Include scenario test for checking VPN status

1. Validate the VPN-service and ipsec-site connection status when updating the router status to DOWN and back to ACTIVE state 2. Added methods in vpn_base to support this scenario test 3. Modified test_vpn_connectivity test because of [2] 4. Updated rally_config file to include this scenario test Change-Id: I72b53b2e01779d57e9ccac0e9c7155d9a8e4e877
2015-10-05 16:19:35 -07:00 · 2015-10-05 16:19:35 -07:00 · 06570b8421
parent fe8130136a
commit 06570b8421
4 changed files with 130 additions and 14 deletions
--- a/rally-jobs/plugins/test_vpn_connectivity.py
+++ b/rally-jobs/plugins/test_vpn_connectivity.py
@ -62,7 +62,7 @@ class VpnBasicScenario(vpn_base.VpnBase):
            self.ipsec_policy = self._create_ipsec_policy(**kwargs)
            self.create_vpn_services()
            self.create_ipsec_site_connections(**kwargs)
-            self.assert_statuses(**kwargs)
+            self.assert_statuses(final_status='ACTIVE', **kwargs)
            self.assert_vpn_connectivity()
            LOG.info(_LI("VPN CONNECTIVITY TEST PASSED!!"))

--- a/rally-jobs/plugins/test_vpn_status.py
+++ b/rally-jobs/plugins/test_vpn_status.py
@ -0,0 +1,64 @@
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from rally.task import scenario
+from rally.task import types as types
+import vpn_base
+
+
+class TestVPNStatusScenario(vpn_base.VpnBase):
+    @types.set(image=types.ImageResourceType,
+               flavor=types.FlavorResourceType)
+    @scenario.configure()
+    def check_vpn_status(
+            self, **kwargs):
+        """Test VPN's status correctly after bringing router's status to
+         DOWN and back to ACTIVE state
+
+        1. Create 2 private networks, subnets and routers
+        2. Create public network, subnets and GW IPs on routers, if not present
+        3. Execute ip netns command and get the snat and qrouter namespaces
+           (assuming we use DVR)
+        4. Verify that there is a route between the router gateways by pinging
+           each other from their snat namespaces
+        5. Add security group rules for SSH and ICMP
+        6. Start a nova instance in each of the private networks
+        7. Create IKE and IPSEC policies
+        8. Create VPN service at each of the routers
+        9. Create IPSEC site connections at both endpoints
+        10. Bring both the private router's status to DOWN state
+        11. Verify that vpn-service and ipsec-site-connection is DOWN
+        12. Bring back the router's status to ACTIVE state
+        13. Verify the vpn-service and ipsec-site-connection is back to ACTIVE
+        14. Perform resource cleanup
+        """
+
+        try:
+            self.setup()
+            self.create_networks_and_servers(**kwargs)
+            self.check_route()
+            self.ike_policy = self._create_ike_policy(**kwargs)
+            self.ipsec_policy = self._create_ipsec_policy(**kwargs)
+            self.create_vpn_services()
+            self.create_ipsec_site_connections(**kwargs)
+            self.assert_statuses(final_status='ACTIVE', **kwargs)
+            self.update_router(self.router_ids[0], admin_state_up=False)
+            self.update_router(self.router_ids[1], admin_state_up=False)
+            self.assert_statuses(final_status='DOWN', **kwargs)
+            self.update_router(self.router_ids[0], admin_state_up=True)
+            self.update_router(self.router_ids[1], admin_state_up=True)
+            self.assert_statuses(final_status='ACTIVE', **kwargs)
+
+        finally:
+            self.cleanup()
--- a/rally-jobs/plugins/vpn_base.py
+++ b/rally-jobs/plugins/vpn_base.py
@ -37,6 +37,7 @@ class VpnBase(rally_base.OpenStackScenario):

        self.snat_namespaces = []
        self.qrouter_namespaces = []
+        self.router_ids = []
        self.rally_router_gw_ips = []
        self.rally_routers = []
        self.rally_networks = []
@ -219,34 +220,49 @@ class VpnBase(rally_base.OpenStackScenario):
                    format(resource[resource_tag]['name'], final_status)
                )

-    def _assert_statuses(self, ipsec_site_conn, vpn_service, **kwargs):
+    def _assert_statuses(self, ipsec_site_conn, vpn_service,
+                         final_status, **kwargs):
        """Assert statuses of vpn_service and ipsec_site_connection

