Keystone test cleanup
This commit does the following: - splits out test.yml into multiple files - fully defines the inventory rather than having test-prepare-host.yml add containers to it - removes installation of lxc-python library, since this is no longer necessary - removes stand-alone and stand-alone.yml as those are not being used anywhere - updates test-prepare-keys.yml to use localhost instead of 127.0.0.1, uses become_user=jenkins instead of become=false, and removes redundant connection - updates test-prepare-host.yml by removing redundant become and connection options, changes 127.0.0.1 to localhost, and removes mocking ansible_env - groups vars in test-install-keystone.yml and test-keystone-functional.yml into test-vars.yml so they're only defined once Change-Id: I914cc248c53a70e15c7caf0b84f7c94447077894
This commit is contained in:
parent
99b13a14e5
commit
d82c975821
27
tests/group_vars/all_containers.yml
Normal file
27
tests/group_vars/all_containers.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
ansible_ssh_host: "{{ ansible_host }}"
|
||||||
|
container_name: "{{ inventory_hostname }}"
|
||||||
|
container_networks:
|
||||||
|
management_address:
|
||||||
|
address: "{{ ansible_host }}"
|
||||||
|
bridge: "lxcbr0"
|
||||||
|
interface: "eth1"
|
||||||
|
netmask: "255.255.252.0"
|
||||||
|
type: "veth"
|
||||||
|
physical_host: localhost
|
||||||
|
properties:
|
||||||
|
service_name: "{{ inventory_hostname }}"
|
@ -1,2 +1,24 @@
|
|||||||
[all]
|
[all]
|
||||||
localhost ansible_connection=local ansible_become=True
|
localhost ansible_connection=local ansible_become=True
|
||||||
|
infra1 ansible_host=10.100.100.2 ansible_become=True ansible_user=root
|
||||||
|
keystone1 ansible_host=10.100.100.3 ansible_become=True ansible_user=root
|
||||||
|
keystone2 ansible_host=10.100.100.4 ansible_become=True ansible_user=root
|
||||||
|
|
||||||
|
[all_containers]
|
||||||
|
infra1
|
||||||
|
keystone1
|
||||||
|
keystone2
|
||||||
|
|
||||||
|
[rabbitmq_all]
|
||||||
|
infra1
|
||||||
|
|
||||||
|
[galera_all]
|
||||||
|
infra1
|
||||||
|
|
||||||
|
[service_all:children]
|
||||||
|
rabbitmq_all
|
||||||
|
galera_all
|
||||||
|
|
||||||
|
[keystone_all]
|
||||||
|
keystone1
|
||||||
|
keystone2
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
[all]
|
|
||||||
localhost ansible_connection=local ansible_become=True
|
|
||||||
|
|
||||||
[keystone_all]
|
|
||||||
localhost ansible_connection=local
|
|
@ -1,25 +0,0 @@
|
|||||||
- name: Playbook for role testing
|
|
||||||
hosts: localhost
|
|
||||||
user: root
|
|
||||||
gather_facts: true
|
|
||||||
roles:
|
|
||||||
- role: "{{ rolename | basename }}"
|
|
||||||
vars:
|
|
||||||
external_lb_vip_address: 10.100.100.102
|
|
||||||
internal_lb_vip_address: 10.100.100.102
|
|
||||||
keystone_galera_address: 10.100.100.101
|
|
||||||
keystone_galera_database: keystone
|
|
||||||
keystone_venv_tag: "testing"
|
|
||||||
keystone_developer_mode: true
|
|
||||||
keystone_auth_admin_password: "SuperSecretePassword"
|
|
||||||
keystone_database_enabled: false
|
|
||||||
keystone_service_setup: false
|
|
||||||
keystone_service_password: "secrete"
|
|
||||||
keystone_rabbitmq_password: "secrete"
|
|
||||||
keystone_container_mysql_password: "SuperSecrete"
|
|
||||||
keystone_rabbitmq_port: 5671
|
|
||||||
keystone_rabbitmq_userid: keystone
|
|
||||||
keystone_rabbitmq_vhost: /keystone
|
|
||||||
keystone_rabbitmq_servers: 10.100.100.101
|
|
||||||
