Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / ce6a05a023d1c40834dcb65d379ec7d5f1c55e8c / . / octavia_tempest_plugin / tests / test_base.py
blob: 0924b686e04c61b88269b6f52cc6b9effe1820bf [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
33from octavia_tempest_plugin import clients
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]34from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]35from octavia_tempest_plugin.common import constants as const
36from octavia_tempest_plugin.tests import validators
37from octavia_tempest_plugin.tests import waiters
38
39CONF = config.CONF
40LOG = logging.getLogger(__name__)
41
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]42
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]43class LoadBalancerBaseTest(validators.ValidatorsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]44 """Base class for load balancer tests."""
45
46 # Setup cls.os_roles_lb_member. cls.os_primary, cls.os_roles_lb_member,
47 # and cls.os_roles_lb_admin credentials.
48 credentials = ['admin', 'primary',
49 ['lb_member', CONF.load_balancer.member_role],
50 ['lb_member2', CONF.load_balancer.member_role],
51 ['lb_admin', CONF.load_balancer.admin_role]]
52
53 client_manager = clients.ManagerV2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]54 webserver1_response = 1
55 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]56 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]57
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]58 SRC_PORT_NUMBER_MIN = 32768
59 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]60 src_port_number = SRC_PORT_NUMBER_MIN
61
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]62 @classmethod
63 def skip_checks(cls):
64 """Check if we should skip all of the children tests."""
65 super(LoadBalancerBaseTest, cls).skip_checks()
66
67 service_list = {
68 'load_balancer': CONF.service_available.load_balancer,
69 }
70
71 live_service_list = {
72 'compute': CONF.service_available.nova,
73 'image': CONF.service_available.glance,
74 'neutron': CONF.service_available.neutron
75 }
76
77 if not CONF.load_balancer.test_with_noop:
78 service_list.update(live_service_list)
79
80 for service, available in service_list.items():
81 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]82 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]83 "available.".format(cls.__name__, service))
84 raise cls.skipException(skip_msg)
85
86 # We must be able to reach our VIP and instances
87 if not (CONF.network.project_networks_reachable
88 or CONF.network.public_network_id):
89 msg = ('Either project_networks_reachable must be "true", or '
90 'public_network_id must be defined.')
91 raise cls.skipException(msg)
92
93 @classmethod
94 def setup_credentials(cls):
95 """Setup test credentials and network resources."""
96 # Do not auto create network resources
97 cls.set_network_resources()
98 super(LoadBalancerBaseTest, cls).setup_credentials()
99
100 @classmethod
101 def setup_clients(cls):
102 """Setup client aliases."""
103 super(LoadBalancerBaseTest, cls).setup_clients()
104 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
105 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
106 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
107 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
108 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
109 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
110 cls.lb_mem_SGr_client = (
111 cls.os_roles_lb_member.security_group_rules_client)
112 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
113 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
114 cls.mem_lb_client = cls.os_roles_lb_member.loadbalancer_client
Jude Crossfbbd2b42017-08-09 15:21:04 -0700[diff] [blame]115 cls.mem_listener_client = cls.os_roles_lb_member.listener_client
Adam Harwell8ffce3e2018-05-01 21:18:44 -0700[diff] [blame]116 cls.mem_pool_client = cls.os_roles_lb_member.pool_client
Adam Harwellde3e0542018-05-03 18:21:06 -0700[diff] [blame]117 cls.mem_member_client = cls.os_roles_lb_member.member_client
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]118 cls.mem_healthmonitor_client = (
119 cls.os_roles_lb_member.healthmonitor_client)
Adam Harwell446f8be2018-05-24 16:51:03 -0700[diff] [blame]120 cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]121 cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
Michael Johnson2b10e0a2019-01-25 15:42:13 -0800[diff] [blame]122 cls.lb_admin_amphora_client = cls.os_roles_lb_admin.amphora_client
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]123 cls.lb_admin_flavor_profile_client = (
124 cls.os_roles_lb_admin.flavor_profile_client)
Michael Johnsona2d03072019-01-14 17:18:21 -0800[diff] [blame]125 cls.lb_admin_flavor_client = cls.os_roles_lb_admin.flavor_client
126 cls.mem_flavor_client = cls.os_roles_lb_member.flavor_client
Michael Johnsonfc223fe2019-01-15 16:40:05 -0800[diff] [blame]127 cls.mem_provider_client = cls.os_roles_lb_member.provider_client
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]128 cls.os_admin_servers_client = cls.os_admin.servers_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]129 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson77df0322019-01-15 18:27:58 -0800[diff] [blame]130 cls.os_roles_lb_admin.flavor_capabilities_client)
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]131 cls.lb_admin_availability_zone_capabilities_client = (
132 cls.os_roles_lb_admin.availability_zone_capabilities_client)
133 cls.lb_admin_availability_zone_profile_client = (
134 cls.os_roles_lb_admin.availability_zone_profile_client)
135 cls.lb_admin_availability_zone_client = (
136 cls.os_roles_lb_admin.availability_zone_client)
137 cls.mem_availability_zone_client = (
138 cls.os_roles_lb_member.availability_zone_client)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]139
140 @classmethod
141 def resource_setup(cls):
142 """Setup resources needed by the tests."""
