CLOUDSTACK-9832: Do not assign public IP NIC to the VPC VR when the VPC offering does not contain VpcVirtualRouter as a SourceNat provider

[prashanthvarma]

Detail:
When the VPC offering does not contain VpcVirtualRouter as a SourceNat provider,
then we will not add the interface in the public network to the VpcVR. Thus, conserving Public IPs.

Co-Authored-By: Prashanth Manthena prashanth.manthena@nuagenetworks.net

[prashanthvarma]

PEP8 & PyFlakes compliance of our marvin test code:

CloudStack$
CloudStack$ pep8 test/integration/plugins/nuagevsp/.py
CloudStack$
CloudStack$ pyflakes test/integration/plugins/nuagevsp/.py
CloudStack$

Validations:

Marvin test results:

=> nosetests --with-marvin --marvin-config=nuage.cfg nuagevsp/test_nuage_vpc_network.py

Test basic VPC Network functionality with Nuage VSP SDN plugin ... === TestName: test_nuage_vpc_network | Status : SUCCESS ===
ok
Test basic VPC Network functionality with Nuage VSP SDN plugin on ... SKIP: There is only one Zone configured: skipping test

---

Ran 2 tests in 274.059s

OK (SKIP=1)

results.txt
runinfo.txt

=> nosetests --with-marvin --marvin-config=nuage.cfg nuagevsp/test_nuage_vsp.py

Test Nuage VSP SDN plugin with basic Isolated Network functionality ... === TestName: test_nuage_vsp | Status : SUCCESS ===
ok
Test Nuage VSP device in the Nuage VSP Physical Network ... === TestName: test_nuage_vsp_device | Status : SUCCESS ===
ok

---

Ran 2 tests in 511.178s

OK

results.txt
runinfo.txt

[remibergsma]

SourceNat isn't the only reason why you would want a public NIC on the router. If you have the VPN service, for example, you also need one.

[fmaximus]

In it's current state, VR wouldn't be able to provide VPN without being gateway as well.
But I will add the check.

[sgoeminn]

Currently we will not change the check (It's also not checked in isolated network case). We will change it as soon as we add support for site-to-site VPN for Nuage where Nuage will be the source NAT provider.

[cloudmonger]

ACS CI BVT Run

Sumarry:
Build Number 1165
Hypervisor xenserver
NetworkType Advanced
Passed=105
Failed=7
Skipped=12

Link to logs Folder (search by build_no): https://www.dropbox.com/sh/r2si930m8xxzavs/AAAzNrnoF1fC3auFrvsKo_8-a?dl=0

Failed tests:

• test_non_contigiousvlan.py

• test_extendPhysicalNetworkVlan Failing since 2 runs

• test_list_ids_parameter.py

• ContextSuite context=TestListIdsParams>:setup Failing since 58 runs

• test_volumes.py

• test_06_download_detached_volume Failing since 2 runs

• test_routers_network_ops.py

• test_01_isolate_network_FW_PF_default_routes_egress_true Failing since 29 runs

• test_02_isolate_network_FW_PF_default_routes_egress_false Failing since 156 runs

• test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true Failing since 151 runs

• test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false Failing since 151 runs

Skipped tests:
test_vm_nic_adapter_vmxnet3
test_01_verify_libvirt
test_02_verify_libvirt_after_restart
test_03_verify_libvirt_attach_disk
test_04_verify_guest_lspci
test_05_change_vm_ostype_restart
test_06_verify_guest_lspci_again
test_static_role_account_acls
test_11_ss_nfs_version_on_ssvm
test_nested_virtualization_vmware
test_3d_gpu_support
test_deploy_vgpu_enabled_vm

Passed test suits:
test_deploy_vm_with_userdata.py
test_affinity_groups_projects.py
test_portable_publicip.py
test_vm_snapshots.py
test_over_provisioning.py
test_global_settings.py
test_router_dnsservice.py
test_scale_vm.py
test_service_offerings.py
test_routers_iptables_default_policy.py
test_loadbalance.py
test_routers.py
test_reset_vm_on_reboot.py
test_deploy_vms_with_varied_deploymentplanners.py
test_network.py
test_router_dns.py
test_login.py
test_deploy_vm_iso.py
test_public_ip_range.py
test_multipleips_per_nic.py
test_metrics_api.py
test_regions.py
test_affinity_groups.py
test_network_acl.py
test_pvlan.py
test_nic.py
test_deploy_vm_root_resize.py
test_resource_detail.py
test_secondary_storage.py
test_vm_life_cycle.py
test_disk_offerings.py

[smeetsr]

test_nuage_vpc_network.py
Test basic VPC Network functionality with Nuage VSP SDN plugin ... === TestName: test_nuage_vpc_network | Status : SUCCESS ===
ok
Test basic VPC Network functionality with Nuage VSP SDN plugin on ... SKIP: There is only one Zone configured: skipping test

---

Ran 2 tests in 313.732s

OK (SKIP=1)

test_nuage_vsp.py
Test Nuage VSP SDN plugin with basic Isolated Network functionality ... === TestName: test_nuage_vsp | Status : SUCCESS ===
ok
Test Nuage VSP device in the Nuage VSP Physical Network ... === TestName: test_nuage_vsp_device | Status : SUCCESS ===
ok

---

Ran 2 tests in 540.430s

OK

[fmaximus]

@remibergsma To summarize:
Currently VPN on VR only works if VR is also the gateway/sourcenat provider.
So checking on VPN becomes necessary once VR provides VPN,
but sourcenat is implemented by another provider.
In this case more changes will be necessary to get VPN working,
like adding static routes and adding iptables rukes i.c.o. VR not providing Acl.

Another point to take into account: for isolated networks a similar check already exists, and that also only checks SourceNat.

[krissterckx]

LGTM