Fix for dvs_attached_ports test

Closes-Bug: #1594343
Change-Id: I960da1bc9c46629e6529d37436183b2aa6ab7a55
This commit is contained in:
ekhomyakova 2016-08-25 17:59:12 +03:00 committed by Ekaterina Khomyakova
parent 5b7daa02e7
commit 2eb83d06bd
2 changed files with 126 additions and 115 deletions

View File

@ -986,22 +986,22 @@ Steps
1. Set up for system tests.
2. Create net_1: net01__subnet, 192.168.1.0/24, and attach it to the default router.
3. Create security SG1 group with rules:
3. Create security group SG1 with rules:
Ingress rule with ip protocol 'icmp', port range any, SG group 'SG1'
Egress rule with ip protocol 'icmp', port range any, SG group 'SG1'
Ingress rule with ssh protocol 'tcp', port range 22, SG group 'SG1'
Egress rule with ssh protocol 'tcp', port range 22, SG group 'SG1'
4. Launch few instances with SG1 in net1.
5. Launch few instances with Default SG in net1.
4. Launch 2 instances with SG1 in net_1.
5. Launch 2 instances with Default SG in net_1.
6. Verify that icmp/ssh is enabled between instances from SG1.
7. Verify that that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG.
8. Detached ports of all instances from net_1.
9. Attached ports of all instances to default internal net. For instances of Vcenter to activate new interface on cirros edit the restart network: "sudo /etc/init.d/S40network restart"
7. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG.
8. Detach ports of all instances from net_1.
9. Attach ports of all instances to default internal net. To activate new interface on cirros restart network: "sudo /etc/init.d/S40network restart"
10. Check that all instances are in Default SG.
11. Verify that icmp/ssh is enabled between instances.
12. Change of some instances Default SG to SG1.
12. Change for some instances Default SG to SG1.
13. Verify that icmp/ssh is enabled between instances from SG1.
14. Verify that that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG.
14. Verify that icmp/ssh isn't allowed to instances of SG1 from instances of Default SG.
Expected result

