Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / f2a2b50c139fd16e13ebae81e63291de19fb369e / . / octavia_tempest_plugin / tests / test_base.py
blob: 69d7d6b3a099ca1270d33d537e7224adbd97df26 [file] [log] [blame]
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]1# Copyright 2018 Rackspace US Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15import ipaddress
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]16import os
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]17import random
18import shlex
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]19import string
20import subprocess
21import tempfile
22
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]23from cryptography.hazmat.primitives import serialization
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]24from oslo_log import log as logging
25from oslo_utils import uuidutils
26from tempest import config
27from tempest.lib.common.utils import data_utils
28from tempest.lib.common.utils.linux import remote_client
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]29from tempest.lib import exceptions
30from tempest import test
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]31import tenacity
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]32
33from octavia_tempest_plugin import clients
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]34from octavia_tempest_plugin.common import cert_utils
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]35from octavia_tempest_plugin.common import constants as const
36from octavia_tempest_plugin.tests import validators
37from octavia_tempest_plugin.tests import waiters
38
39CONF = config.CONF
40LOG = logging.getLogger(__name__)
41
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]42RETRY_ATTEMPTS = 15
43RETRY_INITIAL_DELAY = 1
44RETRY_BACKOFF = 1
45RETRY_MAX = 5
46
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]47
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]48class LoadBalancerBaseTest(validators.ValidatorsMixin, test.BaseTestCase):
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]49 """Base class for load balancer tests."""
50
51 # Setup cls.os_roles_lb_member. cls.os_primary, cls.os_roles_lb_member,
52 # and cls.os_roles_lb_admin credentials.
53 credentials = ['admin', 'primary',
54 ['lb_member', CONF.load_balancer.member_role],
55 ['lb_member2', CONF.load_balancer.member_role],
56 ['lb_admin', CONF.load_balancer.admin_role]]
57
58 client_manager = clients.ManagerV2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]59 webserver1_response = 1
60 webserver2_response = 5
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]61 used_ips = []
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]62
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]63 SRC_PORT_NUMBER_MIN = 32768
64 SRC_PORT_NUMBER_MAX = 61000
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]65 src_port_number = SRC_PORT_NUMBER_MIN
66
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]67 @classmethod
68 def skip_checks(cls):
69 """Check if we should skip all of the children tests."""
70 super(LoadBalancerBaseTest, cls).skip_checks()
71
72 service_list = {
73 'load_balancer': CONF.service_available.load_balancer,
74 }
75
76 live_service_list = {
77 'compute': CONF.service_available.nova,
78 'image': CONF.service_available.glance,
79 'neutron': CONF.service_available.neutron
80 }
81
82 if not CONF.load_balancer.test_with_noop:
83 service_list.update(live_service_list)
84
85 for service, available in service_list.items():
86 if not available:
zhangzs2a6cf672018-11-10 16:13:11 +0800[diff] [blame]87 skip_msg = ("{0} skipped as {1} service is not "
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]88 "available.".format(cls.__name__, service))
89 raise cls.skipException(skip_msg)
90
91 # We must be able to reach our VIP and instances
92 if not (CONF.network.project_networks_reachable
93 or CONF.network.public_network_id):
94 msg = ('Either project_networks_reachable must be "true", or '
95 'public_network_id must be defined.')
96 raise cls.skipException(msg)
97
98 @classmethod
99 def setup_credentials(cls):
100 """Setup test credentials and network resources."""
101 # Do not auto create network resources
102 cls.set_network_resources()
103 super(LoadBalancerBaseTest, cls).setup_credentials()
104
105 @classmethod
106 def setup_clients(cls):
107 """Setup client aliases."""
108 super(LoadBalancerBaseTest, cls).setup_clients()
109 cls.lb_mem_float_ip_client = cls.os_roles_lb_member.floating_ips_client
110 cls.lb_mem_keypairs_client = cls.os_roles_lb_member.keypairs_client
111 cls.lb_mem_net_client = cls.os_roles_lb_member.networks_client
112 cls.lb_mem_ports_client = cls.os_roles_lb_member.ports_client
113 cls.lb_mem_routers_client = cls.os_roles_lb_member.routers_client
114 cls.lb_mem_SG_client = cls.os_roles_lb_member.security_groups_client
115 cls.lb_mem_SGr_client = (
116 cls.os_roles_lb_member.security_group_rules_client)
117 cls.lb_mem_servers_client = cls.os_roles_lb_member.servers_client
118 cls.lb_mem_subnet_client = cls.os_roles_lb_member.subnets_client
119 cls.mem_lb_client = cls.os_roles_lb_member.loadbalancer_client
Jude Crossfbbd2b42017-08-09 15:21:04 -0700[diff] [blame]120 cls.mem_listener_client = cls.os_roles_lb_member.listener_client
Adam Harwell8ffce3e2018-05-01 21:18:44 -0700[diff] [blame]121 cls.mem_pool_client = cls.os_roles_lb_member.pool_client
Adam Harwellde3e0542018-05-03 18:21:06 -0700[diff] [blame]122 cls.mem_member_client = cls.os_roles_lb_member.member_client
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]123 cls.mem_healthmonitor_client = (
124 cls.os_roles_lb_member.healthmonitor_client)
Adam Harwell446f8be2018-05-24 16:51:03 -0700[diff] [blame]125 cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]126 cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
Michael Johnson2b10e0a2019-01-25 15:42:13 -0800[diff] [blame]127 cls.lb_admin_amphora_client = cls.os_roles_lb_admin.amphora_client
Michael Johnsonaff2e862019-01-11 16:38:00 -0800[diff] [blame]128 cls.lb_admin_flavor_profile_client = (
129 cls.os_roles_lb_admin.flavor_profile_client)
Michael Johnsona2d03072019-01-14 17:18:21 -0800[diff] [blame]130 cls.lb_admin_flavor_client = cls.os_roles_lb_admin.flavor_client
131 cls.mem_flavor_client = cls.os_roles_lb_member.flavor_client
Michael Johnsonfc223fe2019-01-15 16:40:05 -0800[diff] [blame]132 cls.mem_provider_client = cls.os_roles_lb_member.provider_client
Carlos Goncalvesc2e12162019-02-14 23:57:44 +0100[diff] [blame]133 cls.os_admin_servers_client = cls.os_admin.servers_client
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]134 cls.lb_admin_flavor_capabilities_client = (
Michael Johnson77df0322019-01-15 18:27:58 -0800[diff] [blame]135 cls.os_roles_lb_admin.flavor_capabilities_client)
Adam Harwellc2aa20c2019-11-20 11:15:07 -0800[diff] [blame]136 cls.lb_admin_availability_zone_capabilities_client = (
137 cls.os_roles_lb_admin.availability_zone_capabilities_client)
138 cls.lb_admin_availability_zone_profile_client = (
139 cls.os_roles_lb_admin.availability_zone_profile_client)
140 cls.lb_admin_availability_zone_client = (
141 cls.os_roles_lb_admin.availability_zone_client)
142 cls.mem_availability_zone_client = (
143 cls.os_roles_lb_member.availability_zone_client)
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]144
145 @classmethod
146 def resource_setup(cls):
147 """Setup resources needed by the tests."""
