Added SNI support for os_security role via OS packages

Some Linux distributions, such as CentOS 7 and Xenial, have trouble validating SSL certificates when using get_url with servers that use Server Name Indication (SNI). This patch adds those packages to the list of required packages and uses bindep to install them in developer test environments the same way that the gate tests install them. Change-Id: I54118554468278b33c569b4ce19fee5d33454572
2016-08-17 21:14:50 +00:00 · 2016-08-17 21:14:50 +00:00 · 2c4393f093
commit 2c4393f093
parent 894f9de229
2 changed files with 44 additions and 26 deletions
--- a/bindep.txt
+++ b/bindep.txt
@ -10,20 +10,31 @@
 # will fall back to installing its default packages which
 # will potentially be detrimental to the tests executed.

-# OpenStack-CI's Jenkins needs curl
-# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
-# and the disk images are rebuilt and redeployed.
-curl
-wget
-
-# Requirements for Paramiko 2.0
+# Base requirements for Ubuntu
+build-essential   [platform:dpkg]
+git-core          [platform:dpkg]
 libssl-dev        [platform:dpkg]
 libffi-dev        [platform:dpkg]
+python2.7         [platform:dpkg]
+python-dev        [platform:dpkg]
+
+# Base requirements for CentOS
+gcc               [platform:rpm]
+gcc-c++           [platform:rpm]
+git               [platform:rpm]
+python-devel      [platform:rpm]
+
+# Requirements for Paramiko 2.0
 libffi-devel      [platform:rpm]
 openssl-devel     [platform:rpm]

-# For selinux
+# For SELinux
 libselinux-python [platform:rpm]

-# For check mode on Ubuntu
-python-apt        [platform:dpkg]
+# For SSL SNI support
+python-pyasn1               [platform:dpkg]
+python-openssl              [platform:dpkg]
+python-ndg-httpsclient      [platform:ubuntu !platform:ubuntu-trusty]
+python2-pyasn1              [platform:rpm]
+pyOpenSSL                   [platform:rpm]
+python-ndg_httpsclient      [platform:rpm]
--- a/run_tests.sh
+++ b/run_tests.sh
@ -17,32 +17,39 @@ set -euov

 FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}

-# Prepare Ubuntu 14.04 and 16.04 hosts
-if [ "$(which apt-get)" ]; then
-  apt-get install -y build-essential python2.7 python-apt python-dev git-core libssl-dev libffi-dev
-fi
-
-# Prepare CentOS and Red Hat Enterprise Linux 7 hosts
-if [ "$(which yum)" ]; then
-  yum -y install libffi-devel openssl-devel git python-devel "@Development Tools"
-fi
-
-# Download and install pip
+# Install pip
 if [ ! "$(which pip)" ]; then
  curl --silent --show-error --retry 5 \
    https://bootstrap.pypa.io/get-pip.py | sudo python2.7
 fi

-# install tox
-pip install tox
+# Install bindep and tox
+pip install bindep tox
+
+# CentOS 7 requires two additional packages:
+#   redhat-lsb-core - for bindep profile support
+#   epel-release    - required to install python-ndg_httpsclient/python2-pyasn1
+if [ "$(which yum)" ]; then
+    yum -y install redhat-lsb-core epel-release
+fi
+
+# Install OS packages using bindep
+if apt-get -v >/dev/null 2>&1 ; then
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive \
+      apt-get -q --option "Dpkg::Options::=--force-confold" \
+      --assume-yes install `bindep -b -f bindep.txt test`
+else
+    yum install -y `bindep -b -f bindep.txt test`
+fi

 # run through each tox env and execute the test
 for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
-  if [ "${tox_env}" == "ansible-functional" ]; then
+  if [ "${tox_env}" != "ansible-functional" ]; then
+    tox -e ${tox_env}
+  elif [ "${tox_env}" == "ansible-functional" ]; then
    if ${FUNCTIONAL_TEST}; then
      tox -e ${tox_env}
    fi
-  else
-    tox -e ${tox_env}
  fi
 done