Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 964d73f21703cbb4397c47d3e4377f2f8c788d34 / . / octavia_tempest_plugin / tests / test_base.py
blob: 1c56e01ab40aa5a4e83e210eef82095a1a4706f4 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]33from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]34from octavia_tempest_plugin.common import constants as const
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]35from octavia_tempest_plugin.tests import RBAC_tests
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]36from octavia_tempest_plugin.tests import validators
37from octavia_tempest_plugin.tests import waiters
38
39CONF = config.CONF
40LOG = logging.getLogger(__name__)
41
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]42RETRY_ATTEMPTS = 15
43RETRY_INITIAL_DELAY = 1
44RETRY_BACKOFF = 1
45RETRY_MAX = 5
46
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]47
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]48class LoadBalancerBaseTest(validators.ValidatorsMixin,
49 RBAC_tests.RBACTestsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]50 """Base class for load balancer tests."""
51
Gregory Thiemonge3497f6c2021-04-19 21:33:13 +0200[diff] [blame]52 if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
53 credentials = [
54 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
55 ['lb_member', CONF.load_balancer.member_role],
56 ['lb_member2', CONF.load_balancer.member_role]]
57 elif CONF.load_balancer.enforce_new_defaults:
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]58 credentials = [
59 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
60 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
61 ['lb_global_observer', CONF.load_balancer.global_observer_role,
62 'reader'],
63 ['lb_member', CONF.load_balancer.member_role, 'member'],
64 ['lb_member2', CONF.load_balancer.member_role, 'member'],
65 ['lb_member_not_default_member', CONF.load_balancer.member_role]]
66 else:
67 credentials = [
68 'admin', 'primary', ['lb_admin', CONF.load_balancer.admin_role],
69 ['lb_observer', CONF.load_balancer.observer_role, 'reader'],
70 ['lb_global_observer', CONF.load_balancer.global_observer_role,
71 'reader'],
72 ['lb_member', CONF.load_balancer.member_role],
73 ['lb_member2', CONF.load_balancer.member_role]]
74
75 # If scope enforcement is enabled, add in the system scope credentials.
76 # The project scope is already handled by the above credentials.
77 if CONF.enforce_scope.octavia:
78 credentials.extend(['system_admin', 'system_reader'])
79
80 # A tuple of credentials that will be allocated by tempest using the
81 # 'credentials' list above. These are used to build RBAC test lists.
82 allocated_creds = []
83 for cred in credentials:
84 if isinstance(cred, list):
85 allocated_creds.append('os_roles_' + cred[0])
86 else:
87 allocated_creds.append('os_' + cred)
88 # Tests shall not mess with the list of allocated credentials
89 allocated_credentials = tuple(allocated_creds)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]90
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]91 webserver1_response = 1
92 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]93 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]94
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]95 SRC_PORT_NUMBER_MIN = 32768
96 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]97 src_port_number = SRC_PORT_NUMBER_MIN
98
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]99 @classmethod
100 def skip_checks(cls):
101 """Check if we should skip all of the children tests."""
102 super(LoadBalancerBaseTest, cls).skip_checks()
103
104 service_list = {
105 'load_balancer': CONF.service_available.load_balancer,
106 }
107
108 live_service_list = {
109 'compute': CONF.service_available.nova,
110 'image': CONF.service_available.glance,
111 'neutron': CONF.service_available.neutron
112 }
113
114 if not CONF.load_balancer.test_with_noop:
115 service_list.update(live_service_list)
116
117 for service, available in service_list.items():
118 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]119 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]120 "available.".format(cls.__name__, service))
121 raise cls.skipException(skip_msg)
122
123 # We must be able to reach our VIP and instances
124 if not (CONF.network.project_networks_reachable
125 or CONF.network.public_network_id):
126 msg = ('Either project_networks_reachable must be "true", or '
127 'public_network_id must be defined.')
128 raise cls.skipException(msg)
129
130 @classmethod
131 def setup_credentials(cls):
132 """Setup test credentials and network resources."""
133 # Do not auto create network resources
134 cls.set_network_resources()
135 super(LoadBalancerBaseTest, cls).setup_credentials()
136
Michael Johnson6006de72021-02-21 01:42:39 +0000[diff] [blame]137 # Log the user roles for this test run
138 role_name_cache = {}
139 for cred in cls.credentials:
140 user_roles = []
141 if isinstance(cred, list):
142 user_name = cred[0]
143 cred_obj = getattr(cls, 'os_roles_' + cred[0])
144 else:
145 user_name = cred
146 cred_obj = getattr(cls, 'os_' + cred)
147 params = {'user.id': cred_obj.credentials.user_id,
148 'project.id': cred_obj.credentials.project_id}
149 roles = cls.os_admin.role_assignments_client.list_role_assignments(
150 **params)['role_assignments']
151 for role in roles:
152 role_id = role['role']['id']
153 try:
154 role_name = role_name_cache[role_id]
155 except KeyError:
156 role_name = cls.os_admin.roles_v3_client.show_role(
157 role_id)['role']['name']
158 role_name_cache[role_id] = role_name
159 user_roles.append([role_name, role['scope']])
160 LOG.info("User %s has roles: %s", user_name, user_roles)
161
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]162 @classmethod
163 def setup_clients(cls):
164 """Setup client aliases."""
