Add new test with remote sg rules.
-dvs_remote_sg_simple -dvs_remote_ip_prefix Change-Id: Ibe859ad484aca579db688eb60b30c8027a928155
This commit is contained in:
parent
2ba6f4b7eb
commit
a30f715e2c
|
@ -12,6 +12,7 @@ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
"""
|
||||
import time
|
||||
|
||||
from devops.error import TimeoutError
|
||||
|
||||
|
@ -124,30 +125,26 @@ def check_connection_vms(os_conn, fip, remote, command='pingv4',
|
|||
"pingv6": "ping6 -c 5 {}",
|
||||
"arping": "sudo arping -I eth0 {}"}
|
||||
|
||||
if not destination_ip:
|
||||
ip_pair = [
|
||||
(ip_1, ip_2)
|
||||
for ip_1 in fip
|
||||
for ip_2 in fip
|
||||
if ip_1 != ip_2]
|
||||
else:
|
||||
ip_pair = [
|
||||
(ip_1, ip_2)
|
||||
for ip_1 in fip
|
||||
for ip_2 in destination_ip]
|
||||
for ips in ip_pair:
|
||||
logger.info("Connect to VM {0}".format(ips[0]))
|
||||
command_result = os_conn.execute_through_host(
|
||||
remote, ips[0],
|
||||
commands[command].format(ips[1]), instance_creds)
|
||||
ip_pair = dict.fromkeys(fip)
|
||||
for key in ip_pair:
|
||||
if destination_ip:
|
||||
ip_pair[key] = destination_ip
|
||||
else:
|
||||
ip_pair[key] = [value for value in fip if key != value]
|
||||
for ip_from in ip_pair:
|
||||
logger.info("Connect to VM {0}".format(ip_from))
|
||||
for ip_to in ip_pair[ip_from]:
|
||||
command_result = os_conn.execute_through_host(
|
||||
remote, ip_from,
|
||||
commands[command].format(ip_to), instance_creds)
|
||||
|
||||
assert_true(
|
||||
result_of_command == command_result['exit_code'],
|
||||
" Command {0} from Vm {1},"
|
||||
" executed with code {2}".format(
|
||||
commands[command].format(ips[1]),
|
||||
ips[0], command_result)
|
||||
)
|
||||
assert_true(
|
||||
result_of_command == command_result['exit_code'],
|
||||
" Command {0} from Vm {1},"
|
||||
" executed with code {2}".format(
|
||||
commands[command].format(ip_to),
|
||||
ip_to, command_result)
|
||||
)
|
||||
|
||||
|
||||
def create_and_assign_floating_ips(os_conn, instances_list):
|
||||
|
@ -161,7 +158,7 @@ def create_and_assign_floating_ips(os_conn, instances_list):
|
|||
ip = os_conn.assign_floating_ip(
|
||||
instance).ip
|
||||
fips.append(ip)
|
||||
wait(lambda: icmp_ping(ip), timeout=60 * 3, interval=5)
|
||||
wait(lambda: icmp_ping(ip), timeout=60 * 5, interval=5)
|
||||
return fips
|
||||
|
||||
|
||||
|
@ -183,21 +180,32 @@ def get_ssh_connection(ip, username, userpassword, timeout=30, port=22):
|
|||
return ssh
|
||||
|
||||
|
||||
def remote_execute_command(instance1_ip, instance2_ip, command):
|
||||
def remote_execute_command(instance1_ip, instance2_ip, command, wait=30):
|
||||
"""Check execute remote command.
