From ad5736d3f32ee30641ded4acefec9a343fed12b3 Mon Sep 17 00:00:00 2001 From: Matt Thompson Date: Mon, 21 Mar 2016 12:59:13 +0000 Subject: [PATCH] Cinder functional testing This commit does the following: - separates test.yml into a number of individual task files - updates tests/inventory and adds localhost to cinder_all and cinder_volume groups - updates tests/inventory by setting localhost to use the python interpreter in the tox venv (this is needed because openstack-infra runs tox with PYTHON set to the venv's interpreter) - updates tox to symlink python-apt on host into tox venv (this is needed in the functional test as we are now running python from the venv and there is no clear way to simply pip install this) - creates a cinder volume and validates it goes active - bumps keystone and cinder SHAs in the tests to use stable/mitaka and a more recent requirements - updates paste, policy and rootwrap configurations - updates API checks to allow for both 200 and 300 status codes Change-Id: I9b62bc841f86349b60b978fcfc813afe0a313318 --- files/rootwrap.d/volume.filters | 10 +- tasks/cinder_backends.yml | 2 +- templates/api-paste.ini.j2 | 10 ++ templates/policy.json.j2 | 3 + tests/inventory | 8 +- tests/test-cinder-functional.yml | 42 +++++ tests/test-install-cinder.yml | 79 ++++++++ tests/test-install-infra.yml | 32 ++++ tests/test-install-keystone.yml | 83 +++++++++ tests/test-prepare-containers.yml | 33 ++++ tests/test-prepare-host.yml | 90 ++++++++++ tests/test-prepare-keys.yml | 31 ++++ tests/test-prepare-vg.yml | 45 +++++ tests/test.yml | 290 ++---------------------------- tox.ini | 15 +- 15 files changed, 493 insertions(+), 280 deletions(-) create mode 100644 tests/test-cinder-functional.yml create mode 100644 tests/test-install-cinder.yml create mode 100644 tests/test-install-infra.yml create mode 100644 tests/test-install-keystone.yml create mode 100644 tests/test-prepare-containers.yml create mode 100644 tests/test-prepare-host.yml create mode 100644 tests/test-prepare-keys.yml create mode 100644 tests/test-prepare-vg.yml diff --git a/files/rootwrap.d/volume.filters b/files/rootwrap.d/volume.filters index ceee5c87..27971397 100644 --- a/files/rootwrap.d/volume.filters +++ b/files/rootwrap.d/volume.filters @@ -23,9 +23,13 @@ lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvs lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvdisplay # os-brick library commands -# TODO(smcginnis) This is a temporary fix. Need to pull in os-brick -# os-brick.filters file instead and clean out stale brick values from -# this file. +# os_brick.privileged.run_as_root oslo.privsep context +# This line ties the superuser privs with the config files, context name, +# and (implicitly) the actual python code invoked. +privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.* +# The following and any cinder/brick/* entries should all be obsoleted +# by privsep, and may be removed once the os-brick version requirement +# is updated appropriately. scsi_id: CommandFilter, /lib/udev/scsi_id, root drbdadm: CommandFilter, drbdadm, root diff --git a/tasks/cinder_backends.yml b/tasks/cinder_backends.yml index 541bac1b..936d69ef 100644 --- a/tasks/cinder_backends.yml +++ b/tasks/cinder_backends.yml @@ -16,7 +16,7 @@ - name: Ensure cinder api is available uri: url: "{{ cinder_service_internaluri }}" - status_code: 200 + status_code: 200,300 register: api_status until: api_status |success retries: 10 diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 index b0f7b367..f4c507f9 100644 --- a/templates/api-paste.ini.j2 +++ b/templates/api-paste.ini.j2 @@ -7,6 +7,7 @@ use = call:cinder.api:root_app_factory /: apiversions /v1: openstack_volume_api_v1 /v2: openstack_volume_api_v2 +/v3: openstack_volume_api_v3 [composite:openstack_volume_api_v1] use = call:cinder.api.middleware.auth:pipeline_factory @@ -20,6 +21,12 @@ noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv2 keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +[composite:openstack_volume_api_v3] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = cors request_id faultwrap sizelimit osprofiler noauth apiv3 +keystone = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 +keystone_nolimit = cors request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 + [filter:request_id] paste.filter_factory = oslo_middleware.request_id:RequestId.factory @@ -45,6 +52,9 @@ paste.app_factory = cinder.api.v1.router:APIRouter.factory [app:apiv2] paste.app_factory = cinder.api.v2.router:APIRouter.factory +[app:apiv3] +paste.app_factory = cinder.api.v3.router:APIRouter.factory + [pipeline:apiversions] pipeline = cors faultwrap osvolumeversionapp diff --git a/templates/policy.json.j2 b/templates/policy.json.j2 index bcb53c48..02af88bd 100644 --- a/templates/policy.json.j2 +++ b/templates/policy.json.j2 @@ -16,6 +16,7 @@ "volume:update_volume_admin_metadata": "rule:admin_api", "volume:get_snapshot": "rule:admin_or_owner", "volume:get_all_snapshots": "rule:admin_or_owner", + "volume:create_snapshot": "rule:admin_or_owner", "volume:delete_snapshot": "rule:admin_or_owner", "volume:update_snapshot": "rule:admin_or_owner", "volume:extend": "rule:admin_or_owner", @@ -25,6 +26,7 @@ "volume_extension:types_manage": "rule:admin_api", "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:access_types_qos_specs_id": "rule:admin_api", "volume_extension:access_types_extra_specs": "rule:admin_api", "volume_extension:volume_type_access": "rule:admin_or_owner", "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api", @@ -38,6 +40,7 @@ "volume_extension:quotas:update": "rule:admin_api", "volume_extension:quotas:delete": "rule:admin_api", "volume_extension:quota_classes": "rule:admin_api", + "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api", "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", diff --git a/tests/inventory b/tests/inventory index 6c0833a9..a6eb73c4 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,2 +1,8 @@ [all] -localhost ansible_connection=local ansible_become=True +localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON + +[cinder_volume] +localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON + +[cinder_all] +localhost ansible_connection=local ansible_become=True ansible_python_interpreter=ENVPYTHON diff --git a/tests/test-cinder-functional.yml b/tests/test-cinder-functional.yml new file mode 100644 index 00000000..9e7bb9c0 --- /dev/null +++ b/tests/test-cinder-functional.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for functional testing of cinder + hosts: cinder_api + user: root + gather_facts: false + tasks: + - name: Check the cinder-api + uri: + url: "http://localhost:8776" + status_code: 200,300 + - name: Set cinder_volume_name fact + set_fact: + cinder_volume_name: "functional-volume-{{ 100|random }}" + - name: Create cinder volume + shell: | + . /root/openrc + {{ cinder_venv_bin }}/cinder create --name {{ cinder_volume_name }} 1 + - name: Verify volume goes active + shell: | + . /root/openrc + {{ cinder_venv_bin }}/cinder show {{ cinder_volume_name }} | grep available + register: volume_status + until: volume_status|success + retries: 5 + delay: 5 + vars: + cinder_venv_tag: testing + cinder_venv_bin: "/openstack/venvs/cinder-{{ cinder_venv_tag }}/bin" diff --git a/tests/test-install-cinder.yml b/tests/test-install-cinder.yml new file mode 100644 index 00000000..c33ce922 --- /dev/null +++ b/tests/test-install-cinder.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy cinder + hosts: cinder_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ cinder_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['cinder_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ cinder_rabbitmq_userid }}" + password: "{{ cinder_rabbitmq_password }}" + vhost: "{{ cinder_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['cinder_all'][0] + roles: + - role: "{{ rolename | basename }}" + vars: + external_lb_vip_address: 10.100.100.3 + internal_lb_vip_address: 10.100.100.3 + cinder_galera_address: 10.100.100.2 + cinder_venv_tag: "testing" + cinder_developer_mode: true + cinder_git_install_branch: stable/mitaka + cinder_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016 + cinder_service_password: "secrete" + cinder_container_mysql_password: "SuperSecrete" + cinder_profiler_hmac_key: "secrete" + cinder_backends: + lvm: + volume_group: cinder-volumes + volume_driver: cinder.volume.drivers.lvm.LVMVolumeDriver + volume_backend_name: LVM_iSCSI + cinder_rabbitmq_password: "secrete" + cinder_rabbitmq_userid: cinder + cinder_rabbitmq_vhost: /cinder + galera_root_password: "secrete" + galera_client_drop_config_file: false + rabbitmq_servers: 10.100.100.2 + rabbitmq_use_ssl: true + rabbitmq_port: 5671 + keystone_admin_user_name: admin + keystone_admin_tenant_name: admin + keystone_auth_admin_password: "SuperSecretePassword" + keystone_service_adminuri_insecure: false + keystone_service_internaluri_insecure: false + keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" + keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" + keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" + keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" + openrc_os_auth_url: "{{ keystone_service_internalurl }}" + openrc_os_password: "{{ keystone_auth_admin_password }}" + openrc_os_domain_name: "Default" + memcached_servers: 127.0.0.1 + memcached_encryption_key: "secrete" + debug: true + verbose: true diff --git a/tests/test-install-infra.yml b/tests/test-install-infra.yml new file mode 100644 index 00000000..7b3acf0b --- /dev/null +++ b/tests/test-install-infra.