From c7aefe6fb5fa9199fa0ab991f00b790ce66b5a2d Mon Sep 17 00:00:00 2001 From: Jimmy McCrory Date: Fri, 11 Mar 2016 11:51:22 -0800 Subject: [PATCH] Enable functional convergence testing This commit adds test playbooks to deploy rabbitmq, galera, keystone, and neutron for a functional convergence test. Note that we point at a non-existent memcached server, but this can be adjusted to build memcached if deemed necessary. The openstack_services.yml file from openstack-ansible is downloaded and included as extra vars to maintain consistent testing of OpenStack project repo SHAs between this independent role and OpenStack-Ansible's integration. neutron_requirements_git_install_branch has been bumped to resolve the issue of the required eventlet version no longer being available on PyPi https://review.openstack.org/#/c/277912/ The test also checks if it's running in OpenStack-CI, and if it is - then make the containers use the host's pip.conf and some of the apt configuration. Change-Id: I8905586727c327ac356b5a34897dbb096fd03e2f Partial-Bug: #1553970 --- tests/ansible-role-requirements.yml | 32 +++++++ tests/test-install-infra.yml | 32 +++++++ tests/test-install-keystone.yml | 91 ++++++++++++++++++++ tests/test-install-neutron.yml | 128 ++++++++++++++++++++++++++++ tests/test-prepare-containers.yml | 54 ++++++++++++ tests/test-prepare-host.yml | 89 +++++++++++++++++++ tests/test-prepare-keys.yml | 31 +++++++ tests/test.yml | 22 +++-- tox.ini | 33 ++++--- 9 files changed, 489 insertions(+), 23 deletions(-) create mode 100644 tests/test-install-infra.yml create mode 100644 tests/test-install-keystone.yml create mode 100644 tests/test-install-neutron.yml create mode 100644 tests/test-prepare-containers.yml create mode 100644 tests/test-prepare-host.yml create mode 100644 tests/test-prepare-keys.yml diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml index 8074d2b1..73c1225a 100644 --- a/tests/ansible-role-requirements.yml +++ b/tests/ansible-role-requirements.yml @@ -6,10 +6,34 @@ src: https://git.openstack.org/openstack/openstack-ansible-galera_client scm: git version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: openstack_hosts + src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts + scm: git + version: master - name: openstack_openrc src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc scm: git version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master - name: pip_install src: https://git.openstack.org/openstack/openstack-ansible-pip_install scm: git @@ -18,3 +42,11 @@ src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down scm: git version: master +- name: py_from_git + src: https://git.openstack.org/openstack/openstack-ansible-py_from_git + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master diff --git a/tests/test-install-infra.yml b/tests/test-install-infra.yml new file mode 100644 index 00000000..cb2adc51 --- /dev/null +++ b/tests/test-install-infra.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy infrastructure services + hosts: service_all + user: root + gather_facts: true + roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete + - role: "galera_server" + galera_root_password: secrete + galera_root_user: root + galera_innodb_buffer_pool_size: 512M + galera_innodb_log_buffer_size: 32M + galera_server_id: "{{ inventory_hostname | string_2_int }}" + galera_wsrep_node_name: "{{ inventory_hostname }}" + galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + galera_server_id: "{{ inventory_hostname | string_2_int }}" diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml new file mode 100644 index 00000000..4720d87d --- /dev/null +++ b/tests/test-install-keystone.yml @@ -0,0 +1,91 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy keystone + hosts: keystone_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - keystone-rabbitmq + - keystone-rabbitmq-vhost + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - keystone-rabbitmq + - keystone-rabbitmq-user + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - mysql-db-setup + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['keystone_all'][0] + tags: + - mysql-db-setup + roles: + - role: os_keystone + vars: + external_lb_vip_address: 10.100.100.3 + internal_lb_vip_address: 10.100.100.3 + keystone_galera_address: 10.100.100.2 + keystone_galera_database: keystone + keystone_venv_tag: testing + keystone_developer_mode: true + keystone_auth_admin_token: SuperSecreteTestToken + keystone_auth_admin_password: SuperSecretePassword + keystone_service_password: secrete + keystone_rabbitmq_password: secrete + keystone_container_mysql_password: SuperSecrete + keystone_rabbitmq_port: 5671 + keystone_rabbitmq_userid: keystone + keystone_rabbitmq_vhost: /keystone + keystone_rabbitmq_servers: 10.100.100.2 + keystone_rabbitmq_use_ssl: false + galera_client_drop_config_file: false diff --git a/tests/test-install-neutron.yml b/tests/test-install-neutron.yml new file mode 100644 index 00000000..82024f4b --- /dev/null +++ b/tests/test-install-neutron.yml @@ -0,0 +1,128 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Deploy neutron + hosts: neutron_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ neutron_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['neutron_all'][0] + tags: + - neutron-rabbitmq + - neutron-rabbitmq-vhost + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ neutron_rabbitmq_userid }}" + password: "{{ neutron_rabbitmq_password }}" + vhost: "{{ neutron_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['neutron_all'][0] + tags: + - neutron-rabbitmq + - neutron-rabbitmq-user + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ neutron_galera_database }}" + state: "present" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['neutron_all'][0] + tags: + - mysql-db-setup + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ neutron_galera_database }}" + password: "{{ neutron_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ neutron_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.100.2" + when: inventory_hostname == groups['neutron_all'][0] + tags: + - mysql-db-setup + roles: + - role: "{{ rolename | basename }}" + vars: + external_lb_vip_address: 10.100.100.3 + internal_lb_vip_address: 10.100.100.3 + neutron_galera_address: 10.100.100.2 + neutron_galera_database: neutron + galera_root_password: secrete + galera_client_drop_config_file: false + neutron_rabbitmq_password: secrete + neutron_rabbitmq_userid: neutron + neutron_rabbitmq_vhost: /neutron + rabbitmq_servers: 10.100.100.2 + rabbitmq_use_ssl: true + rabbitmq_port: 5671 + keystone_admin_user_name: admin + keystone_admin_tenant_name: admin + keystone_auth_admin_password: SuperSecretePassword + keystone_service_adminuri_insecure: false + keystone_service_internaluri_insecure: false + keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" + keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" + keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" + keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" + keystone_service_region: RegionOne + nova_keystone_auth_plugin: password + nova_metadata_port: 8775 + nova_metadata_proxy_secret: secrete + nova_service_adminurl: "http://{{ internal_lb_vip_address }}:8774" + nova_service_password: secrete + nova_service_project_domain_id: default + nova_service_project_name: service + nova_service_region: RegionOne + nova_service_user_domain_id: default + nova_service_user_name: nova + neutron_venv_tag: testing + #TODO(jmccrory): Remove when requirements_git_install_branch is bumped in openstack-ansible + # Pinned eventlet version in current SHA is is no longer available on PyPi + # https://review.openstack.org/#/c/277912/ + neutron_requirements_git_install_branch: 1a6867129b19c1a34c8fe694d9062eca427507fe + neutron_developer_mode: true + neutron_provider_networks: + network_flat_networks: "flat" + network_mappings: "flat:eth12,vlan:eth11" + network_types: "vxlan,flat,vlan" + network_vlan_ranges: "vlan:1:1,vlan:1024:1025" + network_vxlan_ranges: "1:1000" + neutron_ha_vrrp_auth_password: secrete + neutron_service_password: secrete + neutron_container_mysql_password: SuperSecrete + neutron_management_address: "{{ internal_lb_vip_address }}" + openrc_os_password: "{{ keystone_auth_admin_password }}" + openrc_os_domain_name: Default + memcached_servers: 127.0.0.1 + memcached_encryption_key: secrete + debug: true + verbose: true diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml new file mode 100644 index 00000000..efca943a --- /dev/null +++ b/tests/test-prepare-containers.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create test containers + hosts: all_containers + connection: local + gather_facts: false + pre_tasks: + - name: Destroy test containers + lxc_container: + name: "{{ container_name }}" + state: "absent" + delegate_to: "{{ physical_host }}" + tags: + - container-destroy + - name: Destroy container service directories + file: + path: "{{ item }}" + state: "absent" + with_items: + - "/openstack/{{ container_name }}" + - "/openstack/backup/{{ container_name }}" + - "/openstack/log/{{ container_name }}" + - "/var/lib/lxc/{{ container_name }}" + - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" + delegate_to: "{{ physical_host }}" + tags: + - container-directories + roles: + - role: "lxc_container_create" + lxc_container_release: trusty + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml new file mode 100644 index 00000000..9174b7a8 --- /dev/null +++ b/tests/test-prepare-host.