From f12ecd2e8346f19c712f10c8e433139f758a0a4d Mon Sep 17 00:00:00 2001 From: Donovan Francesco Date: Fri, 26 Aug 2016 11:32:15 +0200 Subject: [PATCH] Add scaffolding for OpenStack-CI tests Change-Id: I768a5ece1417933248c76fe7e269b9248d0baed1 --- .gitignore | 66 ++++++++++ .gitreview | 4 + CHANGELOG | 9 +- CONTRIBUTING.rst | 100 ++++++++++++++- Vagrantfile | 23 ++++ bindep.txt | 38 ++++++ defaults/main.yml | 11 +- doc/source/index.rst | 29 ++++- examples/playbook.yml | 5 + library/config_template | 66 ++++++++++ meta/main.yml | 8 +- run_tests.sh | 55 +++++++++ setup.cfg | 8 +- tasks/trove_install.yml | 2 +- tasks/trove_post_install.yml | 10 +- tasks/trove_pre_install.yml | 4 +- test-requirements.txt | 15 +++ tests/ansible-role-requirements.yml | 40 ++++++ tests/group_vars/all_containers.yml | 27 ++++ tests/inventory | 35 ++++++ tests/iptables-clear.sh | 26 ++++ tests/test-install-infra.yml | 31 +++++ tests/test-install-keystone.yml | 65 ++++++++++ tests/test-install-trove.yml | 81 ++++++++++++ tests/test-nova-interfaces.cfg.j2 | 10 ++ tests/test-prepare-containers.yml | 31 +++++ tests/test-prepare-host.yml | 89 ++++++++++++++ tests/test-prepare-keys.yml | 33 +++++ tests/test-vars.yml | 78 ++++++++++++ tests/test.yml | 35 ++++++ tox.ini | 183 ++++++++++++++++++++++++++++ vars/ubuntu-14.04.yml | 1 - vars/ubuntu-16.04.yml | 1 - 33 files changed, 1198 insertions(+), 21 deletions(-) create mode 100755 .gitignore create mode 100755 .gitreview create mode 100755 Vagrantfile create mode 100755 bindep.txt create mode 100755 examples/playbook.yml create mode 100755 library/config_template create mode 100755 run_tests.sh create mode 100755 test-requirements.txt create mode 100644 tests/ansible-role-requirements.yml create mode 100644 tests/group_vars/all_containers.yml create mode 100644 tests/inventory create mode 100755 tests/iptables-clear.sh create mode 100644 tests/test-install-infra.yml create mode 100644 tests/test-install-keystone.yml create mode 100644 tests/test-install-trove.yml create mode 100644 tests/test-nova-interfaces.cfg.j2 create mode 100644 tests/test-prepare-containers.yml create mode 100644 tests/test-prepare-host.yml create mode 100644 tests/test-prepare-keys.yml create mode 100644 tests/test-vars.yml create mode 100644 tests/test.yml create mode 100755 tox.ini diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..ca2ac14 --- /dev/null +++ b/.gitignore @@ -0,0 +1,66 @@ +# Compiled source # +################### +*.com +*.class +*.dll +*.exe +*.o +*.so +*.pyc +build/ +dist/ +doc/build/ + +# Packages # +############ +# it's better to unpack these files and commit the raw source +# git has its own built in compression methods +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# Logs and databases # +###################### +*.log +*.sql +*.sqlite + +# OS generated files # +###################### +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +.idea +.tox +*.sublime* +*.egg-info +Icon? +ehthumbs.db +Thumbs.db +.eggs + +# User driven backup files # +############################ +*.bak +*.swp + +# Generated by pbr while building docs +###################################### +AUTHORS +ChangeLog + +# Files created by releasenotes build +releasenotes/build + +# Test temp files +tests/plugins + +# Vagrant testing artifacts +.vagrant diff --git a/.gitreview b/.gitreview new file mode 100755 index 0000000..f856c04 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=openstack/openstack-ansible-os_trove.git diff --git a/CHANGELOG b/CHANGELOG index 505d21d..8a20168 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1 +1,8 @@ -# CHANGELOG \ No newline at end of file +CHANGES +======= + +* Add scaffolding for OpenStack-CI tests +* Adding trove_extra_service_names and creating database on galera +* Updates +* Update +* Initial Commit diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 194039b..b15bccc 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -1,4 +1,98 @@ -# Authors +OpenStack-Ansible Trove +######################### -Donovan Francesco -Paul Stevens \ No newline at end of file +Contributor Guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net +/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, +following the workflow documented at: +"http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without +regard. + + +Extra +----- + +Tags: If it's a bug that needs fixing in a branch in addition to Master, add a + '\-backport-potential' tag (eg ``juno-backport-potential``). + There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please + set to High, and only use Critical if you have found a bug that can take + down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create them +using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals +and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following +criteria are met: + * The description clearly states or describes the original problem or root + cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, + add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External + access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/Vagrantfile b/Vagrantfile new file mode 100755 index 0000000..f5db13f --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,23 @@ +Vagrant.configure(2) do |config| + config.vm.provider "virtualbox" do |v| + v.memory = 2048 + v.cpus = 2 + end + config.vm.define "ubuntu1404" do |trusty| + trusty.vm.box = "ubuntu/trusty64" + trusty.vm.provision "shell", inline: <<-SHELL + sudo su - + cd /vagrant + ./run_tests.sh + SHELL + end + + config.vm.define "ubuntu1604" do |xenial| + xenial.vm.box = "ubuntu/xenial64" + xenial.vm.provision "shell", inline: <<-SHELL + sudo su - + cd /vagrant + ./run_tests.sh + SHELL + end +end diff --git a/bindep.txt b/bindep.txt new file mode 100755 index 0000000..931e963 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,38 @@ +# This file facilitates OpenStack-CI package installation +# before the execution of any tests. +# +# See the following for details: +# - http://docs.openstack.org/infra/bindep/ +# - https://github.com/openstack-infra/bindep +# +# Even if the role does not make use of this facility, it +# is better to have this file empty, otherwise OpenStack-CI +# will fall back to installing its default packages which +# will potentially be detrimental to the tests executed. + +# Base requirements for Ubuntu +build-essential [platform:dpkg] +git-core [platform:dpkg] +libssl-dev [platform:dpkg] +libffi-dev [platform:dpkg] +python2.7 [platform:dpkg] +python-dev [platform:dpkg] + +# Base requirements for CentOS +gcc [platform:rpm] +gcc-c++ [platform:rpm] +git [platform:rpm] +python-devel [platform:rpm] +libffi-devel [platform:rpm] +openssl-devel [platform:rpm] + +# For SELinux +libselinux-python [platform:rpm] + +# For SSL SNI support +python-pyasn1 [platform:dpkg] +python-openssl [platform:dpkg] +python-ndg-httpsclient [platform:ubuntu !platform:ubuntu-trusty] +python2-pyasn1 [platform:rpm] +pyOpenSSL [platform:rpm] +python-ndg_httpsclient [platform:rpm] diff --git a/defaults/main.yml b/defaults/main.yml index fafd68e..6b0130e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -46,11 +46,6 @@ trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_ trove_service_adminuri_proto: http trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_bind_port }}" -trove_config_overrides: {} -trove_api_paste_ini_overrides: {} -trove_conductor_config_overrides: {} -trove_taskmanager_config_overrides: {} - # Name of the virtual env to deploy into trove_venv_tag: untagged trove_bin: "/openstack/venvs/trove-{{ trove_venv_tag }}/bin" @@ -133,3 +128,9 @@ trove_pip_packages: # pip packages required by this role. The value is picked up # by the py_pkgs lookup. trove_role_project_group: trove_all + +## Tunable overrides +trove_config_overrides: {} +trove_api_paste_ini_overrides: {} +trove_conductor_config_overrides: {} +trove_taskmanager_config_overrides: {} diff --git a/doc/source/index.rst b/doc/source/index.rst index a6210d3..53948cb 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1 +1,28 @@ -.. include:: ../../README.rst +======================= +OpenStack-Ansible Trove +======================= + +This Ansible role installs Trove. + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../defaults/main.yml + :language: yaml + :start-after: under the License. + +Required variables +~~~~~~~~~~~~~~~~~~ + +None. + +Dependencies +~~~~~~~~~~~~ + +None. + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/playbook.yml + :language: yaml diff --git a/examples/playbook.yml b/examples/playbook.yml new