165 super(LoadBalancerBaseTest, cls).setup_clients()
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]166 lb_admin_prefix = cls.os_roles_lb_admin.load_balancer_v2
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]167 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
168 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
169 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
170 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
171 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
172 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
173 cls.lb_mem_SGr_client = (
174 cls.os_roles_lb_member.security_group_rules_client)
175 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
176 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]177 cls.mem_lb_client = (
178 cls.os_roles_lb_member.load_balancer_v2.LoadbalancerClient())
179 cls.mem_listener_client = (
180 cls.os_roles_lb_member.load_balancer_v2.ListenerClient())
181 cls.mem_pool_client = (
182 cls.os_roles_lb_member.load_balancer_v2.PoolClient())
183 cls.mem_member_client = (
184 cls.os_roles_lb_member.load_balancer_v2.MemberClient())
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]185 cls.mem_healthmonitor_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]186 cls.os_roles_lb_member.load_balancer_v2.HealthMonitorClient())
187 cls.mem_l7policy_client = (
188 cls.os_roles_lb_member.load_balancer_v2.L7PolicyClient())
189 cls.mem_l7rule_client = (
190 cls.os_roles_lb_member.load_balancer_v2.L7RuleClient())
191 cls.lb_admin_amphora_client = lb_admin_prefix.AmphoraClient()
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]192 cls.lb_admin_flavor_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]193 lb_admin_prefix.FlavorProfileClient())
194 cls.lb_admin_flavor_client = lb_admin_prefix.FlavorClient()
195 cls.mem_flavor_client = (
196 cls.os_roles_lb_member.load_balancer_v2.FlavorClient())
197 cls.mem_provider_client = (
198 cls.os_roles_lb_member.load_balancer_v2.ProviderClient())
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]199 cls.os_admin_servers_client = cls.os_admin.servers_client
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]200 cls.os_admin_routers_client = cls.os_admin.routers_client
201 cls.os_admin_subnetpools_client = cls.os_admin.subnetpools_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]202 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]203 lb_admin_prefix.FlavorCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]204 cls.lb_admin_availability_zone_capabilities_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]205 lb_admin_prefix.AvailabilityZoneCapabilitiesClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]206 cls.lb_admin_availability_zone_profile_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]207 lb_admin_prefix.AvailabilityZoneProfileClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]208 cls.lb_admin_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]209 lb_admin_prefix.AvailabilityZoneClient())
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]210 cls.mem_availability_zone_client = (
Michael Johnson29d8e612021-06-23 16:16:12 +0000[diff] [blame]211 cls.os_roles_lb_member.load_balancer_v2.AvailabilityZoneClient())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]212
213 @classmethod
214 def resource_setup(cls):
215 """Setup resources needed by the tests."""
216 super(LoadBalancerBaseTest, cls).resource_setup()
217
218 conf_lb = CONF.load_balancer
219
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]220 cls.api_version = cls.mem_lb_client.get_max_api_version()
221
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]222 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
223 raise exceptions.InvalidConfiguration(
224 "Configuration value test_network_override must be "
225 "specified if test_subnet_override is used.")
226
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]227 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]228 # Get loadbalancing algorithms supported by provider driver.
229 try:
230 algorithms = const.SUPPORTED_LB_ALGORITHMS[
231 CONF.load_balancer.provider]
232 except KeyError:
233 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
234 # Set default algorithm as first from the list.
235 cls.lb_algorithm = algorithms[0]
236
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]237 show_subnet = cls.lb_mem_subnet_client.show_subnet
238 if CONF.load_balancer.test_with_noop:
239 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
240 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
241 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
242 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
243 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
244 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
245 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]246 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]247 cls.lb_member_vip_ipv6_subnet = {'id':
248 uuidutils.generate_uuid()}
249 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
250 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]251 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]252 return
253 elif CONF.load_balancer.test_network_override:
254 if conf_lb.test_subnet_override:
255 override_subnet = show_subnet(conf_lb.test_subnet_override)
256 else:
257 override_subnet = None
258
259 show_net = cls.lb_mem_net_client.show_network
260 override_network = show_net(conf_lb.test_network_override)
261 override_network = override_network.get('network')
262
263 cls.lb_member_vip_net = override_network
264 cls.lb_member_vip_subnet = override_subnet
265 cls.lb_member_1_net = override_network
266 cls.lb_member_1_subnet = override_subnet
267 cls.lb_member_2_net = override_network
268 cls.lb_member_2_subnet = override_subnet
269
270 if (CONF.load_balancer.test_with_ipv6 and
271 conf_lb.test_IPv6_subnet_override):
272 override_ipv6_subnet = show_subnet(
273 conf_lb.test_IPv6_subnet_override)
274 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
275 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
276 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]277 cls.lb_member_vip_ipv6_subnet_stateful = False
278 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
279 'dhcpv6-stateful'):
280 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]281 else:
282 cls.lb_member_vip_ipv6_subnet = None
283 cls.lb_member_1_ipv6_subnet = None
284 cls.lb_member_2_ipv6_subnet = None
285 else:
286 cls._create_networks()
287
288 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
289 cls.lb_member_vip_net[const.ID]))
290 if cls.lb_member_vip_subnet:
291 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
292 cls.lb_member_vip_subnet[const.ID]))
293 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
294 cls.lb_member_1_net[const.ID]))
295 if cls.lb_member_1_subnet:
296 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
297 cls.lb_member_1_subnet[const.ID]))
298 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
299 cls.lb_member_2_net[const.ID]))
300 if cls.lb_member_2_subnet:
301 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
302 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]303 if CONF.load_balancer.test_with_ipv6:
304 if cls.lb_member_vip_ipv6_subnet:
305 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
306 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
307 if cls.lb_member_1_ipv6_subnet:
308 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
309 cls.lb_member_1_ipv6_subnet[const.ID]))
310 if cls.lb_member_2_ipv6_subnet:
311 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
312 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]313
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]314 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]315 # Neutron can be slow to clean up ports from the subnets/networks.