148 super(LoadBalancerBaseTest, cls).resource_setup()
149
150 conf_lb = CONF.load_balancer
151
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]152 cls.api_version = cls.mem_lb_client.get_max_api_version()
153
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]154 if conf_lb.test_subnet_override and not conf_lb.test_network_override:
155 raise exceptions.InvalidConfiguration(
156 "Configuration value test_network_override must be "
157 "specified if test_subnet_override is used.")
158
Michael Johnson6a9236a2020-08-04 23:54:54 +0000[diff] [blame]159 # TODO(johnsom) Remove this
Maciej Józefczykb6df5f82019-12-10 10:12:30 +0000[diff] [blame]160 # Get loadbalancing algorithms supported by provider driver.
161 try:
162 algorithms = const.SUPPORTED_LB_ALGORITHMS[
163 CONF.load_balancer.provider]
164 except KeyError:
165 algorithms = const.SUPPORTED_LB_ALGORITHMS['default']
166 # Set default algorithm as first from the list.
167 cls.lb_algorithm = algorithms[0]
168
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]169 show_subnet = cls.lb_mem_subnet_client.show_subnet
170 if CONF.load_balancer.test_with_noop:
171 cls.lb_member_vip_net = {'id': uuidutils.generate_uuid()}
172 cls.lb_member_vip_subnet = {'id': uuidutils.generate_uuid()}
173 cls.lb_member_1_net = {'id': uuidutils.generate_uuid()}
174 cls.lb_member_1_subnet = {'id': uuidutils.generate_uuid()}
175 cls.lb_member_2_net = {'id': uuidutils.generate_uuid()}
176 cls.lb_member_2_subnet = {'id': uuidutils.generate_uuid()}
177 if CONF.load_balancer.test_with_ipv6:
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]178 cls.lb_member_vip_ipv6_net = {'id': uuidutils.generate_uuid()}
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]179 cls.lb_member_vip_ipv6_subnet = {'id':
180 uuidutils.generate_uuid()}
181 cls.lb_member_1_ipv6_subnet = {'id': uuidutils.generate_uuid()}
182 cls.lb_member_2_ipv6_subnet = {'id': uuidutils.generate_uuid()}
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]183 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]184 return
185 elif CONF.load_balancer.test_network_override:
186 if conf_lb.test_subnet_override:
187 override_subnet = show_subnet(conf_lb.test_subnet_override)
188 else:
189 override_subnet = None
190
191 show_net = cls.lb_mem_net_client.show_network
192 override_network = show_net(conf_lb.test_network_override)
193 override_network = override_network.get('network')
194
195 cls.lb_member_vip_net = override_network
196 cls.lb_member_vip_subnet = override_subnet
197 cls.lb_member_1_net = override_network
198 cls.lb_member_1_subnet = override_subnet
199 cls.lb_member_2_net = override_network
200 cls.lb_member_2_subnet = override_subnet
201
202 if (CONF.load_balancer.test_with_ipv6 and
203 conf_lb.test_IPv6_subnet_override):
204 override_ipv6_subnet = show_subnet(
205 conf_lb.test_IPv6_subnet_override)
206 cls.lb_member_vip_ipv6_subnet = override_ipv6_subnet
207 cls.lb_member_1_ipv6_subnet = override_ipv6_subnet
208 cls.lb_member_2_ipv6_subnet = override_ipv6_subnet
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]209 cls.lb_member_vip_ipv6_subnet_stateful = False
210 if (override_ipv6_subnet[0]['ipv6_address_mode'] ==
211 'dhcpv6-stateful'):
212 cls.lb_member_vip_ipv6_subnet_stateful = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]213 else:
214 cls.lb_member_vip_ipv6_subnet = None
215 cls.lb_member_1_ipv6_subnet = None
216 cls.lb_member_2_ipv6_subnet = None
217 else:
218 cls._create_networks()
219
220 LOG.debug('Octavia Setup: lb_member_vip_net = {}'.format(
221 cls.lb_member_vip_net[const.ID]))
222 if cls.lb_member_vip_subnet:
223 LOG.debug('Octavia Setup: lb_member_vip_subnet = {}'.format(
224 cls.lb_member_vip_subnet[const.ID]))
225 LOG.debug('Octavia Setup: lb_member_1_net = {}'.format(
226 cls.lb_member_1_net[const.ID]))
227 if cls.lb_member_1_subnet:
228 LOG.debug('Octavia Setup: lb_member_1_subnet = {}'.format(
229 cls.lb_member_1_subnet[const.ID]))
230 LOG.debug('Octavia Setup: lb_member_2_net = {}'.format(
231 cls.lb_member_2_net[const.ID]))
232 if cls.lb_member_2_subnet:
233 LOG.debug('Octavia Setup: lb_member_2_subnet = {}'.format(
234 cls.lb_member_2_subnet[const.ID]))
Michael Johnson124ba8b2018-08-30 16:06:05 -0700[diff] [blame]235 if CONF.load_balancer.test_with_ipv6:
236 if cls.lb_member_vip_ipv6_subnet:
237 LOG.debug('Octavia Setup: lb_member_vip_ipv6_subnet = '
238 '{}'.format(cls.lb_member_vip_ipv6_subnet[const.ID]))
239 if cls.lb_member_1_ipv6_subnet:
240 LOG.debug('Octavia Setup: lb_member_1_ipv6_subnet = {}'.format(
241 cls.lb_member_1_ipv6_subnet[const.ID]))
242 if cls.lb_member_2_ipv6_subnet:
243 LOG.debug('Octavia Setup: lb_member_2_ipv6_subnet = {}'.format(
244 cls.lb_member_2_ipv6_subnet[const.ID]))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]245
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]246 @classmethod
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]247 # Neutron can be slow to clean up ports from the subnets/networks.
248 # Retry this delete a few times if we get a "Conflict" error to give
249 # neutron time to fully cleanup the ports.
250 @tenacity.retry(
251 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
252 wait=tenacity.wait_incrementing(
253 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
254 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
255 def _logging_delete_network(cls, net_id):
256 try:
257 cls.lb_mem_net_client.delete_network(net_id)
258 except Exception:
259 LOG.error('Unable to delete network {}. Active ports:'.format(
260 net_id))
261 LOG.error(cls.lb_mem_ports_client.list_ports())
262 raise
263
264 @classmethod
265 # Neutron can be slow to clean up ports from the subnets/networks.