file mode 100755 index 0000000..16b50df --- /dev/null +++ b/examples/playbook.yml @@ -0,0 +1,5 @@ +- name: Install trove + hosts: all + user: root + roles: + - role: "openstack-ansible-os_trove" diff --git a/library/config_template b/library/config_template new file mode 100755 index 0000000..0a4bc31 --- /dev/null +++ b/library/config_template @@ -0,0 +1,66 @@ +# this is a virtual module that is entirely implemented server side + +DOCUMENTATION = """ +--- +module: config_template +version_added: 1.9.2 +short_description: Renders template files providing a create/update override interface +description: + - The module contains the template functionality with the ability to override items + in config, in transit, though the use of an simple dictionary without having to + write out various temp files on target machines. The module renders all of the + potential jinja a user could provide in both the template file and in the override + dictionary which is ideal for deployers whom may have lots of different configs + using a similar code base. + - The module is an extension of the **copy** module and all of attributes that can be + set there are available to be set here. +options: + src: + description: + - Path of a Jinja2 formatted template on the local server. This can be a relative + or absolute path. + required: true + default: null + dest: + description: + - Location to render the template to on the remote machine. + required: true + default: null + config_overrides: + description: + - A dictionary used to update or override items within a configuration template. + The dictionary data structure may be nested. If the target config file is an ini + file the nested keys in the ``config_overrides`` will be used as section + headers. + config_type: + description: + - A string value describing the target config type. + choices: + - ini + - json + - yaml +author: Kevin Carter +""" + +EXAMPLES = """ + - name: run config template ini + config_template: + src: templates/test.ini.j2 + dest: /tmp/test.ini + config_overrides: {} + config_type: ini + + - name: run config template json + config_template: + src: templates/test.json.j2 + dest: /tmp/test.json + config_overrides: {} + config_type: json + + - name: run config template yaml + config_template: + src: templates/test.yaml.j2 + dest: /tmp/test.yaml + config_overrides: {} + config_type: yaml +""" diff --git a/meta/main.yml b/meta/main.yml index 20c6531..9e288df 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -17,4 +17,10 @@ galaxy_info: - python - trove -dependencies: [] +dependencies: + - pip_install + - role: apt_package_pinning + when: + - ansible_pkg_mgr == 'apt' + - galera_client + - openstack_openrc diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..0a49aa3 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euov + +FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true} + +# Install pip +if [ ! "$(which pip)" ]; then + curl --silent --show-error --retry 5 \ + https://bootstrap.pypa.io/get-pip.py | sudo python2.7 +fi + +# Install bindep and tox +pip install bindep tox + +# CentOS 7 requires two additional packages: +# redhat-lsb-core - for bindep profile support +# epel-release - required to install python-ndg_httpsclient/python2-pyasn1 +if [ "$(which yum)" ]; then + yum -y install redhat-lsb-core epel-release +fi + +# Install OS packages using bindep +if apt-get -v >/dev/null 2>&1 ; then + apt-get update + DEBIAN_FRONTEND=noninteractive \ + apt-get -q --option "Dpkg::Options::=--force-confold" \ + --assume-yes install `bindep -b -f bindep.txt test` +else + yum install -y `bindep -b -f bindep.txt test` +fi + +# run through each tox env and execute the test +for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do + if [ "${tox_env}" != "ansible-functional" ]; then + tox -e ${tox_env} + elif [ "${tox_env}" == "ansible-functional" ]; then + if ${FUNCTIONAL_TEST}; then + tox -e ${tox_env} + fi + fi +done diff --git a/setup.cfg b/setup.cfg index 9bd68d0..fdbdac6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,11 +1,11 @@ [metadata] name = openstack-ansible-os_trove -summary = Trove for OpenStack Ansible +summary = os_trove role for OpenStack-Ansible description-file = README.rst -author = IS Open Cloud -author-email = is.cloud.infrastructure.opencloud@is.co.za -home-page = http://www.is.co.za/ +author = OpenStack +author-email = openstack-dev@lists.openstack.org +home-page = http://docs.openstack.org/developer/openstack-ansible-os_trove classifier = Intended Audience :: Developers Intended Audience :: System Administrators diff --git a/tasks/trove_install.yml b/tasks/trove_install.yml index bd519ad..62e874b 100644 --- a/tasks/trove_install.yml +++ b/tasks/trove_install.yml @@ -51,7 +51,7 @@ - name: Install required pip packages pip: - name: "{{ trove_required_pip_packages | join(' ') }}" + name: "{{ trove_requires_pip_packages | join(' ') }}" state: latest extra_args: "{{ pip_install_options_fact }}" register: install_packages diff --git a/tasks/trove_post_install.yml b/tasks/trove_post_install.yml index 7a7e95d..14202ca 100644 --- a/tasks/trove_post_install.yml +++ b/tasks/trove_post_install.yml @@ -29,7 +29,15 @@ config_type: "ini" - src: "trove.conf.j2" dest: "/etc/trove/trove.conf" - config_overrides: "{{ trove_conf_overrides }}" + config_overrides: "{{ trove_config_overrides }}" + config_type: "ini" + - src: "trove-conductor.conf.j2" + dest: "/etc/trove/trove-conductor.conf" + config_overrides: "{{ trove_conductor_config_overrides }}" + config_type: "ini" + - src: "trove-taskmanager.conf.j2" + dest: "/etc/trove/trove-taskmanager.conf" + config_overrides: "{{ trove_taskmanager_config_overrides }}" config_type: "ini" notify: - Restart Apache diff --git a/tasks/trove_pre_install.yml b/tasks/trove_pre_install.yml index 63cf537..7901d7f 100644 --- a/tasks/trove_pre_install.yml +++ b/tasks/trove_pre_install.yml @@ -23,8 +23,8 @@ user: name: "{{ trove_system_user_name }}" group: "{{ trove_system_group_name }}" - comment: "{{ trove_system_comment }}" - shell: "{{ trove_system_shell }}" + comment: "{{ trove_system_user_comment }}" + shell: "{{ trove_system_user_shell }}" system: "yes" createhome: "yes" home: "{{ trove_system_user_home }}" diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100755 index 0000000..8fdd8d8 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,15 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +bashate>=0.2 # Apache-2.0 +flake8<2.6.0,>=2.5.4 # MIT +pyasn1 # BSD +pyOpenSSL>=0.14 # Apache-2.0 +requests>=2.10.0 # Apache-2.0 +ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD + +# this is required for the docs build jobs +sphinx!=1.3b1,<1.3,>=1.2.1 # BSD +oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +doc8 # Apache-2.0 +reno>=1.8.0 # Apache2 diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml new file mode 100644 index 0000000..e4a6a08 --- /dev/null +++ b/tests/ansible-role-requirements.yml @@ -0,0 +1,40 @@ +- name: apt_package_pinning + src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning + scm: git + version: master +- name: pip_install + src: https://git.openstack.org/openstack/openstack-ansible-pip_install + scm: git + version: master +- name: memcached_server + src: https://git.openstack.org/openstack/openstack-ansible-memcached_server + scm: git + version: master +- name: lxc_hosts + src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts + scm: git + version: master +- name: lxc_container_create + src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create + scm: git + version: master +- name: galera_client + src: https://git.openstack.org/openstack/openstack-ansible-galera_client + scm: git + version: master +- name: galera_server + src: https://git.openstack.org/openstack/openstack-ansible-galera_server + scm: git + version: master +- name: rabbitmq_server + src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server + scm: git + version: master +- name: os_keystone + src: https://git.openstack.org/openstack/openstack-ansible-os_keystone + scm: git + version: master +- name: openstack_openrc + src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc + scm: git + version: master diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml new file mode 100644 index 0000000..f0eec6b --- /dev/null +++ b/tests/group_vars/all_containers.yml @@ -0,0 +1,27 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ansible_ssh_host: "{{ ansible_host }}" +container_name: "{{ inventory_hostname }}" +container_networks: + management_address: + address: "{{ ansible_host }}" + bridge: "br-mgmt" + interface: "eth1" + netmask: "255.255.255.0" + type: "veth" +physical_host: localhost +properties: + service_name: "{{ inventory_hostname }}" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..38fe1d8 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,35 @@ +[all] +localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1 +infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 +openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 + +[all_containers] +infra1 +openstack1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all + +[keystone_all] +openstack1 + +[trove_api] +openstack1 + +[trove_conductor] +openstack1 + +[trove_taskmanager] +openstack1 + +[trove_all:children] +trove_api +trove_conductor +trove_taskmanager diff --git a/tests/iptables-clear.sh b/tests/iptables-clear.sh new file mode 100755 index 0000000..eb782c5 --- /dev/null +++ b/tests/iptables-clear.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT diff --git a/tests/test-install-infra.yml b/tests/test-install-infra.yml new file mode 100644 index 0000000..11b7cad --- /dev/null +++ b/tests/test-install-infra.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying infra services + hosts: service_all + user: root + gather_facts: true + roles: + - role: "rabbitmq_server" + rabbitmq_cookie_token: secrete + - role: "galera_server" + galera_root_password: secrete + galera_root_user: root + galera_innodb_buffer_pool_size: 512M + galera_innodb_log_buffer_size: 32M + galera_wsrep_node_name: "{{ inventory_hostname }}" + galera_wsrep_provider_options: + - { option: "gcache.size", value: "32M" } + galera_server_id: "{{ inventory_hostname | string_2_int }}" diff --git a/tests/test-install-keystone.yml b/tests/test-install-keystone.yml new file mode 100644 index 0000000..ef35b81 --- /dev/null +++ b/tests/test-install-keystone.yml @@ -0,0 +1,65 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying keystone + hosts: keystone_all + user: root + gather_facts: true + pre_tasks: + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ keystone_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ keystone_rabbitmq_userid }}" + password: "{{ keystone_rabbitmq_password }}" + vhost: "{{ keystone_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Create DB for service + mysql_db: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "root" + login_password: "secrete" + login_host: "localhost" + name: "{{ keystone_galera_database }}" + password: "{{ keystone_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ keystone_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['keystone_all'][0] + roles: + - role: os_keystone + vars_files: + - test-vars.yml diff --git a/tests/test-install-trove.yml b/tests/test-install-trove.yml new file mode 100644 index 0000000..42fb006 --- /dev/null +++ b/tests/test-install-trove.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +- name: Playbook for deploying trove + hosts: trove_all + user: root + gather_facts: true + pre_tasks: + # NOTE: These are typically installed in the repo server where we build the + # trove wheel + - name: Install packages required to build trove python package + apt: + name: "{{ item }}" + with_items: + - libxml2-dev + - libxslt-dev + - libffi-dev + - pkg-config + - libvirt-dev + when: inventory_hostname in groups['trove_all'] + - name: Ensure rabbitmq vhost + rabbitmq_vhost: + name: "{{ trove_rabbitmq_vhost }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['trove_all'][0] + - name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ trove_rabbitmq_userid }}" + password: "{{ trove_rabbitmq_password }}" + vhost: "{{ trove_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['trove_all'][0] + - name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ trove_galera_address }}" + name: "{{ trove_galera_database }}" + state: "present" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['trove_all'][0] + - name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ trove_galera_address }}" + name: "{{ trove_galera_database }}" + password: "{{ trove_galera_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ trove_galera_database }}.