From 46010bd0feb002510f9579de01e9559cf770e914 Mon Sep 17 00:00:00 2001 From: Andrey Setyaev Date: Wed, 8 Jun 2016 07:00:43 +0000 Subject: [PATCH] Add test and fixes in test plan * add nsxv_config_ok_metadata_custom_certificate * add nsxv_config_ok_metadata_self_signed_certificate * update test plan with new test nsxv_config_ok_metadata_self_signed_certificate * update test plan: rename nsxv_config_ok to nsxv_config_ok_metadata_custom_certificate * fix step numeration Change-Id: Id448e9cf9142e0693a2c03dbb246a653c23c649d --- doc/test/source/test_suite_system.rst | 76 +++++++- plugin_test/certificates/certificate.pem | 32 ++++ plugin_test/certificates/key.pem | 54 ++++++ plugin_test/certificates/passphrase | 1 + plugin_test/helpers/settings.py | 3 + plugin_test/tests/test_plugin_nsxv.py | 223 ++++++++++++++++++++++- 6 files changed, 369 insertions(+), 20 deletions(-) create mode 100644 plugin_test/certificates/certificate.pem create mode 100644 plugin_test/certificates/key.pem create mode 100644 plugin_test/certificates/passphrase diff --git a/doc/test/source/test_suite_system.rst b/doc/test/source/test_suite_system.rst index b2883b3..7b25c68 100644 --- a/doc/test/source/test_suite_system.rst +++ b/doc/test/source/test_suite_system.rst @@ -1061,14 +1061,14 @@ Request should return:: 2009-04-04 -Verify that nsxv driver configured properly if use certificates for access nova-metadata ----------------------------------------------------------------------------------------- +Verify that nsxv driver configured properly with enabled SSL and custom certificates for access nova-metadata +------------------------------------------------------------------------------------------------------------- ID ## -nsxv_config_ok_metadata +nsxv_config_ok_metadata_custom_certificate Description @@ -1089,14 +1089,70 @@ Steps 1. Install NSXv plugin. 2. Enable plugin on tab Settings -> NSXv plugin. 3. Fill the form with corresponding values. - 4. Generate certificate and upload it into field 'Certificate for metadata proxy'. - 5. Upload key into field 'Private key'('Private key for metadata certificate'). - 6. Add to field 'Metadata allowed ports' value '443,8775'. - 7. Deploy cluster. - 8. Run OSTF. - 4. Launch instance and run command from it:: + 4. Unset checkbox "Metadata insecure". + 5. Generate certificate and upload it into field 'Certificate for metadata proxy'. + 6. Upload key into field 'Private key'('Private key for metadata certificate'). Set passphrase. + 7. Add to field 'Metadata allowed ports' value '443,8775'. + 8. Deploy cluster. + 9. Run OSTF. + 10. Launch instance and run command from it:: - wget -O - 169.254.169.254 + wget --no-check-certificate -O - https://169.254.169.254 + + +Expected result +############### + +Check that nsx.ini