import logging
import re
import os
import aexpect
from autotest.client.shared import error
from autotest.client.shared import utils
from virttest import utils_net
from virttest import remote
from virttest import data_dir
@error.context_aware
def run(test, params, env):
"""
Test Step:
1. Boot up guest using the openvswitch bridge
2. Setup related service in test enviroment(http, ftp etc.)(optional)
3. Access the service in guest
4. Setup access control rules in ovs to disable the access
5. Access the service in guest
6. Setup access control rules in ovs to enable the access
7. Access the service in guest
8. Delete the access control rules in ovs
9. Access the service in guest
Params:
:param test: QEMU test object
:param params: Dictionary with the test parameters
:param env: Dictionary with test environment.
"""
def access_service(access_sys, access_targets, disabled, host_ip,
ref=False):
err_msg = ""
err_type = ""
for asys in access_sys:
for atgt in access_targets:
logging.debug("Try to access target %s from %s" % (atgt, asys))
access_params = access_sys[asys]
atgt_disabled = access_params['disabled_%s' % atgt]
if asys in vms_tags:
vm = env.get_vm(asys)
session = vm.wait_for_login(timeout=timeout)
run_func = session.cmd
remote_src = vm
ssh_src_ip = vm.get_address()
else:
run_func = utils.system_output
remote_src = "localhost"
ssh_src_ip = host_ip
if atgt in vms_tags:
vm = env.get_vm(atgt)
access_re_sub_string = vm.wait_for_get_address(0)
else:
access_re_sub_string = host_ip
access_cmd = re.sub("ACCESS_TARGET", access_re_sub_string,
access_params['access_cmd'])
ref_cmd = re.sub("ACCESS_TARGET", access_re_sub_string,
access_params['ref_cmd'])
if access_cmd in ["ssh", "telnet"]:
if atgt in vms_tags:
target_vm = env.get_vm(atgt)
target_ip = target_vm.get_address()
else:
target_vm = "localhost"
target_ip = host_ip
out = ""
out_err = ""
try:
out = remote_login(access_cmd, target_ip,
remote_src, params, host_ip)
stat = 0
except remote.LoginError, err:
stat = 1
out_err = "Failed to login %s " % atgt
out_err += "from %s, err: %s" % (asys, err.output)
try:
out += remote_login(access_cmd, ssh_src_ip,
target_vm, params, host_ip)
except remote.LoginError, err:
stat += 1
out_err += "Failed to login %s " % asys
out_err += "from %s, err: %s" % (atgt, err.output)
if out_err:
out = out_err
else:
try:
out = run_func(access_cmd, timeout=op_timeout)
stat = 0
check_string = access_params.get("check_from_output")
if check_string and check_string in out:
stat = 1
except (aexpect.ShellCmdError, error.CmdError,
aexpect.ShellTimeoutError), err:
if isinstance(err, error.CmdError):
out = err.result_obj.stderr
stat = err.result_obj.exit_status
else:
out = err.output
if isinstance(err, aexpect.ShellTimeoutError):
stat = 1
session.close()
session = vm.wait_for_login(timeout=timeout)
run_func = session.cmd
else:
stat = err.status
if access_params.get("clean_cmd"):
try:
run_func(access_params['clean_cmd'])
except Exception:
pass
if disabled and atgt_disabled and stat == 0:
err_msg += "Still can access %s after" % atgt
err_msg += " disable it from ovs. "
err_msg += "Command: %s. " % access_cmd
err_msg += "Output: %s" % out
if disabled and atgt_disabled and stat != 0:
logging.debug("Can not access target as expect.")
if not disabled and stat != 0:
if ref:
err_msg += "Can not access %s at the" % atgt
err_msg += " beginning. Please check your setup."
err_type = "ref"
else:
err_msg += "Still can not access %s" % atgt
err_msg += " after enable the access"
err_msg += "Command: %s. " % access_cmd
err_msg += "Output: %s" % out
if err_msg:
session.close()
if err_type == "ref":
raise error.TestNAError(err_msg)
raise error.TestFail(err_msg)
if not ref_cmd:
session.close()
return
try:
out = run_func(ref_cmd, timeout=op_timeout)
stat = 0
except (aexpect.ShellCmdError, error.CmdError,
aexpect.ShellTimeoutError), err:
if isinstance(err, error.CmdError):
out = err.result_obj.stderr
stat = err.result_obj.exit_status
else:
out = err.output
if isinstance(err, aexpect.ShellTimeoutError):
stat = 1
else:
stat = err.status
if stat != 0:
if ref:
err_msg += "Refernce command failed at beginning."