*:ALL" + with_items: + - "localhost" + - "%" + delegate_to: "10.100.102.101" + when: inventory_hostname == groups['trove_all'][0] + + roles: + - role: "{{ rolename | basename }}" + vars_files: + - test-vars.yml diff --git a/tests/test-nova-interfaces.cfg.j2 b/tests/test-nova-interfaces.cfg.j2 new file mode 100644 index 0000000..8ccac27 --- /dev/null +++ b/tests/test-nova-interfaces.cfg.j2 @@ -0,0 +1,10 @@ +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + # Notice the bridge port is the vlan tagged interface + bridge_ports none + address 10.100.102.1 + netmask 255.255.255.0 + offload-sg off diff --git a/tests/test-prepare-containers.yml b/tests/test-prepare-containers.yml new file mode 100644 index 0000000..f85472e --- /dev/null +++ b/tests/test-prepare-containers.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for creating containers + hosts: all_containers + gather_facts: false + roles: + - role: "lxc_container_create" + lxc_container_backing_store: dir + global_environment_variables: + PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + post_tasks: + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml new file mode 100644 index 0000000..70249fa --- /dev/null +++ b/tests/test-prepare-host.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for configuring the LXC host + hosts: localhost + pre_tasks: + - name: Clear iptables rules + shell: "{{ playbook_dir }}/iptables-clear.sh" + # Make sure OS does not have a stale package cache. + - name: Update apt cache + apt: + update_cache: yes + when: ansible_os_family == 'Debian' + - name: Ensure root's new public ssh key is in authorized_keys + authorized_key: + user: root + key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" + manage_dir: no + - set_fact: + lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" + - name: Check if this is an OpenStack-CI nodepool instance + stat: + path: /etc/nodepool/provider + register: nodepool + - name: Set the files to copy into the container cache for OpenStack-CI instances + set_fact: + lxc_container_cache_files: + - { src: '/etc/pip.conf', dest: '/etc/pip.conf' } + when: nodepool.stat.exists | bool + post_tasks: + - name: Ensure that /etc/network/interfaces.d/ exists + file: + path: /etc/network/interfaces.d/ + state: directory + tags: + - networking-dir-create + + - name: Copy network configuration + template: + src: test-nova-interfaces.cfg.j2 + dest: /etc/network/interfaces.d/nova_interfaces.cfg + register: nova_interfaces + tags: + - networking-interfaces-file + + - name: Ensure our interfaces.d configuration files are loaded automatically + lineinfile: + dest: /etc/network/interfaces + line: "source /etc/network/interfaces.d/*.cfg" + tags: + - networking-interfaces-load + + - name: Shut down the network interfaces + command: "ifdown {{ item }}" + when: nova_interfaces | changed + with_items: + - br-mgmt + tags: + - networking-interfaces-stop + + - name: Start the network interfaces + command: "ifup {{ item }}" + when: nova_interfaces | changed + with_items: + - br-mgmt + tags: + - networking-interfaces-start + - name: Add iptables rules for lxc natting + command: /usr/local/bin/lxc-system-manage iptables-create + roles: + - role: "lxc_hosts" + lxc_net_address: 10.100.100.1 + lxc_net_netmask: 255.255.255.0 + lxc_net_dhcp_range: 10.100.100.2,10.100.100.99 + lxc_net_bridge: lxcbr0 + lxc_kernel_options: + - { key: 'fs.inotify.max_user_instances', value: 1024 } diff --git a/tests/test-prepare-keys.yml b/tests/test-prepare-keys.yml new file mode 100644 index 0000000..a4fad4f --- /dev/null +++ b/tests/test-prepare-keys.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: we use become_user because setting become: no or become: false +# doesn't seem to override the ansible_become=true in the +# inventory +- name: Playbook for establishing ssh keys + hosts: localhost + become_user: "{{ ansible_ssh_user }}" + pre_tasks: + - name: Create ssh key pair for root + user: + name: "{{ ansible_ssh_user }}" + generate_ssh_key: "yes" + ssh_key_bits: 2048 + ssh_key_file: ".ssh/id_rsa" + - name: Get the calling user's key + command: cat ~/.ssh/id_rsa.pub + register: key_get + - set_fact: + lxc_container_ssh_key: "{{ key_get.stdout }}" diff --git a/tests/test-vars.yml b/tests/test-vars.yml new file mode 100644 index 0000000..13c618b --- /dev/null +++ b/tests/test-vars.yml @@ -0,0 +1,78 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +debug: true +external_lb_vip_address: 