on controller nodes is properly configured. +Connection to nova-metadata is established. +Request should return:: + + Connecting to 169.254.169.254 (169.254.169.254:80) + 1.0 + 2007-01-19 + 2007-03-01 + 2007-08-29 + 2007-10-10 + 2007-12-15 + 2008-02-01 + 2008-09-01 + 2009-04-04 + + +Verify that nsxv driver configured properly with enabled SSL and self-signed certificates for access nova-metadata +------------------------------------------------------------------------------------------------------------------ + + +ID +## + +nsxv_config_ok_metadata_self_signed_certificate + + +Description +########### + +Need to check that nsxv plugin can access nova-metadata with certificate. + + +Complexity +########## + +advanced + + +Steps +##### + + 1. Install NSXv plugin. + 2. Enable plugin on tab Settings -> NSXv plugin. + 3. Fill the form with corresponding values. + 4. Unset checkbox "Metadata insecure". + 5. Deploy cluster. + 6. Run OSTF. + 7. Launch instance and run command from it:: + + wget --no-check-certificate -O - https://169.254.169.254 Expected result diff --git a/plugin_test/certificates/certificate.pem b/plugin_test/certificates/certificate.pem new file mode 100644 index 0000000..3535daf --- /dev/null +++ b/plugin_test/certificates/certificate.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFfTCCA2UCCQDSIpiIREaNnzANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJS +VTEPMA0GA1UECAwGUnVzc2lhMQ8wDQYDVQQHDAZNb3Njb3cxETAPBgNVBAoMCE1p +cmFudGlzMQswCQYDVQQLDAJRQTEkMCIGCSqGSIb3DQEJARYVYXNldHlhZXZAbWly +YW50aXMuY29tMB4XDTE2MDYwOTEzMzc1NFoXDTI2MDYwNzEzMzc1NFowgYsxCzAJ +BgNVBAYTAlVTMQswCQYDVQQIDAJVUzELMAkGA1UEBwwCTEExDDAKBgNVBAoMA01p +cjERMA8GA1UECwwITWlyYW50aXMxGzAZBgNVBAMMEm1ldGFkYXRhLm5zeC5sb2Nh +bDEkMCIGCSqGSIb3DQEJARYVYXNldHlhZXZAbWlyYW50aXMuY29tMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1m/Nsi0w4MO3D/nuvSQvh90QDi263292 +uJkQihBezn0Y1g9syz0B0ULFCJ96DRIQcyyTT7OPIguaN1mHJGHBxmgl4YtIMC9L +AEC0rUT83G5/vKna/9YiALA/6MG94o2Pr/Iea6+k63s7Mb9aUIdGEZBCyzDRnUKx +6C351gCRirZrqHvITqrYLQHkj5hkkxG97nGDC+x2BK+BxpKhlng2UUFi3gizoJJ3 +dyE6bYUHpwO5ulL2CObbScFKnWlwQXO8rVL6YK65WuqNNkBv6ZIPyZobdBcDIXqB +NCBJri8h1c9cHL0U9/TIBfou6WXz8sHQDSgY50qoGVUv1XgWcyxGYL61Z6yquvvT +q5jzNkjoyNCEhIyp0nTqqY1ZL1SzBe/lQ2jls77wAjHE0fa5dfDlx7MvAbLUHjBz +wIHzy1y/6fhqRNO6UAv1KLlFF/JF8XIsP5NmmYEHhyhxu19KFW8NuOyFmks2cyHt +lA4acDrTY2vHi+cfhZVBcwCZ7rzALmWisJOsTrfEcKP2c53S5H0dieN8b6EjRpXA +Gh3H1IxDqY9lV9OdYf1gvdw8CrPfSMfxXnRphpT2ILzXm6jQ9CoF8YeOqLNy/OdZ +QHeNP2vUO4Ek7ACWd2JoNuABSsFYXEdnxsiEtHyo9GZX+krl6mQc2pM7r9kTxDkK +M8y+ThUHZlcCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAh3VTTyoO8CJwbqYdZhQX +QIMDxMwaY9+p+J4xZao9tyaPnaNyU/S49TcGnm5Ig/s5n++H3rTUKxCKGpYPpP8X +GqmWseqwOPzwdaxmrRKtJqynDgXANscT4+/+JKpu1DdkcIVpcUPpnmfjEuof+cC2 +CPWWdKnPYnzu+smqaKATsgKuXlS35k03FZQA6c4bxAP7FUsArrPn/dgH6BsG9ksG +WTz984IzZiEGpiYINKEF8qL6yFZ9K8LeM5etVIkm68jnF1J6dk/NsGvuI3Zkh0LY +Ly+TgSzat9YOFAQFyIu1B8s0S05/554240917kXTegQ1BSgGUbae52FdXsoYTim2 +gawDTcPXh62kpym/J3m5Zzn67tfvbcLIJrxydN7/UlyXLpASUbw7zhen1dfMxs4o +pf0KfHxLUKdCu/IKbmvVbB8k4UJvB8QPwjIP3v67fr3YnV77RyxKxUu1OZ6OsgPH +AHbW2xYqd13IiyOfUS7dxs9vxAkUAnyjY9uGFX7D7YtjoaxEZXM9Y220C30M7Mdx +XNryU+lF2eKP4ObzFhnPfD2ViFEC3nxQmKqLu0WIRaeC4AeguSLzHfPteO2QKlti +ATAqkhk75Kp4UBUJrERYGV40ZY2bgUU6TkcSGt+pnjc/lSjhUriCguZQ5dRYJhUb +jrceRbsIyd+PVwBmdKUt+Cs= +-----END CERTIFICATE----- diff --git a/plugin_test/certificates/key.pem b/plugin_test/certificates/key.pem new file mode 100644 index 0000000..b4b3e6d --- /dev/null +++ b/plugin_test/certificates/key.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,25B199C3C66D87D75CBDBB3FF9EE554B + +9lR/MlRyg/Vhu36QaShl5XpUSWwDQf/0b7E6prwk3CLvfOI8cpJwbYBO3rHbzWr5 +B08YJGUGJLGv19yFzyPkxwiNyf33vEYsuQ5Yq3h2ritLf2VtsHLlhMbHaa+9NRzo +sbTt3C4bl4+fn1mH6fLoaJNsvKRlNTfkeQdDUxlh1BmOdYP4PZjABuYYQ7HdMWKj +DFEDmXAE5rX7pEJ8970ojTd0l3uMWwxrLCqdtujdi4qGDQN/2spc0IWesPudyax7 +lt66XkKkuWUQQ2NQI4FiWy794/soKBa9d61IzL+iftqqWTpJXVatvMbhiCW5aJM8 +5dG//La0q1AX7DewxzTSYyiRvDrBrscb6fIkr4yWQXH7n/bLnYKZmLHC04nd4glu +ZRoMfc1/URLZ0gr7fw/orAIpn/Lp8XNESFdY7pasKbHm4ysMyp5WE48qS0KoMliX +KOpJHWExrbIvYMKq5K37Gce8Q+0S6w5EZ09TElzZ+6DiFExQ61nrqJ5npUA3XhBz +77E/OVmF+ojDERJm5sCjSqRy7D+CZ4gr7zEjvoXhGbIzLiCuNxZmDFVjVstkVaW/ +zcU470hpTSIbQpD8lUfx/BqxNwwK5rLC4bxXR+MKKTcI4Z4X4ik/E136kDjzj/ho +h2o/KdVJOqz99/T2IDML40unjo3liPgagGlVpVeYiaBKk149mYaKrWgpcFlwOeX2 +ChWGNw9uZIu2kBBmorNYAS3kE26byusvh1fc8Dt+1rTp1XcYNR0Sb1Gwsh6lEn0J +jpEmD51LkWVAP1qiptVsODSt2SDyaC84eUckAfvOUtw8U0jkQIiIdI36WrIKvmJj +JTn25xrTS8qpIk05bHwA1YEAV/8vJQP/lP/+cXWfJSr7RNd4xAgM/mnouhLHLqp5 +5U6gkWX2KOKLT+2m2KSN790KfS3T/zz3D99tt3oUGdbOAq+xTRKo9ERR9kX5MFdj +NG0RghQciHn4Frj1fVoNJffIIXnFf6Z3GWvBJHvFILiDhwR93n14Yis/kUxN3vlQ +3jpS+nSELcDnKU7YTXFveWGajXH0HZPSi53LpwrNLRRH2AUbXkvZ2Yg3fSOySmms +Y7VgKMyhiBQOuHvX1Hs7BJbhTevdHB3ZRc5ouVmFZv/xB6ossnadtUoMx9cttTWg +RcwScY7S1FUYv/zo0b+e5Fwj0E/pNo8bWtZq/lpqEF5fKjR8Ale4A1xeIJ1mTjey +AQd0ch0c6lek9Jv2NiEtuNNL7U/ciDLR4HPg3Gy5IFfe5V7C/E3JOSERuLwwfBBe +R9uLF8d3dWrk0nTo+HxiYGiVKExsv58zZCfwhte1NpUolw585tXnfcg6ixNEWtDM +jYeGP89GIgtfJKzcPF4WbJmp6imgilv9X0QRJ0AnMKe05tR9NDPBoaq9ZwzvSG7n +onnJjGegyCKOFCi7UTU0KqyPDMLwGys8VjOzGROLH5HN4no8u8FbNQ1PQRYR32kN +2XWLkI5ObGUiIc2wfPAxYz4pe0MzN3I+QOLkVOJtnawjz4q4euMPCUfdZFMFyMmj +kYtN1d48+NRTzeUnGxxX3VhlLaZ1/cX5s5cadhkwkBV/UjauALt3u3O85Fp21N4N +G4/1xySKr3Opf9N64/k7en1o1xqdjE3Vevi41cQ5skURwvAgQ6xIgCUjIQjLUc4X ++XPkM/Z9ajjPP6QJveEnXNut0JTQ41j3lRpBU2H/d04ON3oFIwT3vTBqhxsUDsGo +vOYpBEuf2XoGA/3LcFE4f2qIUMgbxpPM4sJnLJTUBD7O51mEt2ljojGmBRH4vkJh +W9uVg6v0wFknCBdZP2nuAsIX2ovzcxtryX/C4ajjmT5cLAAjltONKIahXUBtLJ1V +8qxPfeVPusn72dBIbIw2DppcoRAlFis2CvK8ujfADR5OTSQ5DtdmUOUWOKw+afNT +DQx1ffqoYeM6O7PhhaxK8GI2j/3nR23EKOh/IXt4KHnVx9YhabCj/3jRqRQ9+bFr +TaSCsW3BHqoT+7g15HEjz+5borcFbRjocvNDQXznzPN/Zr2nCQElyLcBK0gaWIPc +KCauGfLS9B90OGzYkS9MGiYfpRXNSpbpRy1vx8369uBIX5pYBzw+s9dy9A5/gZTY +qboWJfY2Ha8bJtZa/0Thn8n9SqLI0Yq00RzMZBNYbpkoD90s2oUciMyDolP/hQtm +YZDCgolkRTwbAysFZS3j/gXIlKs8o25Aeg/FadPfiEnME8x/geJQtI9REp8GAk0Y +1RAV0nShHM+ddj0m2EX7P45/DnDTEC29fFKnfoUicDJ1aVJzG805weXyl+DIUxMl +vC7vGKDfOSytfTXmgg0jmzCY0x2T1LpXpUoYJ0kHn4YT02OmpC7OQrjJyKqReLNc +anxyW22I9LnomdMAOtlae2jPvzRAVQIRGS/UMvJ9TDG4bs19ACp0li3LnlgfQzSC +RZDC45c/8csAux9JFVj2zoIqLZVTmQCkGcRSCePYVIpzwMG1+vsxYI7oLVfjtAUc +MWgoQOXauneaGRheWzCNeKMGTV5/EJv7AKCu8RDtD/ttsdSExy9FdkUfNQJmnsmp +hrMXKg1e4eSVvvfwHKaYXCeePa/lW2NEhFQsa0Q3roDbQ0lf/1xcwatEsHtXVFwn +h+pdE+1Y4jgLCuWykXYTLO5ubDiscOn/gxIrkljQ3xY8A6t3RFFWsKByKwVtP7HK +7edrjlQWmbZS3IUkaCOK5RiJUUa9VTAg9UfzBzH5EF59XIakvU3pquwiJpt5eB7r +xkDi8xJc2v7krgTtOuP/QXGRdcJ3yaTX6lL76We5+HfNH+QCqxf2RPEjyHW/f0dZ +qUVuF4OhYPIEgH/eOArnFptA9A87KM9YvWzq/o/CINum4AVnm+35E4Pk5kY0LSSA +lLU1OhHxKTom9zqsy43NLHvSU6rXzUMDodCg9gtkcrty8buFOYo37UVyL+9G0DQv +hzmXixgxUVzT64zGBc0ZXZVXfrEop4gw1uTdppsA1sJIRUE7TLUSNv61weRQBc2v +kqUZ2iL91q1ARu2JZ4RlVd1hqyYjNI+sy4NXaExAVYEEtqYN9zUY3EiQvLIRslBn +yzO4d0loJ6BO9wCFaDzMaG11j4RXKvWPVIUUS9G4V5++AqXINz0SKMcJq/FQFjPM +-----END RSA PRIVATE KEY----- diff --git a/plugin_test/certificates/passphrase b/plugin_test/certificates/passphrase new file mode 100644 index 0000000..81c545e --- /dev/null +++ b/plugin_test/certificates/passphrase @@ -0,0 +1 @@ +1234 diff --git a/plugin_test/helpers/settings.py b/plugin_test/helpers/settings.py index 56f6700..8b16630 100644 --- a/plugin_test/helpers/settings.py +++ b/plugin_test/helpers/settings.py @@ -32,6 +32,9 @@ VM_PASS = 'cubswin:)' AZ_VCENTER1 = 'vcenter' AZ_VCENTER2 = 'vcenter2' FLAVOR_NAME = 'm1.micro128' +CERT_FILE = "plugin_test/certificates/certificate.pem" +KEY_FILE = "plugin_test/certificates/key.pem" +CN = "metadata.nsx.local" NSXV_PLUGIN_PATH = os.environ.get('NSXV_PLUGIN_PATH') diff --git a/plugin_test/tests/test_plugin_nsxv.py b/plugin_test/tests/test_plugin_nsxv.py index 5e03780..451d528 100644 --- a/plugin_test/tests/test_plugin_nsxv.py +++ b/plugin_test/tests/test_plugin_nsxv.py @@ -1723,7 +1723,8 @@ class TestNSXvPlugin(TestBasic): command_result = os_conn.execute_through_host( remote, fip[0], cmd) assert_true( - command_result['exit_code'] == 0, "Wget exits with error!") + command_result['exit_code'] == 0, + "Wget exits with error: {}".format(command_result['stderr'])) assert_true( command_result['stdout'].split('\n')[-1] == 'latest', "Wget does not return 'latest' item in stdout") @@ -1811,7 +1812,8 @@ class TestNSXvPlugin(TestBasic): command_result = os_conn.execute_through_host( remote, fip[0], cmd) assert_true( - command_result['exit_code'] == 0, "Wget exits with error!") + command_result['exit_code'] == 0, + "Wget exits with error: {}".format(command_result['stderr'])) assert_true( command_result['stdout'].split('\n')[-1] == 'latest', "Wget does not return 'latest' item in stdout") @@ -2372,13 +2374,13 @@ class TestNSXvPlugin(TestBasic): 3. Add admin with 'admin' and 'member' roles. 