View File

@ -1992,8 +1992,8 @@ class TestDVSSystem(TestBasic):
Scenario:
1. Revert snapshot to dvs_vcenter_systest_setup.
2. Create net_1: net01__subnet, 192.168.1.0/24, and attach
it to the router01.
3. Create security SG1 group with rules:
it to the default router.
3. Create security group SG1 with rules:
Ingress rule with ip protocol 'icmp ', port range any,
SG group 'SG1'
Egress rule with ip protocol 'icmp ', port range any,
@ -2002,27 +2002,29 @@ class TestDVSSystem(TestBasic):
SG group 'SG1'
Egress rule with ssh protocol 'tcp ', port range 22,
SG group 'SG1'
4. Launch few instances with SG1 in net1.
5. Launch few instances with Default SG in net1.
4. Launch 2 instances with SG1 in net_1.
5. Launch 2 instances with Default SG in net_1.
6. Verify that icmp/ssh is enabled between instances from SG1.
7. Verify that that icmp/ssh isn't allowed to instances of SG1
7. Verify that icmp/ssh isn't allowed to instances of SG1
from instances of Default SG.
8. Detached ports of all instances from net_1.
9. Attached ports of all instances to default internal net.
8. Detach ports of all instances from net_1.
9. Attach ports of all instances to default internal net.
To activate new interface on cirros
restart network: "sudo /etc/init.d/S40network restart"
10. Check that all instances are in Default SG.
11. Verify that icmp/ssh is enabled between instances.
12. Change of some instances Default SG to SG1.
12. Change for some instances Default SG to SG1.
13. Verify that icmp/ssh is enabled between instances from SG1.
14. Verify that that icmp/ssh isn't allowed to instances of SG1
14. Verify that icmp/ssh isn't allowed to instances of SG1
from instances of Default SG.
Duration 15 min
"""
# Set up environment for the test
self.show_step(1)
self.env.revert_snapshot("dvs_vcenter_systest_setup")
self.env.revert_snapshot('dvs_vcenter_systest_setup')
cluster_id = self.fuel_web.get_last_created_cluster()
os_ip = self.fuel_web.get_public_vip(cluster_id)
@ -2033,147 +2035,156 @@ class TestDVSSystem(TestBasic):
tenant = os_conn.get_tenant(SERVTEST_TENANT)
network = os_conn.create_network(
network_name=self.net_data[0].keys()[0],
tenant_id=tenant.id)['network']
# Create net_1 and attach it to the default router
self.show_step(2)
subnet = os_conn.create_subnet(
subnet_name=network['name'],
network_id=network['id'],
net1 = os_conn.create_network(network_name=self.net_data[0].keys()[0],
tenant_id=tenant.id)['network']
subnet1 = os_conn.create_subnet(
subnet_name=net1['name'],
network_id=net1['id'],
cidr=self.net_data[0][self.net_data[0].keys()[0]],
ip_version=4)
# Check that network is created.
assert_true(
os_conn.get_network(network['name'])['id'] == network['id']
)
# Create Router_01, set gateway and add interface
# to external network.
router_1 = os_conn.create_router(
'router_1',
tenant=tenant)
# Check that network is created
assert_true(os_conn.get_network(net1['name'])['id'] == net1['id'])
# Add net_1 to router_1
os_conn.add_router_interface(
router_id=router_1["id"],
subnet_id=subnet["id"])
# Add net_1 to default router
default_router = os_conn.neutron.list_routers()['routers'][0]
os_conn.add_router_interface(router_id=default_router['id'],
subnet_id=subnet1['id'])
self.show_step(4)
sg1 = os_conn.nova.security_groups.create(
'SG1', "descr")
sg_rules = [
sg_rule for sg_rule
in os_conn.neutron.list_security_group_rules()[
'security_group_rules']
if sg_rule['security_group_id'] == sg1.id]
for rule in sg_rules:
# Create security group SG1
self.show_step(3)
sg1 = os_conn.nova.security_groups.create('SG1', 'descr')
_sg_rules = os_conn.neutron.list_security_group_rules()
sg1_rules = [sg_rule for sg_rule in _sg_rules['security_group_rules']
if sg_rule['security_group_id'] == sg1.id]
for rule in sg1_rules:
os_conn.neutron.delete_security_group_rule(rule['id'])
for rule in [self.icmp, self.tcp]:
rule["security_group_rule"]["security_group_id"] = sg1.id
rule["security_group_rule"]["remote_group_id"] = sg1.id
rule["security_group_rule"]["direction"] = "ingress"
os_conn.neutron.create_security_group_rule(rule)
rule["security_group_rule"]["direction"] = "egress"
os_conn.neutron.create_security_group_rule(rule)
default_net = os_conn.nova.networks.find(label=self.inter_net_name)
# add rules for ssh and ping
# Permit all TCP and ICMP in security group default
os_conn.goodbye_security()
default_sg = [
sg
for sg in os_conn.neutron.list_security_groups()['security_groups']
if sg['tenant_id'] == os_conn.get_tenant(SERVTEST_TENANT).id
if sg['name'] == 'default'][0]
self.show_step(5)
_groups = os_conn.neutron.list_security_groups()['security_groups']
default_sg = [sg for sg in _groups
if sg['tenant_id'] == tenant.id and
sg['name'] == 'default'][0]
# Launch instances with SG1 in net_1
self.show_step(4)
instances_1 = openstack.create_instances(
os_conn=os_conn, nics=[{'net-id': network['id']}],
os_conn=os_conn,