|
||||
|
||||
:param instance1: string, instance ip connect from
|
||||
:param instance2: string, instance ip connect to
|
||||
:param command: string, remote command
|
||||
:param wait: integer, time to wait available ip of instances
|
||||
"""
|
||||
ssh = get_ssh_connection(instance1_ip, instance_creds[0],
|
||||
instance_creds[1], timeout=30)
|
||||
|
||||
interm_transp = ssh.get_transport()
|
||||
logger.info("Opening channel to VM")
|
||||
interm_chan = interm_transp.open_channel('direct-tcpip',
|
||||
(instance2_ip, 22),
|
||||
(instance1_ip, 0))
|
||||
try:
|
||||
logger.info("Opening channel between VMs {0} and {1}".format(
|
||||
instance1_ip, instance2_ip))
|
||||
interm_chan = interm_transp.open_channel('direct-tcpip',
|
||||
(instance2_ip, 22),
|
||||
(instance1_ip, 0))
|
||||
except Exception as e:
|
||||
logger.info(
|
||||
"{}. Wait to update sg rules and try to open channel again".format(
|
||||
e))
|
||||
time.sleep(wait)
|
||||
interm_chan = interm_transp.open_channel('direct-tcpip',
|
||||
(instance2_ip, 22),
|
||||
(instance1_ip, 0))
|
||||
logger.info("Opening paramiko transport")
|
||||
transport = paramiko.Transport(interm_chan)
|
||||
logger.info("Starting client")
|
||||
|
|
|
@ -15,10 +15,10 @@ under the License.
|
|||
|
||||
import subprocess
|
||||
|
||||
from proboscis.asserts import assert_true
|
||||
|
||||
from fuelweb_test import logger
|
||||
|
||||
from proboscis.asserts import assert_true
|
||||
|
||||
|
||||
class Vmrun(object):
|
||||
"""Vmrun utilite wrapper."""
|
||||
|
|
|
@ -65,6 +65,25 @@ class TestDVSSystem(TestBasic):
|
|||
instance_creds = (
|
||||
openstack.get_defaults()['os_credentials']['cirros']['user'],
|
||||
openstack.get_defaults()['os_credentials']['cirros']['password'])
|
||||
# security group rules
|
||||
tcp = {
|
||||
"security_group_rule":
|
||||
{"direction": "ingress",
|
||||
"port_range_min": "22",
|
||||
"ethertype": "IPv4",
|
||||
"port_range_max": "22",
|
||||
"protocol": "TCP",
|
||||
"security_group_id": "",
|
||||
"remote_group_id": None,
|
||||
"remote_ip_prefix": None}}
|
||||
icmp = {
|
||||
"security_group_rule":
|
||||
{"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"protocol": "icmp",
|
||||
"security_group_id": "",
|
||||
"remote_group_id": None,
|
||||
"remote_ip_prefix": None}}
|
||||
|
||||
@test(depends_on=[SetupEnvironment.prepare_slaves_5],
|
||||
groups=["dvs_vcenter_systest_setup", 'dvs_vcenter_system'])
|
||||
|
@ -424,21 +443,8 @@ class TestDVSSystem(TestBasic):
|
|||
Duration: 30 min
|
||||
|
||||
"""
|
||||
# security group rules
|
||||
tcp = {
|
||||
"security_group_rule":
|
||||
{"direction": "ingress",
|
||||
"port_range_min": "22",
|
||||
"ethertype": "IPv4",
|
||||
"port_range_max": "22",
|
||||
"protocol": "TCP",
|
||||
"security_group_id": ""}}
|
||||
icmp = {
|
||||
"security_group_rule":
|
||||
{"direction": "ingress",
|
||||
"ethertype": "IPv4",
|
||||
"protocol": "icmp",
|
||||
"security_group_id": ""}}
|
||||
# constants
|
||||
wait_to_update_rules_on_dvs_ports = 30
|
||||
|
||||
self.show_step(1)
|
||||
self.env.revert_snapshot("dvs_vcenter_systest_setup")
|
||||
|
@ -499,19 +505,18 @@ class TestDVSSystem(TestBasic):
|
|||
os_conn.goodbye_security()
|
||||
|
||||
self.show_step(5)
|
||||
sec_name = ['SG1', 'SG2']
|
||||
sg1 = os_conn.nova.security_groups.create(
|
||||
sec_name[0], "descr")
|
||||
'SG1', "descr")
|
||||
self.show_step(6)
|
||||
tcp["security_group_rule"]["security_group_id"] = sg1.id
|
||||
os_conn.neutron.create_security_group_rule(tcp)
|
||||
self.tcp["security_group_rule"]["security_group_id"] = sg1.id
|
||||
os_conn.neutron.create_security_group_rule(self.tcp)
|
||||
|
||||
self.show_step(7)
|
||||
sg2 = os_conn.nova.security_groups.create(
