Create sasl user in func test

Change-Id: I8f0941bd847f26e0ba5ec925606ee30396be9230
2018-07-11 15:23:42 -04:00 · 2018-07-11 15:23:42 -04:00 · 5490543352
commit 5490543352
parent 75eda42f7c
15 changed files with 104 additions and 69 deletions
--- a/.gitreview
+++ b/.gitreview
@ -2,4 +2,3 @@
 host=review.openstack.org
 port=29418
 project=openstack/ansible-role-qdrouterd.git
 defaultbranch=master
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -30,24 +30,25 @@ qdrouterd_log_file:  "/var/log/qdrouterd/qdrouterd.log"
 qdrouterd_host_count: "{{ groups['qdrouterd_all'] | length}}"
 qdrouterd_mode: "{% if qdrouterd_host_count == '1' %}standalone{% else %}interior{% endif %}"
 qdrouterd_listener_addr: 0.0.0.0
-qdrouterd_listener_port: 31459
+qdrouterd_listener_port_ssl: 31459
 qdrouterd_listener_port_plain: 31460
 qdrouterd_listener_auth_peer: "no"
-qdrouterd_listener_sasl_mech: "ANONYMOUS"
+qdrouterd_listener_sasl_mech: "ANONYMOUS PLAIN"
 qdrouterd_irl_addr: 0.0.0.0
-qdrouterd_irl_port: 31460
+qdrouterd_irl_port_ssl: 31461
 qdrouterd_irl_port_plain: 31462
 qdrouterd_irl_auth_peer: "no"
-qdrouterd_irl_sasl_mech: "ANONYMOUS"
+qdrouterd_irl_sasl_mech: "ANONYMOUS PLAIN"
 qdrouterd_worker_threads: 4
 qdrouterd_sasl_conf_path: "/etc/sasl2"
 qdrouterd_sasl_conf_file: "/etc/sasl2/qdrouterd.conf"
 qdrouterd_log_module: "DEFAULT"
-qdrouterd_log_enable: "info+"
+qdrouterd_log_enable: "trace+"
 # Qdrouterd SSL support
-qdrouterd_require_ssl: "yes"
+qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.pem"
-qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd.pem"
+qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.key"
-qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/qdrouterd.key"
+#qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd-ca.pem"
 #qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd-ca.pem"
 # Set qdrouterd_ssl_sefl_signed_regen to true if you want to generate a new
 # SSL certificate for Qdrouterd when this playbook runs. You can also change
--- a/meta/main.yml
+++ b/meta/main.yml
@ -23,8 +23,8 @@ galaxy_info:
    - 7
  - name: Ubuntu
    versions:
    - trusty
    - xenial
    - bionic
  categories:
  - messaging
  - cloud
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -24,10 +24,9 @@
  tags:
    - always
- include: qdrouterd_pre_install.yml
+- import_tasks: qdrouterd_pre_install.yml
- include: qdrouterd_install.yml
+- import_tasks: qdrouterd_install.yml
  static: no
 # Qdrouterd SSL/TLS listener configuration
 #
@ -39,18 +38,17 @@
 #
 #   playbooks/roles/qdrouterd/defaults/main.yml
 #
- include: qdrouterd_ssl_self_signed.yml
+- include_tasks: qdrouterd_ssl_self_signed.yml
  static: no
  when: >
    qdrouterd_user_ssl_cert is not defined or
    qdrouterd_user_ssl_key is not defined
  tags:
    - qdrouterd-config
- include: qdrouterd_ssl_user_provided.yml
+- import_tasks: qdrouterd_ssl_user_provided.yml
  tags:
    - qdrouterd-config
- include: qdrouterd_post_install.yml
+- import_tasks: qdrouterd_post_install.yml
-
+  tags:
-
+    - qdrouterd-config
--- a/tasks/qdrouterd_install.yml
+++ b/tasks/qdrouterd_install.yml
@ -13,22 +13,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- include: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
+- include_tasks: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
  tags:
    - qdrouterd-apt-packages
    - qdrouterd-yum-packages
    - qdrouterd_server-install
 - name: Reload the systemd daemon
  systemd:
    daemon_reload: yes
  when:
-    - install_qdrouterd  is changed
+    - install_qdrouterd is changed
  tags:
    - qdrouterd-apt-packages
    - qdrouterd-yum-packages
    - qdrouterd_server-install
- include: qdrouterd_started.yml
+- import_tasks: qdrouterd_started.yml
  tags:
    - qdrouterd_server-config
--- a/tasks/qdrouterd_install_apt.yml
+++ b/tasks/qdrouterd_install_apt.yml
@ -25,7 +25,7 @@
  apt_repository:
    repo: "{{ qdrouterd_ppa_repo }}"