4. In tenant 'test' create net1 with subnet1 and subnet2. 5. Attach both subnets to router. - 7. In tenant 'test' create security group 'SG_1' and + 6. In tenant 'test' create security group 'SG_1' and add rule that allows ingress icmp and tcp traffic. - 8. Launch instance in tenant 'test'. - 9. In default tenant create security group 'SG_1' and + 7. Launch instance in tenant 'test'. + 8. In default tenant create security group 'SG_1' and add rule that allows ingress icmp and tcp traffic. - 10. Launch instance in default tenant on default net. - 11. Verify that VMs on different tenants should not communicate + 9. Launch instance in default tenant on default net. + 10. Verify that VMs on different tenants should not communicate between each other. Send icmp ping from VM_1 of admin tenant to VM_2 of test_tenant and vice versa. @@ -2478,10 +2480,10 @@ class TestNSXvPlugin(TestBasic): 4. Create several instances in vcenter az. 5. Check that instances were created on enabled compute host (vcenter cluster). - 7. Disable second compute host with vCenter cluster and enable + 6. Disable second compute host with vCenter cluster and enable first one. - 9. Create several instances in vcenter az. - 10. Check that instances were created on enabled compute host + 7. Create several instances in vcenter az. + 8. Check that instances were created on enabled compute host (vcenter cluster). Duration 1.5 hours @@ -2545,3 +2547,204 @@ class TestNSXvPlugin(TestBasic): os_conn.delete_instance(vm) os_conn.verify_srv_deleted(vm) os_conn.disable_nova_service(service) + + @test(depends_on=[SetupEnvironment.prepare_slaves_1], + groups=["nsxv_config_ok_metadata_custom_certificate"]) + @log_snapshot_after_test + def nsxv_config_ok_metadata_custom_certificate(self): + """Need to check that plugin can access nova-metadata with certificate. + + Scenario: + 1. Install NSXv plugin. + 2. Enable plugin on tab Settings -> NSXv plugin. + 3. Fill the form with corresponding values. + 4. Unset checkbox "Metadata insecure". + 5. Generate certificate and upload it into field 'Certificate + for metadata proxy'. + 6. Upload key into field 'Private key'('Private key for metadata + certificate'). + 7. Add to field 'Metadata allowed ports' value '443,8775'. + 8. Deploy cluster. + 9. Run OSTF. + 10. Launch instance and run wget command from it. + + Duration 1.5 hours + + """ + self.env.revert_snapshot('ready_with_1_slaves') + + self.install_nsxv_plugin() + + # Configure cluster + settings = self.get_settings() + # Configure cluster + cluster_id = self.fuel_web.create_cluster( + name=self.