From e94e30da0aad4de8a58974edf1f28ebcd557cd83 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 3 Aug 2016 18:11:35 -0400 Subject: [PATCH] Add additional test coverage Currenlty, a large chunk of the playbook logic used to deploy and configure tempest is not covered in this role's testing. This patch copies os_nova's testing environment settings to deploy additional services. Change-Id: Ide4764609488b157a1540d1f8828d067faeafdb8 --- tests/ansible-role-requirements.yml | 28 +++++-- tests/group_vars/all_containers.yml | 15 +++- tests/host_vars/localhost.yml | 19 +++++ tests/host_vars/openstack1.yml | 19 +++++ tests/inventory | 93 +++++++++++++++++++++- tests/iptables-clear.sh | 26 ++++++ tests/test-install-glance.yml | 65 +++++++++++++++ tests/test-install-infra.yml | 2 + tests/test-install-keystone.yml | 21 ++++- tests/test-install-neutron.yml | 118 ++++++++++++++++++++++++++++ tests/test-install-nova.yml | 114 +++++++++++++++++++++++++++ tests/test-install-tempest.yml | 2 +- tests/test-nova-functional.yml | 28 +++++++ tests/test-prepare-containers.yml | 2 - tests/test-prepare-host.yml | 34 +++++++- tests/test-vars.yml | 107 +++++++++++++++++++++++-- tests/test.yml | 12 +++ 17 files changed, 679 insertions(+), 26 deletions(-) create mode 100644 tests/host_vars/localhost.yml create mode 100644 tests/host_vars/openstack1.yml create mode 100755 tests/iptables-clear.sh create mode 100644 tests/test-install-glance.yml create mode 100644 tests/test-install-neutron.yml create mode 100644 tests/test-install-nova.yml create mode 100644 tests/test-nova-functional.yml diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml index d01ecd38..1c05e6ca 100644 --- a/tests/ansible-role-requirements.yml +++ b/tests/ansible-role-requirements.yml @@ -6,6 +6,10 @@ src: https://git.openstack.org/openstack/openstack-ansible-pip_install scm: git version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master - name: memcached_server src: https://git.openstack.org/openstack/openstack-ansible-memcached_server scm: git @@ -18,19 +22,31 @@ src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create scm: git version: master -- name: galera_client - src: https://git.openstack.org/openstack/openstack-ansible-galera_client - scm: git - version: master - name: galera_server src: https://git.openstack.org/openstack/openstack-ansible-galera_server scm: git version: master -- name: os_keystone - src: https://git.openstack.org/openstack/openstack-ansible-os_keystone +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server scm: git version: master - name: openstack_openrc src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc scm: git version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: os_glance + src: https://git.openstack.org/openstack/openstack-ansible-os_glance + scm: git + version: master +- name: os_neutron + src: https://git.openstack.org/openstack/openstack-ansible-os_neutron + scm: git + version: master +- name: os_nova + src: https://git.openstack.org/openstack/openstack-ansible-os_nova + scm: git + version: master diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml index 4cc97942..91e703ec 100644 --- a/tests/group_vars/all_containers.yml +++ b/tests/group_vars/all_containers.yml @@ -18,9 +18,20 @@ container_name: "{{ inventory_hostname }}" container_networks: management_address: address: "{{ ansible_host }}" - bridge: "lxcbr0" + bridge: "br-mgmt" interface: "eth1" - netmask: "255.255.252.0" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + vlan_address: + bridge: "br-vlan" + interface: "eth3" + netmask: null type: "veth" physical_host: localhost properties: diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 00000000..ee6f899b --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:br-vlan" + network_vxlan_ranges: "1:1000" diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 00000000..c90918f0 --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth3" + network_vxlan_ranges: "1:1000" diff --git a/tests/inventory b/tests/inventory index 112f92a0..046804a8 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,15 +1,102 @@ [all] -localhost ansible_connection=local ansible_become=True -infra1 ansible_host=10.100.100.2 ansible_become=True ansible_user=root +localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1 +infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 +openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 [all_containers] infra1 +openstack1 + +[rabbitmq_all] +infra1 [galera_all] infra1 [service_all:children] +rabbitmq_all galera_all [keystone_all] -infra1 +openstack1 + +[glance_api] +openstack1 + +[glance_registry] +openstack1 + +[glance_all:children] +glance_api +glance_registry + +[neutron_agent] +openstack1 + +[neutron_dhcp_agent] +openstack1 + +[neutron_linuxbridge_agent] +openstack1 +localhost + +[neutron_openvswitch_agent] + +[neutron_metering_agent] +openstack1 + +[neutron_l3_agent] +openstack1 + +[neutron_lbaas_agent] +openstack1 + +[neutron_metadata_agent] +openstack1 + +[neutron_server] +openstack1 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_metadata_agent +neutron_server + +[nova_api_metadata] +openstack1 + +[nova_api_os_compute] +openstack1 + +[nova_cert] +openstack1 + +[nova_compute] +localhost + +[nova_conductor] +openstack1 + +[nova_console] +openstack1 + +[nova_scheduler] +openstack1 + +[nova_all:children] +nova_api_metadata +nova_api_os_compute +nova_cert +nova_compute +nova_conductor +nova_console +nova_scheduler + +[tempest] +openstack1 diff --git a/tests/iptables-clear.sh b/tests/iptables-clear.sh new file mode 100755 index 00000000..eb782c52 --- /dev/null +++ b/tests/iptables-clear.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT diff --git a/tests/test-install-glance.yml b/tests/test-install-glance.yml new file mode 100644 index 00000000..ac8899a3 --- /dev/null +++ b/tests/test-install-glance.yml @@ -0,0 +1,65 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying glance + hosts: glance_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ glance_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['glance_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ glance_rabbitmq_userid }}" + password: "{{ glance_rabbitmq_password }}" + vhost: "{{ glance_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['glance_all'][0] + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ glance_galera_database }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['glance_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ glance_galera_database }}" + password: "{{ glance_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ glance_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['glance_all'][0] + roles: + - role: "os_glance" + vars_files: + - test-vars.yml diff --git a/tests/test-install-infra.yml b/tests/test-install-infra.yml index 696c23b8..86e8625e 100644 --- a/tests/test-install-infra.yml +++ b/tests/test-install-infra.yml @@ -18,6 +18,8 @@ user: root gather_facts: true roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete - role: "galera_server" galera_root_password: secrete galera_root_user: root diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml index 49ff6d38..ef35b81b 100644 --- a/tests/test-install-keystone.yml +++ b/tests/test-install-keystone.yml @@ -18,6 +18,23 @@ user: root gather_facts: true pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] - name: Create DB for service mysql_db: login_user: "root" @@ -25,7 +42,7 @@ login_host: "localhost" name: "{{ keystone_galera_database }}" state: "present" - delegate_to: "10.100.100.2" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] - name: Grant access to the DB for the service mysql_user: @@ -40,7 +57,7 @@ with_items: - "localhost" - "%" - delegate_to: "10.100.100.2" + delegate_to: "10.100.102.101" when: inventory_hostname == groups['keystone_all'][0] roles: - role: os_keystone diff --git a/tests/test-install-neutron.yml b/tests/test-install-neutron.yml new file mode 100644 index 00000000..8750f74d --- /dev/null +++ b/tests/test-install-neutron.yml @@ -0,0 +1,118 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Make /lib/modules accessible on neutron_agent containers + hosts: neutron_agent + user: root + gather_facts: true + tasks: + - name: Use the unconfined aa profile + lxc_container: + name: "{{ container_name }}" + container_config: + - "lxc.aa_profile=unconfined" + delegate_to: "{{ physical_host }}" + - name: Neutron extra lxc config + lxc_container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules" + container_config: + - "lxc.cgroup.devices.allow=a *:* rmw" + - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" + delegate_to: "{{ physical_host }}" + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 + - name: Add iptables rule for communication w/ metadata agent + command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill + +- name: Deploy neutron + hosts: neutron_all + user: root + gather_facts: true + pre_tasks: + # NOTE: These are typically installed in the repo server where we build the + # neutron wheel + - name: Install packages required to build neutron python package + apt: + name: "{{ item }}" + with_items: + - libffi-dev + when: