Include scenario test for checking VPN status
1. Validate the VPN-service and ipsec-site connection status when updating the router status to DOWN and back to ACTIVE state 2. Added methods in vpn_base to support this scenario test 3. Modified test_vpn_connectivity test because of [2] 4. Updated rally_config file to include this scenario test Change-Id: I72b53b2e01779d57e9ccac0e9c7155d9a8e4e877
This commit is contained in:
parent
fe8130136a
commit
06570b8421
|
@ -62,7 +62,7 @@ class VpnBasicScenario(vpn_base.VpnBase):
|
||||||
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
||||||
self.create_vpn_services()
|
self.create_vpn_services()
|
||||||
self.create_ipsec_site_connections(**kwargs)
|
self.create_ipsec_site_connections(**kwargs)
|
||||||
self.assert_statuses(**kwargs)
|
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||||
self.assert_vpn_connectivity()
|
self.assert_vpn_connectivity()
|
||||||
LOG.info(_LI("VPN CONNECTIVITY TEST PASSED!!"))
|
LOG.info(_LI("VPN CONNECTIVITY TEST PASSED!!"))
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
# Copyright 2015 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from rally.task import scenario
|
||||||
|
from rally.task import types as types
|
||||||
|
import vpn_base
|
||||||
|
|
||||||
|
|
||||||
|
class TestVPNStatusScenario(vpn_base.VpnBase):
|
||||||
|
@types.set(image=types.ImageResourceType,
|
||||||
|
flavor=types.FlavorResourceType)
|
||||||
|
@scenario.configure()
|
||||||
|
def check_vpn_status(
|
||||||
|
self, **kwargs):
|
||||||
|
"""Test VPN's status correctly after bringing router's status to
|
||||||
|
DOWN and back to ACTIVE state
|
||||||
|
|
||||||
|
1. Create 2 private networks, subnets and routers
|
||||||
|
2. Create public network, subnets and GW IPs on routers, if not present
|
||||||
|
3. Execute ip netns command and get the snat and qrouter namespaces
|
||||||
|
(assuming we use DVR)
|
||||||
|
4. Verify that there is a route between the router gateways by pinging
|
||||||
|
each other from their snat namespaces
|
||||||
|
5. Add security group rules for SSH and ICMP
|
||||||
|
6. Start a nova instance in each of the private networks
|
||||||
|
7. Create IKE and IPSEC policies
|
||||||
|
8. Create VPN service at each of the routers
|
||||||
|
9. Create IPSEC site connections at both endpoints
|
||||||
|
10. Bring both the private router's status to DOWN state
|
||||||
|
11. Verify that vpn-service and ipsec-site-connection is DOWN
|
||||||
|
12. Bring back the router's status to ACTIVE state
|
||||||
|
13. Verify the vpn-service and ipsec-site-connection is back to ACTIVE
|
||||||
|
14. Perform resource cleanup
|
||||||
|
"""
|
||||||
|
|
||||||
|
try:
|
||||||
|
self.setup()
|
||||||
|
self.create_networks_and_servers(**kwargs)
|
||||||
|
self.check_route()
|
||||||
|
self.ike_policy = self._create_ike_policy(**kwargs)
|
||||||
|
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
||||||
|
self.create_vpn_services()
|
||||||
|
self.create_ipsec_site_connections(**kwargs)
|
||||||
|
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||||
|
self.update_router(self.router_ids[0], admin_state_up=False)
|
||||||
|
self.update_router(self.router_ids[1], admin_state_up=False)
|
||||||
|
self.assert_statuses(final_status='DOWN', **kwargs)
|
||||||
|
self.update_router(self.router_ids[0], admin_state_up=True)
|
||||||
|
self.update_router(self.router_ids[1], admin_state_up=True)
|
||||||
|
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
||||||
|
|
||||||
|
finally:
|
||||||
|
self.cleanup()
|
|
@ -37,6 +37,7 @@ class VpnBase(rally_base.OpenStackScenario):
|
||||||
|
|
||||||
self.snat_namespaces = []
|
self.snat_namespaces = []
|
||||||
self.qrouter_namespaces = []
