69 lines
2.9 KiB
Python
69 lines
2.9 KiB
Python
# Copyright 2015 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from rally.common import logging
|
|
from rally.task import scenario
|
|
from rally.task import types
|
|
|
|
import vpn_base
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class TestVpnBasicScenario(vpn_base.VpnBase):
|
|
"""Rally scenarios for VPNaaS"""
|
|
|
|
@types.convert(image={"type": "glance_image"},
|
|
flavor={"type": "nova_flavor"})
|
|
@scenario.configure()
|
|
def create_and_delete_vpn_connection(self, **kwargs):
|
|
"""Basic VPN connectivity scenario.
|
|
|
|
1. Create 2 private networks, subnets and routers
|
|
2. Create public network, subnets and GW IPs on routers, if not present
|
|
3. Execute ip netns command and get the snat and qrouter namespaces
|
|
(assuming we use DVR)
|
|
4. Verify that there is a route between the router gateways by pinging
|
|
each other from their snat namespaces
|
|
5. Add security group rules for SSH and ICMP
|
|
6. Start a nova instance in each of the private networks
|
|
7. Create IKE and IPSEC policies
|
|
8. Create VPN service at each of the routers
|
|
9. Create IPSEC site connections at both endpoints
|
|
10. Verify that the ipsec-site-connection is ACTIVE (takes upto 30secs)
|
|
11. To verify the vpn connectivity, get into the peer router's snat
|
|
namespace and start a tcpdump at the qg-xxxx interface
|
|
12. SSH into the nova instance from the local qrouter namespace
|
|
and try to ping the nova instance on the peer network.
|
|
14. Verify that the captured packets are encapsulated and encrypted.
|
|
15. Verify the connectivity in the reverse direction following the
|
|
steps 11 through 13
|
|
16. Submit a request to delete all the resources
|
|
"""
|
|
|
|
try:
|
|
self.setup(**kwargs)
|
|
self.create_networks(**kwargs)
|
|
self.create_servers(**kwargs)
|
|
self.check_route()
|
|
self.ike_policy = self._create_ike_policy(**kwargs)
|
|
self.ipsec_policy = self._create_ipsec_policy(**kwargs)
|
|
self.create_vpn_services()
|
|
self.create_ipsec_site_connections(**kwargs)
|
|
self.assert_statuses(final_status='ACTIVE', **kwargs)
|
|
self.verify_vpn_connectivity(**kwargs)
|
|
LOG.info("VPN CONNECTIVITY TEST PASSED!")
|
|
|
|
finally:
|
|
self.cleanup()
|