Added custom security group with ICMP and SSH rules.
[snaps.git] / snaps / provisioning / tests / ansible_utils_tests.py
1 # Copyright (c) 2017 Cable Television Laboratories, Inc. ("CableLabs")
2 #                    and others.  All rights reserved.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at:
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15
16 import os
17 import uuid
18 from scp import SCPClient
19 from snaps.openstack.create_security_group import SecurityGroupRuleSettings, Direction, Protocol, \
20     OpenStackSecurityGroup, SecurityGroupSettings
21
22 from snaps.openstack import create_flavor
23 from snaps.openstack import create_instance
24 from snaps.openstack import create_image
25 from snaps.openstack import create_keypairs
26 from snaps.openstack import create_network
27 from snaps.openstack import create_router
28 from snaps.openstack.tests import openstack_tests, create_instance_tests
29 from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase
30 from snaps.provisioning import ansible_utils
31
32 VM_BOOT_TIMEOUT = 600
33
34 ip_1 = '10.0.1.100'
35 ip_2 = '10.0.1.200'
36
37
38 class AnsibleProvisioningTests(OSIntegrationTestCase):
39     """
40     Test for the CreateInstance class with two NIC/Ports, eth0 with floating IP and eth1 w/o
41     """
42
43     def setUp(self):
44         """
45         Instantiates the CreateImage object that is responsible for downloading and creating an OS image file
46         within OpenStack
47         """
48         super(self.__class__, self).__start__()
49
50         guid = self.__class__.__name__ + '-' + str(uuid.uuid4())
51         self.keypair_priv_filepath = 'tmp/' + guid
52         self.keypair_pub_filepath = self.keypair_priv_filepath + '.pub'
53         self.keypair_name = guid + '-kp'
54         self.vm_inst_name = guid + '-inst'
55         self.test_file_local_path = 'tmp/' + guid + '-hello.txt'
56         self.port_1_name = guid + '-port-1'
57         self.port_2_name = guid + '-port-2'
58         self.floating_ip_name = guid + 'fip1'
59
60         # Setup members to cleanup just in case they don't get created
61         self.inst_creator = None
62         self.keypair_creator = None
63         self.sec_grp_creator = None
64         self.flavor_creator = None
65         self.router_creator = None
66         self.network_creator = None
67         self.image_creator = None
68
69         try:
70             # Create Image
71             os_image_settings = openstack_tests.ubuntu_image_settings(name=guid + '-' + '-image',
72                                                                       image_metadata=self.image_metadata)
73             self.image_creator = create_image.OpenStackImage(self.os_creds, os_image_settings)
74             self.image_creator.create()
75
76             # First network is public
77             self.pub_net_config = openstack_tests.get_pub_net_config(
78                 net_name=guid + '-pub-net', subnet_name=guid + '-pub-subnet',
79                 router_name=guid + '-pub-router', external_net=self.ext_net_name)
80
81             self.network_creator = create_network.OpenStackNetwork(self.os_creds, self.pub_net_config.network_settings)
82             self.network_creator.create()
83
84             # Create routers
85             self.router_creator = create_router.OpenStackRouter(self.os_creds, self.pub_net_config.router_settings)
86             self.router_creator.create()
87
88             # Create Flavor
89             self.flavor_creator = create_flavor.OpenStackFlavor(
90                 self.admin_os_creds,
91                 create_flavor.FlavorSettings(name=guid + '-flavor-name', ram=2048, disk=10, vcpus=2,
92                                              metadata=self.flavor_metadata))
93             self.flavor_creator.create()
94
95             # Create Key/Pair
96             self.keypair_creator = create_keypairs.OpenStackKeypair(
97                 self.os_creds, create_keypairs.KeypairSettings(
98                     name=self.keypair_name, public_filepath=self.keypair_pub_filepath,
99                     private_filepath=self.keypair_priv_filepath))
100             self.keypair_creator.create()
101
102             # Create Security Group
103             sec_grp_name = guid + '-sec-grp'
104             rule1 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress,
105                                               protocol=Protocol.icmp)
106             rule2 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress,
107                                               protocol=Protocol.tcp, port_range_min=22, port_range_max=22)
108             self.sec_grp_creator = OpenStackSecurityGroup(
109                 self.os_creds,
110                 SecurityGroupSettings(name=sec_grp_name, rule_settings=[rule1, rule2]))
111             self.sec_grp_creator.create()
112
113             # Create instance
114             ports_settings = list()
115             ports_settings.append(
116                 create_network.PortSettings(name=self.port_1_name,
117                                             network_name=self.pub_net_config.network_settings.name))
118
119             instance_settings = create_instance.VmInstanceSettings(
120                 name=self.vm_inst_name, flavor=self.flavor_creator.flavor_settings.name, port_settings=ports_settings,
121                 floating_ip_settings=[create_instance.FloatingIpSettings(
