zuul/nodepool
Code Issues Proposed changes

Require TLS

Browse Source 
Require TLS Zookeeper connections before making the 4.0 release.

Change-Id: I69acdcec0deddfdd191f094f13627ec1618142af
Depends-On: https://review.opendev.org/776696
This commit is contained in:
James E. Blair 2021-02-17 14:21:51 -08:00 committed by James E. Blair
parent 94b9ee5d26
commit 4c5fa46540
114 changed files with 1074 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -17,3 +17,4 @@ dist/
venv/
*~
.*.swp
tools/ca/

28
.zuul.yaml
View File

@ -347,6 +347,26 @@
env-vars:
DIB_SIMPLE_INIT_NETWORKMANAGER: '1'
- job:
name: nodepool-tox-py36
description: |
Nodepool unit tests with ZooKeeper running
parent: tox-py36
pre-run: playbooks/nodepool-tox/pre.yaml
vars: &nodepool_tox_vars
tox_environment:
NODEPOOL_ZK_CA: /opt/zookeeper/ca/certs/cacert.pem
NODEPOOL_ZK_CERT: /opt/zookeeper/ca/certs/client.pem
NODEPOOL_ZK_KEY: /opt/zookeeper/ca/keys/clientkey.pem
- job:
name: nodepool-tox-py38
description: |
Nodepool unit tests with ZooKeeper running
parent: tox-py38
pre-run: playbooks/nodepool-tox/pre.yaml
vars: *nodepool_tox_vars
- project:
vars:
release_python: python3
@ -357,8 +377,8 @@
- nodepool-build-image-siblings
- zuul-tox-docs
- tox-pep8
- tox-py36
- tox-py38
- nodepool-tox-py36
- nodepool-tox-py38
- nodepool-zuul-functional:
voting: false
- nodepool-functional-openstack:
@ -380,8 +400,8 @@
- nodepool-upload-image
- zuul-tox-docs
- tox-pep8
- tox-py36
- tox-py38
- nodepool-tox-py36
- nodepool-tox-py38
- nodepool-functional-openstack
- nodepool-functional-openstack-src
- nodepool-functional-k8s

5
bindep.txt
View File

@ -15,5 +15,6 @@ musl-dev [compile test platform:apk]
python3-dev [compile test platform:dpkg]
python3-devel [compile test platform:rpm]
sudo
zookeeperd [platform:dpkg test]
zookeeper [platform:suse test]
docker.io [test platform:dpkg]
docker [test platform:fedora]
docker-compose [test]

3
nodepool/config.py
View File

@ -101,7 +101,7 @@ class Config(ConfigValue):
for server in zk_cfg:
z = zk.ZooKeeperConnectionConfig(server['host'],
server.get('port', 2181),
server.get('port', 2281),
server.get('chroot', None))
name = z.host + '_' + str(z.port)
self.zookeeper_servers[name] = z
@ -358,7 +358,6 @@ def loadSecureConfig(config, secure_config_path, env=os.environ):
if secure.get('zookeeper-servers', []):
config.zookeeper_servers = {}
# TODO(Shrews): Support ZooKeeper auth
config.setZooKeeperServers(secure.get('zookeeper-servers'))
config.setSecureDiskimageEnv(
secure.get('diskimages', []), secure_config_path)