keystone_rabbitmq_use_ssl: false
|
|
||||||
galera_client_drop_config_file: false
|
|
32
tests/test-install-infra.yml
Normal file
32
tests/test-install-infra.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Playbook for deploying infra services
|
||||||
|
hosts: service_all
|
||||||
|
user: root
|
||||||
|
gather_facts: true
|
||||||
|
roles:
|
||||||
|
- role: "rabbitmq_server"
|
||||||
|
rabbitmq_cookie_token: secrete
|
||||||
|
- role: "galera_server"
|
||||||
|
galera_root_password: secrete
|
||||||
|
galera_root_user: root
|
||||||
|
galera_innodb_buffer_pool_size: 512M
|
||||||
|
galera_innodb_log_buffer_size: 32M
|
||||||
|
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
||||||
|
galera_wsrep_node_name: "{{ inventory_hostname }}"
|
||||||
|
galera_wsrep_provider_options:
|
||||||
|
- { option: "gcache.size", value: "32M" }
|
||||||
|
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
111
tests/test-install-keystone.yml
Normal file
111
tests/test-install-keystone.yml
Normal file
@ -0,0 +1,111 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Playbook for deploying keystone
|
||||||
|
hosts: keystone_all
|
||||||
|
user: root
|
||||||
|
gather_facts: true
|
||||||
|
pre_tasks:
|
||||||
|
- name: Ensure rabbitmq vhost
|
||||||
|
rabbitmq_vhost:
|
||||||
|
name: "{{ keystone_rabbitmq_vhost }}"
|
||||||
|
state: "present"
|
||||||
|
delegate_to: "10.100.100.2"
|
||||||
|
when: inventory_hostname == groups['keystone_all'][0]
|
||||||
|
- name: Ensure rabbitmq user
|
||||||
|
rabbitmq_user:
|
||||||
|
user: "{{ keystone_rabbitmq_userid }}"
|
||||||
|
password: "{{ keystone_rabbitmq_password }}"
|
||||||
|
vhost: "{{ keystone_rabbitmq_vhost }}"
|
||||||
|
configure_priv: ".*"
|
||||||
|
read_priv: ".*"
|
||||||
|
write_priv: ".*"
|
||||||
|
state: "present"
|
||||||
|
delegate_to: "10.100.100.2"
|
||||||
|
when: inventory_hostname == groups['keystone_all'][0]
|
||||||
|
- name: Create DB for service
|
||||||
|
mysql_db:
|
||||||
|
login_user: "root"
|
||||||
|
login_password: "secrete"
|
||||||
|
login_host: "localhost"
|
||||||
|
name: "{{ keystone_galera_database }}"
|
||||||
|
state: "present"
|
||||||
|
delegate_to: "10.100.100.2"
|
||||||
|
when: inventory_hostname == groups['keystone_all'][0]
|
||||||
|
- name: Grant access to the DB for the service
|
||||||
|
mysql_user:
|
||||||
|
login_user: "root"
|
||||||
|
login_password: "secrete"
|
||||||
|
login_host: "localhost"
|
||||||
|
name: "{{ keystone_galera_database }}"
|
||||||
|
password: "{{ keystone_container_mysql_password }}"
|
||||||
|
host: "{{ item }}"
|
||||||
|
state: "present"
|
||||||
|
priv: "{{ keystone_galera_database }}.*:ALL"
|
||||||
|
with_items:
|
||||||
|
- "localhost"
|
||||||
|
- "%"
|
||||||
|
delegate_to: "10.100.100.2"
|
||||||
|
when: inventory_hostname == groups['keystone_all'][0]
|
||||||
|
roles:
|
||||||
|
- role: "{{ rolename | basename }}"
|
||||||
|
tasks:
|
||||||
|
# needed by the functional test playbook below
|
||||||
|
- name: Install httplib2 so we can use the uri module
|
||||||
|
pip:
|
||||||
|
name: httplib2
|
||||||
|
vars_files:
|
||||||
|
- test-vars.yml
|
||||||
|
|
||||||
|
- name: Playbook for functional testing keystone
|
||||||
|
hosts: keystone_all
|
||||||
|
user: root
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Check the keystone api
|
||||||
|
uri:
|
||||||
|
url: "http://localhost:{{ item }}"
|
||||||
|
status_code: 300
|
||||||
|
register: result
|
||||||
|
until: result.status == 300