    update_cache: True
-    codename: xenial
+    codename: "{{ ansible_distribution_release }}"
    state: present
  tags:
    - qdrouterd-rep
--- a/tasks/qdrouterd_post_install.yml
+++ b/tasks/qdrouterd_post_install.yml
@ -26,13 +26,11 @@
  tags:
    - qdrouterd-config
- name: Create the log directory
+- name: Create the lib directory
  file:
    path: "/var/lib/qdrouterd/"
    state: "directory"
-    group: "qdrouterd"
+    mode: "0755"
    owner: "qdrouterd"
    recurse: true
  tags:
    - qdrouterd-config
@ -46,6 +44,5 @@
  tags:
    - qdrouterd-config
- include: qdrouterd_restart.yml
+- include_tasks: qdrouterd_restart.yml
  static: no
  when: qdrouterd_config_changed is changed
--- a/tasks/qdrouterd_restart.yml
+++ b/tasks/qdrouterd_restart.yml
@ -13,7 +13,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- include: qdrouterd_stopped.yml
+- import_tasks: qdrouterd_stopped.yml
- include: qdrouterd_started.yml
+- import_tasks: qdrouterd_started.yml
--- a/tasks/qdrouterd_ssl_self_signed.yml
+++ b/tasks/qdrouterd_ssl_self_signed.yml
@ -15,11 +15,11 @@
 # We create the self-signed SSL certificate and key only on the first
 # Qdrouterd container.
- include: qdrouterd_ssl_key_create.yml
+- include_tasks: qdrouterd_ssl_key_create.yml
  when: inventory_hostname == groups[qdrouterd_host_group][0]
- include: qdrouterd_ssl_key_store.yml
+- include_tasks: qdrouterd_ssl_key_store.yml
  when: inventory_hostname == groups[qdrouterd_host_group][0]
- include: qdrouterd_ssl_key_distribute.yml
+- include_tasks: qdrouterd_ssl_key_distribute.yml
  when: inventory_hostname != groups[qdrouterd_host_group][0]
--- a/templates/qdrouterd.conf.j2
+++ b/templates/qdrouterd.conf.j2
@ -7,7 +7,6 @@ router {
    saslConfigName: {{ qdrouterd_service_name }}
 }
 {% if qdrouterd_require_ssl == 'yes' %}
 sslProfile {
    name: {{ ansible_hostname }}
 {% if qdrouterd_ssl_ca_cert is defined %}
@ -16,15 +15,20 @@ sslProfile {
    certFile: {{ qdrouterd_ssl_cert }}
    keyFile: {{ qdrouterd_ssl_key }}
 }
 {% endif %}
 listener {
    host: {{ qdrouterd_listener_addr }}
-    port: {{ qdrouterd_listener_port }}
+    port: {{ qdrouterd_listener_port_ssl }}
    role: normal
 {% if qdrouterd_require_ssl == 'yes' %}
    sslProfile: {{ ansible_hostname }}
-{% endif %}
+    authenticatePeer: {{ qdrouterd_listener_auth_peer }}
    saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
 }
 listener {
    host: {{ qdrouterd_listener_addr }}
    port: {{ qdrouterd_listener_port_plain }}
    role: normal
    authenticatePeer: {{ qdrouterd_listener_auth_peer }}
    saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
 }
@ -32,11 +36,17 @@ listener {
 {% if qdrouterd_host_count > '1' %}
 listener {
    host: {{ qdrouterd_irl_addr }}
-    port: {{ qdrouterd_irl_port }}
+    port: {{ qdrouterd_irl_port_ssl }}
    role: inter-router
 {% if qdrouterd_require_ssl == 'yes' %}
    sslProfile: {{ ansible_hostname }}
-{% endif %}
+    authenticatePeer: {{ qdrouterd_irl_auth_peer }}
    saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
 }
 listener {
    host: {{ qdrouterd_irl_addr }}
    port: {{ qdrouterd_irl_port_plain }}
    role: inter-router
    authenticatePeer: {{ qdrouterd_irl_auth_peer }}
    saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
 }
@ -47,7 +57,7 @@ listener {
 connector {
    host: {{ hostvars[router]['ansible_eth0']['ipv4']['address'] }}
    role: inter-router
-    port: {{ qdrouterd_irl_port }}
+    port: {{ qdrouterd_irl_port_plain }}
 }
 {% endif %}
 {% endfor %}
--- a/tests/qdrouterd-overrides.yml
+++ b/tests/qdrouterd-overrides.yml
@ -16,6 +16,7 @@
 qdrouterd_ssl_cert: /etc/qpid-dispatch/ssl/qdrouterd.pem
 qdrouterd_ssl_key: /etc/qpid-dispatch/ssl/qdrouterd.key
 qdrouterd_worker_threads: 2
-qdrouterd_require_ssl: no
+qdrouterd_listener_port_ssl: 31459
-qdrouterd_listener_port: 31459
+qdrouterd_listener_port_plain: 31460
-qdrouterd_irl_port: 31460