316 # Retry this delete a few times if we get a "Conflict" error to give
317 # neutron time to fully cleanup the ports.
318 @tenacity.retry(
319 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
320 wait=tenacity.wait_incrementing(
321 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
322 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
323 def _logging_delete_network(cls, net_id):
324 try:
325 cls.lb_mem_net_client.delete_network(net_id)
326 except Exception:
327 LOG.error('Unable to delete network {}. Active ports:'.format(
328 net_id))
329 LOG.error(cls.lb_mem_ports_client.list_ports())
330 raise
331
332 @classmethod
333 # Neutron can be slow to clean up ports from the subnets/networks.
334 # Retry this delete a few times if we get a "Conflict" error to give
335 # neutron time to fully cleanup the ports.
336 @tenacity.retry(
337 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
338 wait=tenacity.wait_incrementing(
339 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
340 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
341 def _logging_delete_subnet(cls, subnet_id):
342 try:
343 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
344 except Exception:
345 LOG.error('Unable to delete subnet {}. Active ports:'.format(
346 subnet_id))
347 LOG.error(cls.lb_mem_ports_client.list_ports())
348 raise
349
350 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]351 def _create_networks(cls):
352 """Creates networks, subnets, and routers used in tests.
353
354 The following are expected to be defined and available to the tests:
355 cls.lb_member_vip_net
356 cls.lb_member_vip_subnet
357 cls.lb_member_vip_ipv6_subnet (optional)
358 cls.lb_member_1_net
359 cls.lb_member_1_subnet
360 cls.lb_member_1_ipv6_subnet (optional)
361 cls.lb_member_2_net
362 cls.lb_member_2_subnet
363 cls.lb_member_2_ipv6_subnet (optional)
364 """
365
366 # Create tenant VIP network
367 network_kwargs = {
368 'name': data_utils.rand_name("lb_member_vip_network")}
369 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]370 # Note: Allowed Address Pairs requires port security
371 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]372 result = cls.lb_mem_net_client.create_network(**network_kwargs)
373 cls.lb_member_vip_net = result['network']
374 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
375 cls.addClassResourceCleanup(
376 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]377 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]378 cls.lb_mem_net_client.show_network,
379 cls.lb_member_vip_net['id'])
380
381 # Create tenant VIP subnet
382 subnet_kwargs = {
383 'name': data_utils.rand_name("lb_member_vip_subnet"),
384 'network_id': cls.lb_member_vip_net['id'],
385 'cidr': CONF.load_balancer.vip_subnet_cidr,
386 'ip_version': 4}
387 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
388 cls.lb_member_vip_subnet = result['subnet']
389 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
390 cls.addClassResourceCleanup(
391 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]392 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]393 cls.lb_mem_subnet_client.show_subnet,
394 cls.lb_member_vip_subnet['id'])
395
396 # Create tenant VIP IPv6 subnet
397 if CONF.load_balancer.test_with_ipv6:
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]398 cls.lb_member_vip_ipv6_subnet_stateful = False
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]399 cls.lb_member_vip_ipv6_subnet_use_subnetpool = False
400 subnet_kwargs = {
401 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
402 'network_id': cls.lb_member_vip_net['id'],
403 'ip_version': 6}
404
405 # Use a CIDR from devstack's default IPv6 subnetpool if it exists,
406 # the subnetpool's cidr is routable from the devstack node
407 # through the default router
408 subnetpool_name = CONF.load_balancer.default_ipv6_subnetpool
409 if subnetpool_name:
410 subnetpool = cls.os_admin_subnetpools_client.list_subnetpools(
411 name=subnetpool_name)['subnetpools']
412 if len(subnetpool) == 1:
413 subnetpool = subnetpool[0]
414 subnet_kwargs['subnetpool_id'] = subnetpool['id']
415 cls.lb_member_vip_ipv6_subnet_use_subnetpool = True
416
417 if 'subnetpool_id' not in subnet_kwargs:
418 subnet_kwargs['cidr'] = (
419 CONF.load_balancer.vip_ipv6_subnet_cidr)
420
421 result = cls.lb_mem_subnet_client.create_subnet(
422 **subnet_kwargs)
423 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
424 cls.lb_member_vip_ipv6_subnet = result['subnet']
425 cls.addClassResourceCleanup(
426 waiters.wait_for_not_found,
427 cls._logging_delete_subnet,
428 cls.lb_mem_subnet_client.show_subnet,
429 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]430
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]431 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
432 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]433
434 # Create tenant member 1 network
435 network_kwargs = {
436 'name': data_utils.rand_name("lb_member_1_network")}
437 if CONF.network_feature_enabled.port_security:
438 if CONF.load_balancer.enable_security_groups:
439 network_kwargs['port_security_enabled'] = True
440 else:
441 network_kwargs['port_security_enabled'] = False
442 result = cls.lb_mem_net_client.create_network(**network_kwargs)
443 cls.lb_member_1_net = result['network']
444 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
445 cls.addClassResourceCleanup(
446 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]447 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]448 cls.lb_mem_net_client.show_network,
449 cls.lb_member_1_net['id'])
450
451 # Create tenant member 1 subnet
452 subnet_kwargs = {
453 'name': data_utils.rand_name("lb_member_1_subnet"),
454 'network_id': cls.lb_member_1_net['id'],
455 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
456 'ip_version': 4}
457 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
458 cls.lb_member_1_subnet = result['subnet']
459 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
460 cls.addClassResourceCleanup(