143 super(LoadBalancerBaseTest, cls).resource_setup()
144
145 conf_lb = CONF.load_balancer
146
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]147 cls.api_version = cls.mem_lb_client.get_max_api_version()
148
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]149 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
150 raise exceptions.InvalidConfiguration(
151 "Configuration value test_network_override must be "
152 "specified if test_subnet_override is used.")
153
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]154 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]155 # Get loadbalancing algorithms supported by provider driver.
156 try:
157 algorithms = const.SUPPORTED_LB_ALGORITHMS[
158 CONF.load_balancer.provider]
159 except KeyError:
160 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
161 # Set default algorithm as first from the list.
162 cls.lb_algorithm = algorithms[0]
163
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]164 show_subnet = cls.lb_mem_subnet_client.show_subnet
165 if CONF.load_balancer.test_with_noop:
166 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
167 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
168 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
169 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
170 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
171 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
172 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]173 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]174 cls.lb_member_vip_ipv6_subnet = {'id':
175 uuidutils.generate_uuid()}
176 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
177 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]178 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]179 return
180 elif CONF.load_balancer.test_network_override:
181 if conf_lb.test_subnet_override:
182 override_subnet = show_subnet(conf_lb.test_subnet_override)
183 else:
184 override_subnet = None
185
186 show_net = cls.lb_mem_net_client.show_network
187 override_network = show_net(conf_lb.test_network_override)
188 override_network = override_network.get('network')
189
190 cls.lb_member_vip_net = override_network
191 cls.lb_member_vip_subnet = override_subnet
192 cls.lb_member_1_net = override_network
193 cls.lb_member_1_subnet = override_subnet
194 cls.lb_member_2_net = override_network
195 cls.lb_member_2_subnet = override_subnet
196
197 if (CONF.load_balancer.test_with_ipv6 and
198 conf_lb.test_IPv6_subnet_override):
199 override_ipv6_subnet = show_subnet(
200 conf_lb.test_IPv6_subnet_override)
201 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
202 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
203 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]204 cls.lb_member_vip_ipv6_subnet_stateful = False
205 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
206 'dhcpv6-stateful'):
207 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]208 else:
209 cls.lb_member_vip_ipv6_subnet = None
210 cls.lb_member_1_ipv6_subnet = None
211 cls.lb_member_2_ipv6_subnet = None
212 else:
213 cls._create_networks()
214
215 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
216 cls.lb_member_vip_net[const.ID]))
217 if cls.lb_member_vip_subnet:
218 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
219 cls.lb_member_vip_subnet[const.ID]))
220 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
221 cls.lb_member_1_net[const.ID]))
222 if cls.lb_member_1_subnet:
223 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
224 cls.lb_member_1_subnet[const.ID]))
225 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
226 cls.lb_member_2_net[const.ID]))
227 if cls.lb_member_2_subnet:
228 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
229 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]230 if CONF.load_balancer.test_with_ipv6:
231 if cls.lb_member_vip_ipv6_subnet:
232 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
233 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
234 if cls.lb_member_1_ipv6_subnet:
235 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
236 cls.lb_member_1_ipv6_subnet[const.ID]))
237 if cls.lb_member_2_ipv6_subnet:
238 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
239 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]240
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]241 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]242 # Neutron can be slow to clean up ports from the subnets/networks.
243 # Retry this delete a few times if we get a "Conflict" error to give
244 # neutron time to fully cleanup the ports.
245 @tenacity.retry(
246 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
247 wait=tenacity.wait_incrementing(
Vasyl Saienkoce6a05a2021-05-12 16:30:26 +0300[diff] [blame^]248 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
249 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]250 def _logging_delete_network(cls, net_id):
251 try:
252 cls.lb_mem_net_client.delete_network(net_id)
253 except Exception:
254 LOG.error('Unable to delete network {}. Active ports:'.format(
255 net_id))
256 LOG.error(cls.lb_mem_ports_client.list_ports())
257 raise
258
259 @classmethod
260 # Neutron can be slow to clean up ports from the subnets/networks.
261 # Retry this delete a few times if we get a "Conflict" error to give
262 # neutron time to fully cleanup the ports.
263 @tenacity.retry(
264 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
265 wait=tenacity.wait_incrementing(
Vasyl Saienkoce6a05a2021-05-12 16:30:26 +0300[diff] [blame^]266 const.RETRY_INITIAL_DELAY, const.RETRY_BACKOFF, const.RETRY_MAX),
267 stop=tenacity.stop_after_attempt(const.RETRY_ATTEMPTS))
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]268 def _logging_delete_subnet(cls, subnet_id):
269 try:
270 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
271 except Exception:
272 LOG.error('Unable to delete subnet {}. Active ports:'.format(
273 subnet_id))
274 LOG.error(cls.lb_mem_ports_client.list_ports())
275 raise
276
277 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]278 def _create_networks(cls):
279 """Creates networks, subnets, and routers used in tests.