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Perform basic LXC host setup + hosts: localhost + connection: local + pre_tasks: + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['127.0.0.1']['lxc_container_ssh_key'] }}" + - name: Check if this is an OpenStack-CI nodepool instance + stat: + path: /etc/nodepool/provider + register: nodepool + - name: Set the files to copy into the container cache for OpenStack-CI instances + set_fact: + lxc_container_cache_files: + - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } + - { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' } + when: nodepool.stat.exists | bool + - name: Determine the existing Ubuntu repo configuration + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo + changed_when: false + - name: Set apt repo facts based on discovered information + set_fact: + lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" + lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_dhcp_range: 10.100.100.8,10.100.100.253 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } + lxc_container_caches: + - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" + name: "trusty.tgz" + sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c" + chroot_path: trusty/rootfs-amd64 + - role: "py_from_git" + git_repo: "https://github.com/lxc/python2-lxc" + git_dest: "/opt/lxc_python2" + git_install_branch: "master" + post_tasks: + # THIS TASK IS ONLY BEING DONE BECAUSE THE TOX SHARED LXC LIB IS NOT USABLE ON A + # HOST MACHINE THAT MAY NOT HAVE ACCESS TO THE VENV. + - name: Ensure the lxc lib is on the host + command: /usr/local/bin/pip install /opt/lxc_python2 + # Inventory is being pre-loaded using a post tasks instead of through a dynamic + # inventory system. While this is not a usual method for deployment it's being + # done for functional testing. + - name: Create container hosts + add_host: + groups: "{{ item.groups }}" + hostname: "{{ item.name }}" + inventory_hostname: "{{ item.name }}" + ansible_ssh_host: "{{ item.address }}" + ansible_become: true + properties: + service_name: "{{ item.service }}" + container_networks: + management_address: + address: "{{ item.address }}" + bridge: "lxcbr0" + interface: "eth1" + netmask: "255.255.252.0" + type: "veth" + physical_host: localhost + container_name: "{{ item.name }}" + with_items: + - { name: "infra1", service: "infra1", address: "10.100.100.2", groups: "all,all_containers,rabbitmq_all,galera_all,service_all" } + - { name: "openstack1", service: "openstack1", address: "10.100.100.3", groups: "all,all_containers,keystone_all,neutron_agent,neutron_dhcp_agent,neutron_linuxbridge_agent,neutron_metering_agent,neutron_l3_agent,neutron_lbaas_agent,neutron_metadata_agent,neutron_server,neutron_all" } diff --git a/tests/test-prepare-keys.yml b/tests/test-prepare-keys.yml new file mode 100644 index 00000000..34871646 --- /dev/null +++ b/tests/test-prepare-keys.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create ssh key pairs for use with containers + hosts: 127.0.0.1 + connection: local + become: false + tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: get the calling users key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" diff --git a/tests/test.yml b/tests/test.yml index 50086e5d..24a8a68d 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -13,8 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Playbook for role testing - hosts: localhost - connection: local - roles: - - role: "{{ rolename | basename }}" +# Prepare the user ssh keys +- include: test-prepare-keys.yml + +# Prepare the host +- include: test-prepare-host.yml + +# Prepare the containers +- include: test-prepare-containers.yml + +# Install RabbitMQ/MariaDB +- include: test-install-infra.yml + +# Install Keystone +- include: test-install-keystone.yml + +# Install Neutron +- include: test-install-neutron.yml diff --git a/tox.ini b/tox.ini index c737d558..400d1d9c 100644 --- a/tox.ini +++ b/tox.ini @@ -16,6 +16,7 @@ whitelist_externals = git rm echo + curl setenv = VIRTUAL_ENV={envdir} ANSIBLE_HOST_KEY_CHECKING = False @@ -108,24 +109,20 @@ commands = [testenv:functional] commands = - echo -e "\n *******************************************************\n" \ - "**** Functional Testing is still to be implemented ****\n" \ - "**** TODO: Write tests here ****\n" \ - "*******************************************************\n" - # As a temporary measure, while functional testing is being worked on, we - # will not execute the functional test. This allows other patches to be - # worked on while the functional testing is being worked out. - #rm -rf {homedir}/.ansible - #git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ - # {homedir}/.ansible/plugins - #ansible-galaxy install \ - # --role-file={toxinidir}/tests/ansible-role-requirements.yml \ - # --ignore-errors \ - # --force - #ansible-playbook -i {toxinidir}/tests/inventory \ - # -e "rolename={toxinidir}" \ - # -vv \ - # {toxinidir}/tests/test.yml + rm -rf {homedir}/.ansible + git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ + {homedir}/.ansible/plugins + curl --create-dirs -o {homedir}/.ansible/vars/openstack_services.yml \ + https://git.openstack.org/cgit/openstack/openstack-ansible/plain/playbooks/defaults/repo_packages/openstack_services.yml + ansible-galaxy install \ + --role-file={toxinidir}/tests/ansible-role-requirements.yml \ + --ignore-errors \ + --force + ansible-playbook -i {toxinidir}/tests/inventory \ + -e "rolename={toxinidir}" \ + -e "@{homedir}/.ansible/vars/openstack_services.yml" \ + -vv \ + {toxinidir}/tests/test.yml [testenv:linters]