461 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]462 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]463 cls.lb_mem_subnet_client.show_subnet,
464 cls.lb_member_1_subnet['id'])
465
466 # Create tenant member 1 ipv6 subnet
467 if CONF.load_balancer.test_with_ipv6:
468 subnet_kwargs = {
469 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
470 'network_id': cls.lb_member_1_net['id'],
471 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
472 'ip_version': 6}
473 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]474 cls.lb_member_1_subnet_prefix = (
475 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
476 )
477 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]478 cls.lb_member_1_ipv6_subnet = result['subnet']
479 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
480 cls.lb_member_1_ipv6_subnet))
481 cls.addClassResourceCleanup(
482 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]483 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]484 cls.lb_mem_subnet_client.show_subnet,
485 cls.lb_member_1_ipv6_subnet['id'])
486
487 # Create tenant member 2 network
488 network_kwargs = {
489 'name': data_utils.rand_name("lb_member_2_network")}
490 if CONF.network_feature_enabled.port_security:
491 if CONF.load_balancer.enable_security_groups:
492 network_kwargs['port_security_enabled'] = True
493 else:
494 network_kwargs['port_security_enabled'] = False
495 result = cls.lb_mem_net_client.create_network(**network_kwargs)
496 cls.lb_member_2_net = result['network']
497 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
498 cls.addClassResourceCleanup(
499 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]500 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]501 cls.lb_mem_net_client.show_network,
502 cls.lb_member_2_net['id'])
503
504 # Create tenant member 2 subnet
505 subnet_kwargs = {
506 'name': data_utils.rand_name("lb_member_2_subnet"),
507 'network_id': cls.lb_member_2_net['id'],
508 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
509 'ip_version': 4}
510 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
511 cls.lb_member_2_subnet = result['subnet']
512 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
513 cls.addClassResourceCleanup(
514 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]515 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]516 cls.lb_mem_subnet_client.show_subnet,
517 cls.lb_member_2_subnet['id'])
518
519 # Create tenant member 2 ipv6 subnet
520 if CONF.load_balancer.test_with_ipv6:
521 subnet_kwargs = {
522 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
523 'network_id': cls.lb_member_2_net['id'],
524 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
525 'ip_version': 6}
526 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]527 cls.lb_member_2_subnet_prefix = (
528 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
529 )
530 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]531 cls.lb_member_2_ipv6_subnet = result['subnet']
532 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
533 cls.lb_member_2_ipv6_subnet))
534 cls.addClassResourceCleanup(
535 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]536 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]537 cls.lb_mem_subnet_client.show_subnet,
538 cls.lb_member_2_ipv6_subnet['id'])
539
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]540 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]541 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
542 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]543 if not ip_version:
544 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]545 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]546 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]547 while ip_index in cls.used_ips:
548 ip_index = data_utils.rand_int_id(start=10, end=100)
549 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]550 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]551 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]552 if CONF.load_balancer.test_with_noop:
553 lb_vip_address = '198.18.33.33'
554 else:
555 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
556 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
557 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]558 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]559 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]560 if CONF.load_balancer.test_with_noop:
561 lb_vip_address = '2001:db8:33:33:33:33:33:33'
562 else:
563 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
564 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
565 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]566 # If the subnet is IPv6 slaac or dhcpv6-stateless
567 # neutron does not allow a fixed IP
568 if not cls.lb_member_vip_ipv6_subnet_stateful:
569 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]570 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]571 if use_fixed_ip:
572 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]573 if CONF.load_balancer.test_with_noop:
574 lb_kwargs[const.VIP_NETWORK_ID] = (
575 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]576 if ip_version == 6:
577 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]578 else:
579 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
580 lb_kwargs[const.VIP_SUBNET_ID] = None
581
ibumarskov3d850c12020-09-03 18:21:29 +0400[diff] [blame]582 @classmethod
583 def check_tf_compatibility(cls, protocol=None, algorithm=None):
584 # TungstenFabric supported protocols and algorithms
Ilya Bumarskov38b0a622021-02-03 16:16:42 +0400[diff] [blame]585 tf_protocols = [const.HTTP, const.HTTPS, const.TCP,
ibumarskov3d850c12020-09-03 18:21:29 +0400[diff] [blame]586 const.TERMINATED_HTTPS]
587 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
588 const.LB_ALGORITHM_LEAST_CONNECTIONS,
589 const.LB_ALGORITHM_SOURCE_IP]
590
591 if algorithm and algorithm not in tf_algorithms:
592 raise cls.skipException(
593 'TungstenFabric does not support {} algorithm.'
594 ''.format(algorithm))
595 if protocol and protocol not in tf_protocols:
596 raise cls.skipException(
597 'TungstenFabric does not support {} protocol.'