122                     name=self.floating_ip_name, port_name=self.port_1_name,
123                     router_name=self.pub_net_config.router_settings.name)])
124
125             self.inst_creator = create_instance.OpenStackVmInstance(
126                 self.os_creds, instance_settings, self.image_creator.image_settings,
127                 keypair_settings=self.keypair_creator.keypair_settings)
128         except:
129             self.tearDown()
130             raise
131
132     def tearDown(self):
133         """
134         Cleans the created objects
135         """
136         if self.inst_creator:
137             self.inst_creator.clean()
138
139         if self.keypair_creator:
140             self.keypair_creator.clean()
141
142         if self.flavor_creator:
143             self.flavor_creator.clean()
144
145         if os.path.isfile(self.keypair_pub_filepath):
146             os.remove(self.keypair_pub_filepath)
147
148         if os.path.isfile(self.keypair_priv_filepath):
149             os.remove(self.keypair_priv_filepath)
150
151         if self.router_creator:
152             self.router_creator.clean()
153
154         if self.network_creator:
155             self.network_creator.clean()
156
157         if self.image_creator and not self.image_creator.image_settings.exists:
158             self.image_creator.clean()
159
160         if os.path.isfile(self.test_file_local_path):
161             os.remove(self.test_file_local_path)
162
163         super(self.__class__, self).__clean__()
164
165     def test_apply_simple_playbook(self):
166         """
167         Tests application of an Ansible playbook that simply copies over a file:
168         1. Have a ~/.ansible.cfg (or alternate means) to set host_key_checking = False
169         2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False
170         Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail.
171         """
172         vm = self.inst_creator.create(block=True)
173
174         # Block until VM's ssh port has been opened
175         self.assertTrue(self.inst_creator.vm_ssh_active(block=True))
176
177         priv_ip = self.inst_creator.get_port_ip(self.port_1_name)
178         self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip))
179
180         # Apply Security Group
181         self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group())
182
183         ssh_client = self.inst_creator.ssh_client()
184         self.assertIsNotNone(ssh_client)
185         out = ssh_client.exec_command('pwd')[1].channel.in_buffer.read(1024)
186         self.assertIsNotNone(out)
187         self.assertGreater(len(out), 1)
188
189         # Need to use the first floating IP as subsequent ones are currently broken with Apex CO
190         ip = self.inst_creator.get_floating_ip().ip
191         user = self.inst_creator.get_image_user()
192         priv_key = self.inst_creator.keypair_settings.private_filepath
193
194         retval = self.inst_creator.apply_ansible_playbook('provisioning/tests/playbooks/simple_playbook.yml')
195         self.assertEqual(0, retval)
196
197         ssh = ansible_utils.ssh_client(ip, user, priv_key, self.os_creds.proxy_settings)
198         self.assertIsNotNone(ssh)
199         scp = SCPClient(ssh.get_transport())
200         scp.get('~/hello.txt', self.test_file_local_path)
201
202         self.assertTrue(os.path.isfile(self.test_file_local_path))
203
204         with open(self.test_file_local_path) as f:
205             file_contents = f.readline()
206             self.assertEqual('Hello World!', file_contents)
207
208     def test_apply_template_playbook(self):
209         """
210         Tests application of an Ansible playbook that applies a template to a file:
211         1. Have a ~/.ansible.cfg (or alternate means) to set host_key_checking = False
212         2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False
213         Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail.
214         """
215         vm = self.inst_creator.create(block=True)
216
217         # Block until VM's ssh port has been opened
218         self.assertTrue(self.inst_creator.vm_ssh_active(block=True))
219
220         priv_ip = self.inst_creator.get_port_ip(self.port_1_name)
221         self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip))
222
223         # Apply Security Group
224         self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group())
225
226         # Need to use the first floating IP as subsequent ones are currently broken with Apex CO
227         ip = self.inst_creator.get_floating_ip().ip
228         user = self.inst_creator.get_image_user()
229         priv_key = self.inst_creator.keypair_settings.private_filepath
230
231         retval = self.inst_creator.apply_ansible_playbook('provisioning/tests/playbooks/template_playbook.yml',
232                                                           variables={'name': 'Foo'})
233         self.assertEqual(0, retval)
234
235         ssh = ansible_utils.ssh_client(ip, user, priv_key, self.os_creds.proxy_settings)
236         self.assertIsNotNone(ssh)
237         scp = SCPClient(ssh.get_transport())
238         scp.get('/tmp/hello.txt', self.test_file_local_path)
239
240         self.assertTrue(os.path.isfile(self.test_file_local_path))
241
242         with open(self.test_file_local_path) as f:
243             file_contents = f.readline()
244             self.assertEqual('Hello Foo!', file_contents)