|
||||
sec_name[1], "descr")
|
||||
'SG2', "descr")
|
||||
self.show_step(8)
|
||||
icmp["security_group_rule"]["security_group_id"] = sg2.id
|
||||
os_conn.neutron.create_security_group_rule(icmp)
|
||||
self.icmp["security_group_rule"]["security_group_id"] = sg2.id
|
||||
os_conn.neutron.create_security_group_rule(self.icmp)
|
||||
|
||||
logger.info("""Attach SG_1 and SG2 to instances""")
|
||||
for srv in srv_list:
|
||||
|
@ -540,8 +545,6 @@ class TestDVSSystem(TestBasic):
|
|||
openstack.remote_execute_command(ips[0], ips[1], ' ')
|
||||
|
||||
self.show_step(11)
|
||||
sg_rules = os_conn.neutron.list_security_group_rules()[
|
||||
'security_group_rules']
|
||||
sg_rules = [
|
||||
sg_rule for sg_rule
|
||||
in os_conn.neutron.list_security_group_rules()[
|
||||
|
@ -550,6 +553,8 @@ class TestDVSSystem(TestBasic):
|
|||
for rule in sg_rules:
|
||||
os_conn.neutron.delete_security_group_rule(rule['id'])
|
||||
|
||||
time.sleep(wait_to_update_rules_on_dvs_ports)
|
||||
|
||||
self.show_step(12)
|
||||
for ip in floating_ip:
|
||||
try:
|
||||
|
@ -560,16 +565,16 @@ class TestDVSSystem(TestBasic):
|
|||
logger.info('{}'.format(e))
|
||||
|
||||
self.show_step(13)
|
||||
tcp["security_group_rule"]["security_group_id"] = sg2.id
|
||||
os_conn.neutron.create_security_group_rule(tcp)
|
||||
tcp["security_group_rule"]["direction"] = "egress"
|
||||
os_conn.neutron.create_security_group_rule(tcp)
|
||||
self.tcp["security_group_rule"]["security_group_id"] = sg2.id
|
||||
os_conn.neutron.create_security_group_rule(self.tcp)
|
||||
self.tcp["security_group_rule"]["direction"] = "egress"
|
||||
os_conn.neutron.create_security_group_rule(self.tcp)
|
||||
|
||||
time.sleep(wait_to_update_rules_on_dvs_ports)
|
||||
|
||||
self.show_step(14)
|
||||
for ips in ip_pair:
|
||||
wait(
|
||||
lambda: openstack.remote_execute_command(
|
||||
ips[0], ips[1], ' '), timeout=30, interval=5)
|
||||
openstack.remote_execute_command(ips[0], ips[1], ' ')
|
||||
|
||||
self.show_step(15)
|
||||
openstack.check_connection_vms(
|
||||
|
@ -577,12 +582,14 @@ class TestDVSSystem(TestBasic):
|
|||
command='pingv4', result_of_command=1)
|
||||
|
||||
self.show_step(16)
|
||||
icmp["security_group_rule"]["security_group_id"] = sg1.id
|
||||
os_conn.neutron.create_security_group_rule(icmp)
|
||||
icmp["security_group_rule"]["direction"] = "egress"
|
||||
os_conn.neutron.create_security_group_rule(icmp)
|
||||
logger.info(
|
||||
"Add Ingress and egress rules for ICMP protocol to SG_1")
|
||||
self.icmp["security_group_rule"]["security_group_id"] = sg1.id
|
||||
os_conn.neutron.create_security_group_rule(self.icmp)
|
||||
self.icmp["security_group_rule"]["direction"] = "egress"
|
||||
os_conn.neutron.create_security_group_rule(self.icmp)
|
||||
|
||||
time.sleep(30) # need wait to update rules on dvs ports
|
||||
time.sleep(wait_to_update_rules_on_dvs_ports)
|
||||
self.show_step(17)
|
||||
openstack.check_connection_vms(
|
||||
os_conn, floating_ip, remote=ssh_contr,
|
||||
|
@ -597,7 +604,8 @@ class TestDVSSystem(TestBasic):
|
|||
for srv in srv_list:
|
||||
srv.add_security_group('default')
|
||||
|
||||
time.sleep(30) # need wait to update rules on dvs ports
|
||||
time.sleep(wait_to_update_rules_on_dvs_ports)
|
||||
|
||||
self.show_step(23)
|
||||
openstack.check_connection_vms(
|
||||
os_conn, floating_ip, remote=ssh_contr,
|
||||
|
@ -1480,3 +1488,341 @@ class TestDVSSystem(TestBasic):
|
|||
"Timeout is reached. Current state of stack is {}".format(
|
||||
current_state)
|
||||
)
|
||||
|
||||
@test(depends_on=[dvs_vcenter_systest_setup],
|
||||
groups=["dvs_remote_sg_simple"])
|
||||
@log_snapshot_after_test
|
||||
def dvs_remote_sg_simple(self):
|
||||
"""Simple remote security group rules.