598 ''.format(protocol))
599
600 @classmethod
601 def _tf_create_listener(cls, name, proto, port, lb_id):
602 listener_kwargs = {
603 const.NAME: name,
604 const.PROTOCOL: proto,
605 const.PROTOCOL_PORT: port,
606 const.LOADBALANCER_ID: lb_id,
607 }
608 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
609 return listener
610
611 @classmethod
612 def _tf_get_free_port(cls, lb_id):
613 port = 8081
614 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
615 listeners = lb[const.LISTENERS]
616 if not listeners:
617 return port
618 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
619 const.PROTOCOL_PORT] for x in listeners]
620 while port in ports:
621 port = port + 1
622 return port
623
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]624
625class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
626 @classmethod
627 def resource_setup(cls):
628 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
629 # If validation is disabled in this cloud, we won't be able to
630 # start the webservers, so don't even boot them.
631 if not CONF.validation.run_validation:
632 return
633
634 # Create a keypair for the webservers
635 keypair_name = data_utils.rand_name('lb_member_keypair')
636 result = cls.lb_mem_keypairs_client.create_keypair(
637 name=keypair_name)
638 cls.lb_member_keypair = result['keypair']
639 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
640 cls.addClassResourceCleanup(
641 waiters.wait_for_not_found,
642 cls.lb_mem_keypairs_client.delete_keypair,
643 cls.lb_mem_keypairs_client.show_keypair,
644 keypair_name)
645
646 if (CONF.load_balancer.enable_security_groups and
647 CONF.network_feature_enabled.port_security):
648 # Set up the security group for the webservers
649 SG_name = data_utils.rand_name('lb_member_SG')
650 cls.lb_member_sec_group = (
651 cls.lb_mem_SG_client.create_security_group(
652 name=SG_name)['security_group'])
653 cls.addClassResourceCleanup(
654 waiters.wait_for_not_found,
655 cls.lb_mem_SG_client.delete_security_group,
656 cls.lb_mem_SG_client.show_security_group,
657 cls.lb_member_sec_group['id'])
658
659 # Create a security group rule to allow 80-81 (test webservers)
660 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
661 direction='ingress',
662 security_group_id=cls.lb_member_sec_group['id'],
663 protocol='tcp',
664 ethertype='IPv4',
665 port_range_min=80,
666 port_range_max=81)['security_group_rule']
667 cls.addClassResourceCleanup(
668 waiters.wait_for_not_found,
669 cls.lb_mem_SGr_client.delete_security_group_rule,
670 cls.lb_mem_SGr_client.show_security_group_rule,
671 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]672 # Create a security group rule to allow UDP 80-81 (test webservers)
673 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
674 direction='ingress',
675 security_group_id=cls.lb_member_sec_group['id'],
676 protocol='udp',
677 ethertype='IPv4',
678 port_range_min=80,
679 port_range_max=81)['security_group_rule']
680 cls.addClassResourceCleanup(
681 waiters.wait_for_not_found,
682 cls.lb_mem_SGr_client.delete_security_group_rule,
683 cls.lb_mem_SGr_client.show_security_group_rule,
684 SGr['id'])
685 # Create a security group rule to allow UDP 9999 (test webservers)
686 # Port 9999 is used to illustrate health monitor ERRORs on closed
687 # ports.
688 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
689 direction='ingress',
690 security_group_id=cls.lb_member_sec_group['id'],
691 protocol='udp',
692 ethertype='IPv4',
693 port_range_min=9999,
694 port_range_max=9999)['security_group_rule']
695 cls.addClassResourceCleanup(
696 waiters.wait_for_not_found,
697 cls.lb_mem_SGr_client.delete_security_group_rule,
698 cls.lb_mem_SGr_client.show_security_group_rule,
699 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]700 # Create a security group rule to allow 22 (ssh)
701 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
702 direction='ingress',
703 security_group_id=cls.lb_member_sec_group['id'],
704 protocol='tcp',
705 ethertype='IPv4',
706 port_range_min=22,
707 port_range_max=22)['security_group_rule']
708 cls.addClassResourceCleanup(
709 waiters.wait_for_not_found,
710 cls.lb_mem_SGr_client.delete_security_group_rule,
711 cls.lb_mem_SGr_client.show_security_group_rule,
712 SGr['id'])
713 if CONF.load_balancer.test_with_ipv6:
714 # Create a security group rule to allow 80-81 (test webservers)
715 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
716 direction='ingress',
717 security_group_id=cls.lb_member_sec_group['id'],
718 protocol='tcp',
719 ethertype='IPv6',
720 port_range_min=80,
721 port_range_max=81)['security_group_rule']
722 cls.addClassResourceCleanup(
723 waiters.wait_for_not_found,
724 cls.lb_mem_SGr_client.delete_security_group_rule,
725 cls.lb_mem_SGr_client.show_security_group_rule,
726 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]727 # Create a security group rule to allow UDP 80-81 (test
728 # webservers)
729 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
730 direction='ingress',
731 security_group_id=cls.lb_member_sec_group['id'],
732 protocol='udp',
733 ethertype='IPv6',
734 port_range_min=80,
735 port_range_max=81)['security_group_rule']
736 cls.addClassResourceCleanup(
737 waiters.wait_for_not_found,
738 cls.lb_mem_SGr_client.delete_security_group_rule,
739 cls.lb_mem_SGr_client.show_security_group_rule,
740 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]741 # Create a security group rule to allow 22 (ssh)
742 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
743 direction='ingress',
744 security_group_id=cls.lb_member_sec_group['id'],
745 protocol='tcp',
746 ethertype='IPv6',
747 port_range_min=22,
748 port_range_max=22)['security_group_rule']
749 cls.addClassResourceCleanup(
750 waiters.wait_for_not_found,
751 cls.lb_mem_SGr_client.delete_security_group_rule,
752 cls.lb_mem_SGr_client.show_security_group_rule,
753 SGr['id'])
754
755 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
756
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]757 # Setup backend member reencryption PKI
758 cls._create_backend_reencryption_pki()
759
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]760 # Create webserver 1 instance