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy infra services + hosts: service_all + user: root + gather_facts: true + roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete + - role: "galera_server" + galera_root_password: secrete + galera_root_user: root + galera_innodb_buffer_pool_size: 512M + galera_innodb_log_buffer_size: 32M + galera_server_id: "{{ inventory_hostname | string_2_int }}" + galera_wsrep_node_name: "{{ inventory_hostname }}" + galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + galera_server_id: "{{ inventory_hostname | string_2_int }}" diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml new file mode 100644 index 00000000..9d5a686d --- /dev/null +++ b/tests/test-install-keystone.yml @@ -0,0 +1,83 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy keystone + hosts: keystone_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + roles: + - role: os_keystone + vars: + external_lb_vip_address: 10.100.100.3 + internal_lb_vip_address: 10.100.100.3 + keystone_galera_address: 10.100.100.2 + keystone_galera_database: keystone + keystone_venv_tag: "testing" + keystone_developer_mode: true + keystone_git_install_branch: stable/mitaka + keystone_requirements_git_install_branch: f8cf7eba898a1424549c730d6692ec4e9573c0ed # HEAD of "master" as of 23.03.2016 + keystone_auth_admin_token: "SuperSecreteTestToken" + keystone_auth_admin_password: "SuperSecretePassword" + keystone_service_password: "secrete" + keystone_rabbitmq_password: "secrete" + keystone_container_mysql_password: "SuperSecrete" + keystone_rabbitmq_port: 5671 + keystone_rabbitmq_userid: keystone + keystone_rabbitmq_vhost: /keystone + keystone_rabbitmq_servers: 10.100.100.2 + keystone_rabbitmq_use_ssl: false + galera_client_drop_config_file: false diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml new file mode 100644 index 00000000..914c17f1 --- /dev/null +++ b/tests/test-prepare-containers.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create test containers + hosts: all_containers + connection: local + gather_facts: false + roles: + - role: "lxc_container_create" + lxc_container_release: trusty + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml new file mode 100644 index 00000000..a3808e7d --- /dev/null +++ b/tests/test-prepare-host.yml @@ -0,0 +1,90 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Perform basic LXC host setup + hosts: localhost + pre_tasks: + # Make sure OS does not have a stale package cache. + - name: Update apt cache + apt: + update_cache: yes + when: ansible_os_family == 'Debian' + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + - name: Check if this is an OpenStack-CI nodepool instance + stat: + path: /etc/nodepool/provider + register: nodepool + - name: Set the files to copy into the container cache for OpenStack-CI instances + set_fact: + lxc_container_cache_files: + - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } + - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' } + when: nodepool.stat.exists | bool + - name: Determine the existing Ubuntu repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo + changed_when: false + - name: Set apt repo facts based on discovered information + set_fact: + lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" + lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_dhcp_range: 10.100.100.8,10.100.100.253 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + lxc_container_caches: + - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" + sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" + chroot_path: trusty/rootfs-amd64 + # The $HOME directory is mocked to work with tox + # by defining the 'ansible_env' hash. This should + # NEVER be done outside of testing. + ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING + HOME: "/tmp" + post_tasks: + # Inventory is being