|
self.qrouter_namespaces = []
|
||||||
|
self.router_ids = []
|
||||||
self.rally_router_gw_ips = []
|
self.rally_router_gw_ips = []
|
||||||
self.rally_routers = []
|
self.rally_routers = []
|
||||||
self.rally_networks = []
|
self.rally_networks = []
|
||||||
|
@ -219,34 +220,49 @@ class VpnBase(rally_base.OpenStackScenario):
|
||||||
format(resource[resource_tag]['name'], final_status)
|
format(resource[resource_tag]['name'], final_status)
|
||||||
)
|
)
|
||||||
|
|
||||||
def _assert_statuses(self, ipsec_site_conn, vpn_service, **kwargs):
|
def _assert_statuses(self, ipsec_site_conn, vpn_service,
|
||||||
|
final_status, **kwargs):
|
||||||
"""Assert statuses of vpn_service and ipsec_site_connection
|
"""Assert statuses of vpn_service and ipsec_site_connection
|
||||||
|
|
||||||
:param ipsec_site_conn: ipsec_site_connection object
|
:param ipsec_site_conn: ipsec_site_connection object
|
||||||
:param vpn_service: vpn_service object
|
:param vpn_service: vpn_service object
|
||||||
|
:param final_status: status of vpn and ipsec_site_connection object
|
||||||
"""
|
"""
|
||||||
|
|
||||||
vpn_service = self._wait_for_status_change(
|
vpn_service = self._wait_for_status_change(
|
||||||
vpn_service,
|
vpn_service,
|
||||||
resource_tag="vpnservice",
|
resource_tag="vpnservice",
|
||||||
final_status="ACTIVE",
|
final_status=final_status,
|
||||||
wait_timeout=kwargs.get("vpn_service_creation_timeout"),
|
wait_timeout=kwargs.get("vpn_service_creation_timeout"),
|
||||||
check_interval=5)
|
check_interval=5)
|
||||||
LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
|
|
||||||
assert('ACTIVE' == vpn_service['vpnservice']['status']), (
|
|
||||||
"VPN_SERVICE IS NOT IN ACTIVE STATE")
|
|
||||||
|
|
||||||
ipsec_site_conn = self._wait_for_status_change(
|
ipsec_site_conn = self._wait_for_status_change(
|
||||||
ipsec_site_conn,
|
ipsec_site_conn,
|
||||||
resource_tag="ipsec_site_connection",
|
resource_tag="ipsec_site_connection",
|
||||||
final_status="ACTIVE",
|
final_status=final_status,
|
||||||
wait_timeout=kwargs.get("ipsec_site_connection_creation_timeout"),
|
wait_timeout=kwargs.get("ipsec_site_connection_creation_timeout"),
|
||||||
check_interval=5)
|
check_interval=5)
|
||||||
|
|
||||||
|
LOG.debug("VPN SERVICE STATUS %s", vpn_service['vpnservice']['status'])
|
||||||
LOG.debug("IPSEC_SITE_CONNECTION STATUS: %s",
|
LOG.debug("IPSEC_SITE_CONNECTION STATUS: %s",
|
||||||
ipsec_site_conn['ipsec_site_connection']['status'])
|
ipsec_site_conn['ipsec_site_connection']['status'])
|
||||||
assert('ACTIVE' ==
|
|
||||||
ipsec_site_conn['ipsec_site_connection']['status']), (
|
self._validate_status(vpn_service, ipsec_site_conn, final_status)
|
||||||
"THE INSTANCE IS NOT IN ACTIVE STATE")
|
|
||||||
|
def _validate_status(self, vpn_service, ipsec_site_conn, final_status):
|
||||||
|
"""Validate the statuses of vpn_service, ipsec_site_connection and
|
||||||
|
evaluate the final_status
|
||||||
|
|
||||||
|
:param ipsec_site_conn: ipsec_site_connection of an instance
|
||||||
|
:param vpn_service: vpn_service of an instance
|
||||||
|
:param final_status: status of vpn and ipsec_site_connection instance
|
||||||
|
"""
|
||||||
|
|
||||||
|
assert(final_status == vpn_service['vpnservice']['status']), (
|
||||||
|
"VPN SERVICE IS NOT IN %s STATE" % final_status)
|
||||||
|
assert(final_status == ipsec_site_conn['ipsec_site_connection']
|
||||||
|
['status']), ("THE IPSEC SITE CONNECTION IS NOT IN %s STATE"
|
||||||
|
% final_status)
|
||||||
|
|
||||||
@atomic.action_timer("_verify_vpn_connection")
|
@atomic.action_timer("_verify_vpn_connection")
|
||||||
def _verify_vpn_connection(self, local_index, peer_index):
|