761 server_details = cls._create_webserver('lb_member_webserver1',
762 cls.lb_member_1_net)
763
764 cls.lb_member_webserver1 = server_details['server']
765 cls.webserver1_ip = server_details.get('ipv4_address')
766 cls.webserver1_ipv6 = server_details.get('ipv6_address')
767 cls.webserver1_public_ip = server_details['public_ipv4_address']
768
769 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
770 cls.lb_member_webserver1[const.ID]))
771 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
772 cls.webserver1_ip))
773 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
774 cls.webserver1_ipv6))
775 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
776 cls.webserver1_public_ip))
777
778 # Create webserver 2 instance
779 server_details = cls._create_webserver('lb_member_webserver2',
780 cls.lb_member_2_net)
781
782 cls.lb_member_webserver2 = server_details['server']
783 cls.webserver2_ip = server_details.get('ipv4_address')
784 cls.webserver2_ipv6 = server_details.get('ipv6_address')
785 cls.webserver2_public_ip = server_details['public_ipv4_address']
786
787 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
788 cls.lb_member_webserver2[const.ID]))
789 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
790 cls.webserver2_ip))
791 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
792 cls.webserver2_ipv6))
793 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
794 cls.webserver2_public_ip))
795
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]796 if CONF.load_balancer.test_with_ipv6:
797 # Enable the IPv6 nic in webserver 1
798 cls._enable_ipv6_nic_webserver(
799 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
800 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
801
802 # Enable the IPv6 nic in webserver 2
803 cls._enable_ipv6_nic_webserver(
804 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
805 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
806
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]807 # Set up serving on webserver 1
808 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]809 cls.lb_member_keypair['private_key'],
810 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]811
812 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]813 cls._validate_webserver(cls.webserver1_public_ip,
814 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]815
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]816 # Validate udp server 1
817 cls._validate_udp_server(cls.webserver1_public_ip,
818 cls.webserver1_response)
819
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]820 # Set up serving on webserver 2
821 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]822 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]823 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]824
825 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]826 cls._validate_webserver(cls.webserver2_public_ip,
827 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]828
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]829 # Validate udp server 2
830 cls._validate_udp_server(cls.webserver2_public_ip,
831 cls.webserver2_response)
832
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]833 @classmethod
834 def _create_networks(cls):
835 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]836 # Create a router for the subnets (required for the floating IP)
837 router_name = data_utils.rand_name("lb_member_router")
838 result = cls.lb_mem_routers_client.create_router(
839 name=router_name, admin_state_up=True,
840 external_gateway_info=dict(
841 network_id=CONF.network.public_network_id))
842 cls.lb_member_router = result['router']
843 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
844 cls.addClassResourceCleanup(
845 waiters.wait_for_not_found,
846 cls.lb_mem_routers_client.delete_router,
847 cls.lb_mem_routers_client.show_router,
848 cls.lb_member_router['id'])
849
850 # Add VIP subnet to router
851 cls.lb_mem_routers_client.add_router_interface(
852 cls.lb_member_router['id'],
853 subnet_id=cls.lb_member_vip_subnet['id'])
854 cls.addClassResourceCleanup(
855 waiters.wait_for_not_found,
856 cls.lb_mem_routers_client.remove_router_interface,
857 cls.lb_mem_routers_client.remove_router_interface,
858 cls.lb_member_router['id'],
859 subnet_id=cls.lb_member_vip_subnet['id'])
860
Gregory Thiemonge54225ad2021-02-04 15:25:17 +0100[diff] [blame]861 if (CONF.load_balancer.test_with_ipv6 and
862 CONF.load_balancer.default_router and
863 cls.lb_member_vip_ipv6_subnet_use_subnetpool):
864
865 router_name = CONF.load_balancer.default_router
866 # if lb_member_vip_ipv6_subnet uses devstack's subnetpool,
867 # plug the subnet into the default router
868 router = cls.os_admin.routers_client.list_routers(
869 name=router_name)['routers']
870
871 if len(router) == 1:
872 router = router[0]
873
874 # Add IPv6 VIP subnet to router1
875 cls.os_admin_routers_client.add_router_interface(
876 router['id'],
877 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
878 cls.addClassResourceCleanup(
879 waiters.wait_for_not_found,
880 cls.os_admin_routers_client.remove_router_interface,
881 cls.os_admin_routers_client.remove_router_interface,
882 router['id'],
883 subnet_id=cls.lb_member_vip_ipv6_subnet['id'])
884
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]885 # Add member subnet 1 to router
886 cls.lb_mem_routers_client.add_router_interface(
887 cls.lb_member_router['id'],
888 subnet_id=cls.lb_member_1_subnet['id'])
889 cls.addClassResourceCleanup(
890 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]891 cls.lb_mem_routers_client.remove_router_interface,
892 cls.lb_mem_routers_client.remove_router_interface,
893 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
894
895 # Add member subnet 2 to router
896 cls.lb_mem_routers_client.add_router_interface(
897 cls.lb_member_router['id'],
898 subnet_id=cls.lb_member_2_subnet['id'])
899 cls.addClassResourceCleanup(
900 waiters.wait_for_not_found,
901 cls.lb_mem_routers_client.remove_router_interface,
902 cls.lb_mem_routers_client.remove_router_interface,
903 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
904
905 @classmethod
906 def _create_webserver(cls, name, network):
907 """Creates a webserver with two ports.