10.100.102.102 +galera_client_drop_config_file: false +galera_root_user: root +galera_root_password: secrete +internal_lb_vip_address: 10.100.102.102 +keystone_admin_tenant_name: admin +keystone_admin_user_name: admin +keystone_auth_admin_password: SuperSecretePassword +keystone_container_mysql_password: "SuperSecrete" +keystone_developer_mode: true +keystone_galera_address: 10.100.102.101 +keystone_galera_database: keystone +keystone_git_install_branch: master +keystone_rabbitmq_password: "secrete" +keystone_rabbitmq_port: "{{ rabbitmq_port }}" +keystone_rabbitmq_servers: "{{ rabbitmq_servers }}" +keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +keystone_rabbitmq_userid: keystone +keystone_rabbitmq_vhost: /keystone +keystone_requirements_git_install_branch: master +keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357" +keystone_service_adminuri_insecure: false +keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" +keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000" +keystone_service_internaluri_insecure: false +keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3" +keystone_service_password: "secrete" +keystone_service_region: RegionOne +keystone_venv_tag: "testing" +memcached_encryption_key: "secrete" +memcached_servers: 127.0.0.1 +trove_developer_mode: True +trove_galera_address: 10.100.102.101 +trove_galera_database: trove +trove_galera_user: trove +trove_galera_password: "secrete" +trove_rabbitmq_port: "{{ rabbitmq_port }}" +trove_rabbitmq_servers: "{{ rabbitmq_servers }}" +trove_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}" +trove_rabbitmq_password: "secrete" +trove_rabbitmq_userid: trove +trove_rabbitmq_vhost: /trove +trove_requirements_git_install_branch: master +trove_service_adminurl: "http://{{ internal_lb_vip_address }}:8779" +trove_service_password: "secrete" +trove_service_project_domain_id: default +trove_service_project_name: service +trove_service_region: RegionOne +trove_service_user_domain_id: default +trove_service_user_name: trove +trove_bin: "/openstack/venvs/trove-{{ trove_venv_tag }}/bin" +trove_venv_tag: "testing" +openrc_os_auth_url: "http://127.0.0.1:5000/v3" +openrc_os_domain_name: "Default" +openrc_os_password: "{{ keystone_auth_admin_password }}" + +rabbitmq_port: 5672 +rabbitmq_servers: 10.100.102.101 +rabbitmq_use_ssl: False diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..27de466 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,35 @@ +--- +# Copyright 2016 Internet Solutions (Pty) Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# (c) 2016 Donovan Francesco +# (c) 2016 Paul Stevens + +# Prepare the user ssh keys +- include: test-prepare-keys.yml + +# Prepare the host +- include: test-prepare-host.yml + +# Prepare the containers +- include: test-prepare-containers.yml + +# Install RabbitMQ/MariaDB +- include: test-install-infra.yml + +# Install keystone +- include: test-install-keystone.yml + +# Install trove +- include: test-install-trove.yml diff --git a/tox.ini b/tox.ini new file mode 100755 index 0000000..ff174f8 --- /dev/null +++ b/tox.ini @@ -0,0 +1,183 @@ +[tox] +minversion = 2.0 +skipsdist = True +envlist = docs,linters,functional + + +[testenv] +usedevelop = True +install_command = + pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} +deps = + -r{toxinidir}/test-requirements.txt +commands = + /usr/bin/find . -type f -name "*.pyc" -delete +passenv = + HOME + http_proxy + HTTP_PROXY + https_proxy + HTTPS_PROXY + no_proxy + NO_PROXY +whitelist_externals = + bash + echo + git + rm + wget +setenv = + VIRTUAL_ENV={envdir} + + +[testenv:docs] +commands= + bash -c "rm -rf doc/build" + doc8 doc + python setup.py build_sphinx + + +[doc8] +# Settings for doc8: +extensions = .rst + + +[testenv:releasenotes] +commands = + sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html + + +# environment used by the -infra templated docs job +[testenv:venv] +commands = + {posargs} + + +[testenv:pep8] +commands = + # Run hacking/flake8 check for all python files + bash -c "grep --recursive --binary-files=without-match \ + --files-with-match '^.!.