob
1234 # the file names, so iterate over them.
1235 subprocess_args = {'stdout': subprocess.PIPE,
1236 'stderr': subprocess.STDOUT,
1237 'cwd': None}
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1238 ssh_extra_args = (
1239 "-o PubkeyAcceptedKeyTypes=+ssh-rsa")
1240 if cls._need_scp_protocol():
1241 ssh_extra_args += " -O"
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1242 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1243 "{9} "
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1244 "-o StrictHostKeyChecking=no "
1245 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1246 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1247 CONF.load_balancer.scp_connection_timeout,
1248 CONF.load_balancer.scp_connection_attempts,
1249 ssh_key.name, cert_filename, key_filename, client_ca_filename,
Gregory Thiemongea2c234e2021-11-02 17:08:29 +0100[diff] [blame]1250 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH,
1251 ssh_extra_args)
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1252 args = shlex.split(cmd)
1253 proc = subprocess.Popen(args, **subprocess_args)
1254 stdout, stderr = proc.communicate()
1255 if proc.returncode != 0:
1256 raise exceptions.CommandFailed(proc.returncode, cmd,
1257 stdout, stderr)