err_type = "ref"
else:
err_msg += "Refernce command failed after setup"
err_msg += " the rules"
err_msg += "Command: %s. " % ref_cmd
err_msg += "Output: %s" % out
if err_msg:
session.close()
if err_type == "ref":
raise error.TestNAError(err_msg)
raise error.TestFail(err_msg)
session.close()
def get_acl_cmd(protocol, in_port, action, extra_options):
acl_cmd = protocol.strip()
acl_cmd += ",in_port=%s" % in_port.strip()
if extra_options.strip():
acl_cmd += ",%s" % ",".join(extra_options.strip().split())
if action.strip():
acl_cmd += ",action=%s" % action.strip()
return acl_cmd
def acl_rules_check(acl_rules, acl_setup_cmd):
acl_setup_cmd = re.sub("action=", "actions=", acl_setup_cmd)
acl_option = re.split(",", acl_setup_cmd)
for line in acl_rules.splitlines():
rule = [_.lower() for _ in re.split("[ ,]", line) if _]
item_in_rule = 0
for acl_item in acl_option:
if acl_item.lower() in rule:
item_in_rule += 1
if item_in_rule == len(acl_option):
return True
return False
def remote_login(client, host, src, params_login, host_ip):
src_name = src
if src != "localhost":
src_name = src.name
logging.info("Login %s from %s" % (host, src))
port = params_login["target_port"]
username = params_login["username"]
password = params_login["password"]
prompt = params_login["shell_prompt"]
linesep = eval("'%s'" % params_login.get("shell_linesep", r"\n"))
quit_cmd = params.get("quit_cmd", "exit")
if host == host_ip:
# Try to login from guest to host.
prompt = "^\[.*\][\#\$]\s*$"
linesep = "\n"
username = params_login["host_username"]
password = params_login["host_password"]
quit_cmd = "exit"
if client == "ssh":
# We only support ssh for Linux in this test
cmd = ("ssh -o UserKnownHostsFile=/dev/null "
"-o StrictHostKeyChecking=no "
"-o PreferredAuthentications=password -p %s %[email protected]%s" %
(port, username, host))
elif client == "telnet":
cmd = "telnet -l %s %s %s" % (username, host, port)
else:
raise remote.LoginBadClientError(client)
if src == "localhost":
logging.debug("Login with command %s" % cmd)
session = aexpect.ShellSession(cmd, linesep=linesep, prompt=prompt)
else:
if params_login.get("os_type") == "windows":
if client == "telnet":
cmd = "C:\\telnet.py %s %s " % (host, username)
cmd += "%s \"%s\" && " % (password, prompt)
cmd += "C:\\wait_for_quit.py"
cmd = "%s || ping 127.0.0.1 -n 5 -w 1000 > nul" % cmd
else:
cmd += " || sleep 5"
session = src.wait_for_login()
logging.debug("Sending login command: %s" % cmd)
session.sendline(cmd)
try:
out = remote.handle_prompts(session, username, password,
prompt, timeout, debug=True)
except Exception, err:
session.close()
raise err
try:
session.cmd(quit_cmd)
session.close()
except Exception:
pass
return out
def setup_service(setup_target):
setup_timeout = int(params.get("setup_timeout", 360))
if setup_target == "localhost":
setup_func = utils.system_output
os_type = "linux"
else:
setup_vm = env.get_vm(setup_target)
setup_session = setup_vm.wait_for_login(timeout=timeout)
setup_func = setup_session.cmd
os_type = params["os_type"]
setup_params = params.object_params(os_type)
setup_cmd = setup_params.get("setup_cmd", "service SERVICE restart")
prepare_cmd = setup_params.get("prepare_cmd")
setup_cmd = re.sub("SERVICE", setup_params.get("service", ""),
setup_cmd)
error.context("Set up %s service in %s" % (setup_params.get("service"),
setup_target),
logging.info)
if prepare_cmd:
setup_func(prepare_cmd, timeout=setup_timeout)
setup_func(setup_cmd, timeout=setup_timeout)
if setup_target != "localhost":
setup_session.close()
def stop_service(setup_target):
setup_timeout = int(params.get("setup_timeout", 360))
if setup_target == "localhost":
setup_func = utils.system_output
os_type = "linux"
else:
setup_vm = env.get_vm(setup_target)
setup_session = setup_vm.wait_for_login(timeout=timeout)
setup_func = setup_session.cmd
os_type = params["os_type"]
setup_params = params.object_params(os_type)
stop_cmd = setup_params.get("stop_cmd", "service SERVICE stop")
cleanup_cmd = setup_params.get("cleanup_cmd")
stop_cmd = re.sub("SERVICE", setup_params.get("service", ""),
stop_cmd)
error.context("Stop %s service in %s" % (setup_params.get("service"),
setup_target),
logging.info)
if stop_cmd:
setup_func(stop_cmd, timeout=setup_timeout)
if cleanup_cmd:
setup_func(cleanup_cmd, timeout=setup_timeout)
if setup_target != "localhost":
setup_session.close()
timeout = int(params.get("login_timeout", '360'))
op_timeout = int(params.get("op_timeout", "360"))