pre-loaded using a post tasks instead of through a dynamic + # inventory system. While this is not a usual method for deployment it's being + # done for functional testing. + - name: Create container hosts + add_host: + groups: "{{ item.groups }}" + hostname: "{{ item.name }}" + inventory_hostname: "{{ item.name }}" + ansible_ssh_host: "{{ item.address }}" + ansible_become: true + properties: + service_name: "{{ item.service }}" + container_networks: + management_address: + address: "{{ item.address }}" + bridge: "lxcbr0" + interface: "eth1" + netmask: "255.255.252.0" + type: "veth" + physical_host: localhost + container_name: "{{ item.name }}" + with_items: + - { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" } + - { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,cinder_api,cinder_scheduler,cinder_backup,cinder_all" } diff --git a/tests/test-prepare-keys.yml b/tests/test-prepare-keys.yml new file mode 100644 index 00000000..c09f2f67 --- /dev/null +++ b/tests/test-prepare-keys.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create ssh key pairs for use with containers + hosts: 127.0.0.1 + connection: local + become: false + pre_tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: Get the calling user's key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" diff --git a/tests/test-prepare-vg.yml b/tests/test-prepare-vg.yml new file mode 100644 index 00000000..d9a841f6 --- /dev/null +++ b/tests/test-prepare-vg.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Prepare cinder-volumes volume group + hosts: localhost + tasks: + - name: Install lvm2 package + apt: + name: lvm2 + - name: Create sparse Cinder file + shell: "truncate -s 10G /openstack/cinder.img" + args: + creates: /openstack/cinder.img + register: cinder_create + - name: Get a loopback device for cinder file + shell: losetup -f + when: cinder_create | changed + register: cinder_losetup + - name: Create the loopback device + shell: "losetup {{ cinder_losetup.stdout }} /openstack/cinder.img" + when: cinder_create | changed + - name: Make LVM physical volume on the cinder device + shell: "{{ item }}" + when: cinder_create | changed + with_items: + - "pvcreate {{ cinder_losetup.stdout }}" + - "pvscan" + - name: Add cinder-volumes volume group + lvg: + vg: cinder-volumes + pvs: "{{ cinder_losetup.stdout }}" + when: cinder_create | changed + diff --git a/tests/test.yml b/tests/test.yml index c7074d8d..1d9a3dab 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -13,284 +13,26 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Playbook for establish ssh keys - hosts: 127.0.0.1 - connection: local - become: false - pre_tasks: - - name: Create ssh key pair for root - user: - name: "{{ ansible_ssh_user }}" - generate_ssh_key: "yes" - ssh_key_bits: 2048 - ssh_key_file: ".ssh/id_rsa" - - name: Get the calling user's key - command: cat ~/.ssh/id_rsa.pub - register: key_get - - set_fact: - lxc_container_ssh_key: "{{ key_get.stdout }}" +# Prepare the user ssh keys +- include: test-prepare-keys.yml -- name: Playbook for configuring the LXC host - hosts: localhost - connection: local - become: yes - pre_tasks: - # Make sure OS does not have a stale package cache. - - name: Update apt cache - apt: - update_cache: yes - when: ansible_os_family == 'Debian' - - name: Ensure root's new public ssh key is in authorized_keys - authorized_key: - user: root - key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - manage_dir: no - - set_fact: - lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" - - name: Check if this is an OpenStack-CI nodepool instance - stat: - path: /etc/nodepool/provider - register: nodepool - - name: Set the files to copy into the container cache for OpenStack-CI instances - set_fact: - lxc_container_cache_files: - - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } - - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' } - when: nodepool.stat.exists | bool - - name: Determine the existing Ubuntu repo configuration - shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' - register: ubuntu_repo - changed_when: false - - name: Set apt repo facts based on discovered information - set_fact: - lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" - lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" - roles: - - role: "lxc_hosts" - lxc_net_address: 10.100.100.1 - lxc_net_dhcp_range: 10.100.100.8,10.100.100.253 - lxc_net_bridge: lxcbr0 - lxc_kernel_options: - - { key: 'fs.inotify.max_user_instances', value: 