inventory_hostname in groups['neutron_all'] + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ neutron_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['neutron_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ neutron_rabbitmq_userid }}" + password: "{{ neutron_rabbitmq_password }}" + vhost: "{{ neutron_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['neutron_all'][0] + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ neutron_galera_database }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['neutron_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ neutron_galera_database }}" + password: "{{ neutron_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ neutron_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['neutron_all'][0] + - name: Check if this is an OpenStack-CI nodepool instance + stat: + path: /etc/nodepool/provider + register: nodepool + delegate_to: localhost + - name: Determine the existing Ubuntu repo URL (only on OpenStack-CI) + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo_url + changed_when: false + when: nodepool.stat.exists | bool + delegate_to: localhost + - name: Set Ubuntu Cloud Archive repo URL based on discovered information + set_fact: + uca_apt_repo_url: "{{ ubuntu_repo_url.stdout | netorigin }}/ubuntu-cloud-archive" + when: nodepool.stat.exists | bool + roles: + - role: "os_neutron" + vars_files: + - test-vars.yml diff --git a/tests/test-install-nova.yml b/tests/test-install-nova.yml new file mode 100644 index 00000000..9b99ccb5 --- /dev/null +++ b/tests/test-install-nova.yml @@ -0,0 +1,114 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying nova + hosts: nova_all + user: root + gather_facts: true + pre_tasks: + # NOTE: These are typically installed in the repo server where we build the + # nova wheel + - name: Install packages required to build nova python package + apt: + name: "{{ item }}" + with_items: + - libxml2-dev + - libxslt-dev + - libffi-dev + - pkg-config + - libvirt-dev + when: inventory_hostname in groups['nova_all'] + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ nova_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['nova_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ nova_rabbitmq_userid }}" + password: "{{ nova_rabbitmq_password }}" + vhost: "{{ nova_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['nova_all'][0] + - name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ nova_galera_address }}" + name: "{{ nova_galera_database }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['nova_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ nova_galera_address }}" + name: "{{ nova_galera_database }}" + password: "{{ nova_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ nova_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['nova_all'][0] + - name: Create API DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ nova_api_galera_address }}" + name: "{{ nova_api_galera_database }}" + state: "present" + when: inventory_hostname == groups['nova_all'][0] + - name: Grant access to the API DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ nova_api_galera_address }}" + name: "{{ nova_api_galera_user }}" + password: "{{ nova_api_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ nova_api_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + when: inventory_hostname == groups['nova_all'][0] + - name: Check if this is an OpenStack-CI nodepool instance + stat: + path: /etc/nodepool/provider + register: nodepool + delegate_to: localhost + - name: Determine the existing Ubuntu repo URL (only on OpenStack-CI) + shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list' + register: ubuntu_repo_url + changed_when: false + when: nodepool.stat.exists | bool + delegate_to: localhost + - name: Set Ubuntu Cloud Archive repo URL based on discovered information + set_fact: + uca_apt_repo_url: "{{ ubuntu_repo_url.stdout | netorigin }}/ubuntu-cloud-archive" + when: nodepool.stat.exists | bool + roles: + - role: "os_nova" + vars_files: + - test-vars.yml diff --git a/tests/test-install-tempest.yml b/tests/test-install-tempest.yml index 771b801b..3e0e428a 100644 --- a/tests/test-install-tempest.yml +++ b/tests/test-install-tempest.yml @@ -15,7 +15,7 @@ # limitations under the License. - name: Playbook for deploying tempest - hosts: infra1 + hosts: tempest user: root gather_facts: true roles: diff --git a/tests/test-nova-functional.yml b/tests/test-nova-functional.yml new file mode 100644 index 00000000..9a6711d5 --- /dev/null +++ b/tests/test-nova-functional.