__class__.__name__, + mode=DEPLOYMENT_MODE, + settings=settings, + configure_ssl=False) + + # Assign roles to nodes + self.fuel_web.update_nodes( + cluster_id, + {'slave-01': ['controller'], }) + + # Configure VMWare vCenter settings + self.fuel_web.vcenter_configure(cluster_id) + + cert_data = {} + with open(pt_settings.CERT_FILE, 'r') as f: + cert_data['content'] = f.read() + cert_data['name'] = os.path.basename(pt_settings.CERT_FILE) + key_data = {} + with open(pt_settings.KEY_FILE, 'r') as f: + key_data['content'] = f.read() + key_data['name'] = os.path.basename(pt_settings.KEY_FILE) + + self.enable_plugin(cluster_id, + {"nsxv_metadata_insecure/value": False, + "nsxv_metadata_service_allowed_ports/value": + "443,8775", + "nsxv_metadata_nova_client_cert/value": cert_data, + "nsxv_metadata_nova_client_priv_key/value": + key_data, + "nsxv_metadata_nova_client_priv_key_pass/value": + "1234"}) + self.fuel_web.deploy_cluster_wait(cluster_id) + + self.fuel_web.run_ostf( + cluster_id=cluster_id, + test_sets=['smoke']) + + key = 'mgmt_key' + common = self.get_common(cluster_id) + os_ip = self.fuel_web.get_public_vip(cluster_id) + os_conn = os_actions.OpenStackActions( + os_ip, SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + ext = os_conn.get_network(pt_settings.ADMIN_NET) + router = os_conn.get_router_by_name(pt_settings.DEFAULT_ROUTER_NAME) + + common.create_key(key) + + # Create non default network with subnet. + logger.info('Create network {}'.format(self.net1)) + private_net = self.create_network(self.net1['name']) + subnet_private = self.create_subnet(private_net, self.net1['cidr']) + self.add_subnet_to_router(router['id'], subnet_private['id']) + sec_grp = os_conn.create_sec_group_for_ssh() + self.create_instances(os_conn, + vm_count=1, + nics=[{'net-id': private_net['id']}], + security_group=sec_grp.name, + key_name=key) + + fip = self.create_and_assign_floating_ip(os_conn=os_conn, ext_net=ext) + + # SSH to instance and wget metadata ip + primary_controller = self.fuel_web.get_nailgun_primary_node( + self.env.d_env.nodes().slaves[0]) + remote = self.fuel_web.get_ssh_for_node( + primary_controller.name) + cmd = "wget --no-check-certificate -O - https://{}".format( + pt_settings.METADATA_IP) + command_result = os_conn.execute_through_host( + remote, fip[0], cmd) + assert_true( + command_result['exit_code'] == 0, + "Wget exits with error: {}".format(command_result['stderr'])) + assert_true( + command_result['stdout'].split('\n')[-1] == 'latest', + "Wget does not return 'latest' item in