280
281 The following are expected to be defined and available to the tests:
282 cls.lb_member_vip_net
283 cls.lb_member_vip_subnet
284 cls.lb_member_vip_ipv6_subnet (optional)
285 cls.lb_member_1_net
286 cls.lb_member_1_subnet
287 cls.lb_member_1_ipv6_subnet (optional)
288 cls.lb_member_2_net
289 cls.lb_member_2_subnet
290 cls.lb_member_2_ipv6_subnet (optional)
291 """
292
293 # Create tenant VIP network
294 network_kwargs = {
295 'name': data_utils.rand_name("lb_member_vip_network")}
296 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]297 # Note: Allowed Address Pairs requires port security
298 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]299 result = cls.lb_mem_net_client.create_network(**network_kwargs)
300 cls.lb_member_vip_net = result['network']
301 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
302 cls.addClassResourceCleanup(
303 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]304 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]305 cls.lb_mem_net_client.show_network,
306 cls.lb_member_vip_net['id'])
307
308 # Create tenant VIP subnet
309 subnet_kwargs = {
310 'name': data_utils.rand_name("lb_member_vip_subnet"),
311 'network_id': cls.lb_member_vip_net['id'],
312 'cidr': CONF.load_balancer.vip_subnet_cidr,
313 'ip_version': 4}
314 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
315 cls.lb_member_vip_subnet = result['subnet']
316 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
317 cls.addClassResourceCleanup(
318 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]319 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]320 cls.lb_mem_subnet_client.show_subnet,
321 cls.lb_member_vip_subnet['id'])
322
323 # Create tenant VIP IPv6 subnet
324 if CONF.load_balancer.test_with_ipv6:
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]325 # See if ipv6-private-subnet exists and use it if so.
326 priv_ipv6_subnet = cls.os_admin.subnets_client.list_subnets(
327 name='ipv6-private-subnet')['subnets']
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]328
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]329 cls.lb_member_vip_ipv6_subnet_stateful = False
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]330 if len(priv_ipv6_subnet) == 1:
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]331 if (priv_ipv6_subnet[0]['ipv6_address_mode'] ==
332 'dhcpv6-stateful'):
333 cls.lb_member_vip_ipv6_subnet_stateful = True
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]334 cls.lb_member_vip_ipv6_subnet = priv_ipv6_subnet[0]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]335 cls.lb_member_vip_ipv6_net = {
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]336 'id': priv_ipv6_subnet[0]['network_id']}
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]337 else:
338 subnet_kwargs = {
339 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
340 'network_id': cls.lb_member_vip_net['id'],
341 'cidr': CONF.load_balancer.vip_ipv6_subnet_cidr,
342 'ip_version': 6}
343 result = cls.lb_mem_subnet_client.create_subnet(
344 **subnet_kwargs)
Michael Johnson7c5b9012019-05-28 11:02:29 -0700[diff] [blame]345 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]346 cls.lb_member_vip_ipv6_subnet = result['subnet']
347 cls.addClassResourceCleanup(
348 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]349 cls._logging_delete_subnet,
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]350 cls.lb_mem_subnet_client.show_subnet,
351 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]352
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]353 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
354 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]355
356 # Create tenant member 1 network
357 network_kwargs = {
358 'name': data_utils.rand_name("lb_member_1_network")}
359 if CONF.network_feature_enabled.port_security:
360 if CONF.load_balancer.enable_security_groups:
361 network_kwargs['port_security_enabled'] = True
362 else:
363 network_kwargs['port_security_enabled'] = False
364 result = cls.lb_mem_net_client.create_network(**network_kwargs)
365 cls.lb_member_1_net = result['network']
366 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
367 cls.addClassResourceCleanup(
368 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]369 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]370 cls.lb_mem_net_client.show_network,
371 cls.lb_member_1_net['id'])
372
373 # Create tenant member 1 subnet
374 subnet_kwargs = {
375 'name': data_utils.rand_name("lb_member_1_subnet"),
376 'network_id': cls.lb_member_1_net['id'],
377 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
378 'ip_version': 4}
379 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
380 cls.lb_member_1_subnet = result['subnet']
381 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
382 cls.addClassResourceCleanup(
383 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]384 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]385 cls.lb_mem_subnet_client.show_subnet,
386 cls.lb_member_1_subnet['id'])
387
388 # Create tenant member 1 ipv6 subnet
389 if CONF.load_balancer.test_with_ipv6:
390 subnet_kwargs = {
391 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
392 'network_id': cls.lb_member_1_net['id'],
393 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
394 'ip_version': 6}
395 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]396 cls.lb_member_1_subnet_prefix = (
397 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
398 )
399 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]400 cls.lb_member_1_ipv6_subnet = result['subnet']
401 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
402 cls.lb_member_1_ipv6_subnet))
403 cls.addClassResourceCleanup(
404 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]405 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]406 cls.lb_mem_subnet_client.show_subnet,
407 cls.lb_member_1_ipv6_subnet['id'])
408
409 # Create tenant member 2 network
410 network_kwargs = {
411 'name': data_utils.rand_name("lb_member_2_network")}