def _verify_vpn_connection(self, local_index, peer_index):
|
||||||
|
@ -337,12 +353,13 @@ class VpnBase(rally_base.OpenStackScenario):
|
||||||
keypairs = []
|
keypairs = []
|
||||||
for x in range(MAX_RESOURCES):
|
for x in range(MAX_RESOURCES):
|
||||||
router, network, subnet, cidr = vpn_utils.create_network(
|
router, network, subnet, cidr = vpn_utils.create_network(
|
||||||
self.neutron_client, self. neutron_admin_client,
|
self.neutron_client, self.neutron_admin_client,
|
||||||
self.suffixes[x])
|
self.suffixes[x])
|
||||||
self.rally_cidrs.append(cidr)
|
self.rally_cidrs.append(cidr)
|
||||||
self.rally_subnets.append(subnet)
|
self.rally_subnets.append(subnet)
|
||||||
self.rally_networks.append(network)
|
self.rally_networks.append(network)
|
||||||
self.rally_routers.append(router)
|
self.rally_routers.append(router)
|
||||||
|
self.router_ids.append(router["router"]['id'])
|
||||||
self.rally_router_gw_ips.append(
|
self.rally_router_gw_ips.append(
|
||||||
router["router"]["external_gateway_info"]
|
router["router"]["external_gateway_info"]
|
||||||
["external_fixed_ips"][0]["ip_address"])
|
["external_fixed_ips"][0]["ip_address"])
|
||||||
|
@ -377,6 +394,16 @@ class VpnBase(rally_base.OpenStackScenario):
|
||||||
"PING FAILED FROM NAMESPACE " + ns + " TO IP "
|
"PING FAILED FROM NAMESPACE " + ns + " TO IP "
|
||||||
+ ip)
|
+ ip)
|
||||||
|
|
||||||
|
def update_router(self, router_id, admin_state_up=False):
|
||||||
|
"""Updates router
|
||||||
|
|
||||||
|
:param router_id: router id
|
||||||
|
:param admin_state_up: update 'admin_state_up' of the router
|
||||||
|
:return:
|
||||||
|
"""
|
||||||
|
req_body = {'router': {'admin_state_up': admin_state_up}}
|
||||||
|
self.neutron_client.update_router(router_id, req_body)
|
||||||
|
|
||||||
def create_vpn_services(self):
|
def create_vpn_services(self):
|
||||||
with LOCK:
|
with LOCK:
|
||||||
for x in range(MAX_RESOURCES):
|
for x in range(MAX_RESOURCES):
|
||||||
|
@ -391,12 +418,12 @@ class VpnBase(rally_base.OpenStackScenario):
|
||||||
self._create_ipsec_site_connection(1, 0, **kwargs)
|
self._create_ipsec_site_connection(1, 0, **kwargs)
|
||||||
]
|
]
|
||||||
|
|
||||||
def assert_statuses(self, **kwargs):
|
def assert_statuses(self, final_status, **kwargs):
|
||||||
LOG.debug("ASSERTING ACTIVE STATUSES FOR VPN-SERVICES AND "
|
LOG.debug("ASSERTING ACTIVE STATUSES FOR VPN-SERVICES AND "
|
||||||
"VPN-CONNECTIONS")
|
"VPN-CONNECTIONS")
|
||||||
for x in range(MAX_RESOURCES):
|
for x in range(MAX_RESOURCES):
|
||||||
self._assert_statuses(self.ipsec_site_connections[x],
|
self._assert_statuses(self.ipsec_site_connections[x],
|
||||||
self.vpn_services[x], **kwargs)
|
self.vpn_services[x], final_status, **kwargs)
|
||||||
|
|
||||||
def assert_vpn_connectivity(self):
|
def assert_vpn_connectivity(self):
|
||||||
LOG.debug("VERIFY THE VPN CONNECTIVITY")
|
LOG.debug("VERIFY THE VPN CONNECTIVITY")
|
||||||
|
|
|
@ -34,3 +34,28 @@
|
||||||
sla:
|
sla:
|
||||||
failure_rate:
|
failure_rate:
|
||||||
max: 0
|
max: 0
|
||||||
|
|
||||||
|
TestVPNStatusScenario.check_vpn_status:
|
||||||
|
-
|
||||||
|
args:
|
||||||
|
flavor:
|
||||||
|
name: "m1.tiny"
|
||||||
|
image:
|
||||||
|
name: {{image_name}}
|
||||||
|
nova_server_boot_timeout: 60 * 6
|
||||||
|
vpn_service_creation_timeout: 100
|
||||||
|
ipsec_site_connection_creation_timeout: 400
|
||||||
|
namespace_creation_timeout: 60
|
||||||
|
|
||||||
|
runner:
|
||||||
|
type: "constant"
|
||||||
|
times: 1
|
||||||
|
concurrency: 1
|
||||||
|
|
||||||
|
context:
|
||||||
|
users:
|
||||||
|
tenants: 1
|
||||||
|
users_per_tenant: 1
|
||||||
|
sla:
|
||||||
|
failure_rate:
|
||||||
|
max: 0
|
||||||
|
|
Loading…
Reference in New Issue