908
909 webserver_details dictionary contains:
910 server - The compute server object
911 ipv4_address - The IPv4 address for the server (optional)
912 ipv6_address - The IPv6 address for the server (optional)
913 public_ipv4_address - The publicly accessible IPv4 address for the
914 server, this may be a floating IP (optional)
915
916 :param name: The name of the server to create.
917 :param network: The network to boot the server on.
918 :returns: webserver_details dictionary.
919 """
920 server_kwargs = {
921 'name': data_utils.rand_name(name),
922 'flavorRef': CONF.compute.flavor_ref,
923 'imageRef': CONF.compute.image_ref,
924 'key_name': cls.lb_member_keypair['name']}
925 if (CONF.load_balancer.enable_security_groups and
926 CONF.network_feature_enabled.port_security):
927 server_kwargs['security_groups'] = [
928 {'name': cls.lb_member_sec_group['name']}]
929 if not CONF.load_balancer.disable_boot_network:
930 server_kwargs['networks'] = [{'uuid': network['id']}]
931
932 # Replace the name for clouds that have limitations
933 if CONF.load_balancer.random_server_name_length:
934 r = random.SystemRandom()
935 server_kwargs['name'] = "m{}".format("".join(
936 [r.choice(string.ascii_uppercase + string.digits)
937 for _ in range(
938 CONF.load_balancer.random_server_name_length - 1)]
939 ))
940 if CONF.load_balancer.availability_zone:
941 server_kwargs['availability_zone'] = (
942 CONF.load_balancer.availability_zone)
943
944 server = cls.lb_mem_servers_client.create_server(
945 **server_kwargs)['server']
946 cls.addClassResourceCleanup(
947 waiters.wait_for_not_found,
948 cls.lb_mem_servers_client.delete_server,
949 cls.lb_mem_servers_client.show_server,
950 server['id'])
951 server = waiters.wait_for_status(
952 cls.lb_mem_servers_client.show_server,
953 server['id'], 'status', 'ACTIVE',
954 CONF.load_balancer.build_interval,
955 CONF.load_balancer.build_timeout,
956 root_tag='server')
957 webserver_details = {'server': server}
958 LOG.info('Created server: {}'.format(server))
959
960 addresses = server['addresses']
961 if CONF.load_balancer.disable_boot_network:
962 instance_network = addresses.values()[0]
963 else:
964 instance_network = addresses[network['name']]
965 for addr in instance_network:
966 if addr['version'] == 4:
967 webserver_details['ipv4_address'] = addr['addr']
968 if addr['version'] == 6:
969 webserver_details['ipv6_address'] = addr['addr']
970
971 if CONF.validation.connect_method == 'floating':
972 result = cls.lb_mem_ports_client.list_ports(
973 network_id=network['id'],
974 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
975 port_id = result['ports'][0]['id']
976 result = cls.lb_mem_float_ip_client.create_floatingip(
977 floating_network_id=CONF.network.public_network_id,
978 port_id=port_id)
979 floating_ip = result['floatingip']
980 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
981 cls.addClassResourceCleanup(
982 waiters.wait_for_not_found,
983 cls.lb_mem_float_ip_client.delete_floatingip,
984 cls.lb_mem_float_ip_client.show_floatingip,
985 floatingip_id=floating_ip['id'])
986 webserver_details['public_ipv4_address'] = (
987 floating_ip['floating_ip_address'])
988 else:
989 webserver_details['public_ipv4_address'] = (
990 instance_network[0]['addr'])
991
992 return webserver_details
993
994 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]995 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
996 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]997 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]998
999 linux_client = remote_client.RemoteClient(
1000 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
1001 linux_client.validate_authentication()
1002
1003 with tempfile.NamedTemporaryFile() as key:
1004 key.write(ssh_key.encode('utf-8'))
1005 key.flush()
1006 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1007 "-o StrictHostKeyChecking=no "
1008 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1009 "-i {2} {3} {4}@{5}:{6}").format(
1010 CONF.load_balancer.scp_connection_timeout,
1011 CONF.load_balancer.scp_connection_attempts,
1012 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1013 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1014 args = shlex.split(cmd)
1015 subprocess_args = {'stdout': subprocess.PIPE,
1016 'stderr': subprocess.STDOUT,
1017 'cwd': None}
1018 proc = subprocess.Popen(args, **subprocess_args)
1019 stdout, stderr = proc.communicate()
1020 if proc.returncode != 0:
1021 raise exceptions.CommandFailed(proc.returncode, cmd,
1022 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1023
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1024 cls._load_member_pki_content(ip_address, key,
1025 revoke_cert=revoke_cert)
1026
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]1027 # Enabling memory overcommit allows to run golang static binaries
1028 # compiled with a recent golang toolchain (>=1.11). Those binaries
1029 # allocate a large amount of virtual memory at init time, and this
1030 # allocation fails in tempest's nano flavor (64MB of RAM)
1031 # (golang issue reported in https://github.com/golang/go/issues/28114,
1032 # follow-up: https://github.com/golang/go/issues/28081)
1033 # TODO(gthiemonge): Remove this call when golang issue is resolved.