61
nodepool/tests/__init__.py
View File

@ -61,16 +61,37 @@ class ZookeeperServerFixture(fixtures.Fixture):
self.zookeeper_host = host
if not port:
self.zookeeper_port = 2181
self.zookeeper_port = 2281
else:
self.zookeeper_port = int(port)
zk_ca = os.environ.get('NODEPOOL_ZK_CA', None)
if not zk_ca:
zk_ca = os.path.join(os.path.dirname(__file__),
'../../tools/ca/certs/cacert.pem')
self.zookeeper_ca = zk_ca
zk_cert = os.environ.get('NODEPOOL_ZK_CERT', None)
if not zk_cert:
zk_cert = os.path.join(os.path.dirname(__file__),
'../../tools/ca/certs/client.pem')
self.zookeeper_cert = zk_cert
zk_key = os.environ.get('NODEPOOL_ZK_KEY', None)
if not zk_key:
zk_key = os.path.join(os.path.dirname(__file__),
'../../tools/ca/keys/clientkey.pem')
self.zookeeper_key = zk_key
class ChrootedKazooFixture(fixtures.Fixture):
def __init__(self, zookeeper_host, zookeeper_port):
def __init__(self, zookeeper_host, zookeeper_port, zookeeper_ca,
zookeeper_cert, zookeeper_key):
super(ChrootedKazooFixture, self).__init__()
self.zookeeper_host = zookeeper_host
self.zookeeper_port = zookeeper_port
self.zk_args = dict(
hosts='%s:%s' % (zookeeper_host, zookeeper_port),
use_ssl=True,
ca=zookeeper_ca,
certfile=zookeeper_cert,
keyfile=zookeeper_key)
def _setUp(self):
# Make sure the test chroot paths do not conflict
@ -82,8 +103,7 @@ class ChrootedKazooFixture(fixtures.Fixture):
self.zookeeper_chroot = "/nodepool_test/%s" % rand_test_path
# Ensure the chroot path exists and clean up any pre-existing znodes.
_tmp_client = kazoo.client.KazooClient(
hosts='%s:%s' % (self.zookeeper_host, self.zookeeper_port))
_tmp_client = kazoo.client.KazooClient(**self.zk_args)
_tmp_client.start()
if _tmp_client.exists(self.zookeeper_chroot):
@ -98,8 +118,7 @@ class ChrootedKazooFixture(fixtures.Fixture):
def _cleanup(self):
'''Remove the chroot path.'''
# Need a non-chroot'ed client to remove the chroot path
_tmp_client = kazoo.client.KazooClient(
hosts='%s:%s' % (self.zookeeper_host, self.zookeeper_port))
_tmp_client = kazoo.client.KazooClient(**self.zk_args)
_tmp_client.start()
_tmp_client.delete(self.zookeeper_chroot, recursive=True)
_tmp_client.stop()
@ -373,7 +392,10 @@ class DBTestCase(BaseTestCase):
context_name=context_name,
zookeeper_host=self.zookeeper_host,
zookeeper_port=self.zookeeper_port,
zookeeper_chroot=self.zookeeper_chroot)
zookeeper_chroot=self.zookeeper_chroot,
zookeeper_ca=self.zookeeper_ca,
zookeeper_cert=self.zookeeper_cert,
zookeeper_key=self.zookeeper_key)
os.write(fd, data.encode('utf8'))
os.close(fd)
self._config_images_dir = images_dir
@ -399,7 +421,10 @@ class DBTestCase(BaseTestCase):
data = config.format(
zookeeper_host=self.zookeeper_host,
zookeeper_port=self.zookeeper_port,
zookeeper_chroot=self.zookeeper_chroot)
zookeeper_chroot=self.zookeeper_chroot,
zookeeper_ca=self.zookeeper_ca,
zookeeper_cert=self.zookeeper_cert,
zookeeper_key=self.zookeeper_key)
os.write(fd, data.encode('utf8'))
os.close(fd)
return path
@ -587,16 +612,26 @@ class DBTestCase(BaseTestCase):
self.useFixture(f)
self.zookeeper_host = f.zookeeper_host
self.zookeeper_port = f.zookeeper_port
self.zookeeper_ca = f.zookeeper_ca
self.zookeeper_cert = f.zookeeper_cert
self.zookeeper_key = f.zookeeper_key
kz_fxtr = self.useFixture(ChrootedKazooFixture(
self.zookeeper_host,
self.zookeeper_port))
self.zookeeper_port,
self.zookeeper_ca,
self.zookeeper_cert,
self.zookeeper_key,
))
self.zookeeper_chroot = kz_fxtr.zookeeper_chroot
self.zk = zk.ZooKeeper(enable_cache=False)
host = zk.ZooKeeperConnectionConfig(
self.zookeeper_host, self.zookeeper_port, self.zookeeper_chroot
self.zookeeper_host, self.zookeeper_port, self.zookeeper_chroot,
)
self.zk.connect([host])
self.zk.connect([host],
tls_ca=self.zookeeper_ca,
tls_cert=self.zookeeper_cert,
tls_key=self.zookeeper_key)
self.addCleanup(self.zk.disconnect)
def printZKTree(self, node):