266 # Retry this delete a few times if we get a "Conflict" error to give
267 # neutron time to fully cleanup the ports.
268 @tenacity.retry(
269 retry=tenacity.retry_if_exception_type(exceptions.Conflict),
270 wait=tenacity.wait_incrementing(
271 RETRY_INITIAL_DELAY, RETRY_BACKOFF, RETRY_MAX),
272 stop=tenacity.stop_after_attempt(RETRY_ATTEMPTS))
273 def _logging_delete_subnet(cls, subnet_id):
274 try:
275 cls.lb_mem_subnet_client.delete_subnet(subnet_id)
276 except Exception:
277 LOG.error('Unable to delete subnet {}. Active ports:'.format(
278 subnet_id))
279 LOG.error(cls.lb_mem_ports_client.list_ports())
280 raise
281
282 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]283 def _create_networks(cls):
284 """Creates networks, subnets, and routers used in tests.
285
286 The following are expected to be defined and available to the tests:
287 cls.lb_member_vip_net
288 cls.lb_member_vip_subnet
289 cls.lb_member_vip_ipv6_subnet (optional)
290 cls.lb_member_1_net
291 cls.lb_member_1_subnet
292 cls.lb_member_1_ipv6_subnet (optional)
293 cls.lb_member_2_net
294 cls.lb_member_2_subnet
295 cls.lb_member_2_ipv6_subnet (optional)
296 """
297
298 # Create tenant VIP network
299 network_kwargs = {
300 'name': data_utils.rand_name("lb_member_vip_network")}
301 if CONF.network_feature_enabled.port_security:
Andreas Jaeger4215b702020-03-28 20:13:46 +0100[diff] [blame]302 # Note: Allowed Address Pairs requires port security
303 network_kwargs['port_security_enabled'] = True
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]304 result = cls.lb_mem_net_client.create_network(**network_kwargs)
305 cls.lb_member_vip_net = result['network']
306 LOG.info('lb_member_vip_net: {}'.format(cls.lb_member_vip_net))
307 cls.addClassResourceCleanup(
308 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]309 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]310 cls.lb_mem_net_client.show_network,
311 cls.lb_member_vip_net['id'])
312
313 # Create tenant VIP subnet
314 subnet_kwargs = {
315 'name': data_utils.rand_name("lb_member_vip_subnet"),
316 'network_id': cls.lb_member_vip_net['id'],
317 'cidr': CONF.load_balancer.vip_subnet_cidr,
318 'ip_version': 4}
319 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
320 cls.lb_member_vip_subnet = result['subnet']
321 LOG.info('lb_member_vip_subnet: {}'.format(cls.lb_member_vip_subnet))
322 cls.addClassResourceCleanup(
323 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]324 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]325 cls.lb_mem_subnet_client.show_subnet,
326 cls.lb_member_vip_subnet['id'])
327
328 # Create tenant VIP IPv6 subnet
329 if CONF.load_balancer.test_with_ipv6:
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]330 # See if ipv6-private-subnet exists and use it if so.
331 priv_ipv6_subnet = cls.os_admin.subnets_client.list_subnets(
332 name='ipv6-private-subnet')['subnets']
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]333
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]334 cls.lb_member_vip_ipv6_subnet_stateful = False
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]335 if len(priv_ipv6_subnet) == 1:
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]336 if (priv_ipv6_subnet[0]['ipv6_address_mode'] ==
337 'dhcpv6-stateful'):
338 cls.lb_member_vip_ipv6_subnet_stateful = True
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]339 cls.lb_member_vip_ipv6_subnet = priv_ipv6_subnet[0]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]340 cls.lb_member_vip_ipv6_net = {
Adam Harwell2b9432f2019-05-02 13:56:09 -0600[diff] [blame]341 'id': priv_ipv6_subnet[0]['network_id']}
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]342 else:
343 subnet_kwargs = {
344 'name': data_utils.rand_name("lb_member_vip_ipv6_subnet"),
345 'network_id': cls.lb_member_vip_net['id'],
346 'cidr': CONF.load_balancer.vip_ipv6_subnet_cidr,
347 'ip_version': 6}
348 result = cls.lb_mem_subnet_client.create_subnet(
349 **subnet_kwargs)
Michael Johnson7c5b9012019-05-28 11:02:29 -0700[diff] [blame]350 cls.lb_member_vip_ipv6_net = cls.lb_member_vip_net
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]351 cls.lb_member_vip_ipv6_subnet = result['subnet']
352 cls.addClassResourceCleanup(
353 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]354 cls._logging_delete_subnet,
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]355 cls.lb_mem_subnet_client.show_subnet,
356 cls.lb_member_vip_ipv6_subnet['id'])
Carlos Goncalves84af48c2019-07-25 15:51:30 +0200[diff] [blame]357
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]358 LOG.info('lb_member_vip_ipv6_subnet: {}'.format(
359 cls.lb_member_vip_ipv6_subnet))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]360
361 # Create tenant member 1 network
362 network_kwargs = {
363 'name': data_utils.rand_name("lb_member_1_network")}
364 if CONF.network_feature_enabled.port_security:
365 if CONF.load_balancer.enable_security_groups:
366 network_kwargs['port_security_enabled'] = True
367 else:
368 network_kwargs['port_security_enabled'] = False
369 result = cls.lb_mem_net_client.create_network(**network_kwargs)
370 cls.lb_member_1_net = result['network']
371 LOG.info('lb_member_1_net: {}'.format(cls.lb_member_1_net))
372 cls.addClassResourceCleanup(
373 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]374 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]375 cls.lb_mem_net_client.show_network,
376 cls.lb_member_1_net['id'])
377
378 # Create tenant member 1 subnet
379 subnet_kwargs = {
380 'name': data_utils.rand_name("lb_member_1_subnet"),
381 'network_id': cls.lb_member_1_net['id'],
382 'cidr': CONF.load_balancer.member_1_ipv4_subnet_cidr,
383 'ip_version': 4}
384 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
385 cls.lb_member_1_subnet = result['subnet']
386 LOG.info('lb_member_1_subnet: {}'.format(cls.lb_member_1_subnet))
387 cls.addClassResourceCleanup(
388 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]389 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]390 cls.lb_mem_subnet_client.show_subnet,
391 cls.lb_member_1_subnet['id'])
392
393 # Create tenant member 1 ipv6 subnet
394 if CONF.load_balancer.test_with_ipv6:
395 subnet_kwargs = {
396 'name': data_utils.rand_name("lb_member_1_ipv6_subnet"),
397 'network_id': cls.lb_member_1_net['id'],
398 'cidr': CONF.load_balancer.member_1_ipv6_subnet_cidr,