|
||||
|
||||
Verify that network traffic is allowed/prohibited to instances
|
||||
according security groups rules.
|
||||
|
||||
Scenario:
|
||||
1. Setup for system tests.
|
||||
2. Create net_1: net01__subnet, 192.168.1.0/24, and attach it to
|
||||
the router01.
|
||||
3. Create security groups: SG1, SG2
|
||||
4. Delete all defaults egress rules of SG1 and SG2.
|
||||
5. Add icmp rule to SG1:
|
||||
Ingress rule with ip protocol 'icmp ', port range any, SG group
|
||||
'SG1'
|
||||
Egress rule with ip protocol 'icmp ', port range any, SG group
|
||||
'SG1'
|
||||
6. Add icmp rule to SG2:
|
||||
Ingress rule with ip protocol 'icmp ', port range any, SG group
|
||||
'SG2'
|
||||
Egress rule with ip protocol 'icmp ', port range any, SG group
|
||||
'SG2'
|
||||
7. Launch 2 instance of vcenter az with SG1 in net1.
|
||||
Launch 2 instance of nova az with SG1 in net1.
|
||||
8. Launch 2 instance of vcenter az with SG2 in net1.
|
||||
Launch 2 instance of nova az with SG2 in net1.
|
||||
9. Verify that icmp ping is enabled between VMs from SG1.
|
||||
10. Verify that icmp ping is enabled between instances from SG2.
|
||||
11. Verify that icmp ping is not enabled between instances from SG1
|
||||
and VMs from SG2.
|
||||
|
||||
"""
|
||||
self.show_step(1)
|
||||
self.env.revert_snapshot("dvs_vcenter_systest_setup")
|
||||
cluster_id = self.fuel_web.get_last_created_cluster()
|
||||
|
||||
os_ip = self.fuel_web.get_public_vip(cluster_id)
|
||||
admin = os_actions.OpenStackActions(
|
||||
os_ip, SERVTEST_USERNAME,
|
||||
SERVTEST_PASSWORD,
|
||||
SERVTEST_TENANT)
|
||||
|
||||
tenant = admin.get_tenant(SERVTEST_TENANT)
|
||||
|
||||
# create security group with rules for ssh and ping
|
||||
security_group = admin.create_sec_group_for_ssh()
|
||||
|
||||
self.show_step(2)
|
||||
network = admin.create_network(
|
||||
network_name=self.net_data[0].keys()[0],
|
||||
tenant_id=tenant.id)['network']
|
||||
|
||||
subnet = admin.create_subnet(
|
||||
subnet_name=network['name'],
|
||||
network_id=network['id'],
|
||||
cidr=self.net_data[0][self.net_data[0].keys()[0]],
|
||||
ip_version=4)
|
||||
|
||||
# Check that network are created.
|
||||
assert_true(
|
||||
admin.get_network(network['name'])['id'] == network['id']
|
||||
)