*python$' \ + --exclude-dir .eggs \ + --exclude-dir .git \ + --exclude-dir .tox \ + --exclude-dir *.egg-info \ + --exclude-dir doc \ + {toxinidir} | xargs flake8 --verbose" + + +[flake8] +# Ignores the following rules due to how ansible modules work in general +# F403 'from ansible.module_utils.basic import *' used; +# unable to detect undefined names +# H303 No wildcard (*) import. +ignore=F403,H303 + + +[testenv:bashate] +commands = + # Run bashate check for all bash scripts + # Ignores the following rules: + # E003: Indent not multiple of 4 (we prefer to use multiples of 2) + # E006: Line longer than 79 columns (as many scripts use jinja + # templating, this is very difficult) + # E040: Syntax error determined using `bash -n` (as many scripts + # use jinja templating, this will often fail and the syntax + # error will be discovered in execution anyway) + bash -c "grep --recursive --binary-files=without-match \ + --files-with-match '^.!.*\(ba\)\?sh$' \ + --exclude-dir .tox \ + --exclude-dir .git \ + {toxinidir} | xargs bashate --error . --verbose --ignore=E003,E006,E040" + + +[testenv:ansible] +deps = + {[testenv]deps} + ansible==2.1.1.0 + ansible-lint>=2.7.0,<3.0.0 +setenv = + {[testenv]setenv} + ANSIBLE_HOST_KEY_CHECKING = False + ANSIBLE_SSH_CONTROL_PATH = /tmp/%%h-%%r + # TODO (odyssey4me) These are only here as they are non-standard folder + # names for Ansible 1.9.x. We are using the standard folder names for + # Ansible v2.x. We can remove this when we move to Ansible 2.x. + ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action + ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback + ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter + ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup + # This is required as the default is the current path or a path specified + # in ansible.cfg + ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library + # This is required as the default is '/etc/ansible/roles' or a path + # specified in ansible.cfg + ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/.. +commands = + rm -rf {homedir}/.ansible/plugins + git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ + {homedir}/.ansible/plugins + rm -rf {homedir}/.ansible/roles + ansible-galaxy install \ + --role-file={toxinidir}/tests/ansible-role-requirements.yml \ + --force + + +[testenv:ansible-syntax] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv:ansible]setenv} +commands = + {[testenv:ansible]commands} + ansible-playbook -i {toxinidir}/tests/inventory \ + --syntax-check \ + --list-tasks \ + -e "rolename={toxinidir}" \ + {toxinidir}/tests/test.yml + + +[testenv:ansible-lint] +deps = + {[testenv:ansible]deps} +commands = + {[testenv:ansible]commands} + ansible-lint {toxinidir} + + +[testenv:functional] +# NOTE(odyssey4me): this target does not use constraints because +# it doesn't work in OpenStack-CI yet. Once that's fixed, we can +# drop the install_command. +install_command = + pip install -U --force-reinstall {opts} {packages} +deps = + {[testenv:ansible]deps} +setenv = + {[testenv:ansible]setenv} +commands = + echo -e "\n *******************************************************\n" \ + "**** Functional Testing is still to be implemented ****\n" \ + "**** TODO: Write tests here ****\n" \ + "*******************************************************\n" + # As a temporary measure, while functional testing is being worked on, we + # will not execute the functional test. This allows other patches to be + # worked on while the functional testing is being worked out. + #{[testenv:ansible]commands} + #ansible-playbook -i {toxinidir}/tests/inventory \ + # -e "rolename={toxinidir}" \ + # -e "install_test_packages=True" \ + # {toxinidir}/tests/test.yml -vvvv + + +[testenv:linters] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv:ansible]setenv} +commands = + {[testenv:pep8]commands} + {[testenv:bashate]commands} + {[testenv:ansible-lint]commands} + {[testenv:ansible-syntax]commands} + {[testenv:docs]commands} diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml index 1b03aba..7d9cf1e 100644 --- a/vars/ubuntu-14.04.yml +++ b/vars/ubuntu-14.04.yml @@ -29,4 +29,3 @@ trove_apt_packages: - mysql-client - libxslt1-dev - qemu-utils - - libmysqlclient-dev diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index 1b03aba..7d9cf1e 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -29,4 +29,3 @@ trove_apt_packages: - mysql-client - libxslt1-dev - qemu-utils - - libmysqlclient-dev