openstack/openstack-ansible-os_cinder
Code Issues Proposed changes

Cinder functional testing

Browse Source 
This commit does the following:

- separates test.yml into a number of individual task files
- updates tests/inventory and adds localhost to cinder_all and
  cinder_volume groups
- updates tests/inventory by setting localhost to use the
  python interpreter in the tox venv (this is needed because
  openstack-infra runs tox with PYTHON set to the venv's
  interpreter)
- updates tox to symlink python-apt on host into tox venv
  (this is needed in the functional test as we are now running python
  from the venv and there is no clear way to simply pip install this)
- creates a cinder volume and validates it goes active
- bumps keystone and cinder SHAs in the tests to use stable/mitaka and
  a more recent requirements
- updates paste, policy and rootwrap configurations
- updates API checks to allow for both 200 and 300 status codes

Change-Id: I9b62bc841f86349b60b978fcfc813afe0a313318
This commit is contained in:
Matt Thompson 2016-03-21 12:59:13 +00:00 committed by Jimmy McCrory
parent 70750d3cb8
commit ad5736d3f3
15 changed files with 493 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
files/rootwrap.d/volume.filters
View File

@ -23,9 +23,13 @@ lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvs
lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvdisplay
# os-brick library commands
# TODO(smcginnis) This is a temporary fix. Need to pull in os-brick
# os-brick.filters file instead and clean out stale brick values from
# this file.
# os_brick.privileged.run_as_root oslo.privsep context
# This line ties the superuser privs with the config files, context name,
# and (implicitly) the actual python code invoked.
privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*
# The following and any cinder/brick/* entries should all be obsoleted
# by privsep, and may be removed once the os-brick version requirement
# is updated appropriately.
scsi_id: CommandFilter, /lib/udev/scsi_id, root
drbdadm: CommandFilter, drbdadm, root

2
tasks/cinder_backends.yml
View File

@ -16,7 +16,7 @@
- name: Ensure cinder api is available
uri:
url: "{{ cinder_service_internaluri }}"
status_code: 200
status_code: 200,300
register: api_status
until: api_status |success
retries: 10

10
templates/api-paste.ini.j2
View File

@ -7,6 +7,7 @@ use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
@ -20,6 +21,12 @@ noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv3
keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory
@ -45,6 +52,9 @@ paste.app_factory = cinder.api.v1.router:APIRouter.factory
[app:apiv2]
paste.app_factory = cinder.api.v2.router:APIRouter.factory
[app:apiv3]
paste.app_factory = cinder.api.v3.router:APIRouter.factory
[pipeline:apiversions]
pipeline = cors faultwrap osvolumeversionapp

3
templates/policy.json.j2
View File

@ -16,6 +16,7 @@
"volume:update_volume_admin_metadata": "rule:admin_api",
"volume:get_snapshot": "rule:admin_or_owner",
"volume:get_all_snapshots": "rule:admin_or_owner",
"volume:create_snapshot": "rule:admin_or_owner",
"volume:delete_snapshot": "rule:admin_or_owner",
"volume:update_snapshot": "rule:admin_or_owner",
"volume:extend": "rule:admin_or_owner",
@ -25,6 +26,7 @@
"volume_extension:types_manage": "rule:admin_api",
"volume_extension:types_extra_specs": "rule:admin_api",
"volume_extension:access_types_qos_specs_id": "rule:admin_api",
"volume_extension:access_types_extra_specs": "rule:admin_api",
"volume_extension:volume_type_access": "rule:admin_or_owner",
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
@ -38,6 +40,7 @@
"volume_extension:quotas:update": "rule:admin_api",
"volume_extension:quotas:delete": "rule:admin_api",
"volume_extension:quota_classes": "rule:admin_api",
"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",

8
tests/inventory
View File

@ -1,2 +1,8 @@
[all]
localhost ansible_connection=local ansible_become=True
localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON
[cinder_volume]
localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON
[cinder_all]
localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON

42
tests/test-cinder-functional.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for functional testing of cinder
hosts: cinder_api
user: root
gather_facts: false
tasks:
- name: Check the cinder-api
uri:
url: "http://localhost:8776"
status_code: 200,300
- name: Set cinder_volume_name fact
set_fact:
cinder_volume_name: "functional-volume-{{ 100|random }}"
- name: Create cinder volume
shell: |
. /root/openrc
{{ cinder_venv_bin }}/cinder create --name {{ cinder_volume_name }} 1
- name: Verify volume goes active
shell: |
. /root/openrc
{{ cinder_venv_bin }}/cinder show {{ cinder_volume_name }} | grep available
register: volume_status
until: volume_status|success
retries: 5
delay: 5
vars:
cinder_venv_tag: testing
cinder_venv_bin: "/openstack/venvs/cinder-{{ cinder_venv_tag }}/bin"