412 if CONF.network_feature_enabled.port_security:
413 if CONF.load_balancer.enable_security_groups:
414 network_kwargs['port_security_enabled'] = True
415 else:
416 network_kwargs['port_security_enabled'] = False
417 result = cls.lb_mem_net_client.create_network(**network_kwargs)
418 cls.lb_member_2_net = result['network']
419 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
420 cls.addClassResourceCleanup(
421 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]422 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]423 cls.lb_mem_net_client.show_network,
424 cls.lb_member_2_net['id'])
425
426 # Create tenant member 2 subnet
427 subnet_kwargs = {
428 'name': data_utils.rand_name("lb_member_2_subnet"),
429 'network_id': cls.lb_member_2_net['id'],
430 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
431 'ip_version': 4}
432 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
433 cls.lb_member_2_subnet = result['subnet']
434 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
435 cls.addClassResourceCleanup(
436 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]437 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]438 cls.lb_mem_subnet_client.show_subnet,
439 cls.lb_member_2_subnet['id'])
440
441 # Create tenant member 2 ipv6 subnet
442 if CONF.load_balancer.test_with_ipv6:
443 subnet_kwargs = {
444 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
445 'network_id': cls.lb_member_2_net['id'],
446 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
447 'ip_version': 6}
448 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]449 cls.lb_member_2_subnet_prefix = (
450 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
451 )
452 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]453 cls.lb_member_2_ipv6_subnet = result['subnet']
454 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
455 cls.lb_member_2_ipv6_subnet))
456 cls.addClassResourceCleanup(
457 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]458 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]459 cls.lb_mem_subnet_client.show_subnet,
460 cls.lb_member_2_ipv6_subnet['id'])
461
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]462 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]463 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
464 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]465 if not ip_version:
466 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]467 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]468 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]469 while ip_index in cls.used_ips:
470 ip_index = data_utils.rand_int_id(start=10, end=100)
471 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]472 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]473 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]474 if CONF.load_balancer.test_with_noop:
475 lb_vip_address = '198.18.33.33'
476 else:
477 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
478 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
479 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]480 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]481 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]482 if CONF.load_balancer.test_with_noop:
483 lb_vip_address = '2001:db8:33:33:33:33:33:33'
484 else:
485 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
486 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
487 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]488 # If the subnet is IPv6 slaac or dhcpv6-stateless
489 # neutron does not allow a fixed IP
490 if not cls.lb_member_vip_ipv6_subnet_stateful:
491 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]492 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]493 if use_fixed_ip:
494 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]495 if CONF.load_balancer.test_with_noop:
496 lb_kwargs[const.VIP_NETWORK_ID] = (
497 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]498 if ip_version == 6:
499 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]500 else:
501 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
502 lb_kwargs[const.VIP_SUBNET_ID] = None
503
ibumarskovf2a2b502020-09-03 18:21:29 +0400[diff] [blame]504 @classmethod
505 def check_tf_compatibility(cls, protocol=None, algorithm=None):
506 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov089683e2021-02-03 16:16:42 +0400[diff] [blame]507 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskovf2a2b502020-09-03 18:21:29 +0400[diff] [blame]508 const.TERMINATED_HTTPS]
509 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
510 const.LB_ALGORITHM_LEAST_CONNECTIONS,
511 const.LB_ALGORITHM_SOURCE_IP]
512
513 if algorithm and algorithm not in tf_algorithms:
514 raise cls.skipException(
515 'TungstenFabric does not support {} algorithm.'
516 ''.format(algorithm))
517 if protocol and protocol not in tf_protocols:
518 raise cls.skipException(
519 'TungstenFabric does not support {} protocol.'
520 ''.format(protocol))
521
522 @classmethod
523 def _tf_create_listener(cls, name, proto, port, lb_id):
524 listener_kwargs = {
525 const.NAME: name,
526 const.PROTOCOL: proto,
527 const.PROTOCOL_PORT: port,
528 const.LOADBALANCER_ID: lb_id,
529 }
530 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
531 return listener
532
533 @classmethod
534 def _tf_get_free_port(cls, lb_id):
535 port = 8081
536 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
537 listeners = lb[const.LISTENERS]
538 if not listeners:
539 return port
540 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
541 const.PROTOCOL_PORT] for x in listeners]
542 while port in ports:
543 port = port + 1
544 return port
545
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]546
547class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
548 @classmethod
549 def resource_setup(cls):
550 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
551 # If validation is disabled in this cloud, we won't be able to
552 # start the webservers, so don't even boot them.