1024 } - lxc_container_caches: - - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" - name: "trusty.tgz" - sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" - chroot_path: trusty/rootfs-amd64 - # The $HOME directory is mocked to work with tox - # by defining the 'ansible_env' hash. This should - # NEVER be done outside of testing. - ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING - HOME: "/tmp" - - role: "py_from_git" - git_repo: "https://github.com/lxc/python2-lxc" - git_dest: "/opt/lxc_python2" - git_install_branch: "master" - post_tasks: - # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A - # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. - - name: Ensure the lxc lib is on the host - command: /usr/local/bin/pip install /opt/lxc_python2 - # Inventory is being pre-loaded using a post tasks instead of through a dynamic - # inventory system. While this is not a usual method for deployment it's being - # done for functional testing. - - name: Create container hosts - add_host: - groups: "{{ item.groups }}" - hostname: "{{ item.name }}" - inventory_hostname: "{{ item.name }}" - ansible_ssh_host: "{{ item.address }}" - ansible_become: true - properties: - service_name: "{{ item.service }}" - container_networks: - management_address: - address: "{{ item.address }}" - bridge: "lxcbr0" - interface: "eth1" - netmask: "255.255.252.0" - type: "veth" - physical_host: localhost - container_name: "{{ item.name }}" - with_items: - - { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" } - - { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,cinder_api,cinder_scheduler,cinder_volume,cinder_backup,cinder_all" } +# Prepare the host +- include: test-prepare-host.yml -- name: Playbook for creating containers - hosts: all_containers - connection: local - gather_facts: false - roles: - - role: "lxc_container_create" - lxc_container_release: trusty - lxc_container_backing_store: dir - global_environment_variables: - PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - post_tasks: - - name: Wait for ssh to be available - local_action: - module: wait_for - port: "{{ ansible_ssh_port | default('22') }}" - host: "{{ ansible_ssh_host | default(inventory_hostname) }}" - search_regex: OpenSSH - delay: 1 +# Prepare the cinder-volumes VG +- include: test-prepare-vg.yml -- name: Playbook for deploying infra services - hosts: service_all - user: root - gather_facts: true - roles: - - role: "rabbitmq_server" - rabbitmq_cookie_token: secrete - - role: "galera_server" - galera_root_password: secrete - galera_root_user: root - galera_innodb_buffer_pool_size: 512M - galera_innodb_log_buffer_size: 32M - galera_server_id: "{{ inventory_hostname | string_2_int }}" - galera_wsrep_node_name: "{{ inventory_hostname }}" - galera_wsrep_provider_options: - - { option: "gcache.size", value: "32M" } - galera_server_id: "{{ inventory_hostname | string_2_int }}" +# Prepare the containers +- include: test-prepare-containers.yml -- name: Playbook for deploying keystone - hosts: keystone_all - user: root - gather_facts: true - pre_tasks: - - name: Ensure rabbitmq vhost - rabbitmq_vhost: - name: "{{ keystone_rabbitmq_vhost }}" - state: "present" - delegate_to: "10.100.100.2" - when: inventory_hostname == groups['keystone_all'][0] - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ keystone_rabbitmq_userid }}" - password: "{{ keystone_rabbitmq_password }}" - vhost: "{{ keystone_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "10.100.100.2" - when: inventory_hostname == groups['keystone_all'][0] - - name: Create DB for service - mysql_db: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ keystone_galera_database }}" - state: "present" - delegate_to: "10.100.100.2" - when: inventory_hostname == groups['keystone_all'][0] - - name: Grant access to the DB for the service - mysql_user: - login_user: "root" - login_password: "secrete" - login_host: "localhost" - name: "{{ keystone_galera_database }}" - password: "{{ keystone_container_mysql_password }}" - host: "{{ item }}" - state: "present" - priv: "{{ keystone_galera_database }}.