Updated Branches: refs/heads/master 69adeecc3 -> 7e36dd6be
CLOUDSTACK-4418: allow egress access to all networks for VMs on NAT Tests doing operations within guests post VirtualMachine.create w. default network offering fail since the egress policy with isolated networks and sourcenat services is DENY. Signed-off-by: Prasanna Santhanam <[email protected]> (cherry picked from commit 81b5146c8ed1a590b08b71a3e3421966974b74f9) Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7e36dd6b Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7e36dd6b Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7e36dd6b Branch: refs/heads/master Commit: 7e36dd6be848a8d0d3a0480e43053bd759e3c9bf Parents: eeb53d5 Author: Prasanna Santhanam <[email protected]> Authored: Wed Aug 21 13:02:27 2013 +0530 Committer: Prasanna Santhanam <[email protected]> Committed: Wed Aug 21 15:20:27 2013 +0530 ---------------------------------------------------------------------- tools/marvin/marvin/integration/lib/base.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7e36dd6b/tools/marvin/marvin/integration/lib/base.py ---------------------------------------------------------------------- diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index b5d086b..91cfebd 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -269,7 +269,7 @@ class VirtualMachine: cmd.securitygroupids = [basic_mode_security_group.id] @classmethod - def access_ssh_over_nat(cls, apiclient, services, virtual_machine): + def access_ssh_over_nat(cls, apiclient, services, virtual_machine, allow_egress=False): """ Program NAT and PF rules to open up ssh access to deployed guest @return: @@ -295,6 +295,13 @@ class VirtualMachine: services=services, ipaddressid=public_ip.ipaddress.id ) + if allow_egress: + EgressFireWallRule.create( + apiclient=apiclient, + networkid=virtual_machine.nic[0].networkid, + protocol='All', + cidrlist='0.0.0.0/0' + ) virtual_machine.ssh_ip = nat_rule.ipaddress virtual_machine.public_ip = nat_rule.ipaddress @@ -339,6 +346,12 @@ class VirtualMachine: cmd.networkids = networkids elif "networkids" in services: cmd.networkids = services["networkids"] + else: + # When no networkids are passed, network + # is created using the "defaultOfferingWithSourceNAT" + # which has an egress policy of DENY. But guests in tests + # need access to test network connectivity + allow_egress = True if templateid: cmd.templateid = templateid @@ -394,7 +407,7 @@ class VirtualMachine: #program ssh access over NAT via PF if mode.lower() == 'advanced': - cls.access_ssh_over_nat(apiclient, services, virtual_machine) + cls.access_ssh_over_nat(apiclient, services, virtual_machine, allow_egress=allow_egress) elif mode.lower() == 'basic': virtual_machine.ssh_ip = virtual_machine.nic[0].ipaddress virtual_machine.public_ip = virtual_machine.nic[0].ipaddress