553 if not CONF.validation.run_validation:
554 return
555
556 # Create a keypair for the webservers
557 keypair_name = data_utils.rand_name('lb_member_keypair')
558 result = cls.lb_mem_keypairs_client.create_keypair(
559 name=keypair_name)
560 cls.lb_member_keypair = result['keypair']
561 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
562 cls.addClassResourceCleanup(
563 waiters.wait_for_not_found,
564 cls.lb_mem_keypairs_client.delete_keypair,
565 cls.lb_mem_keypairs_client.show_keypair,
566 keypair_name)
567
568 if (CONF.load_balancer.enable_security_groups and
569 CONF.network_feature_enabled.port_security):
570 # Set up the security group for the webservers
571 SG_name = data_utils.rand_name('lb_member_SG')
572 cls.lb_member_sec_group = (
573 cls.lb_mem_SG_client.create_security_group(
574 name=SG_name)['security_group'])
575 cls.addClassResourceCleanup(
576 waiters.wait_for_not_found,
577 cls.lb_mem_SG_client.delete_security_group,
578 cls.lb_mem_SG_client.show_security_group,
579 cls.lb_member_sec_group['id'])
580
581 # Create a security group rule to allow 80-81 (test webservers)
582 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
583 direction='ingress',
584 security_group_id=cls.lb_member_sec_group['id'],
585 protocol='tcp',
586 ethertype='IPv4',
587 port_range_min=80,
588 port_range_max=81)['security_group_rule']
589 cls.addClassResourceCleanup(
590 waiters.wait_for_not_found,
591 cls.lb_mem_SGr_client.delete_security_group_rule,
592 cls.lb_mem_SGr_client.show_security_group_rule,
593 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]594 # Create a security group rule to allow UDP 80-81 (test webservers)
595 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
596 direction='ingress',
597 security_group_id=cls.lb_member_sec_group['id'],
598 protocol='udp',
599 ethertype='IPv4',
600 port_range_min=80,
601 port_range_max=81)['security_group_rule']
602 cls.addClassResourceCleanup(
603 waiters.wait_for_not_found,
604 cls.lb_mem_SGr_client.delete_security_group_rule,
605 cls.lb_mem_SGr_client.show_security_group_rule,
606 SGr['id'])
607 # Create a security group rule to allow UDP 9999 (test webservers)
608 # Port 9999 is used to illustrate health monitor ERRORs on closed
609 # ports.
610 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
611 direction='ingress',
612 security_group_id=cls.lb_member_sec_group['id'],
613 protocol='udp',
614 ethertype='IPv4',
615 port_range_min=9999,
616 port_range_max=9999)['security_group_rule']
617 cls.addClassResourceCleanup(
618 waiters.wait_for_not_found,
619 cls.lb_mem_SGr_client.delete_security_group_rule,
620 cls.lb_mem_SGr_client.show_security_group_rule,
621 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]622 # Create a security group rule to allow 22 (ssh)
623 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
624 direction='ingress',
625 security_group_id=cls.lb_member_sec_group['id'],
626 protocol='tcp',
627 ethertype='IPv4',
628 port_range_min=22,
629 port_range_max=22)['security_group_rule']
630 cls.addClassResourceCleanup(
631 waiters.wait_for_not_found,
632 cls.lb_mem_SGr_client.delete_security_group_rule,
633 cls.lb_mem_SGr_client.show_security_group_rule,
634 SGr['id'])
635 if CONF.load_balancer.test_with_ipv6:
636 # Create a security group rule to allow 80-81 (test webservers)
637 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
638 direction='ingress',
639 security_group_id=cls.lb_member_sec_group['id'],
640 protocol='tcp',
641 ethertype='IPv6',
642 port_range_min=80,
643 port_range_max=81)['security_group_rule']
644 cls.addClassResourceCleanup(
645 waiters.wait_for_not_found,
646 cls.lb_mem_SGr_client.delete_security_group_rule,
647 cls.lb_mem_SGr_client.show_security_group_rule,
648 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]649 # Create a security group rule to allow UDP 80-81 (test
650 # webservers)
651 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
652 direction='ingress',
653 security_group_id=cls.lb_member_sec_group['id'],
654 protocol='udp',
655 ethertype='IPv6',
656 port_range_min=80,
657 port_range_max=81)['security_group_rule']
658 cls.addClassResourceCleanup(
659 waiters.wait_for_not_found,
660 cls.lb_mem_SGr_client.delete_security_group_rule,
661 cls.lb_mem_SGr_client.show_security_group_rule,
662 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]663 # Create a security group rule to allow 22 (ssh)
664 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
665 direction='ingress',
666 security_group_id=cls.lb_member_sec_group['id'],
667 protocol='tcp',
668 ethertype='IPv6',
669 port_range_min=22,
670 port_range_max=22)['security_group_rule']
671 cls.addClassResourceCleanup(
672 waiters.wait_for_not_found,
673 cls.lb_mem_SGr_client.delete_security_group_rule,
674 cls.lb_mem_SGr_client.show_security_group_rule,
675 SGr['id'])
676
677 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
678
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]679 # Setup backend member reencryption PKI
680 cls._create_backend_reencryption_pki()
681
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]682 # Create webserver 1 instance
683 server_details = cls._create_webserver('lb_member_webserver1',
684 cls.lb_member_1_net)
685
686 cls.lb_member_webserver1 = server_details['server']
687 cls.webserver1_ip = server_details.get('ipv4_address')
688 cls.webserver1_ipv6 = server_details.get('ipv6_address')