399 'ip_version': 6}
400 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]401 cls.lb_member_1_subnet_prefix = (
402 CONF.load_balancer.member_1_ipv6_subnet_cidr.rpartition('/')[2]
403 )
404 assert(cls.lb_member_1_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]405 cls.lb_member_1_ipv6_subnet = result['subnet']
406 LOG.info('lb_member_1_ipv6_subnet: {}'.format(
407 cls.lb_member_1_ipv6_subnet))
408 cls.addClassResourceCleanup(
409 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]410 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]411 cls.lb_mem_subnet_client.show_subnet,
412 cls.lb_member_1_ipv6_subnet['id'])
413
414 # Create tenant member 2 network
415 network_kwargs = {
416 'name': data_utils.rand_name("lb_member_2_network")}
417 if CONF.network_feature_enabled.port_security:
418 if CONF.load_balancer.enable_security_groups:
419 network_kwargs['port_security_enabled'] = True
420 else:
421 network_kwargs['port_security_enabled'] = False
422 result = cls.lb_mem_net_client.create_network(**network_kwargs)
423 cls.lb_member_2_net = result['network']
424 LOG.info('lb_member_2_net: {}'.format(cls.lb_member_2_net))
425 cls.addClassResourceCleanup(
426 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]427 cls._logging_delete_network,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]428 cls.lb_mem_net_client.show_network,
429 cls.lb_member_2_net['id'])
430
431 # Create tenant member 2 subnet
432 subnet_kwargs = {
433 'name': data_utils.rand_name("lb_member_2_subnet"),
434 'network_id': cls.lb_member_2_net['id'],
435 'cidr': CONF.load_balancer.member_2_ipv4_subnet_cidr,
436 'ip_version': 4}
437 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
438 cls.lb_member_2_subnet = result['subnet']
439 LOG.info('lb_member_2_subnet: {}'.format(cls.lb_member_2_subnet))
440 cls.addClassResourceCleanup(
441 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]442 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]443 cls.lb_mem_subnet_client.show_subnet,
444 cls.lb_member_2_subnet['id'])
445
446 # Create tenant member 2 ipv6 subnet
447 if CONF.load_balancer.test_with_ipv6:
448 subnet_kwargs = {
449 'name': data_utils.rand_name("lb_member_2_ipv6_subnet"),
450 'network_id': cls.lb_member_2_net['id'],
451 'cidr': CONF.load_balancer.member_2_ipv6_subnet_cidr,
452 'ip_version': 6}
453 result = cls.lb_mem_subnet_client.create_subnet(**subnet_kwargs)
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]454 cls.lb_member_2_subnet_prefix = (
455 CONF.load_balancer.member_2_ipv6_subnet_cidr.rpartition('/')[2]
456 )
457 assert(cls.lb_member_2_subnet_prefix.isdigit())
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]458 cls.lb_member_2_ipv6_subnet = result['subnet']
459 LOG.info('lb_member_2_ipv6_subnet: {}'.format(
460 cls.lb_member_2_ipv6_subnet))
461 cls.addClassResourceCleanup(
462 waiters.wait_for_not_found,
Michael Johnson04dc5cb2019-01-20 11:03:50 -0800[diff] [blame]463 cls._logging_delete_subnet,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]464 cls.lb_mem_subnet_client.show_subnet,
465 cls.lb_member_2_ipv6_subnet['id'])
466
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]467 @classmethod
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]468 def _setup_lb_network_kwargs(cls, lb_kwargs, ip_version=None,
469 use_fixed_ip=False):
Adam Harwell60ed9d92018-05-10 13:23:13 -0700[diff] [blame]470 if not ip_version:
471 ip_version = 6 if CONF.load_balancer.test_with_ipv6 else 4
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]472 if cls.lb_member_vip_subnet or cls.lb_member_vip_ipv6_subnet:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]473 ip_index = data_utils.rand_int_id(start=10, end=100)
Michael Johnsondfd818a2018-08-21 20:54:54 -0700[diff] [blame]474 while ip_index in cls.used_ips:
475 ip_index = data_utils.rand_int_id(start=10, end=100)
476 cls.used_ips.append(ip_index)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]477 if ip_version == 4:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]478 subnet_id = cls.lb_member_vip_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]479 if CONF.load_balancer.test_with_noop:
480 lb_vip_address = '198.18.33.33'
481 else:
482 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
483 network = ipaddress.IPv4Network(subnet['subnet']['cidr'])
484 lb_vip_address = str(network[ip_index])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]485 else:
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]486 subnet_id = cls.lb_member_vip_ipv6_subnet[const.ID]
Michael Johnson5a16ad32018-10-18 14:49:11 -0700[diff] [blame]487 if CONF.load_balancer.test_with_noop:
488 lb_vip_address = '2001:db8:33:33:33:33:33:33'
489 else:
490 subnet = cls.os_admin.subnets_client.show_subnet(subnet_id)
491 network = ipaddress.IPv6Network(subnet['subnet']['cidr'])
492 lb_vip_address = str(network[ip_index])
Michael Johnson590fbe12019-07-03 14:30:01 -0700[diff] [blame]493 # If the subnet is IPv6 slaac or dhcpv6-stateless
494 # neutron does not allow a fixed IP
495 if not cls.lb_member_vip_ipv6_subnet_stateful:
496 use_fixed_ip = False
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]497 lb_kwargs[const.VIP_SUBNET_ID] = subnet_id
Michael Johnson07c9a632018-06-07 13:27:42 -0700[diff] [blame]498 if use_fixed_ip:
499 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]500 if CONF.load_balancer.test_with_noop:
501 lb_kwargs[const.VIP_NETWORK_ID] = (
502 cls.lb_member_vip_net[const.ID])
Carlos Goncalvesbb238552020-01-15 10:10:55 +0000[diff] [blame]503 if ip_version == 6:
504 lb_kwargs[const.VIP_ADDRESS] = lb_vip_address
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]505 else:
506 lb_kwargs[const.VIP_NETWORK_ID] = cls.lb_member_vip_net[const.ID]
507 lb_kwargs[const.VIP_SUBNET_ID] = None
508
ibumarskovf2a2b502020-09-03 18:21:29 +0400[diff] [blame^]509 @classmethod
510 def check_tf_compatibility(cls, protocol=None, algorithm=None):
511 # TungstenFabric supported protocols and algorithms
512 tf_protocols = [const.HTTP, const.HTTPS, const.TCP, const.UDP,
513 const.TERMINATED_HTTPS]
514 tf_algorithms = [const.LB_ALGORITHM_ROUND_ROBIN,
515 const.LB_ALGORITHM_LEAST_CONNECTIONS,
516 const.LB_ALGORITHM_SOURCE_IP]
517
518 if algorithm and algorithm not in tf_algorithms:
519 raise cls.skipException(
520 'TungstenFabric does not support {} algorithm.'