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
with_items:
|
||||||
|
- 5000
|
||||||
|
- 35357
|
||||||
|
- name: Check for expected users
|
||||||
|
keystone:
|
||||||
|
command: get_user
|
||||||
|
user_name: "{{ item }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
login_user: "{{ keystone_admin_user_name }}"
|
||||||
|
login_password: "{{ keystone_auth_admin_password }}"
|
||||||
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||||
|
with_items:
|
||||||
|
- "admin"
|
||||||
|
- "keystone"
|
||||||
|
- name: Check for expected projects
|
||||||
|
keystone:
|
||||||
|
command: get_project
|
||||||
|
project_name: "{{ item }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
login_user: "{{ keystone_admin_user_name }}"
|
||||||
|
login_password: "{{ keystone_auth_admin_password }}"
|
||||||
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||||
|
with_items:
|
||||||
|
- "admin"
|
||||||
|
- "service"
|
||||||
|
vars_files:
|
||||||
|
- test-vars.yml
|
55
tests/test-keystone-functional.yml
Normal file
55
tests/test-keystone-functional.yml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Playbook for functional testing keystone
|
||||||
|
hosts: keystone_all
|
||||||
|
user: root
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Check the keystone api
|
||||||
|
uri:
|
||||||
|
url: "http://localhost:{{ item }}"
|
||||||
|
status_code: 300
|
||||||
|
register: result
|
||||||
|
until: result.status == 300
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
with_items:
|
||||||
|
- 5000
|
||||||
|
- 35357
|
||||||
|
- name: Check for expected users
|
||||||
|
keystone:
|
||||||
|
command: get_user
|
||||||
|
user_name: "{{ item }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
login_user: "{{ keystone_admin_user_name }}"
|
||||||
|
login_password: "{{ keystone_auth_admin_password }}"
|
||||||
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||||
|
with_items:
|
||||||
|
- "admin"
|
||||||
|
- "keystone"
|
||||||
|
- name: Check for expected projects
|
||||||
|
keystone:
|
||||||
|
command: get_project
|
||||||
|
project_name: "{{ item }}"
|
||||||
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
|
login_user: "{{ keystone_admin_user_name }}"
|
||||||
|
login_password: "{{ keystone_auth_admin_password }}"
|
||||||
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||||
|
with_items:
|
||||||
|
- "admin"
|
||||||
|
- "service"
|
||||||
|
vars_files:
|
||||||
|
- test-vars.yml
|
33
tests/test-prepare-containers.yml
Normal file
33
tests/test-prepare-containers.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Playbook for creating containers
|
||||||
|
hosts: all_containers
|
||||||
|
connection: local
|
||||||
|
gather_facts: false
|
||||||
|
roles:
|
||||||
|
- role: "lxc_container_create"
|
||||||
|
lxc_container_release: trusty
|
||||||
|
lxc_container_backing_store: dir
|
||||||
|
global_environment_variables:
|
||||||
|
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
post_tasks:
|
||||||
|
- name: Wait for ssh to be available
|
||||||
|
local_action:
|
||||||
|
module: wait_for
|
||||||
|
port: "{{ ansible_ssh_port | default('22') }}"
|
||||||
|
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
|
||||||
|
search_regex: OpenSSH
|
||||||
|
delay: 1
|
60
tests/test-prepare-host.yml
Normal file
60
tests/test-prepare-host.yml
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Playbook for configuring LXC host
|
||||||
|
hosts: localhost
|
||||||
|
pre_tasks:
|
||||||
|
# Make sure OS does not have a stale package cache.
|
||||||
|
- name: Update apt cache
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
- name: Ensure root's new public ssh key is in authorized_keys
|
||||||
|
authorized_key:
|
||||||
|
user: root
|
||||||
|
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||||
|
manage_dir: no
|
||||||
|
- set_fact:
|
||||||
|
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||||
|
- name: Check if this is an OpenStack-CI nodepool instance
|
||||||
|
stat:
|
||||||
|
path: /etc/nodepool/provider
|
||||||
|
register: nodepool
|
||||||
|
- name: Set the files to copy into the container cache for OpenStack-CI instances
|
||||||
|
set_fact:
|
||||||
|
lxc_container_cache_files:
|
||||||
|
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
|
||||||
|
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
|
||||||
|
when: nodepool.stat.exists | bool
|
||||||
|
- name: Determine the existing Ubuntu repo configuration
|
||||||
|
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
|
||||||
|
register: ubuntu_repo
|
||||||
|
changed_when: false
|
||||||
|
- name: Set apt repo facts based on discovered information
|
||||||
|
set_fact:
|
||||||
|
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
|
||||||
|
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
|
||||||
|
roles:
|
||||||
|
- role: "lxc_hosts"
|
||||||
|
lxc_net_address: 10.100.100.1
|
||||||
|
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
|
||||||
|
lxc_net_bridge: lxcbr0
|
||||||
|
lxc_kernel_options:
|
||||||
|
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
||||||
|
lxc_container_caches:
|
||||||
|
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
|
||||||
|
name: "trusty.tgz"
|
||||||
|
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
|
||||||
|
chroot_path: trusty/rootfs-amd64
|
33
tests/test-prepare-keys.yml
Normal file
33
tests/test-prepare-keys.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# NOTE: we use become_user because setting become: no or become: false
|
||||||
|
# doesn't seem to override the ansible_become=true in the
|
||||||
|
# inventory
|
||||||
|
- name: Playbook for establishing ssh keys
|
||||||
|
hosts: localhost
|
||||||
|
become_user: "{{ ansible_ssh_user }}"
|
||||||
|
pre_tasks:
|
||||||
|
- name: Create ssh key pair for root
|
||||||
|
user:
|
||||||
|
name: "{{ ansible_ssh_user }}"
|
||||||
|
generate_ssh_key: "yes"
|
||||||
|
ssh_key_bits: 2048
|
||||||
|
ssh_key_file: ".ssh/id_rsa"
|
||||||
|
- name: Get the calling user's key
|
||||||
|
command: cat ~/.ssh/id_rsa.pub
|
||||||
|
register: key_get
|
||||||
|
- set_fact:
|
||||||
|
lxc_container_ssh_key: "{{ key_get.stdout }}"
|
37
tests/test-vars.yml
Normal file
37
tests/test-vars.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2015, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
external_lb_vip_address: 10.100.100.3
|
||||||
|
galera_client_drop_config_file: false
|
||||||
|
internal_lb_vip_address: 10.100.100.3
|
||||||
|
keystone_admin_tenant_name: admin
|
||||||
|
keystone_admin_user_name: admin
|
||||||
|
keystone_auth_admin_password: "SuperSecretePassword"
|
||||||
|
keystone_container_mysql_password: "SuperSecrete"
|
||||||
|
keystone_developer_mode: true
|
||||||
|
keystone_galera_address: 10.100.100.2
|
||||||
|
keystone_galera_database: keystone
|
||||||
|
keystone_git_install_branch: stable/mitaka
|
||||||
|
keystone_rabbitmq_password: "secrete"
|
||||||
|
keystone_rabbitmq_port: 5671
|
||||||
|
keystone_rabbitmq_servers: 10.100.100.2
|
||||||
|
keystone_rabbitmq_use_ssl: true
|
||||||
|
keystone_rabbitmq_userid: keystone
|
||||||
|
keystone_rabbitmq_vhost: /keystone
|
||||||
|
keystone_requirements_git_install_branch: stable/mitaka
|
||||||
|
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
|
||||||
|
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
|
||||||
|
keystone_service_password: "secrete"
|
||||||
|
keystone_venv_tag: "testing"
|
266
tests/test.yml
266
tests/test.yml
@ -13,262 +13,20 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Playbook for establishing ssh keys
|
# Prepare the user ssh keys
|
||||||
hosts: 127.0.0.1
|
- include: test-prepare-keys.yml
|
||||||
connection: local
|
|
||||||
become: false
|
|
||||||
pre_tasks:
|
|
||||||
- name: Create ssh key pair for root
|
|
||||||
user:
|
|
||||||
name: "{{ ansible_ssh_user }}"
|
|
||||||
generate_ssh_key: "yes"
|
|
||||||
ssh_key_bits: 2048
|
|
||||||
ssh_key_file: ".ssh/id_rsa"
|
|
||||||
- name: Get the calling user's key
|
|
||||||
command: cat ~/.ssh/id_rsa.pub
|
|
||||||
register: key_get
|
|
||||||
- set_fact:
|
|
||||||
lxc_container_ssh_key: "{{ key_get.stdout }}"
|
|
||||||
|
|
||||||
- name: Playbook for configuring LXC host
|
# Prepare the host
|
||||||
hosts: localhost
|
- include: test-prepare-host.yml
|
||||||
connection: local
|
|
||||||
become: yes
|
|
||||||
pre_tasks:
|
|
||||||
# Make sure OS does not have a stale package cache.
|
|
||||||
- name: Update apt cache
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
when: ansible_os_family == 'Debian'
|
|
||||||
- name: Ensure root's new public ssh key is in authorized_keys
|
|
||||||
authorized_key:
|
|
||||||
user: root
|
|
||||||
key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
|
|
||||||
manage_dir: no
|
|
||||||
- set_fact:
|
|
||||||
lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}"
|
|
||||||
- name: Check if this is an OpenStack-CI nodepool instance
|
|
||||||
stat:
|
|
||||||
path: /etc/nodepool/provider
|
|
||||||
register: nodepool
|
|
||||||
- name: Set the files to copy into the container cache for OpenStack-CI instances
|
|
||||||
set_fact:
|
|
||||||
lxc_container_cache_files:
|
|
||||||
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
|
|
||||||
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
|
|
||||||
when: nodepool.stat.exists | bool
|
|
||||||
- name: Determine the existing Ubuntu repo configuration
|
|
||||||
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
|
|
||||||
register: ubuntu_repo
|
|
||||||
changed_when: false
|
|
||||||
- name: Set apt repo facts based on discovered information
|
|
||||||
set_fact:
|
|
||||||
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
|
|
||||||
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
|
|
||||||
roles:
|
|
||||||
- role: "lxc_hosts"
|
|
||||||
lxc_net_address: 10.100.100.1
|
|
||||||
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
|
|
||||||
lxc_net_bridge: lxcbr0
|
|
||||||
lxc_kernel_options:
|
|
||||||
- { key: 'fs.inotify.max_user_instances', value: 1024 }
|
|
||||||
lxc_container_caches:
|
|
||||||
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
|
|
||||||
name: "trusty.tgz"
|
|
||||||
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
|
|
||||||
chroot_path: trusty/rootfs-amd64
|
|
||||||
# The $HOME directory is mocked to work with tox
|
|
||||||
# by defining the 'ansible_env' hash. This should
|
|
||||||
# NEVER be done outside of testing.
|
|
||||||
ansible_env: ## NEVER DO THIS OUTSIDE OF TESTING
|
|
||||||
HOME: "/tmp"
|
|
||||||
- role: "py_from_git"
|
|
||||||
git_repo: "https://github.com/lxc/python2-lxc"
|
|
||||||
git_dest: "/opt/lxc_python2"
|
|
||||||
git_install_branch: "master"
|
|
||||||
post_tasks:
|
|
||||||
# THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A
|
|
||||||
# HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV.
|
|
||||||
- name: Ensure the lxc lib is on the host
|
|
||||||
command: /usr/local/bin/pip install /opt/lxc_python2
|
|
||||||
# Inventory is being pre-loaded using a post tasks instead of through a dynamic
|
|
||||||
# inventory system. While this is not a usual method for deployment it's being
|
|
||||||
# done for functional testing.
|
|
||||||
- name: Create container hosts
|
|
||||||
add_host:
|
|
||||||
groups: "{{ item.groups }}"
|
|
||||||
hostname: "{{ item.name }}"
|
|
||||||
inventory_hostname: "{{ item.name }}"
|
|
||||||
ansible_ssh_host: "{{ item.address }}"
|
|
||||||
ansible_become: true
|
|
||||||
properties:
|
|
||||||
service_name: "{{ item.service }}"
|
|
||||||
container_networks:
|
|
||||||
management_address:
|
|
||||||
address: "{{ item.address }}"
|
|
||||||
bridge: "lxcbr0"
|
|
||||||
interface: "eth1"
|
|
||||||
netmask: "255.255.252.0"
|
|
||||||
type: "veth"
|
|
||||||
physical_host: localhost
|
|
||||||
container_name: "{{ item.name }}"
|
|
||||||
with_items:
|
|
||||||
- { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" }
|
|
||||||
- { name: "keystone1", service: "keystone1", address: "10.100.100.3", groups: "all,all_containers,keystone_all" }
|
|
||||||
- { name: "keystone2", service: "keystone2", address: "10.100.100.4", groups: "all,all_containers,keystone_all" }
|
|
||||||
|
|
||||||
- name: Playbook for creating containers
|
# Prepare the containers
|
||||||
hosts: all_containers
|
- include: test-prepare-containers.yml
|
||||||
connection: local
|
|
||||||
gather_facts: false
|
|
||||||
roles:
|
|
||||||
- role: "lxc_container_create"
|
|
||||||
lxc_container_release: trusty
|
|
||||||
lxc_container_backing_store: dir
|
|
||||||
global_environment_variables:
|
|
||||||
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
||||||
post_tasks:
|
|
||||||
- name: Wait for ssh to be available
|
|
||||||
local_action:
|
|
||||||
module: wait_for
|
|
||||||
port: "{{ ansible_ssh_port | default('22') }}"
|
|
||||||
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
|
|
||||||
search_regex: OpenSSH
|
|
||||||
delay: 1
|
|
||||||
|
|
||||||
- name: Playbook for deploying infra services
|
# Install RabbitMQ/MariaDB
|
||||||
hosts: service_all
|
- include: test-install-infra.yml
|
||||||
user: root
|
|
||||||
gather_facts: true
|
|
||||||
roles:
|
|
||||||
- role: "rabbitmq_server"
|
|
||||||
rabbitmq_cookie_token: secrete
|
|
||||||
- role: "galera_server"
|
|
||||||
galera_root_password: secrete
|
|
||||||
galera_root_user: root
|
|
||||||
galera_innodb_buffer_pool_size: 512M
|
|
||||||
galera_innodb_log_buffer_size: 32M
|
|
||||||
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
|
||||||
galera_wsrep_node_name: "{{ inventory_hostname }}"
|
|
||||||
galera_wsrep_provider_options:
|
|
||||||
- { option: "gcache.size", value: "32M" }
|
|
||||||
galera_server_id: "{{ inventory_hostname | string_2_int }}"
|
|
||||||
|
|
||||||
- name: Playbook for deploying keystone
|
# Install Keystone
|
||||||
hosts: keystone_all
|
- include: test-install-keystone.yml
|
||||||
user: root
|
|
||||||
gather_facts: true
|
|
||||||
pre_tasks:
|
|
||||||
- name: Ensure rabbitmq vhost
|
|
||||||
rabbitmq_vhost:
|
|
||||||
name: "{{ keystone_rabbitmq_vhost }}"
|
|
||||||
state: "present"
|
|
||||||
delegate_to: "10.100.100.2"
|
|
||||||
when: inventory_hostname == groups['keystone_all'][0]
|
|
||||||
- name: Ensure rabbitmq user
|
|
||||||
rabbitmq_user:
|
|
||||||
user: "{{ keystone_rabbitmq_userid }}"
|
|
||||||
password: "{{ keystone_rabbitmq_password }}"
|
|
||||||
vhost: "{{ keystone_rabbitmq_vhost }}"
|
|
||||||
configure_priv: ".*"
|
|
||||||
read_priv: ".*"
|
|
||||||
write_priv: ".*"
|
|
||||||
state: "present"
|
|
||||||
delegate_to: "10.100.100.2"
|
|