*:ALL" - with_items: - - "localhost" - - "%" - delegate_to: "10.100.100.2" - when: inventory_hostname == groups['keystone_all'][0] - roles: - - role: os_keystone - vars: - external_lb_vip_address: 10.100.100.3 - internal_lb_vip_address: 10.100.100.3 - keystone_galera_address: 10.100.100.2 - keystone_galera_database: keystone - keystone_venv_tag: "testing" - keystone_developer_mode: true - keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448 - keystone_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 - keystone_auth_admin_token: "SuperSecreteTestToken" - keystone_auth_admin_password: "SuperSecretePassword" - keystone_service_password: "secrete" - keystone_rabbitmq_password: "secrete" - keystone_container_mysql_password: "SuperSecrete" - keystone_rabbitmq_port: 5671 - keystone_rabbitmq_userid: keystone - keystone_rabbitmq_vhost: /keystone - keystone_rabbitmq_servers: 10.100.100.2 - keystone_rabbitmq_use_ssl: false - galera_client_drop_config_file: false +# Install RabbitMQ/MariaDB +- include: test-install-infra.yml -- name: Playbook for deploying cinder - hosts: cinder_all - user: root - gather_facts: true - pre_tasks: - - name: Ensure Rabbitmq vhost - rabbitmq_vhost: - name: "{{ cinder_rabbitmq_vhost }}" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - - name: Ensure rabbitmq user - rabbitmq_user: - user: "{{ cinder_rabbitmq_userid }}" - password: "{{ cinder_rabbitmq_password }}" - vhost: "{{ cinder_rabbitmq_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - delegate_to: "{{ groups['rabbitmq_all'][0] }}" - roles: - - role: "{{ rolename | basename }}" - vars: - external_lb_vip_address: 10.100.100.3 - internal_lb_vip_address: 10.100.100.3 - cinder_galera_address: 10.100.100.2 - cinder_venv_tag: "testing" - cinder_developer_mode: true - cinder_git_install_branch: 94ae8598b96e2f86844fdf0f35a8b83a94c7b4c4 - cinder_requirements_git_install_branch: 332278d456e06870150835564342570ec9d5f5a0 - cinder_service_password: "secrete" - cinder_container_mysql_password: "SuperSecrete" - cinder_profiler_hmac_key: "secrete" - cinder_backend_lvm_inuse: false - cinder_rabbitmq_password: "secrete" - cinder_rabbitmq_userid: cinder - cinder_rabbitmq_vhost: /cinder - galera_root_password: "secrete" - galera_client_drop_config_file: false - rabbitmq_servers: 10.100.100.2 - rabbitmq_use_ssl: true - rabbitmq_port: 5671 - keystone_admin_user_name: admin - keystone_admin_tenant_name: admin - keystone_auth_admin_password: "SuperSecretePassword" - keystone_service_adminuri_insecure: false - keystone_service_internaluri_insecure: false - keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" - keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" - keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" - keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" - openrc_os_password: "{{ keystone_auth_admin_password }}" - openrc_os_domain_name: "Default" - memcached_servers: 127.0.0.1 - memcached_encryption_key: "secrete" - debug: true - verbose: true +# Install Keystone +- include: test-install-keystone.yml -- name: Playbook for functional testing of cinder - hosts: cinder_all - user: root - gather_facts: false - pre_tasks: - - name: Install httplib2 so we can use the uri module - pip: - name: httplib2 - tasks: - - name: Check the cinder-api - uri: - url: "http://localhost:8776" - status_code: 200 +# Install Cinder +- include: test-install-cinder.yml +# Test Cinder +- include: test-cinder-functional.yml diff --git a/tox.ini b/tox.ini index d7458fba..a5fdf08e 100644 --- a/tox.ini +++ b/tox.ini @@ -15,6 +15,8 @@ whitelist_externals = bash git rm + ln + sed setenv = VIRTUAL_ENV={envdir} ANSIBLE_HOST_KEY_CHECKING = False @@ -106,6 +108,17 @@ commands = [testenv:functional] commands = rm -rf {homedir}/.ansible + # Ansible is run using python in the tox venv, which doesn't have python-apt in it. + # Installing python-apt is non-trivial at first glance so for now we just symlink + # these in from the host. + ln -snf /usr/lib/python2.7/dist-packages/apt/ {envsitepackagesdir}/apt + ln -snf /usr/lib/python2.7/dist-packages/aptsources/ {envsitepackagesdir}/aptsources + ln -snf /usr/lib/python2.7/dist-packages/apt_pkg.so {envsitepackagesdir}/apt_pkg.so + ln -snf /usr/lib/python2.7/dist-packages/apt_inst.so {envsitepackagesdir}/apt_inst.so + # This forces Ansible to use the venv interpreter for localhost, which means we don't + # run into issues where things are being installed into the venv but then Ansible + # complains that it doesn't exist in /usr/local/lib. + sed -i 's@ENVPYTHON@{envpython}@g' tests/inventory git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ {homedir}/.ansible/plugins ansible-galaxy install \ @@ -114,7 +127,7 @@ commands = --force ansible-playbook -i {toxinidir}/tests/inventory \ -e "rolename={toxinidir}" \ - -vv \ + -vvvv \ {toxinidir}/tests/test.yml