1034 linux_client.exec_command('sudo sh -c "echo 1 > '
1035 '/proc/sys/vm/overcommit_memory"')
1036
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1037 # The initial process also supports HTTPS and HTTPS with client auth
1038 linux_client.exec_command(
1039 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
1040 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
1041 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
1042 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
1043
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1044 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1045 '-id {1}'.format(const.TEST_SERVER_BINARY,
1046 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1047
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]1048 # Cirros does not configure the assigned IPv6 address by default
1049 # so enable it manually like tempest does here:
1050 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
1051 @classmethod
1052 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
1053 ipv6_address, ipv6_prefix):
1054 linux_client = remote_client.RemoteClient(
1055 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
1056 linux_client.validate_authentication()
1057
1058 linux_client.exec_command('sudo ip address add {0}/{1} dev '
1059 'eth0'.format(ipv6_address, ipv6_prefix))
1060
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]1061 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1062 def _validate_webserver(cls, ip_address, start_id):
1063 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1064 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1065 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1066 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1067
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1068 @classmethod
1069 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1070 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1071 if res != str(start_id):
1072 raise Exception("Response from test server doesn't match the "
1073 "expected value ({0} != {1}).".format(
1074 res, str(start_id)))
1075
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]1076 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]1077 if res != str(start_id + 1):
1078 raise Exception("Response from test server doesn't match the "
1079 "expected value ({0} != {1}).".format(
1080 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]1081
1082 @classmethod
1083 def _create_backend_reencryption_pki(cls):
1084 # Create a CA self-signed cert and key for the member test servers
1085 cls.member_ca_cert, cls.member_ca_key = (
1086 cert_utils.generate_ca_cert_and_key())
1087
1088 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
1089 serialization.Encoding.PEM))
1090 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
1091 encoding=serialization.Encoding.PEM,
1092 format=serialization.PrivateFormat.TraditionalOpenSSL,
1093 encryption_algorithm=serialization.NoEncryption()))
1094 LOG.debug('Member CA public Key: %s',
1095 cls.member_ca_key.public_key().public_bytes(
1096 encoding=serialization.Encoding.PEM,
1097 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1098
1099 # Create the member client authentication CA
1100 cls.member_client_ca_cert, member_client_ca_key = (
1101 cert_utils.generate_ca_cert_and_key())
1102
1103 # Create client cert and key
1104 cls.member_client_cn = uuidutils.generate_uuid()
1105 cls.member_client_cert, cls.member_client_key = (
1106 cert_utils.generate_client_cert_and_key(
1107 cls.member_client_ca_cert, member_client_ca_key,
1108 cls.member_client_cn))
1109 # Note: We are not revoking a client cert here as we don't need to
1110 # test the backend web server CRL checking.
1111
1112 @classmethod
1113 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1114 # Create webserver certificate and key
1115 cert, key = cert_utils.generate_server_cert_and_key(
1116 cls.member_ca_cert, cls.member_ca_key, ip_address)
1117
1118 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1119 serialization.Encoding.PEM))
1120 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1121 encoding=serialization.Encoding.PEM,
1122 format=serialization.PrivateFormat.TraditionalOpenSSL,
1123 encryption_algorithm=serialization.NoEncryption()))
1124 public_key = key.public_key()
1125 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1126 encoding=serialization.Encoding.PEM,
1127 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1128
1129 # Create a CRL with a revoked certificate
1130 if revoke_cert:
1131 # Create a CRL with webserver 2 revoked
1132 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1133 cls.member_ca_cert, cls.member_ca_key, cert)
1134
1135 # Load the certificate, key, and client CA certificate into the
1136 # test server.
1137 with tempfile.TemporaryDirectory() as tmpdir:
1138 os.umask(0)
1139 files_to_send = []
1140 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1141 files_to_send.append(cert_filename)
1142 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1143 0o700), 'w') as fh:
1144 fh.write(cert.public_bytes(
1145 serialization.Encoding.PEM).decode('utf-8'))
1146 fh.flush()
1147 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1148 files_to_send.append(key_filename)
1149 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1150 0o700), 'w') as fh:
1151 fh.write(key.private_bytes(
1152 encoding=serialization.Encoding.PEM,
1153 format=serialization.PrivateFormat.TraditionalOpenSSL,
1154 encryption_algorithm=serialization.NoEncryption()).decode(
1155 'utf-8'))
1156 fh.flush()
1157 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1158 files_to_send.append(client_ca_filename)
1159 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1160 0o700), 'w') as fh:
1161 fh.write(cls.member_client_ca_cert.public_bytes(
1162 serialization.Encoding.PEM).decode('utf-8'))
1163 fh.flush()
1164
1165 # For security, we don't want to use a shell that can glob
1166 # the file names, so iterate over them.
1167 subprocess_args = {'stdout': subprocess.PIPE,
1168 'stderr': subprocess.STDOUT,
1169 'cwd': None}
1170 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1171 "-o StrictHostKeyChecking=no "
1172 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1173 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1174 CONF.load_balancer.scp_connection_timeout,
1175 CONF.load_balancer.scp_connection_attempts,
1176 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1177 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1178 args = shlex.split(cmd)
1179 proc = subprocess.Popen(args, **subprocess_args)
1180 stdout, stderr = proc.communicate()
1181 if proc.returncode != 0:
1182 raise exceptions.CommandFailed(proc.returncode, cmd,
1183 stdout, stderr)