+qdrouterd_irl_port_ssl: 31461
 qdrouterd_irl_port_plain: 31462
--- a/tests/test-qdrouterd-functional.yml
+++ b/tests/test-qdrouterd-functional.yml
@ -65,26 +65,59 @@
        that:
          - "'workerThreads' in qdrouterd_config_contents"
-    - name: Get general statistics of qdrouterd
+    - name: Get general statistics of qdrouterd plain
      command: "qdstat -g -b 0.0.0.0:31460"
      register: qdrouterd_statistics_plain
      changed_when: false
    - name: Print qdrouterd_statistics plain
      debug:
        var: qdrouterd_statistics_plain
    - name: Get qdrouterd node view using plain
      command: "qdstat -nv -b 0.0.0.0:31460"
      register: qdrouterd_nv_plain
      changed_when: false
    - name: Print qdrouterd_nv using plain
      debug:
        var: qdrouterd_nv_plain
    - name: Get general statistics of qdrouterd using ssl
      command: "qdstat -g -b 0.0.0.0:31459"
-      register: qdrouterd_statistics
+      register: qdrouterd_statistics_ssl
      changed_when: false
-    - name: Print qdrouterd_statistics
+    - name: Print qdrouterd_statistics using ssl
      debug:
-        var: qdrouterd_statistics
+        var: qdrouterd_statistics_ssl
-    - name: Get qdrouterd node view
+    - name: Get qdrouterd node view using ssl
      command: "qdstat -nv -b 0.0.0.0:31459"
-      register: qdrouterd_nv
+      register: qdrouterd_nv_ssl
      changed_when: false
-    - name: Print qdrouterd_nv
+    - name: Print qdrouterd_nv using ssl
      debug:
-        var: qdrouterd_nv
+        var: qdrouterd_nv_ssl
    - name: Ensure SSL cert/key checksums are identical across the mesh
      assert:
        that:
          - hostvars['container1']['qdrouterd_ssl_cert_checksum'] == hostvars['container2']['qdrouterd_ssl_cert_checksum'] == hostvars['container3']['qdrouterd_ssl_cert_checksum']
          - hostvars['container1']['qdrouterd_ssl_key_checksum'] == hostvars['container2']['qdrouterd_ssl_key_checksum'] == hostvars['container3']['qdrouterd_ssl_key_checksum']
    - name: Create a sasl user
      shell: "echo secret | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u QPID myguest"
      args:
        creates: /var/lib/qdrouterd/qdrouterd.sasldb
    - name: Get sasl user list
      command: "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb"
      register: sasl_list
      changed_when: false
    - name: Check for user in sasl list
      assert:
        that:
          - "'myguest@QPID:' in sasl_list.stdout"
--- a/tests/test.yml
+++ b/tests/test.yml
@ -14,10 +14,10 @@
 # limitations under the License.
 # Setup the host
- include: common/test-setup-host.yml
+- import_playbook: common/test-setup-host.yml
-# Install previous version qdrouterd server
+# Install Qdrouterd server
- include: test-install-qdrouterd.yml
+- import_playbook: test-install-qdrouterd.yml
 # Run functional tests
- include: test-qdrouterd-functional.yml
+- import_playbook: test-qdrouterd-functional.yml
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -14,9 +14,11 @@
 # limitations under the License.
 qdrouterd_distro_packages:
  - openssl
  - python-qpid-proton
  - cyrus-sasl-lib
  - cyrus-sasl-plain
  - cyrus-sasl-md5
  - qpid-dispatch-router
  - qpid-dispatch-tools
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -20,15 +20,15 @@
    check:
      jobs:
        - openstack-ansible-linters
-        - openstack-ansible-functional-centos-7:
+        - openstack-ansible-functional-centos-7
            voting: false
        - openstack-ansible-functional-opensuse-423:
            voting: false
-        - openstack-ansible-functional-ubuntu-xenial:
+        - openstack-ansible-functional-ubuntu-bionic
            voting: false
    experimental:
      jobs:
        - openstack-ansible-integrated-deploy-aio
    gate:
      jobs:
        - openstack-ansible-linters
        - openstack-ansible-functional-centos-7
        - openstack-ansible-functional-ubuntu-bionic