acl_protocol = params['acl_protocol']
acl_extra_options = params.get("acl_extra_options", "")
for vm in env.get_all_vms():
session = vm.wait_for_login(timeout=timeout)
if params.get("disable_iptables") == "yes":
session.cmd("iptables -F")
#session.cmd_status_output("service iptables stop")
if params.get("copy_scripts"):
root_dir = data_dir.get_root_dir()
script_dir = os.path.join(root_dir, "shared", "scripts")
tmp_dir = params.get("tmp_dir", "C:\\")
for script in params.get("copy_scripts").split():
script_path = os.path.join(script_dir, script)
vm.copy_files_to(script_path, tmp_dir)
session.close()
vms_tags = params.objects("vms")
br_name = params.get("netdst")
if br_name == "private":
br_name = params.get("priv_brname", 'autotest-prbr0')
for setup_target in params.get("setup_targets", "").split():
setup_service(setup_target)
access_targets = params.get("access_targets", "localhost").split()
deny_target = params.get("deny_target", "localhost")
all_target = params.get("extra_target", "").split() + vms_tags
target_port = params["target_port"]
vm = env.get_vm(vms_tags[0])
nic = vm.virtnet[0]
if_name = nic.ifname
params_nic = params.object_params("nic1")
if params["netdst"] == "private":
params_nic["netdst"] = params_nic.get("priv_brname", "atbr0")
host_ip = utils_net.get_host_ip_address(params_nic)
if deny_target in vms_tags:
deny_vm = env.get_vm(deny_target)
deny_vm_ip = deny_vm.wait_for_get_address(0)
elif deny_target == "localhost":
deny_vm_ip = host_ip
if "NW_DST" in acl_extra_options:
acl_extra_options = re.sub("NW_DST", deny_vm_ip, acl_extra_options)
acl_extra_options = re.sub("TARGET_PORT", target_port, acl_extra_options)
access_sys = {}
for target in all_target:
if target not in access_targets:
if target in vms_tags:
os_type = params["os_type"]
else:
os_type = "linux"
os_params = params.object_params(os_type)
access_param = os_params.object_params(target)
check_from_output = access_param.get("check_from_output")
access_sys[target] = {}
access_sys[target]['access_cmd'] = access_param['access_cmd']
access_sys[target]['ref_cmd'] = access_param.get('ref_cmd', "")
access_sys[target]['clean_cmd'] = access_param.get('clean_guest',
"")
if check_from_output:
access_sys[target]['check_from_output'] = check_from_output
for tgt in access_targets:
tgt_param = access_param.object_params(tgt)
acl_disabled = tgt_param.get("acl_disabled") == "yes"
access_sys[target]['disabled_%s' % tgt] = acl_disabled
error.context("Try to access target before setup the rules", logging.info)
access_service(access_sys, access_targets, False, host_ip, ref=True)
error.context("Disable the access in ovs", logging.info)
br_infos = utils_net.openflow_manager(br_name, "show").stdout
if_port = re.findall("(\d+)\(%s\)" % if_name, br_infos)
if not if_port:
raise error.TestNAError("Can not find %s in bridge %s" % (if_name,
br_name))
if_port = if_port[0]
acl_cmd = get_acl_cmd(acl_protocol, if_port, "drop", acl_extra_options)
utils_net.openflow_manager(br_name, "add-flow", acl_cmd)
acl_rules = utils_net.openflow_manager(br_name, "dump-flows").stdout
if not acl_rules_check(acl_rules, acl_cmd):
raise error.TestFail("Can not find the rules from"
" ovs-ofctl: %s" % acl_rules)
error.context("Try to acess target to exam the disable rules",
logging.info)
access_service(access_sys, access_targets, True, host_ip)
error.context("Enable the access in ovs", logging.info)
acl_cmd = get_acl_cmd(acl_protocol, if_port, "normal", acl_extra_options)
utils_net.openflow_manager(br_name, "mod-flows", acl_cmd)
acl_rules = utils_net.openflow_manager(br_name, "dump-flows").stdout
if not acl_rules_check(acl_rules, acl_cmd):
raise error.TestFail("Can not find the rules from"
" ovs-ofctl: %s" % acl_rules)
error.context("Try to acess target to exam the enable rules",
logging.info)
access_service(access_sys, access_targets, False, host_ip)
error.context("Delete the access rules in ovs", logging.info)
acl_cmd = get_acl_cmd(acl_protocol, if_port, "", acl_extra_options)
utils_net.openflow_manager(br_name, "del-flows", acl_cmd)
acl_rules = utils_net.openflow_manager(br_name, "dump-flows").stdout
if acl_rules_check(acl_rules, acl_cmd):
raise error.TestFail("Still can find the rules from"
" ovs-ofctl: %s" % acl_rules)
error.context("Try to acess target to exam after delete the rules",
logging.info)
access_service(access_sys, access_targets, False, host_ip)
for setup_target in params.get("setup_targets", "").split():
stop_service(setup_target)