521 ''.format(algorithm))
522 if protocol and protocol not in tf_protocols:
523 raise cls.skipException(
524 'TungstenFabric does not support {} protocol.'
525 ''.format(protocol))
526
527 @classmethod
528 def _tf_create_listener(cls, name, proto, port, lb_id):
529 listener_kwargs = {
530 const.NAME: name,
531 const.PROTOCOL: proto,
532 const.PROTOCOL_PORT: port,
533 const.LOADBALANCER_ID: lb_id,
534 }
535 listener = cls.mem_listener_client.create_listener(**listener_kwargs)
536 return listener
537
538 @classmethod
539 def _tf_get_free_port(cls, lb_id):
540 port = 8081
541 lb = cls.mem_lb_client.show_loadbalancer(lb_id)
542 listeners = lb[const.LISTENERS]
543 if not listeners:
544 return port
545 ports = [cls.mem_listener_client.show_listener(x[const.ID])[
546 const.PROTOCOL_PORT] for x in listeners]
547 while port in ports:
548 port = port + 1
549 return port
550
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]551
552class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
553 @classmethod
554 def resource_setup(cls):
555 super(LoadBalancerBaseTestWithCompute, cls).resource_setup()
556 # If validation is disabled in this cloud, we won't be able to
557 # start the webservers, so don't even boot them.
558 if not CONF.validation.run_validation:
559 return
560
561 # Create a keypair for the webservers
562 keypair_name = data_utils.rand_name('lb_member_keypair')
563 result = cls.lb_mem_keypairs_client.create_keypair(
564 name=keypair_name)
565 cls.lb_member_keypair = result['keypair']
566 LOG.info('lb_member_keypair: {}'.format(cls.lb_member_keypair))
567 cls.addClassResourceCleanup(
568 waiters.wait_for_not_found,
569 cls.lb_mem_keypairs_client.delete_keypair,
570 cls.lb_mem_keypairs_client.show_keypair,
571 keypair_name)
572
573 if (CONF.load_balancer.enable_security_groups and
574 CONF.network_feature_enabled.port_security):
575 # Set up the security group for the webservers
576 SG_name = data_utils.rand_name('lb_member_SG')
577 cls.lb_member_sec_group = (
578 cls.lb_mem_SG_client.create_security_group(
579 name=SG_name)['security_group'])
580 cls.addClassResourceCleanup(
581 waiters.wait_for_not_found,
582 cls.lb_mem_SG_client.delete_security_group,
583 cls.lb_mem_SG_client.show_security_group,
584 cls.lb_member_sec_group['id'])
585
586 # Create a security group rule to allow 80-81 (test webservers)
587 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
588 direction='ingress',
589 security_group_id=cls.lb_member_sec_group['id'],
590 protocol='tcp',
591 ethertype='IPv4',
592 port_range_min=80,
593 port_range_max=81)['security_group_rule']
594 cls.addClassResourceCleanup(
595 waiters.wait_for_not_found,
596 cls.lb_mem_SGr_client.delete_security_group_rule,
597 cls.lb_mem_SGr_client.show_security_group_rule,
598 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]599 # Create a security group rule to allow UDP 80-81 (test webservers)
600 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
601 direction='ingress',
602 security_group_id=cls.lb_member_sec_group['id'],
603 protocol='udp',
604 ethertype='IPv4',
605 port_range_min=80,
606 port_range_max=81)['security_group_rule']
607 cls.addClassResourceCleanup(
608 waiters.wait_for_not_found,
609 cls.lb_mem_SGr_client.delete_security_group_rule,
610 cls.lb_mem_SGr_client.show_security_group_rule,
611 SGr['id'])
612 # Create a security group rule to allow UDP 9999 (test webservers)
613 # Port 9999 is used to illustrate health monitor ERRORs on closed
614 # ports.
615 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
616 direction='ingress',
617 security_group_id=cls.lb_member_sec_group['id'],
618 protocol='udp',
619 ethertype='IPv4',
620 port_range_min=9999,
621 port_range_max=9999)['security_group_rule']
622 cls.addClassResourceCleanup(
623 waiters.wait_for_not_found,
624 cls.lb_mem_SGr_client.delete_security_group_rule,
625 cls.lb_mem_SGr_client.show_security_group_rule,
626 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]627 # Create a security group rule to allow 22 (ssh)
628 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
629 direction='ingress',
630 security_group_id=cls.lb_member_sec_group['id'],
631 protocol='tcp',
632 ethertype='IPv4',
633 port_range_min=22,
634 port_range_max=22)['security_group_rule']
635 cls.addClassResourceCleanup(
636 waiters.wait_for_not_found,
637 cls.lb_mem_SGr_client.delete_security_group_rule,
638 cls.lb_mem_SGr_client.show_security_group_rule,
639 SGr['id'])
640 if CONF.load_balancer.test_with_ipv6:
641 # Create a security group rule to allow 80-81 (test webservers)
642 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
643 direction='ingress',
644 security_group_id=cls.lb_member_sec_group['id'],
645 protocol='tcp',
646 ethertype='IPv6',
647 port_range_min=80,
648 port_range_max=81)['security_group_rule']
649 cls.addClassResourceCleanup(
650 waiters.wait_for_not_found,
651 cls.lb_mem_SGr_client.delete_security_group_rule,
652 cls.lb_mem_SGr_client.show_security_group_rule,
653 SGr['id'])
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]654 # Create a security group rule to allow UDP 80-81 (test
655 # webservers)
656 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
657 direction='ingress',
658 security_group_id=cls.lb_member_sec_group['id'],
659 protocol='udp',
660 ethertype='IPv6',
661 port_range_min=80,
662 port_range_max=81)['security_group_rule']
663 cls.addClassResourceCleanup(
664 waiters.wait_for_not_found,
665 cls.lb_mem_SGr_client.delete_security_group_rule,
666 cls.lb_mem_SGr_client.show_security_group_rule,
667 SGr['id'])
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]668 # Create a security group rule to allow 22 (ssh)
669 SGr = cls.lb_mem_SGr_client.create_security_group_rule(
670 direction='ingress',
671 security_group_id=cls.lb_member_sec_group['id'],
672 protocol='tcp',
673 ethertype='IPv6',
674 port_range_min=22,
675 port_range_max=22)['security_group_rule']
676 cls.addClassResourceCleanup(
677 waiters.wait_for_not_found,
678 cls.lb_mem_SGr_client.delete_security_group_rule,
679 cls.lb_mem_SGr_client.show_security_group_rule,
680 SGr['id'])
681
682 LOG.info('lb_member_sec_group: {}'.format(cls.lb_member_sec_group))
683
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]684 # Setup backend member reencryption PKI