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for functional testing of nova + hosts: nova_api_os_compute + user: root + gather_facts: false + tasks: + - name: Run tempest + shell: | + . {{ tempest_venv_bin }}/activate + {{ tempest_venv_bin | dirname }}/run_tempest.sh --no-virtual-env ${RUN_TEMPEST_OPTS} tempest.scenario.test_server_basic_ops.TestServerBasicOps.test_server_basic_ops + environment: + RUN_TEMPEST_OPTS: "--serial" + vars_files: + - test-vars.yml diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml index cf46e8ab..f85472e4 100644 --- a/tests/test-prepare-containers.yml +++ b/tests/test-prepare-containers.yml @@ -15,11 +15,9 @@ - name: Playbook for creating containers hosts: all_containers - connection: local gather_facts: false roles: - role: "lxc_container_create" - lxc_container_release: trusty lxc_container_backing_store: dir global_environment_variables: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml index f8926411..dd1c1d28 100644 --- a/tests/test-prepare-host.yml +++ b/tests/test-prepare-host.yml @@ -13,9 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Playbook for configuring LXC host +- name: Playbook for configuring the LXC host hosts: localhost pre_tasks: + - name: Clear iptables rules + shell: ./iptables-clear.sh # Make sure OS does not have a stale package cache. - name: Update apt cache apt: @@ -37,10 +39,38 @@ lxc_container_cache_files: - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } when: nodepool.stat.exists | bool + post_tasks: + # The elegant solution: change the bridge everywhere to replicate the standard behaviour + - name: Register list of bridges + command: /sbin/brctl show + register: bridge_list + - name: Create br-mgmt bridge + command: /sbin/brctl addbr br-mgmt + when: + - not bridge_list.stdout | search("br-mgmt") + - name: IP br-mgmt + command: /sbin/ifconfig br-mgmt 10.100.102.1 netmask 255.255.255.0 + - name: Create br-vxlan bridge + command: /sbin/brctl addbr br-vxlan + when: + - not bridge_list.stdout | search("br-vxlan") + - name: IP br-vxlan + command: /sbin/ifconfig br-vxlan 10.100.101.1 netmask 255.255.255.0 + - name: Create br-vlan bridge + command: /sbin/brctl addbr br-vlan + when: + - not bridge_list.stdout | search("br-vlan") + - name: IP br-vlan + command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0 + - name: Add iptables rule to ensure ssh checksum is correct + command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill + - name: Add iptables rules for lxc natting + command: /usr/local/bin/lxc-system-manage iptables-create roles: - role: "lxc_hosts" lxc_net_address: 10.100.100.1 - lxc_net_dhcp_range: 10.100.100.8,10.100.100.253 + lxc_net_netmask: 255.255.255.0 + lxc_net_dhcp_range: 10.100.100.2,10.100.100.99 lxc_net_bridge: lxcbr0 lxc_kernel_options: - { key: 'fs.inotify.max_user_instances', value: 1024 } diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 8ee71536..15d2df07 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -13,18 +13,45 @@ # See the License for the specific language governing permissions and # limitations under the License. -external_lb_vip_address: 10.100.100.2 +cinder_backends_rbd_inuse: false +cinder_ceph_client: cinder +debug: true +external_lb_vip_address: 10.100.102.102 galera_client_drop_config_file: false -internal_lb_vip_address: 10.100.100.2 +galera_root_user: root +galera_root_password: secrete +glance_container_mysql_password: "SuperSecrete" +glance_developer_mode: true +glance_galera_address: 10.100.102.101 +glance_galera_database: glance +glance_git_install_branch: master +glance_host: "{{ internal_lb_vip_address }}" +glance_profiler_hmac_key: "secrete" +glance_rabbitmq_port: "{{ rabbitmq_port }}" +glance_rabbitmq_servers: "{{ rabbitmq_servers }}" +glance_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +glance_rabbitmq_password: "secrete" +glance_rabbitmq_userid: glance +glance_rabbitmq_vhost: /glance +glance_requirements_git_install_branch: master +glance_service_password: "secrete" +glance_service_port: 9292 +glance_venv_tag: "testing" +internal_lb_vip_address: 10.100.102.102 keystone_admin_tenant_name: admin keystone_admin_user_name: admin -keystone_auth_admin_password: "SuperSecretePassword" +keystone_auth_admin_password: SuperSecretePassword keystone_container_mysql_password: "SuperSecrete" keystone_developer_mode: true -keystone_galera_address: 10.100.100.2 +keystone_galera_address: 10.100.102.101 keystone_galera_database: keystone keystone_git_install_branch: master -keystone_messaging_enabled: false +keystone_rabbitmq_password: "secrete" +keystone_rabbitmq_port: "{{ rabbitmq_port }}" +keystone_rabbitmq_servers: "{{ rabbitmq_servers }}" +keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +keystone_rabbitmq_userid: keystone +keystone_rabbitmq_vhost: /keystone keystone_requirements_git_install_branch: master keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" keystone_service_adminuri_insecure: false @@ -33,10 +60,74 @@ keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" keystone_service_internaluri_insecure: false keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" keystone_service_password: "secrete" +keystone_service_region: RegionOne keystone_venv_tag: "testing" +lxd_trust_password: "SuperSecrete" +memcached_encryption_key: "secrete" +memcached_servers: 127.0.0.1 +neutron_container_mysql_password: SuperSecrete +neutron_developer_mode: true +neutron_galera_address: 10.100.102.101 +neutron_galera_database: neutron +neutron_git_install_branch: master +neutron_ha_vrrp_auth_password: secrete +neutron_management_address: "{{ internal_lb_vip_address }}" +neutron_rabbitmq_port: "{{ rabbitmq_port }}" +neutron_rabbitmq_servers: "{{ rabbitmq_servers }}" +neutron_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +neutron_rabbitmq_password: secrete +neutron_rabbitmq_userid: neutron +neutron_rabbitmq_vhost: /neutron +neutron_requirements_git_install_branch: master +neutron_service_adminurl: http://{{ internal_lb_vip_address }}:9696 +neutron_service_password: "secrete" +neutron_service_project_name: service +neutron_service_region: RegionOne +neutron_service_user_name: neutron +neutron_venv_tag: testing +nova_api_container_mysql_password: "SuperSecrete" +nova_api_galera_address: 10.100.102.101 +nova_api_galera_database: nova_api +nova_api_galera_user: nova_api +nova_container_mysql_password: "SuperSecrete" +nova_developer_mode: true +nova_galera_address: 10.100.102.101 +nova_galera_database: nova +nova_git_install_branch: master +nova_glance_api_servers: "http://{{ glance_host }}:{{ glance_service_port }}" +nova_keystone_auth_plugin: password +nova_management_address: "10.100.102.1" +nova_metadata_port: 8775 +nova_metadata_proxy_secret: "secrete" +nova_novncproxy_vncserver_listen: localhost +nova_novncproxy_vncserver_proxyclient_address: localhost +nova_rabbitmq_port: "{{ rabbitmq_port }}" +nova_rabbitmq_servers: "{{ rabbitmq_servers }}" +nova_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +nova_rabbitmq_password: "secrete" +nova_rabbitmq_userid: nova +nova_rabbitmq_vhost: /nova +nova_requirements_git_install_branch: master +nova_service_adminurl: "http://{{ internal_lb_vip_address }}:8774" +nova_service_password: "secrete" +nova_service_project_domain_id: default +nova_service_project_name: service +nova_service_region: RegionOne +nova_service_user_domain_id: default +nova_service_user_name: nova +nova_bin: "/openstack/venvs/nova-{{ nova_venv_tag }}/bin" +nova_venv_tag: "testing" openrc_os_auth_url: "http://127.0.0.1:5000/v3" openrc_os_domain_name: "Default" openrc_os_password: "{{ keystone_auth_admin_password }}" +# This ensures that libvirt-python is built from source. A pre-built wheel +# can be missing libvirt capabilities from the installed version of +# libvirt-bin, leading to nova-compute failing to start. +# TODO(jmccrory) Revisit this at some point +pip_install_options: "--no-binary libvirt-python" +rabbitmq_port: 5672 +rabbitmq_servers: 10.100.102.101 +rabbitmq_use_ssl: False tempest_developer_mode: True tempest_git_install_branch: master tempest_venv_tag: "{{ tempest_git_install_branch }}" @@ -48,11 +139,11 @@ tempest_main_group: keystone_all tempest_service_available_aodh: False tempest_service_available_ceilometer: False tempest_service_available_cinder: False -tempest_service_available_glance: False +tempest_service_available_glance: True tempest_service_available_heat: False tempest_service_available_horizon: False -tempest_service_available_neutron: False -tempest_service_available_nova: False +tempest_service_available_neutron: True +tempest_service_available_nova: True tempest_service_available_swift: False tempest_service_available_zaqar: False tempest_plugins: diff --git a/tests/test.yml b/tests/test.yml index c813e59c..e48b2e37 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -28,8 +28,20 @@ # Install Keystone - include: test-install-keystone.yml +# Install Glance +- include: test-install-glance.yml + +# Install Neutron +- include: test-install-neutron.yml + +# Install Nova +- include: test-install-nova.yml + # Install Tempest - include: test-install-tempest.yml # Test Tempest - include: test-tempest-functional.yml + +# Test Nova +- include: test-nova-functional.yml