689 cls.webserver1_public_ip = server_details['public_ipv4_address']
690
691 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
692 cls.lb_member_webserver1[const.ID]))
693 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
694 cls.webserver1_ip))
695 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
696 cls.webserver1_ipv6))
697 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
698 cls.webserver1_public_ip))
699
700 # Create webserver 2 instance
701 server_details = cls._create_webserver('lb_member_webserver2',
702 cls.lb_member_2_net)
703
704 cls.lb_member_webserver2 = server_details['server']
705 cls.webserver2_ip = server_details.get('ipv4_address')
706 cls.webserver2_ipv6 = server_details.get('ipv6_address')
707 cls.webserver2_public_ip = server_details['public_ipv4_address']
708
709 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
710 cls.lb_member_webserver2[const.ID]))
711 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
712 cls.webserver2_ip))
713 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
714 cls.webserver2_ipv6))
715 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
716 cls.webserver2_public_ip))
717
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]718 if CONF.load_balancer.test_with_ipv6:
719 # Enable the IPv6 nic in webserver 1
720 cls._enable_ipv6_nic_webserver(
721 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
722 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
723
724 # Enable the IPv6 nic in webserver 2
725 cls._enable_ipv6_nic_webserver(
726 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
727 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
728
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]729 # Set up serving on webserver 1
730 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]731 cls.lb_member_keypair['private_key'],
732 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]733
734 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]735 cls._validate_webserver(cls.webserver1_public_ip,
736 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]737
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]738 # Validate udp server 1
739 cls._validate_udp_server(cls.webserver1_public_ip,
740 cls.webserver1_response)
741
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]742 # Set up serving on webserver 2
743 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]744 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]745 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]746
747 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]748 cls._validate_webserver(cls.webserver2_public_ip,
749 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]750
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]751 # Validate udp server 2
752 cls._validate_udp_server(cls.webserver2_public_ip,
753 cls.webserver2_response)
754
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]755 @classmethod
756 def _create_networks(cls):
757 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]758 # Create a router for the subnets (required for the floating IP)
759 router_name = data_utils.rand_name("lb_member_router")
760 result = cls.lb_mem_routers_client.create_router(
761 name=router_name, admin_state_up=True,
762 external_gateway_info=dict(
763 network_id=CONF.network.public_network_id))
764 cls.lb_member_router = result['router']
765 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
766 cls.addClassResourceCleanup(
767 waiters.wait_for_not_found,
768 cls.lb_mem_routers_client.delete_router,
769 cls.lb_mem_routers_client.show_router,
770 cls.lb_member_router['id'])
771
772 # Add VIP subnet to router
773 cls.lb_mem_routers_client.add_router_interface(
774 cls.lb_member_router['id'],
775 subnet_id=cls.lb_member_vip_subnet['id'])
776 cls.addClassResourceCleanup(
777 waiters.wait_for_not_found,
778 cls.lb_mem_routers_client.remove_router_interface,
779 cls.lb_mem_routers_client.remove_router_interface,
780 cls.lb_member_router['id'],
781 subnet_id=cls.lb_member_vip_subnet['id'])
782
783 # Add member subnet 1 to router
784 cls.lb_mem_routers_client.add_router_interface(
785 cls.lb_member_router['id'],
786 subnet_id=cls.lb_member_1_subnet['id'])
787 cls.addClassResourceCleanup(
788 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]789 cls.lb_mem_routers_client.remove_router_interface,
790 cls.lb_mem_routers_client.remove_router_interface,
791 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
792
793 # Add member subnet 2 to router
794 cls.lb_mem_routers_client.add_router_interface(
795 cls.lb_member_router['id'],
796 subnet_id=cls.lb_member_2_subnet['id'])
797 cls.addClassResourceCleanup(
798 waiters.wait_for_not_found,
799 cls.lb_mem_routers_client.remove_router_interface,
800 cls.lb_mem_routers_client.remove_router_interface,
801 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
802
803 @classmethod
804 def _create_webserver(cls, name, network):
805 """Creates a webserver with two ports.
806
807 webserver_details dictionary contains:
808 server - The compute server object
809 ipv4_address - The IPv4 address for the server (optional)
810 ipv6_address - The IPv6 address for the server (optional)
811 public_ipv4_address - The publicly accessible IPv4 address for the
812 server, this may be a floating IP (optional)
813
814 :param name: The name of the server to create.
815 :param network: The network to boot the server on.
816 :returns: webserver_details dictionary.