685 cls._create_backend_reencryption_pki()
686
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]687 # Create webserver 1 instance
688 server_details = cls._create_webserver('lb_member_webserver1',
689 cls.lb_member_1_net)
690
691 cls.lb_member_webserver1 = server_details['server']
692 cls.webserver1_ip = server_details.get('ipv4_address')
693 cls.webserver1_ipv6 = server_details.get('ipv6_address')
694 cls.webserver1_public_ip = server_details['public_ipv4_address']
695
696 LOG.debug('Octavia Setup: lb_member_webserver1 = {}'.format(
697 cls.lb_member_webserver1[const.ID]))
698 LOG.debug('Octavia Setup: webserver1_ip = {}'.format(
699 cls.webserver1_ip))
700 LOG.debug('Octavia Setup: webserver1_ipv6 = {}'.format(
701 cls.webserver1_ipv6))
702 LOG.debug('Octavia Setup: webserver1_public_ip = {}'.format(
703 cls.webserver1_public_ip))
704
705 # Create webserver 2 instance
706 server_details = cls._create_webserver('lb_member_webserver2',
707 cls.lb_member_2_net)
708
709 cls.lb_member_webserver2 = server_details['server']
710 cls.webserver2_ip = server_details.get('ipv4_address')
711 cls.webserver2_ipv6 = server_details.get('ipv6_address')
712 cls.webserver2_public_ip = server_details['public_ipv4_address']
713
714 LOG.debug('Octavia Setup: lb_member_webserver2 = {}'.format(
715 cls.lb_member_webserver2[const.ID]))
716 LOG.debug('Octavia Setup: webserver2_ip = {}'.format(
717 cls.webserver2_ip))
718 LOG.debug('Octavia Setup: webserver2_ipv6 = {}'.format(
719 cls.webserver2_ipv6))
720 LOG.debug('Octavia Setup: webserver2_public_ip = {}'.format(
721 cls.webserver2_public_ip))
722
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]723 if CONF.load_balancer.test_with_ipv6:
724 # Enable the IPv6 nic in webserver 1
725 cls._enable_ipv6_nic_webserver(
726 cls.webserver1_public_ip, cls.lb_member_keypair['private_key'],
727 cls.webserver1_ipv6, cls.lb_member_1_subnet_prefix)
728
729 # Enable the IPv6 nic in webserver 2
730 cls._enable_ipv6_nic_webserver(
731 cls.webserver2_public_ip, cls.lb_member_keypair['private_key'],
732 cls.webserver2_ipv6, cls.lb_member_2_subnet_prefix)
733
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]734 # Set up serving on webserver 1
735 cls._install_start_webserver(cls.webserver1_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]736 cls.lb_member_keypair['private_key'],
737 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]738
739 # Validate webserver 1
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]740 cls._validate_webserver(cls.webserver1_public_ip,
741 cls.webserver1_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]742
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]743 # Validate udp server 1
744 cls._validate_udp_server(cls.webserver1_public_ip,
745 cls.webserver1_response)
746
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]747 # Set up serving on webserver 2
748 cls._install_start_webserver(cls.webserver2_public_ip,
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]749 cls.lb_member_keypair['private_key'],
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]750 cls.webserver2_response, revoke_cert=True)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]751
752 # Validate webserver 2
Adam Harwelle029af22018-05-24 17:13:28 -0700[diff] [blame]753 cls._validate_webserver(cls.webserver2_public_ip,
754 cls.webserver2_response)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]755
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]756 # Validate udp server 2
757 cls._validate_udp_server(cls.webserver2_public_ip,
758 cls.webserver2_response)
759
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]760 @classmethod
761 def _create_networks(cls):
762 super(LoadBalancerBaseTestWithCompute, cls)._create_networks()
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]763 # Create a router for the subnets (required for the floating IP)
764 router_name = data_utils.rand_name("lb_member_router")
765 result = cls.lb_mem_routers_client.create_router(
766 name=router_name, admin_state_up=True,
767 external_gateway_info=dict(
768 network_id=CONF.network.public_network_id))
769 cls.lb_member_router = result['router']
770 LOG.info('lb_member_router: {}'.format(cls.lb_member_router))
771 cls.addClassResourceCleanup(
772 waiters.wait_for_not_found,
773 cls.lb_mem_routers_client.delete_router,
774 cls.lb_mem_routers_client.show_router,
775 cls.lb_member_router['id'])
776
777 # Add VIP subnet to router
778 cls.lb_mem_routers_client.add_router_interface(
779 cls.lb_member_router['id'],
780 subnet_id=cls.lb_member_vip_subnet['id'])
781 cls.addClassResourceCleanup(
782 waiters.wait_for_not_found,
783 cls.lb_mem_routers_client.remove_router_interface,
784 cls.lb_mem_routers_client.remove_router_interface,
785 cls.lb_member_router['id'],
786 subnet_id=cls.lb_member_vip_subnet['id'])
787
788 # Add member subnet 1 to router
789 cls.lb_mem_routers_client.add_router_interface(
790 cls.lb_member_router['id'],
791 subnet_id=cls.lb_member_1_subnet['id'])
792 cls.addClassResourceCleanup(
793 waiters.wait_for_not_found,
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]794 cls.lb_mem_routers_client.remove_router_interface,
795 cls.lb_mem_routers_client.remove_router_interface,
796 cls.lb_member_router['id'], subnet_id=cls.lb_member_1_subnet['id'])
797
798 # Add member subnet 2 to router
799 cls.lb_mem_routers_client.add_router_interface(
800 cls.lb_member_router['id'],
801 subnet_id=cls.lb_member_2_subnet['id'])
802 cls.addClassResourceCleanup(
803 waiters.wait_for_not_found,
804 cls.lb_mem_routers_client.remove_router_interface,
805 cls.lb_mem_routers_client.remove_router_interface,
806 cls.lb_member_router['id'], subnet_id=cls.lb_member_2_subnet['id'])
807
808 @classmethod
809 def _create_webserver(cls, name, network):
810 """Creates a webserver with two ports.
811
812 webserver_details dictionary contains:
813 server - The compute server object
814 ipv4_address - The IPv4 address for the server (optional)
815 ipv6_address - The IPv6 address for the server (optional)
816 public_ipv4_address - The publicly accessible IPv4 address for the
817 server, this may be a floating IP (optional)
818
819 :param name: The name of the server to create.
820 :param network: The network to boot the server on.
821 :returns: webserver_details dictionary.