||||||
when: inventory_hostname == groups['keystone_all'][0]
|
|
||||||
- name: Create DB for service
|
|
||||||
mysql_db:
|
|
||||||
login_user: "root"
|
|
||||||
login_password: "secrete"
|
|
||||||
login_host: "localhost"
|
|
||||||
name: "{{ keystone_galera_database }}"
|
|
||||||
state: "present"
|
|
||||||
delegate_to: "10.100.100.2"
|
|
||||||
when: inventory_hostname == groups['keystone_all'][0]
|
|
||||||
- name: Grant access to the DB for the service
|
|
||||||
mysql_user:
|
|
||||||
login_user: "root"
|
|
||||||
login_password: "secrete"
|
|
||||||
login_host: "localhost"
|
|
||||||
name: "{{ keystone_galera_database }}"
|
|
||||||
password: "{{ keystone_container_mysql_password }}"
|
|
||||||
host: "{{ item }}"
|
|
||||||
state: "present"
|
|
||||||
priv: "{{ keystone_galera_database }}.*:ALL"
|
|
||||||
with_items:
|
|
||||||
- "localhost"
|
|
||||||
- "%"
|
|
||||||
delegate_to: "10.100.100.2"
|
|
||||||
when: inventory_hostname == groups['keystone_all'][0]
|
|
||||||
roles:
|
|
||||||
- role: "{{ rolename | basename }}"
|
|
||||||
tasks:
|
|
||||||
# needed by the functional test playbook below
|
|
||||||
- name: Install httplib2 so we can use the uri module
|
|
||||||
pip:
|
|
||||||
name: httplib2
|
|
||||||
vars:
|
|
||||||
external_lb_vip_address: 10.100.100.3
|
|
||||||
internal_lb_vip_address: 10.100.100.3
|
|
||||||
keystone_galera_address: 10.100.100.2
|
|
||||||
keystone_galera_database: keystone
|
|
||||||
keystone_venv_tag: "testing"
|
|
||||||
keystone_developer_mode: true
|
|
||||||
keystone_git_install_branch: stable/mitaka
|
|
||||||
keystone_requirements_git_install_branch: stable/mitaka
|
|
||||||
keystone_auth_admin_password: "SuperSecretePassword"
|
|
||||||
keystone_service_password: "secrete"
|
|
||||||
keystone_rabbitmq_password: "secrete"
|
|
||||||
keystone_container_mysql_password: "SuperSecrete"
|
|
||||||
keystone_rabbitmq_port: 5671
|
|
||||||
keystone_rabbitmq_userid: keystone
|
|
||||||
keystone_rabbitmq_vhost: /keystone
|
|
||||||
keystone_rabbitmq_servers: 10.100.100.2
|
|
||||||
keystone_rabbitmq_use_ssl: true
|
|
||||||
galera_client_drop_config_file: false
|
|
||||||
|
|
||||||
- name: Playbook for functional testing keystone
|
# Test Keystone
|
||||||
hosts: keystone_all
|
- include: test-keystone-functional.yml
|
||||||
user: root
|
|
||||||
gather_facts: false
|
|
||||||
tasks:
|
|
||||||
- name: Check the keystone api
|
|
||||||
uri:
|
|
||||||
url: "http://localhost:{{ item }}"
|
|
||||||
status_code: 300
|
|
||||||
register: result
|
|
||||||
until: result.status == 300
|
|
||||||
retries: 5
|
|
||||||
delay: 10
|
|
||||||
with_items:
|
|
||||||
- 5000
|
|
||||||
- 35357
|
|
||||||
- name: Check for expected users
|
|
||||||
keystone:
|
|
||||||
command: get_user
|
|
||||||
user_name: "{{ item }}"
|
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
|
||||||
login_user: "{{ keystone_admin_user_name }}"
|
|
||||||
login_password: "{{ keystone_auth_admin_password }}"
|
|
||||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
||||||
with_items:
|
|
||||||
- "admin"
|
|
||||||
- "keystone"
|
|
||||||
- name: Check for expected projects
|
|
||||||
keystone:
|
|
||||||
command: get_project
|
|
||||||
project_name: "{{ item }}"
|
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
|
||||||
login_user: "{{ keystone_admin_user_name }}"
|
|
||||||
login_password: "{{ keystone_auth_admin_password }}"
|
|
||||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
||||||
with_items:
|
|
||||||
- "admin"
|
|
||||||
- "service"
|
|
||||||
vars:
|
|
||||||
keystone_admin_user_name: admin
|
|
||||||
keystone_auth_admin_password: "SuperSecretePassword"
|
|
||||||
keystone_admin_tenant_name: admin
|
|
||||||
internal_lb_vip_address: 10.100.100.3
|
|
||||||
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
|
|
||||||
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user