79
tests/test-install-cinder.yml Normal file
View File

@ -0,0 +1,79 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy cinder
hosts: cinder_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ cinder_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['cinder_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ cinder_rabbitmq_userid }}"
password: "{{ cinder_rabbitmq_password }}"
vhost: "{{ cinder_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['cinder_all'][0]
roles:
- role: "{{ rolename | basename }}"
vars:
external_lb_vip_address: 10.100.100.3
internal_lb_vip_address: 10.100.100.3
cinder_galera_address: 10.100.100.2
cinder_venv_tag: "testing"
cinder_developer_mode: true
cinder_git_install_branch: stable/mitaka
cinder_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016
cinder_service_password: "secrete"
cinder_container_mysql_password: "SuperSecrete"
cinder_profiler_hmac_key: "secrete"
cinder_backends:
lvm:
volume_group: cinder-volumes
volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver
volume_backend_name: LVM_iSCSI
cinder_rabbitmq_password: "secrete"
cinder_rabbitmq_userid: cinder
cinder_rabbitmq_vhost: /cinder
galera_root_password: "secrete"
galera_client_drop_config_file: false
rabbitmq_servers: 10.100.100.2
rabbitmq_use_ssl: true
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 127.0.0.1
memcached_encryption_key: "secrete"
debug: true
verbose: true

32
tests/test-install-infra.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"

83
tests/test-install-keystone.yml Normal file
View File

@ -0,0 +1,83 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
roles:
- role: os_keystone
vars:
external_lb_vip_address: 10.100.100.3
internal_lb_vip_address: 10.100.100.3
keystone_galera_address: 10.100.100.2
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: stable/mitaka
keystone_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.2
keystone_rabbitmq_use_ssl: false
galera_client_drop_config_file: false

33
tests/test-prepare-containers.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create test containers
hosts: all_containers
connection: local
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1

90
tests/test-prepare-host.yml Normal file
View File

@ -0,0 +1,90 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Perform basic LXC host setup
hosts: localhost
pre_tasks:
# Make sure OS does not have a stale package cache.
- name: Update apt cache
apt:
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
- name: Set the files to copy into the container cache for OpenStack-CI instances
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
when: nodepool.stat.exists | bool
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
changed_when: false
- name: Set apt repo facts based on discovered information
set_fact:
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64
# The $HOME directory is mocked to work with tox
# by defining the 'ansible_env' hash. This should
# NEVER be done outside of testing.
ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING
HOME: "/tmp"
post_tasks:
# Inventory is being pre-loaded using a post tasks instead of through a dynamic
# inventory system. While this is not a usual method for deployment it's being
# done for functional testing.
- name: Create container hosts
add_host:
groups: "{{ item.groups }}"
hostname: "{{ item.name }}"
inventory_hostname: "{{ item.name }}"
ansible_ssh_host: "{{ item.address }}"
ansible_become: true
properties:
service_name: "{{ item.service }}"
container_networks:
management_address:
address: "{{ item.address }}"
bridge: "lxcbr0"
interface: "eth1"
netmask: "255.255.252.0"
type: "veth"
physical_host: localhost
container_name: "{{ item.name }}"
with_items:
- { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" }
- { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,cinder_api,cinder_scheduler,cinder_backup,cinder_all" }

31
tests/test-prepare-keys.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create ssh key pairs for use with containers
hosts: 127.0.0.1
connection: local
become: false
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"

45
tests/test-prepare-vg.yml Normal file
View File

@ -0,0 +1,45 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Prepare cinder-volumes volume group
hosts: localhost
tasks:
- name: Install lvm2 package
apt:
name: lvm2
- name: Create sparse Cinder file
shell: "truncate -s 10G /openstack/cinder.img"
args:
creates: /openstack/cinder.img
register: cinder_create
- name: Get a loopback device for cinder file
shell: losetup -f
when: cinder_create | changed
register: cinder_losetup
- name: Create the loopback device
shell: "losetup {{ cinder_losetup.stdout }} /openstack/cinder.img"
when: cinder_create | changed
- name: Make LVM physical volume on the cinder device
shell: "{{ item }}"
when: cinder_create | changed
with_items:
- "pvcreate {{ cinder_losetup.stdout }}"
- "pvscan"
- name: Add cinder-volumes volume group
lvg:
vg: cinder-volumes
pvs: "{{ cinder_losetup.stdout }}"
when: cinder_create | changed