|
||||
# Create Router_01, set gateway and add interface
|
||||
# to external network.
|
||||
router_1 = admin.create_router(
|
||||
'router_1',
|
||||
tenant=tenant)
|
||||
|
||||
# Add net_1 to router_1
|
||||
admin.add_router_interface(
|
||||
router_id=router_1["id"],
|
||||
subnet_id=subnet["id"])
|
||||
|
||||
self.show_step(3)
|
||||
sg1 = admin.nova.security_groups.create(
|
||||
'SG1', "descr")
|
||||
sg2 = admin.nova.security_groups.create(
|
||||
'SG2', "descr")
|
||||
|
||||
self.show_step(4)
|
||||
sg_rules = [
|
||||
sg_rule for sg_rule
|
||||
in admin.neutron.list_security_group_rules()[
|
||||
'security_group_rules']
|
||||
if sg_rule['security_group_id'] in [sg1.id, sg2.id]]
|
||||
for rule in sg_rules:
|
||||
admin.neutron.delete_security_group_rule(rule['id'])
|
||||
self.show_step(5)
|
||||
self.show_step(6)
|
||||
for sg in [sg1, sg2]:
|
||||
for rule in [self.icmp, self.tcp]:
|
||||
rule["security_group_rule"]["security_group_id"] = sg.id
|
||||
rule["security_group_rule"]["remote_group_id"] = sg.id
|
||||
rule["security_group_rule"]["direction"] = "ingress"
|
||||
admin.neutron.create_security_group_rule(rule)
|
||||
rule["security_group_rule"]["direction"] = "egress"
|
||||
admin.neutron.create_security_group_rule(rule)
|
||||
|
||||
# create access_point to instances from SG1 and SG2
|
||||
access_point, access_point_ip = openstack.create_access_point(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
security_groups=[security_group.name, sg1.name, sg2.name])
|
||||
|
||||
self.show_step(7)
|
||||
istances_sg1 = openstack.create_instances(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
vm_count=1,
|
||||
security_groups=[sg1.name])
|
||||
|
||||
self.show_step(8)
|
||||
istances_sg2 = openstack.create_instances(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
vm_count=1,
|
||||
security_groups=[sg2.name])
|
||||
openstack.verify_instance_state(admin)
|
||||
|
||||
# Get private ips of instances
|
||||
ips = {}
|
||||
ips['SG1'] = [
|
||||
admin.get_nova_instance_ip(instance, net_name=network['name'])
|
||||
for instance in istances_sg1]
|
||||
ips['SG2'] = [
|
||||
admin.get_nova_instance_ip(instance, net_name=network['name'])
|
||||
for instance in istances_sg2]
|
||||
|
||||
self.show_step(9)
|
||||
self.show_step(10)
|
||||
for group in ips:
|
||||
for ip_1 in ips[group]:
|
||||
for ip_2 in ips[group]:
|
||||
if ip_2 != ip_1:
|
||||
ping_result = openstack.remote_execute_command(
|
||||
access_point_ip, ip_1, "ping -c 5 {}".format(ip_2),
|
||||
wait=60 * 4)
|
||||
assert_true(
|
||||
ping_result['exit_code'] == 0,
|
||||
"Ping isn't available from {0} to {1}".format(
|
||||
ip_1, ip_2)
|
||||
)
|
||||
|
||||
self.show_step(11)
|
||||
for ip_1 in ips['SG1']:
|
||||
for ip_2 in ips['SG2']:
|
||||
ping_result = openstack.remote_execute_command(
|
||||
access_point_ip, ip_1, "ping -c 5 {}".format(ip_2))
|
||||
assert_true(
|
||||
ping_result['exit_code'] == 1,
|
||||
"Ping is available from {0} to {1}".format(ip_1, ip_2)
|
||||
)
|
||||
|
||||
@test(depends_on=[dvs_vcenter_systest_setup],
|
||||
groups=["dvs_remote_ip_prefix"])
|
||||
@log_snapshot_after_test
|
||||
def dvs_remote_ip_prefix(self):
|
||||
"""Security group rules with remote ip prefix.
|
||||
|
||||
Check connection between instances,
|
||||
according security group rules with remote ip prefix.
|
||||
|
||||
Scenario:
|
||||
1. Setup for system tests.
|
||||
2. Create net_1: net01__subnet, 192.168.1.0/24, and attach it to
|
||||
the router01.