822 """
823 server_kwargs = {
824 'name': data_utils.rand_name(name),
825 'flavorRef': CONF.compute.flavor_ref,
826 'imageRef': CONF.compute.image_ref,
827 'key_name': cls.lb_member_keypair['name']}
828 if (CONF.load_balancer.enable_security_groups and
829 CONF.network_feature_enabled.port_security):
830 server_kwargs['security_groups'] = [
831 {'name': cls.lb_member_sec_group['name']}]
832 if not CONF.load_balancer.disable_boot_network:
833 server_kwargs['networks'] = [{'uuid': network['id']}]
834
835 # Replace the name for clouds that have limitations
836 if CONF.load_balancer.random_server_name_length:
837 r = random.SystemRandom()
838 server_kwargs['name'] = "m{}".format("".join(
839 [r.choice(string.ascii_uppercase + string.digits)
840 for _ in range(
841 CONF.load_balancer.random_server_name_length - 1)]
842 ))
843 if CONF.load_balancer.availability_zone:
844 server_kwargs['availability_zone'] = (
845 CONF.load_balancer.availability_zone)
846
847 server = cls.lb_mem_servers_client.create_server(
848 **server_kwargs)['server']
849 cls.addClassResourceCleanup(
850 waiters.wait_for_not_found,
851 cls.lb_mem_servers_client.delete_server,
852 cls.lb_mem_servers_client.show_server,
853 server['id'])
854 server = waiters.wait_for_status(
855 cls.lb_mem_servers_client.show_server,
856 server['id'], 'status', 'ACTIVE',
857 CONF.load_balancer.build_interval,
858 CONF.load_balancer.build_timeout,
859 root_tag='server')
860 webserver_details = {'server': server}
861 LOG.info('Created server: {}'.format(server))
862
863 addresses = server['addresses']
864 if CONF.load_balancer.disable_boot_network:
865 instance_network = addresses.values()[0]
866 else:
867 instance_network = addresses[network['name']]
868 for addr in instance_network:
869 if addr['version'] == 4:
870 webserver_details['ipv4_address'] = addr['addr']
871 if addr['version'] == 6:
872 webserver_details['ipv6_address'] = addr['addr']
873
874 if CONF.validation.connect_method == 'floating':
875 result = cls.lb_mem_ports_client.list_ports(
876 network_id=network['id'],
877 mac_address=instance_network[0]['OS-EXT-IPS-MAC:mac_addr'])
878 port_id = result['ports'][0]['id']
879 result = cls.lb_mem_float_ip_client.create_floatingip(
880 floating_network_id=CONF.network.public_network_id,
881 port_id=port_id)
882 floating_ip = result['floatingip']
883 LOG.info('webserver1_floating_ip: {}'.format(floating_ip))
884 cls.addClassResourceCleanup(
885 waiters.wait_for_not_found,
886 cls.lb_mem_float_ip_client.delete_floatingip,
887 cls.lb_mem_float_ip_client.show_floatingip,
888 floatingip_id=floating_ip['id'])
889 webserver_details['public_ipv4_address'] = (
890 floating_ip['floating_ip_address'])
891 else:
892 webserver_details['public_ipv4_address'] = (
893 instance_network[0]['addr'])
894
895 return webserver_details
896
897 @classmethod
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]898 def _install_start_webserver(cls, ip_address, ssh_key, start_id,
899 revoke_cert=False):
Michael Johnson27357352020-11-13 13:55:09 -0800[diff] [blame]900 local_file = CONF.load_balancer.test_server_path
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]901
902 linux_client = remote_client.RemoteClient(
903 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
904 linux_client.validate_authentication()
905
906 with tempfile.NamedTemporaryFile() as key:
907 key.write(ssh_key.encode('utf-8'))
908 key.flush()
909 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
910 "-o StrictHostKeyChecking=no "
911 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
912 "-i {2} {3} {4}@{5}:{6}").format(
913 CONF.load_balancer.scp_connection_timeout,
914 CONF.load_balancer.scp_connection_attempts,
915 key.name, local_file, CONF.validation.image_ssh_user,
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]916 ip_address, const.TEST_SERVER_BINARY)
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]917 args = shlex.split(cmd)
918 subprocess_args = {'stdout': subprocess.PIPE,
919 'stderr': subprocess.STDOUT,
920 'cwd': None}
921 proc = subprocess.Popen(args, **subprocess_args)
922 stdout, stderr = proc.communicate()
923 if proc.returncode != 0:
924 raise exceptions.CommandFailed(proc.returncode, cmd,
925 stdout, stderr)
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]926
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]927 cls._load_member_pki_content(ip_address, key,
928 revoke_cert=revoke_cert)
929
Gregory Thiemongef72a8862019-08-06 17:25:42 +0200[diff] [blame]930 # Enabling memory overcommit allows to run golang static binaries
931 # compiled with a recent golang toolchain (>=1.11). Those binaries
932 # allocate a large amount of virtual memory at init time, and this
933 # allocation fails in tempest's nano flavor (64MB of RAM)
934 # (golang issue reported in https://github.com/golang/go/issues/28114,
935 # follow-up: https://github.com/golang/go/issues/28081)
936 # TODO(gthiemonge): Remove this call when golang issue is resolved.