        :param ipsec_site_conn: ipsec_site_connection object
        :param vpn_service: vpn_service object
+        :param final_status: status of vpn and ipsec_site_connection object
        """

        vpn_service = self._wait_for_status_change(
            vpn_service,
            resource_tag="vpnservice",
-            final_status="ACTIVE",
+            final_status=final_status,
            wait_timeout=kwargs.get("vpn_service_creation_timeout"),
            check_interval=5)
-        LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
-        assert('ACTIVE' == vpn_service['vpnservice']['status']), (
-                     "VPN_SERVICE IS NOT IN ACTIVE STATE")

        ipsec_site_conn = self._wait_for_status_change(
            ipsec_site_conn,
            resource_tag="ipsec_site_connection",
-            final_status="ACTIVE",
+            final_status=final_status,
            wait_timeout=kwargs.get("ipsec_site_connection_creation_timeout"),
            check_interval=5)
+
+        LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
        LOG.debug("IPSEC_SITE_CONNECTION STATUS: %s",
                  ipsec_site_conn['ipsec_site_connection']['status'])
-        assert('ACTIVE' ==
-            ipsec_site_conn['ipsec_site_connection']['status']), (
-            "THE INSTANCE IS NOT IN ACTIVE STATE")
+
+        self._validate_status(vpn_service, ipsec_site_conn, final_status)
+
+    def _validate_status(self, vpn_service, ipsec_site_conn, final_status):
+        """Validate the statuses of vpn_service, ipsec_site_connection and
+        evaluate the final_status
+
+        :param ipsec_site_conn: ipsec_site_connection of an instance
+        :param vpn_service: vpn_service of an instance
+        :param final_status: status of vpn and ipsec_site_connection instance
+        """
+
+        assert(final_status == vpn_service['vpnservice']['status']), (
+                "VPN SERVICE IS NOT IN %s STATE" % final_status)
+        assert(final_status == ipsec_site_conn['ipsec_site_connection']
+        ['status']), ("THE IPSEC SITE CONNECTION IS NOT IN %s STATE"
+                      % final_status)

    @atomic.action_timer("_verify_vpn_connection")
    def _verify_vpn_connection(self, local_index, peer_index):
@ -337,12 +353,13 @@ class VpnBase(rally_base.OpenStackScenario):
            keypairs = []
            for x in range(MAX_RESOURCES):
                router, network, subnet, cidr = vpn_utils.create_network(
-                    self.neutron_client, self. neutron_admin_client,
+                    self.neutron_client, self.neutron_admin_client,
                    self.suffixes[x])
                self.rally_cidrs.append(cidr)
                self.rally_subnets.append(subnet)
                self.rally_networks.append(network)
                self.rally_routers.append(router)
+                self.router_ids.append(router["router"]['id'])
                self.rally_router_gw_ips.append(
                    router["router"]["external_gateway_info"]
                    ["external_fixed_ips"][0]["ip_address"])
@ -377,6 +394,16 @@ class VpnBase(rally_base.OpenStackScenario):
                        "PING FAILED FROM NAMESPACE " + ns + " TO IP "
                        + ip)

+    def update_router(self, router_id, admin_state_up=False):
+        """Updates router
+
+        :param router_id: router id
+        :param admin_state_up: update 'admin_state_up' of the router
+        :return:
+        """
+        req_body = {'router': {'admin_state_up': admin_state_up}}
+        self.neutron_client.update_router(router_id, req_body)
+
    def create_vpn_services(self):
        with LOCK:
            for x in range(MAX_RESOURCES):
@ -391,12 +418,12 @@ class VpnBase(rally_base.OpenStackScenario):
                self._create_ipsec_site_connection(1, 0, **kwargs)
            ]

-    def assert_statuses(self, **kwargs):
+    def assert_statuses(self, final_status, **kwargs):
        LOG.debug("ASSERTING ACTIVE STATUSES FOR VPN-SERVICES AND "
                  "VPN-CONNECTIONS")
        for x in range(MAX_RESOURCES):
            self._assert_statuses(self.ipsec_site_connections[x],
-                                  self.vpn_services[x], **kwargs)
+                                  self.vpn_services[x], final_status, **kwargs)

    def assert_vpn_connectivity(self):
        LOG.debug("VERIFY THE VPN CONNECTIVITY")
--- a/rally-jobs/rally-configs/rally_config.yaml
+++ b/rally-jobs/rally-configs/rally_config.yaml
@ -33,4 +33,29 @@
          users_per_tenant: 1
      sla:
        failure_rate:
-          max: 0
+          max: 0
+
+  TestVPNStatusScenario.check_vpn_status:
+    -
+      args:
+        flavor:
+            name: "m1.tiny"
+        image:
+            name: {{image_name}}
+        nova_server_boot_timeout: 60 * 6
+        vpn_service_creation_timeout: 100
+        ipsec_site_connection_creation_timeout: 400
+        namespace_creation_timeout: 60
+
+      runner:
+        type: "constant"
+        times: 1
+        concurrency: 1
+
+      context:
+        users:
+          tenants: 1
+          users_per_tenant: 1
+      sla:
+        failure_rate:
+          max: 0