|
||||
3. Create instance 'VM1' of any availability zone in the
|
||||
default internal network. Associate floating ip.
|
||||
4. Create instance 'VM2' of any availability zone in the
|
||||
default internal network. Associate floating ip.
|
||||
5. Create security groups: SG1 SG2
|
||||
6. Delete all defaults egress rules of SG1 and SG2.
|
||||
7. Add icmp rule to SG1:
|
||||
Ingress rule with ip protocol 'icmp ', port range any,
|
||||
remote ip prefix <floating ip of VM1>
|
||||
Egress rule with ip protocol 'icmp ', port range any,
|
||||
remote ip prefix <floating ip of VM1>
|
||||
8. Add ssh rule to SG2:
|
||||
Ingress rule with ip protocol tcp ', port range any,
|
||||
<internal ip of VM2>
|
||||
Egress rule with ip protocol 'tcp ', port range any,
|
||||
<internal ip of VM2>
|
||||
9. Launch 2 instance 'VM3' and 'VM4' of vcenter az with SG1 and
|
||||
SG2 in net1.
|
||||
Launch 2 instance 'VM5' and 'VM6' of nova az with SG1 and SG2
|
||||
in net1.
|
||||
10. Verify that icmp ping is enabled from 'VM3', 'VM4', 'VM5' and
|
||||
'VM6' to VM1 and vice versa.
|
||||
11. Verify that icmp ping is blocked between 'VM3', 'VM4', 'VM5'
|
||||
and 'VM6' and vice versa.
|
||||
12. Verify that ssh is enabled from 'VM3', 'VM4', 'VM5' and 'VM6'
|
||||
to VM2 and vice versa.
|
||||
13. Verify that ssh is blocked between 'VM3', 'VM4', 'VM5' and
|
||||
'VM6' and vice versa.
|
||||
|
||||
"""
|
||||
self.show_step(1)
|
||||
self.env.revert_snapshot("dvs_vcenter_systest_setup")
|
||||
cluster_id = self.fuel_web.get_last_created_cluster()
|
||||
|
||||
os_ip = self.fuel_web.get_public_vip(cluster_id)
|
||||
admin = os_actions.OpenStackActions(
|
||||
os_ip, SERVTEST_USERNAME,
|
||||
SERVTEST_PASSWORD,
|
||||
SERVTEST_TENANT)
|
||||
|
||||
tenant = admin.get_tenant(SERVTEST_TENANT)
|
||||
|
||||
# create security group with rules for ssh and ping
|
||||
security_group = admin.create_sec_group_for_ssh()
|
||||
|
||||
self.show_step(2)
|
||||
network = admin.create_network(
|
||||
network_name=self.net_data[0].keys()[0],
|
||||
tenant_id=tenant.id)['network']
|
||||
|
||||
subnet = admin.create_subnet(
|
||||
subnet_name=network['name'],
|
||||
network_id=network['id'],
|
||||
cidr=self.net_data[0][self.net_data[0].keys()[0]],
|
||||
ip_version=4)
|
||||
|
||||
# Check that network are created.
|
||||
assert_true(
|
||||
admin.get_network(network['name'])['id'] == network['id']
|
||||
)