nics=[{'net-id': net1['id']}],
security_groups=[sg1.name])
access_point_1, access_point_ip_1 = openstack.create_access_point(
os_conn=os_conn, nics=[{'net-id': network['id']}],
security_groups=[sg1.name, default_sg['name']])
_, access_point_ip_1 = openstack.create_access_point(
os_conn=os_conn,
nics=[{'net-id': net1['id']}],
security_groups=[default_sg['name'], sg1.name])
# Launch instances with Default SG in net_1
self.show_step(5)
self.show_step(6)
instances_2 = openstack.create_instances(
os_conn=os_conn, nics=[{'net-id': default_net.id}],
os_conn=os_conn,
nics=[{'net-id': net1['id']}],
security_groups=[default_sg['name']])
access_point_2, access_point_ip_2 = openstack.create_access_point(
os_conn=os_conn, nics=[{'net-id': default_net.id}],
security_groups=[default_sg['name'], sg1.name])
openstack.verify_instance_state(os_conn)
ips_1 = []
for instance in instances_1:
ips_1.append(os_conn.get_nova_instance_ip(
instance, net_name=network['name']))
ips_2 = []
for instance in instances_2:
ips_2.append(os_conn.get_nova_instance_ip(
instance, net_name=self.inter_net_name))
# Verify that icmp/ssh is enabled in SG1
self.show_step(6)
ip_pair = dict.fromkeys(ips_1)
for key in ip_pair:
ip_pair[key] = [value for value in ips_1 if key != value]
openstack.check_connection_through_host(
access_point_ip_1, ip_pair,
timeout=60)
ips_1 = [os_conn.get_nova_instance_ip(i, net_name=net1['name'])
for i in instances_1]
openstack.ping_each_other(ips=ips_1,
timeout=60 * 5,
access_point_ip=access_point_ip_1)
# Verify that icmp/ssh isn't allowed between SG1 and Default SG
self.show_step(7)
for key in ip_pair:
ip_pair[key] = ips_2
openstack.check_connection_through_host(
access_point_ip_1, ip_pair,
result_of_command=1)
ips_2 = [os_conn.get_nova_instance_ip(i, net_name=net1['name'])
for i in instances_2]
ip_pairs = {ip: ips_2 for ip in ips_1}
openstack.check_connection_through_host(remote=access_point_ip_1,
timeout=60,
ip_pair=ip_pairs,
result_of_command=1)
# Detach ports of all instances from net_1
self.show_step(8)
# Attach ports of all instances to default internal net
self.show_step(9)
for instance in instances_1:
ip = os_conn.get_nova_instance_ip(
instance, net_name=network['name'])
port = [
p
for p in os_conn.neutron.list_ports()['ports']
if p['fixed_ips'][0]['ip_address'] == ip].pop()
instance.interface_detach(
port["id"])
instance.interface_attach(
None, default_net.id, None)
instance.reboot() # instead of restart network
ip = os_conn.get_nova_instance_ip(instance, net_name=net1['name'])
port = [p for p in os_conn.neutron.list_ports()['ports']
if p['fixed_ips'][0]['ip_address'] == ip].pop()
instance.interface_detach(port['id'])
instance.interface_attach(None, default_net.id, None)
instance.reboot() # instead of network restart
# Check that all instances are in Default SG
self.show_step(10)
ips = []
instances = [instance for instance in os_conn.nova.servers.list()
if instance.id in [inst.id for inst in instances_1]]
for instance in instances:
assert_true(instance.security_groups.pop()['name'] == 'default')
ips.append(os_conn.get_nova_instance_ip(
instance, net_name=self.inter_net_name))
ips_1 = []
instances_1 = [instance for instance in os_conn.nova.servers.list()
if instance.id in [inst.id for inst in instances_1]]
for instance in instances_1:
assert_true(instance.security_groups.pop()['name'] == 'default')
ips_1.append(os_conn.get_nova_instance_ip(
srv=instance, net_name=self.inter_net_name))
# Verify that icmp/ssh is enabled between instances (in Default SG)
self.show_step(11)
ip_pair = dict.fromkeys(ips_2)
for key in ip_pair:
ip_pair[key] = ips
openstack.check_connection_through_host(
access_point_ip_2, ip_pair,
timeout=60 * 5)
_, access_point_ip_2 = openstack.create_access_point(
os_conn=os_conn,
nics=[{'net-id': default_net.id}],
security_groups=[default_sg['name']])
openstack.ping_each_other(ips=ips_1 + ips_2,
timeout=60,
access_point_ip=access_point_ip_2)
# Change for some instances Default SG to SG1
self.show_step(12)
self.show_step(13)
for instance in instances:
for instance in instances_1:
instance.remove_security_group('default')
instance.add_security_group(sg1.name)
for key in ip_pair:
ip_pair[key] = [value for value in ips if key != value]
openstack.check_connection_through_host(
access_point_ip_2, ip_pair,
timeout=60 * 2)
# Verify that icmp/ssh is enabled in SG1
self.show_step(13)
openstack.ping_each_other(ips=ips_1,
timeout=60,
access_point_ip=access_point_ip_1)
# Verify that icmp/ssh isn't allowed between SG1 and Default SG
self.show_step(14)
openstack.check_connection_through_host(
access_point_ip_2, ip_pair,
result_of_command=1)
ip_pairs = {ip: ips_2 for ip in ips_1}
openstack.check_connection_through_host(remote=access_point_ip_1,
timeout=60,
ip_pair=ip_pairs,
result_of_command=1)
@test(depends_on=[dvs_vcenter_systest_setup],
groups=["dvs_port_security_group"])