Include scenario test for checking VPN status
1. Validate the VPN-service and ipsec-site connection status when updating the router status to DOWN and back to ACTIVE state 2. Added methods in vpn_base to support this scenario test 3. Modified test_vpn_connectivity test because of [2] 4. Updated rally_config file to include this scenario test Change-Id: I72b53b2e01779d57e9ccac0e9c7155d9a8e4e877
This commit is contained in:
parent
fe8130136a
commit
06570b8421
|
@ -62,7 +62,7 @@ class VpnBasicScenario(vpn_base.VpnBase):
|
|||
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
||||
self.create_vpn_services()
|
||||
self.create_ipsec_site_connections(**kwargs)
|
||||
self.assert_statuses(**kwargs)
|
||||
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||
self.assert_vpn_connectivity()
|
||||
LOG.info(_LI("VPN CONNECTIVITY TEST PASSED!!"))
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# Copyright 2015 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from rally.task import scenario
|
||||
from rally.task import types as types
|
||||
import vpn_base
|
||||
|
||||
|
||||
class TestVPNStatusScenario(vpn_base.VpnBase):
|
||||
@types.set(image=types.ImageResourceType,
|
||||
flavor=types.FlavorResourceType)
|
||||
@scenario.configure()
|
||||
def check_vpn_status(
|
||||
self, **kwargs):
|
||||
"""Test VPN's status correctly after bringing router's status to
|
||||
DOWN and back to ACTIVE state
|
||||
|
||||
1. Create 2 private networks, subnets and routers
|
||||
2. Create public network, subnets and GW IPs on routers, if not present
|
||||
3. Execute ip netns command and get the snat and qrouter namespaces
|
||||
(assuming we use DVR)
|
||||
4. Verify that there is a route between the router gateways by pinging
|
||||
each other from their snat namespaces
|
||||
5. Add security group rules for SSH and ICMP
|
||||
6. Start a nova instance in each of the private networks
|
||||
7. Create IKE and IPSEC policies
|
||||
8. Create VPN service at each of the routers
|
||||
9. Create IPSEC site connections at both endpoints
|
||||
10. Bring both the private router's status to DOWN state
|
||||
11. Verify that vpn-service and ipsec-site-connection is DOWN
|
||||
12. Bring back the router's status to ACTIVE state
|
||||
13. Verify the vpn-service and ipsec-site-connection is back to ACTIVE
|
||||
14. Perform resource cleanup
|
||||
"""
|
||||
|
||||
try:
|
||||
self.setup()
|
||||
self.create_networks_and_servers(**kwargs)
|
||||
self.check_route()
|
||||
self.ike_policy = self._create_ike_policy(**kwargs)
|
||||
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
||||
self.create_vpn_services()
|
||||
self.create_ipsec_site_connections(**kwargs)
|
||||
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||
self.update_router(self.router_ids[0], admin_state_up=False)
|
||||
self.update_router(self.router_ids[1], admin_state_up=False)
|
||||
self.assert_statuses(final_status='DOWN', **kwargs)
|
||||
self.update_router(self.router_ids[0], admin_state_up=True)
|
||||
self.update_router(self.router_ids[1], admin_state_up=True)
|
||||
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||
|
||||
finally:
|
||||
self.cleanup()
|
|
@ -37,6 +37,7 @@ class VpnBase(rally_base.OpenStackScenario):
|
|||
|
||||
self.snat_namespaces = []
|
||||
self.qrouter_namespaces = []
|
||||
self.router_ids = []
|
||||
self.rally_router_gw_ips = []
|
||||
self.rally_routers = []
|
||||
self.rally_networks = []
|
||||
|
@ -219,34 +220,49 @@ class VpnBase(rally_base.OpenStackScenario):
|
|||
format(resource[resource_tag]['name'], final_status)
|
||||
)
|
||||
|
||||
def _assert_statuses(self, ipsec_site_conn, vpn_service, **kwargs):
|
||||
def _assert_statuses(self, ipsec_site_conn, vpn_service,
|
||||
final_status, **kwargs):
|
||||
"""Assert statuses of vpn_service and ipsec_site_connection
|
||||
|
||||
:param ipsec_site_conn: ipsec_site_connection object
|
||||
:param vpn_service: vpn_service object
|
||||
:param final_status: status of vpn and ipsec_site_connection object
|
||||
"""
|
||||
|
||||
vpn_service = self._wait_for_status_change(
|
||||
vpn_service,
|
||||
resource_tag="vpnservice",
|
||||
final_status="ACTIVE",
|
||||
final_status=final_status,
|
||||
wait_timeout=kwargs.get("vpn_service_creation_timeout"),
|
||||
check_interval=5)
|
||||
LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
|
||||
assert('ACTIVE' == vpn_service['vpnservice']['status']), (
|
||||
"VPN_SERVICE IS NOT IN ACTIVE STATE")
|
||||
|
||||
ipsec_site_conn = self._wait_for_status_change(
|
||||
ipsec_site_conn,
|
||||
resource_tag="ipsec_site_connection",
|
||||
final_status="ACTIVE",
|
||||
final_status=final_status,
|
||||
wait_timeout=kwargs.get("ipsec_site_connection_creation_timeout"),
|
||||
check_interval=5)
|
||||
|
||||
LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
|
||||
LOG.debug("IPSEC_SITE_CONNECTION STATUS: %s",
|
||||
ipsec_site_conn['ipsec_site_connection']['status'])
|
||||
assert('ACTIVE' ==
|
||||
ipsec_site_conn['ipsec_site_connection']['status']), (
|
||||
"THE INSTANCE IS NOT IN ACTIVE STATE")
|
||||
|
||||
self._validate_status(vpn_service, ipsec_site_conn, final_status)
|
||||
|
||||
def _validate_status(self, vpn_service, ipsec_site_conn, final_status):
|
||||
"""Validate the statuses of vpn_service, ipsec_site_connection and
|
||||
evaluate the final_status
|
||||
|
||||
:param ipsec_site_conn: ipsec_site_connection of an instance
|
||||
:param vpn_service: vpn_service of an instance
|
||||
:param final_status: status of vpn and ipsec_site_connection instance
|
||||
"""
|
||||
|
||||
assert(final_status == vpn_service['vpnservice']['status']), (
|
||||
"VPN SERVICE IS NOT IN %s STATE" % final_status)
|
||||
assert(final_status == ipsec_site_conn['ipsec_site_connection']
|
||||
['status']), ("THE IPSEC SITE CONNECTION IS NOT IN %s STATE"
|
||||
% final_status)
|
||||
|
||||
@atomic.action_timer("_verify_vpn_connection")
|
||||
def _verify_vpn_connection(self, local_index, peer_index):
|
||||
|
@ -337,12 +353,13 @@ class VpnBase(rally_base.OpenStackScenario):
|
|||
keypairs = []
|
||||
for x in range(MAX_RESOURCES):
|
||||
router, network, subnet, cidr = vpn_utils.create_network(
|
||||
self.neutron_client, self. neutron_admin_client,
|
||||
self.neutron_client, self.neutron_admin_client,
|
||||
self.suffixes[x])
|
||||
self.rally_cidrs.append(cidr)
|
||||
self.rally_subnets.append(subnet)
|
||||
self.rally_networks.append(network)
|
||||
self.rally_routers.append(router)
|
||||
self.router_ids.append(router["router"]['id'])
|
||||
self.rally_router_gw_ips.append(
|
||||
router["router"]["external_gateway_info"]
|
||||
["external_fixed_ips"][0]["ip_address"])
|
||||
|
@ -377,6 +394,16 @@ class VpnBase(rally_base.OpenStackScenario):
|
|||
"PING FAILED FROM NAMESPACE " + ns + " TO IP "
|
||||
+ ip)
|
||||
|
||||
def update_router(self, router_id, admin_state_up=False):
|
||||
"""Updates router
|
||||
|
||||
:param router_id: router id
|
||||
:param admin_state_up: update 'admin_state_up' of the router
|
||||
:return:
|
||||
"""
|
||||
req_body = {'router': {'admin_state_up': admin_state_up}}
|
||||
self.neutron_client.update_router(router_id, req_body)
|
||||
|
||||
def create_vpn_services(self):
|
||||
with LOCK:
|
||||
for x in range(MAX_RESOURCES):
|
||||
|
@ -391,12 +418,12 @@ class VpnBase(rally_base.OpenStackScenario):
|
|||
self._create_ipsec_site_connection(1, 0, **kwargs)
|
||||
]
|
||||
|
||||
def assert_statuses(self, **kwargs):
|
||||
def assert_statuses(self, final_status, **kwargs):
|
||||
LOG.debug("ASSERTING ACTIVE STATUSES FOR VPN-SERVICES AND "
|
||||
"VPN-CONNECTIONS")
|
||||
for x in range(MAX_RESOURCES):
|
||||
self._assert_statuses(self.ipsec_site_connections[x],
|
||||
self.vpn_services[x], **kwargs)
|
||||
self.vpn_services[x], final_status, **kwargs)
|
||||
|
||||
def assert_vpn_connectivity(self):
|
||||
LOG.debug("VERIFY THE VPN CONNECTIVITY")
|
||||
|
|
|
@ -33,4 +33,29 @@
|
|||
users_per_tenant: 1
|
||||
sla:
|
||||
failure_rate:
|
||||
max: 0
|
||||
max: 0
|
||||
|
||||
TestVPNStatusScenario.check_vpn_status:
|
||||
-
|
||||
args:
|
||||
flavor:
|
||||
name: "m1.tiny"
|
||||
image:
|
||||
name: {{image_name}}
|
||||
nova_server_boot_timeout: 60 * 6
|
||||
vpn_service_creation_timeout: 100
|
||||
ipsec_site_connection_creation_timeout: 400
|
||||
namespace_creation_timeout: 60
|
||||
|
||||
runner:
|
||||
type: "constant"
|
||||
times: 1
|
||||
concurrency: 1
|
||||
|
||||
context:
|
||||
users:
|
||||
tenants: 1
|
||||
users_per_tenant: 1
|
||||
sla:
|
||||
failure_rate:
|
||||
max: 0
|
||||
|
|
Loading…
Reference in New Issue