817 """
818 server_kwargs = {
819 'name': data_utils.rand_name(name),
820 'flavorRef': CONF.compute.flavor_ref,
821 'imageRef': CONF.compute.image_ref,
822 'key_name': cls.lb_member_keypair['name']}
823 if (CONF.load_balancer.enable_security_groups and
824 CONF.network_feature_enabled.port_security):
825 server_kwargs['security_groups'] = [
826 {'name': cls.lb_member_sec_group['name']}]
827 if not CONF.load_balancer.disable_boot_network:
828 server_kwargs['networks'] = [{'uuid': network['id']}]
829
830 # Replace the name for clouds that have limitations
831 if CONF.load_balancer.random_server_name_length:
832 r = random.SystemRandom()
833 server_kwargs['name'] = "m{}".format("".join(
834 [r.choice(string.ascii_uppercase + string.digits)
835 for _ in range(
836 CONF.load_balancer.random_server_name_length - 1)]
837 ))
838 if CONF.load_balancer.availability_zone:
839 server_kwargs['availability_zone'] = (
840 CONF.load_balancer.availability_zone)
841
842 server = cls.lb_mem_servers_client.create_server(
843 **server_kwargs)['server']
844 cls.addClassResourceCleanup(
845 waiters.wait_for_not_found,
846 cls.lb_mem_servers_client.delete_server,
847 cls.lb_mem_servers_client.show_server,
848 server['id'])
849 server = waiters.wait_for_status(
850 cls.lb_mem_servers_client.show_server,
851 server['id'], 'status', 'ACTIVE',
852 CONF.load_balancer.build_interval,
853 CONF.load_balancer.build_timeout,
854 root_tag='server')
855 webserver_details = {'server': server}
856 LOG.info('Created server: {}'.format(server))
857
858 addresses = server['addresses']
859 if CONF.load_balancer.disable_boot_network:
860 instance_network = addresses.values()[0]
861 else:
862 instance_network = addresses[network['name']]
863 for addr in instance_network:
864 if addr['version'] == 4:
865 webserver_details['ipv4_address'] = addr['addr']
866 if addr['version'] == 6:
867 webserver_details['ipv6_address'] = addr['addr']
868
869 if CONF.validation.connect_method == 'floating':
870 result = cls.lb_mem_ports_client.list_ports(
871 network_id=network['id'],
872 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
873 port_id = result['ports'][0]['id']
874 result = cls.lb_mem_float_ip_client.create_floatingip(
875 floating_network_id=CONF.network.public_network_id,
876 port_id=port_id)
877 floating_ip = result['floatingip']
878 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
879 cls.addClassResourceCleanup(
880 waiters.wait_for_not_found,
881 cls.lb_mem_float_ip_client.delete_floatingip,
882 cls.lb_mem_float_ip_client.show_floatingip,
883 floatingip_id=floating_ip['id'])
884 webserver_details['public_ipv4_address'] = (
885 floating_ip['floating_ip_address'])
886 else:
887 webserver_details['public_ipv4_address'] = (
888 instance_network[0]['addr'])
889
890 return webserver_details
891
892 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]893 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
894 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]895 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]896
897 linux_client = remote_client.RemoteClient(
898 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
899 linux_client.validate_authentication()
900
901 with tempfile.NamedTemporaryFile() as key:
902 key.write(ssh_key.encode('utf-8'))
903 key.flush()
904 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
905 "-o StrictHostKeyChecking=no "
906 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
907 "-i {2} {3} {4}@{5}:{6}").format(
908 CONF.load_balancer.scp_connection_timeout,
909 CONF.load_balancer.scp_connection_attempts,
910 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]911 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]912 args = shlex.split(cmd)
913 subprocess_args = {'stdout': subprocess.PIPE,
914 'stderr': subprocess.STDOUT,
915 'cwd': None}
916 proc = subprocess.Popen(args, **subprocess_args)
917 stdout, stderr = proc.communicate()
918 if proc.returncode != 0:
919 raise exceptions.CommandFailed(proc.returncode, cmd,
920 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]921
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]922 cls._load_member_pki_content(ip_address, key,
923 revoke_cert=revoke_cert)
924
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]925 # Enabling memory overcommit allows to run golang static binaries
926 # compiled with a recent golang toolchain (>=1.11). Those binaries
927 # allocate a large amount of virtual memory at init time, and this
928 # allocation fails in tempest's nano flavor (64MB of RAM)
929 # (golang issue reported in https://github.com/golang/go/issues/28114,
930 # follow-up: https://github.com/golang/go/issues/28081)
931 # TODO(gthiemonge): Remove this call when golang issue is resolved.