|
||||
# Create Router_01, set gateway and add interface
|
||||
# to external network.
|
||||
router_1 = admin.create_router(
|
||||
'router_1',
|
||||
tenant=tenant)
|
||||
|
||||
# Add net_1 to router_1
|
||||
admin.add_router_interface(
|
||||
router_id=router_1["id"],
|
||||
subnet_id=subnet["id"])
|
||||
|
||||
self.show_step(5)
|
||||
sg1 = admin.nova.security_groups.create(
|
||||
'SG1', "descr")
|
||||
sg2 = admin.nova.security_groups.create(
|
||||
'SG2', "descr")
|
||||
|
||||
self.show_step(3)
|
||||
access_point_1, access_point_ip_1 = openstack.create_access_point(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
security_groups=[security_group.name, sg1.name])
|
||||
|
||||
self.show_step(4)
|
||||
access_point_2, access_point_ip_2 = openstack.create_access_point(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
security_groups=[security_group.name, sg2.name])
|
||||
|
||||
self.show_step(6)
|
||||
sg_rules = [
|
||||
sg_rule for sg_rule
|
||||
in admin.neutron.list_security_group_rules()[
|
||||
'security_group_rules']
|
||||
if sg_rule['security_group_id'] in [sg1.id, sg2.id]]
|
||||
for rule in sg_rules:
|
||||
admin.neutron.delete_security_group_rule(rule['id'])
|
||||
|
||||
self.show_step(7)
|
||||
for rule in [self.icmp, self.tcp]:
|
||||
rule["security_group_rule"]["security_group_id"] = sg1.id
|
||||
rule["security_group_rule"]["remote_ip_prefix"] = access_point_ip_1
|
||||
rule["security_group_rule"]["direction"] = "ingress"
|
||||
admin.neutron.create_security_group_rule(rule)
|
||||
rule["security_group_rule"]["direction"] = "egress"
|
||||
admin.neutron.create_security_group_rule(rule)
|
||||
|
||||
# get private ip of access_point_2
|
||||
private_ip = admin.get_nova_instance_ip(
|
||||
access_point_2, net_name=network['name'])
|
||||
|
||||
self.show_step(8)
|
||||
self.tcp["security_group_rule"]["security_group_id"] = sg2.id
|
||||
self.tcp["security_group_rule"]["remote_ip_prefix"] = private_ip
|
||||
admin.neutron.create_security_group_rule(self.tcp)
|
||||
self.tcp["security_group_rule"]["direction"] = "ingress"
|
||||
admin.neutron.create_security_group_rule(self.tcp)
|
||||
|
||||
self.show_step(9)
|
||||
istances_sg1 = openstack.create_instances(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
vm_count=1,
|
||||
security_groups=[sg1.name])
|
||||
|
||||
istances_sg2 = openstack.create_instances(
|
||||
os_conn=admin, nics=[{'net-id': network['id']}],
|
||||
vm_count=1,
|
||||
security_groups=[sg2.name])
|
||||
openstack.verify_instance_state(admin)
|
||||
|
||||
# Get private ips of instances
|
||||
ips = {}
|
||||
ips['SG1'] = [
|
||||
admin.assign_floating_ip(instance).ip
|
||||
for instance in istances_sg1]
|
||||
ips['SG2'] = [
|
||||
admin.get_nova_instance_ip(instance, net_name=network['name'])
|
||||
for instance in istances_sg2]
|
||||
|
||||
self.show_step(10)
|
||||
for ip in ips['SG1']:
|
||||
ping_result = openstack.remote_execute_command(
|
||||
access_point_ip_1, ip, "ping -c 5 {}".format(
|
||||
access_point_ip_1), wait=60 * 4)
|
||||
assert_true(
|
||||
ping_result['exit_code'] == 0,
|
||||
"Ping isn't available from {0} to {1}".format(
|
||||
ip, access_point_ip_1)
|
||||
)
|
||||
|
||||
self.show_step(11)
|
||||
for ip_1 in ips['SG1']:
|
||||
for ip_2 in ips['SG1']:
|
||||
if ip_1 != ip_2:
|
||||
ping_result = openstack.remote_execute_command(
|
||||
access_point_ip_1, ip_1, "ping -c 5 {}".format(ip_2))
|
||||
assert_true(
|
||||
ping_result['exit_code'] == 1,
|
||||
"Ping is available from {0} to {1}".format(
|
||||
ip_1, ip_2)
|
||||
)
|
||||
|
||||
self.show_step(12)
|
||||
self.show_step(13)
|
||||
for ip_1 in ips['SG2']:
|
||||
for ip_2 in ips['SG2']:
|
||||
if ip_1 != ip_2:
|
||||
try:
|
||||
openstack.remote_execute_command(
|
||||
access_point_ip_2, ip_1,
|
||||
" ")
|
||||
except Exception as e:
|
||||
logger.info('{}'.format(e))
|
||||
|
|
Loading…
Reference in New Issue