290
tests/test.yml
View File

@ -13,284 +13,26 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for establish ssh keys
hosts: 127.0.0.1
connection: local
become: false
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"
# Prepare the user ssh keys
- include: test-prepare-keys.yml
- name: Playbook for configuring the LXC host
hosts: localhost
connection: local
become: yes
pre_tasks:
# Make sure OS does not have a stale package cache.
- name: Update apt cache
apt:
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
- name: Set the files to copy into the container cache for OpenStack-CI instances
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
when: nodepool.stat.exists | bool
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
changed_when: false
- name: Set apt repo facts based on discovered information
set_fact:
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64
# The $HOME directory is mocked to work with tox
# by defining the 'ansible_env' hash. This should
# NEVER be done outside of testing.
ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING
HOME: "/tmp"
- role: "py_from_git"
git_repo: "https://github.com/lxc/python2-lxc"
git_dest: "/opt/lxc_python2"
git_install_branch: "master"
post_tasks:
# THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A
# HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV.
- name: Ensure the lxc lib is on the host
command: /usr/local/bin/pip install /opt/lxc_python2
# Inventory is being pre-loaded using a post tasks instead of through a dynamic
# inventory system. While this is not a usual method for deployment it's being
# done for functional testing.
- name: Create container hosts
add_host:
groups: "{{ item.groups }}"
hostname: "{{ item.name }}"
inventory_hostname: "{{ item.name }}"
ansible_ssh_host: "{{ item.address }}"
ansible_become: true
properties:
service_name: "{{ item.service }}"
container_networks:
management_address:
address: "{{ item.address }}"
bridge: "lxcbr0"
interface: "eth1"
netmask: "255.255.252.0"
type: "veth"
physical_host: localhost
container_name: "{{ item.name }}"
with_items:
- { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" }
- { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,cinder_api,cinder_scheduler,cinder_volume,cinder_backup,cinder_all" }
# Prepare the host
- include: test-prepare-host.yml
- name: Playbook for creating containers
hosts: all_containers
connection: local
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
# Prepare the cinder-volumes VG
- include: test-prepare-vg.yml
- name: Playbook for deploying infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"
# Prepare the containers
- include: test-prepare-containers.yml
- name: Playbook for deploying keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
roles:
- role: os_keystone
vars:
external_lb_vip_address: 10.100.100.3
internal_lb_vip_address: 10.100.100.3
keystone_galera_address: 10.100.100.2
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448
keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.2
keystone_rabbitmq_use_ssl: false
galera_client_drop_config_file: false
# Install RabbitMQ/MariaDB
- include: test-install-infra.yml
- name: Playbook for deploying cinder
hosts: cinder_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ cinder_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ cinder_rabbitmq_userid }}"
password: "{{ cinder_rabbitmq_password }}"
vhost: "{{ cinder_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
roles:
- role: "{{ rolename | basename }}"
vars:
external_lb_vip_address: 10.100.100.3
internal_lb_vip_address: 10.100.100.3
cinder_galera_address: 10.100.100.2
cinder_venv_tag: "testing"
cinder_developer_mode: true
cinder_git_install_branch: 94ae8598b96e2f86844fdf0f35a8b83a94c7b4c4
cinder_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0
cinder_service_password: "secrete"
cinder_container_mysql_password: "SuperSecrete"
cinder_profiler_hmac_key: "secrete"
cinder_backend_lvm_inuse: false
cinder_rabbitmq_password: "secrete"
cinder_rabbitmq_userid: cinder
cinder_rabbitmq_vhost: /cinder
galera_root_password: "secrete"
galera_client_drop_config_file: false
rabbitmq_servers: 10.100.100.2
rabbitmq_use_ssl: true
rabbitmq_port: 5671
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_adminuri_insecure: false
keystone_service_internaluri_insecure: false
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
memcached_servers: 127.0.0.1
memcached_encryption_key: "secrete"
debug: true
verbose: true
# Install Keystone
- include: test-install-keystone.yml
- name: Playbook for functional testing of cinder
hosts: cinder_all
user: root
gather_facts: false
pre_tasks:
- name: Install httplib2 so we can use the uri module
pip:
name: httplib2
tasks:
- name: Check the cinder-api
uri:
url: "http://localhost:8776"
status_code: 200
# Install Cinder
- include: test-install-cinder.yml
# Test Cinder
- include: test-cinder-functional.yml

15
tox.ini
View File

@ -15,6 +15,8 @@ whitelist_externals =
bash
git
rm
ln
sed
setenv =
VIRTUAL_ENV={envdir}
ANSIBLE_HOST_KEY_CHECKING = False
@ -106,6 +108,17 @@ commands =
[testenv:functional]
commands =
rm -rf {homedir}/.ansible
# Ansible is run using python in the tox venv, which doesn't have python-apt in it.
# Installing python-apt is non-trivial at first glance so for now we just symlink
# these in from the host.
ln -snf /usr/lib/python2.7/dist-packages/apt/ {envsitepackagesdir}/apt
ln -snf /usr/lib/python2.7/dist-packages/aptsources/ {envsitepackagesdir}/aptsources
ln -snf /usr/lib/python2.7/dist-packages/apt_pkg.so {envsitepackagesdir}/apt_pkg.so
ln -snf /usr/lib/python2.7/dist-packages/apt_inst.so {envsitepackagesdir}/apt_inst.so
# This forces Ansible to use the venv interpreter for localhost, which means we don't
# run into issues where things are being installed into the venv but then Ansible
# complains that it doesn't exist in /usr/local/lib.
sed -i 's@ENVPYTHON@{envpython}@g' tests/inventory
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
ansible-galaxy install \
@ -114,7 +127,7 @@ commands =
--force
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-vv \
-vvvv \
{toxinidir}/tests/test.yml