937 linux_client.exec_command('sudo sh -c "echo 1 > '
938 '/proc/sys/vm/overcommit_memory"')
939
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]940 # The initial process also supports HTTPS and HTTPS with client auth
941 linux_client.exec_command(
942 'sudo screen -d -m {0} -port 80 -id {1} -https_port 443 -cert {2} '
943 '-key {3} -https_client_auth_port 9443 -client_ca {4}'.format(
944 const.TEST_SERVER_BINARY, start_id, const.TEST_SERVER_CERT,
945 const.TEST_SERVER_KEY, const.TEST_SERVER_CLIENT_CA))
946
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]947 linux_client.exec_command('sudo screen -d -m {0} -port 81 '
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]948 '-id {1}'.format(const.TEST_SERVER_BINARY,
949 start_id + 1))
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]950
Michael Johnsonbf916df2018-10-17 10:59:28 -0700[diff] [blame]951 # Cirros does not configure the assigned IPv6 address by default
952 # so enable it manually like tempest does here:
953 # tempest/scenario/test_netowrk_v6.py turn_nic6_on()
954 @classmethod
955 def _enable_ipv6_nic_webserver(cls, ip_address, ssh_key,
956 ipv6_address, ipv6_prefix):
957 linux_client = remote_client.RemoteClient(
958 ip_address, CONF.validation.image_ssh_user, pkey=ssh_key)
959 linux_client.validate_authentication()
960
961 linux_client.exec_command('sudo ip address add {0}/{1} dev '
962 'eth0'.format(ipv6_address, ipv6_prefix))
963
Adam Harwellcd72b562018-05-07 11:37:22 -0700[diff] [blame]964 @classmethod
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]965 def _validate_webserver(cls, ip_address, start_id):
966 URL = 'http://{0}'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]967 cls.validate_URL_response(URL, expected_body=str(start_id))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]968 URL = 'http://{0}:81'.format(ip_address)
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]969 cls.validate_URL_response(URL, expected_body=str(start_id + 1))
Jude Cross986e3f52017-07-24 14:57:20 -0700[diff] [blame]970
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]971 @classmethod
972 def _validate_udp_server(cls, ip_address, start_id):
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]973 res = cls.make_udp_request(ip_address, 80)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]974 if res != str(start_id):
975 raise Exception("Response from test server doesn't match the "
976 "expected value ({0} != {1}).".format(
977 res, str(start_id)))
978
Michael Johnson89bdbcd2020-03-19 15:59:19 -0700[diff] [blame]979 res = cls.make_udp_request(ip_address, 81)
Gregory Thiemonge29d17902019-04-30 15:06:17 +0200[diff] [blame]980 if res != str(start_id + 1):
981 raise Exception("Response from test server doesn't match the "
982 "expected value ({0} != {1}).".format(
983 res, str(start_id + 1)))
Michael Johnsonbaf12e02020-10-27 16:10:28 -0700[diff] [blame]984
985 @classmethod
986 def _create_backend_reencryption_pki(cls):
987 # Create a CA self-signed cert and key for the member test servers
988 cls.member_ca_cert, cls.member_ca_key = (
989 cert_utils.generate_ca_cert_and_key())
990
991 LOG.debug('Member CA Cert: %s', cls.member_ca_cert.public_bytes(
992 serialization.Encoding.PEM))
993 LOG.debug('Member CA private Key: %s', cls.member_ca_key.private_bytes(
994 encoding=serialization.Encoding.PEM,
995 format=serialization.PrivateFormat.TraditionalOpenSSL,
996 encryption_algorithm=serialization.NoEncryption()))
997 LOG.debug('Member CA public Key: %s',
998 cls.member_ca_key.public_key().public_bytes(
999 encoding=serialization.Encoding.PEM,
1000 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1001
1002 # Create the member client authentication CA
1003 cls.member_client_ca_cert, member_client_ca_key = (
1004 cert_utils.generate_ca_cert_and_key())
1005
1006 # Create client cert and key
1007 cls.member_client_cn = uuidutils.generate_uuid()
1008 cls.member_client_cert, cls.member_client_key = (
1009 cert_utils.generate_client_cert_and_key(
1010 cls.member_client_ca_cert, member_client_ca_key,
1011 cls.member_client_cn))
1012 # Note: We are not revoking a client cert here as we don't need to
1013 # test the backend web server CRL checking.
1014
1015 @classmethod
1016 def _load_member_pki_content(cls, ip_address, ssh_key, revoke_cert=False):
1017 # Create webserver certificate and key
1018 cert, key = cert_utils.generate_server_cert_and_key(
1019 cls.member_ca_cert, cls.member_ca_key, ip_address)
1020
1021 LOG.debug('%s Cert: %s', ip_address, cert.public_bytes(
1022 serialization.Encoding.PEM))
1023 LOG.debug('%s private Key: %s', ip_address, key.private_bytes(
1024 encoding=serialization.Encoding.PEM,
1025 format=serialization.PrivateFormat.TraditionalOpenSSL,
1026 encryption_algorithm=serialization.NoEncryption()))
1027 public_key = key.public_key()
1028 LOG.debug('%s public Key: %s', ip_address, public_key.public_bytes(
1029 encoding=serialization.Encoding.PEM,
1030 format=serialization.PublicFormat.SubjectPublicKeyInfo))
1031
1032 # Create a CRL with a revoked certificate
1033 if revoke_cert:
1034 # Create a CRL with webserver 2 revoked
1035 cls.member_crl = cert_utils.generate_certificate_revocation_list(
1036 cls.member_ca_cert, cls.member_ca_key, cert)
1037
1038 # Load the certificate, key, and client CA certificate into the
1039 # test server.
1040 with tempfile.TemporaryDirectory() as tmpdir:
1041 os.umask(0)
1042 files_to_send = []
1043 cert_filename = os.path.join(tmpdir, const.CERT_PEM)
1044 files_to_send.append(cert_filename)
1045 with open(os.open(cert_filename, os.O_CREAT | os.O_WRONLY,
1046 0o700), 'w') as fh:
1047 fh.write(cert.public_bytes(
1048 serialization.Encoding.PEM).decode('utf-8'))
1049 fh.flush()
1050 key_filename = os.path.join(tmpdir, const.KEY_PEM)
1051 files_to_send.append(key_filename)
1052 with open(os.open(key_filename, os.O_CREAT | os.O_WRONLY,
1053 0o700), 'w') as fh:
1054 fh.write(key.private_bytes(
1055 encoding=serialization.Encoding.PEM,
1056 format=serialization.PrivateFormat.TraditionalOpenSSL,
1057 encryption_algorithm=serialization.NoEncryption()).decode(
1058 'utf-8'))
1059 fh.flush()
1060 client_ca_filename = os.path.join(tmpdir, const.CLIENT_CA_PEM)
1061 files_to_send.append(client_ca_filename)
1062 with open(os.open(client_ca_filename, os.O_CREAT | os.O_WRONLY,
1063 0o700), 'w') as fh:
1064 fh.write(cls.member_client_ca_cert.public_bytes(
1065 serialization.Encoding.PEM).decode('utf-8'))
1066 fh.flush()
1067
1068 # For security, we don't want to use a shell that can glob
1069 # the file names, so iterate over them.
1070 subprocess_args = {'stdout': subprocess.PIPE,
1071 'stderr': subprocess.STDOUT,
1072 'cwd': None}
1073 cmd = ("scp -v -o UserKnownHostsFile=/dev/null "
1074 "-o StrictHostKeyChecking=no "
1075 "-o ConnectTimeout={0} -o ConnectionAttempts={1} "
1076 "-i {2} {3} {4} {5} {6}@{7}:{8}").format(
1077 CONF.load_balancer.scp_connection_timeout,
1078 CONF.load_balancer.scp_connection_attempts,
1079 ssh_key.name, cert_filename, key_filename, client_ca_filename,
1080 CONF.validation.image_ssh_user, ip_address, const.DEV_SHM_PATH)
1081 args = shlex.split(cmd)
1082 proc = subprocess.Popen(args, **subprocess_args)
1083 stdout, stderr = proc.communicate()
1084 if proc.returncode != 0:
1085 raise exceptions.CommandFailed(proc.returncode, cmd,
1086 stdout, stderr)