stdout") + + @test(depends_on=[SetupEnvironment.prepare_slaves_1], + groups=["nsxv_config_ok_metadata_self_signed_certificate"]) + @log_snapshot_after_test + def nsxv_config_ok_metadata_self_signed_certificate(self): + """Need to check that plugin can access nova-metadata with certificate. + + Scenario: + 1. Install NSXv plugin. + 2. Enable plugin on tab Settings -> NSXv plugin. + 3. Fill the form with corresponding values. + 4. Unset checkbox "Metadata insecure". + 7. Deploy cluster. + 8. Run OSTF. + 9. Launch instance and run wget command from it. + + Duration 1.5 hours + + """ + self.env.revert_snapshot('ready_with_1_slaves') + + self.install_nsxv_plugin() + + # Configure cluster + settings = self.get_settings() + # Configure cluster + cluster_id = self.fuel_web.create_cluster( + name=self.__class__.__name__, + mode=DEPLOYMENT_MODE, + settings=settings, + configure_ssl=False) + + # Assign roles to nodes + self.fuel_web.update_nodes( + cluster_id, + {'slave-01': ['controller'], }) + + # Configure VMWare vCenter settings + self.fuel_web.vcenter_configure(cluster_id) + + self.enable_plugin(cluster_id, + {"nsxv_metadata_insecure/value": False}) + self.fuel_web.deploy_cluster_wait(cluster_id) + + self.fuel_web.run_ostf( + cluster_id=cluster_id, + test_sets=['smoke']) + + key = 'mgmt_key' + common = self.get_common(cluster_id) + os_ip = self.fuel_web.get_public_vip(cluster_id) + os_conn = os_actions.OpenStackActions( + os_ip, SERVTEST_USERNAME, + SERVTEST_PASSWORD, + SERVTEST_TENANT) + + ext = os_conn.get_network(pt_settings.ADMIN_NET) + router = os_conn.get_router_by_name(pt_settings.DEFAULT_ROUTER_NAME) + + common.create_key(key) + + # Create non default network with subnet. + logger.info('Create network {}'.format(self.net1)) + private_net = self.create_network(self.net1['name']) + subnet_private = self.create_subnet(private_net, self.net1['cidr']) + self.add_subnet_to_router(router['id'], subnet_private['id']) + sec_grp = os_conn.create_sec_group_for_ssh() + self.create_instances(os_conn, + vm_count=1, + nics=[{'net-id': private_net['id']}], + security_group=sec_grp.name, + key_name=key) + + fip = self.create_and_assign_floating_ip(os_conn=os_conn, ext_net=ext) + + # SSH to instance and wget metadata ip + primary_controller = self.fuel_web.get_nailgun_primary_node( + self.env.d_env.nodes().slaves[0]) + remote = self.fuel_web.get_ssh_for_node( + primary_controller.name) + cmd = "wget --no-check-certificate -O - https://{}".format( + pt_settings.METADATA_IP) + command_result = os_conn.execute_through_host( + remote, fip[0], cmd) + assert_true( + command_result['exit_code'] == 0, + "Wget exits with error: {}".format(command_result['stderr'])) + assert_true( + command_result['stdout'].split('\n')[-1] == 'latest', + "Wget does not return 'latest' item in stdout")