932 linux_client.exec_command('sudo sh -c "echo 1 > '
933 '/proc/sys/vm/overcommit_memory"')
934
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]935 # The initial process also supports HTTPS and HTTPS with client auth
936 linux_client.exec_command(
937 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
938 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
939 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
940 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
941
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]942 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]943 '-id {1}'.format(const.TEST_SERVER_BINARY,
944 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]945
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]946 # Cirros does not configure the assigned IPv6 address by default
947 # so enable it manually like tempest does here:
948 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
949 @classmethod
950 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
951 ipv6_address, ipv6_prefix):
952 linux_client = remote_client.RemoteClient(
953 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
954 linux_client.validate_authentication()
955
956 linux_client.exec_command('sudo ip address add {0}/{1} dev '
957 'eth0'.format(ipv6_address, ipv6_prefix))
958
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]959 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]960 def _validate_webserver(cls, ip_address, start_id):
961 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]962 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]963 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]964 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]965
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]966 @classmethod
967 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]968 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]969 if res != str(start_id):
970 raise Exception("Response from test server doesn't match the "
971 "expected value ({0} != {1}).".format(
972 res, str(start_id)))
973
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]974 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]975 if res != str(start_id + 1):
976 raise Exception("Response from test server doesn't match the "
977 "expected value ({0} != {1}).".format(
978 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]979
980 @classmethod
981 def _create_backend_reencryption_pki(cls):
982 # Create a CA self-signed cert and key for the member test servers
983 cls.member_ca_cert, cls.member_ca_key = (
984 cert_utils.generate_ca_cert_and_key())
985
986 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
987 serialization.Encoding.PEM))
988 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
989 encoding=serialization.Encoding.PEM,
990 format=serialization.PrivateFormat.TraditionalOpenSSL,
991 encryption_algorithm=serialization.NoEncryption()))
992 LOG.debug('Member CA public Key: %s',
993 cls.member_ca_key.public_key().public_bytes(
994 encoding=serialization.Encoding.PEM,
995 format=serialization.PublicFormat.SubjectPublicKeyInfo))
996
997 # Create the member client authentication CA
998 cls.member_client_ca_cert, member_client_ca_key = (
999 cert_utils.generate_ca_cert_and_key())
1000
1001 # Create client cert and key
1002 cls.member_client_cn = uuidutils.generate_uuid()
1003 cls.member_client_cert, cls.member_client_key = (
1004 cert_utils.generate_client_cert_and_key(
1005 cls.member_client_ca_cert, member_client_ca_key,
1006 cls.member_client_cn))
1007 # Note: We are not revoking a client cert here as we don't need to
1008 # test the backend web server CRL checking.
1009
1010 @classmethod
1011 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1012 # Create webserver certificate and key
1013 cert, key = cert_utils.generate_server_cert_and_key(
1014 cls.member_ca_cert, cls.member_ca_key, ip_address)
1015
1016 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1017 serialization.Encoding.PEM))
1018 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1019 encoding=serialization.Encoding.PEM,
1020 format=serialization.PrivateFormat.TraditionalOpenSSL,
1021 encryption_algorithm=serialization.NoEncryption()))
1022 public_key = key.public_key()
1023 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1024 encoding=serialization.Encoding.PEM,
1025 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1026
1027 # Create a CRL with a revoked certificate
1028 if revoke_cert:
1029 # Create a CRL with webserver 2 revoked
1030 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1031 cls.member_ca_cert, cls.member_ca_key, cert)
1032
1033 # Load the certificate, key, and client CA certificate into the
1034 # test server.
1035 with tempfile.TemporaryDirectory() as tmpdir:
1036 os.umask(0)
1037 files_to_send = []
1038 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1039 files_to_send.append(cert_filename)
1040 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1041 0o700), 'w') as fh:
1042 fh.write(cert.public_bytes(
1043 serialization.Encoding.PEM).decode('utf-8'))
1044 fh.flush()
1045 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1046 files_to_send.append(key_filename)
1047 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1048 0o700), 'w') as fh:
1049 fh.write(key.private_bytes(
1050 encoding=serialization.Encoding.PEM,
1051 format=serialization.PrivateFormat.TraditionalOpenSSL,
1052 encryption_algorithm=serialization.NoEncryption()).decode(
1053 'utf-8'))
1054 fh.flush()
1055 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1056 files_to_send.append(client_ca_filename)
1057 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1058 0o700), 'w') as fh:
1059 fh.write(cls.member_client_ca_cert.public_bytes(
1060 serialization.Encoding.PEM).decode('utf-8'))
1061 fh.flush()
1062
1063 # For security, we don't want to use a shell that can glob
1064 # the file names, so iterate over them.
1065 subprocess_args = {'stdout': subprocess.PIPE,
1066 'stderr': subprocess.STDOUT,
1067 'cwd': None}
1068 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1069 "-o StrictHostKeyChecking=no "
1070 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1071 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1072 CONF.load_balancer.scp_connection_timeout,
1073 CONF.load_balancer.scp_connection_attempts,
1074 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1075 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1076 args = shlex.split(cmd)
1077 proc = subprocess.Popen(args, **subprocess_args)
1078 stdout, stderr = proc.communicate()
1079 if proc.returncode != 0:
1080 raise exceptions.CommandFailed(proc.returncode, cmd,
1081 stdout, stderr)