5
nodepool/tests/fixtures/azure.yaml vendored
View File

@ -6,6 +6,11 @@ zookeeper-servers:
- host: 127.0.0.1
port: 2181
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: bionic
min-ready: 1

5
nodepool/tests/fixtures/builder_2_diskimages.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
- name: fake-label2

5
nodepool/tests/fixtures/cleanup-port.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/disabled_provider.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/diskimage_build_timeout.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels: []
providers: []

5
nodepool/tests/fixtures/external_driver.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: test-label
min-ready: 1

5
nodepool/tests/fixtures/functional/kubernetes/basic.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: kubernetes-namespace
min-ready: 1

5
nodepool/tests/fixtures/functional/openshift/basic.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: openshift-project
min-ready: 1

5
nodepool/tests/fixtures/functional/openshift/pods.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: openshift-pod
min-ready: 1

5
nodepool/tests/fixtures/ignore_provider_quota_false.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/ignore_provider_quota_true.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/info_cmd_two_provider.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/info_cmd_two_provider_remove.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/integration_occ.yaml vendored
View File

@ -6,6 +6,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/kubernetes.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: pod-fedora
- name: kubernetes-namespace

5
nodepool/tests/fixtures/launcher_reg1.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/launcher_reg2.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/launcher_two_provider.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/launcher_two_provider_max_1.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/launcher_two_provider_remove.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/leaked_node.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/leaked_node_nodepool_id.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/multi_drivers.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: test-label
min-ready: 1

5
nodepool/tests/fixtures/multiple_pools.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/multiproviders.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-static-label
min-ready: 1

5
nodepool/tests/fixtures/node-host-key-checking.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node-network_cli.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_auto_floating_ip.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/node_az.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_az_change.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_boot_from_volume.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_cmd.yaml vendored
View File

@ -6,6 +6,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/node_delete_error.yaml vendored
View File

@ -8,6 +8,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_disabled_label.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_diskimage_fail.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_diskimage_formats.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label-default-format
min-ready: 1

5
nodepool/tests/fixtures/node_diskimage_only.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels: []
providers: []

5
nodepool/tests/fixtures/node_diskimage_parents.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-image-parent-1
min-ready: 1

5
nodepool/tests/fixtures/node_diskimage_pause.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_flavor_name.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_image_upload_pause.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_ipv6.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/node_label_provider.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_launch_retry.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_lost_requests.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_many_labels.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/node_max_hold_age.yaml vendored
View File

@ -9,6 +9,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_max_hold_age_2.yaml vendored
View File

@ -9,6 +9,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 2

5
nodepool/tests/fixtures/node_max_hold_age_no_default.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_max_ready_age.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
max-ready-age: 2

5
nodepool/tests/fixtures/node_min_ready_capacity.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_net_name.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/fixtures/node_no_min_ready.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_quota_cloud.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_quota_pool_cores.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_quota_pool_instances.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_quota_pool_ram.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_second_provider.yaml vendored
View File

@ -6,6 +6,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_security_group.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_two_image.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_two_image_remove.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_two_provider.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_two_provider_remove.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_unmanaged_image.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_upload_fail.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 2

5
nodepool/tests/fixtures/node_upload_hook.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/node_vhd.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/node_vhd_and_qcow2.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 2

5
nodepool/tests/fixtures/openshift.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: pod-fedora
- name: openshift-project

5
nodepool/tests/fixtures/openshiftpods.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: pod-fedora

5
nodepool/tests/fixtures/pause_declined_1.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/pause_declined_2.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 0

5
nodepool/tests/fixtures/secure_file_secure.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
diskimages:
- name: fake-image
env-vars:

5
nodepool/tests/fixtures/static-2-nodes-multilabel.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
- name: fake-label2

5
nodepool/tests/fixtures/static-2-nodes.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-basic.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-multilabel.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
- name: fake-label2

5
nodepool/tests/fixtures/static-multiname.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
- name: other-label

5
nodepool/tests/fixtures/static-no-check.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-parallel-increase.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-python-path.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-unresolvable.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label

5
nodepool/tests/fixtures/static-update.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
- name: fake-label2

5
nodepool/tests/fixtures/static.yaml vendored
View File

@ -3,6 +3,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
- name: fake-label2

5
nodepool/tests/fixtures/unmanaged_image_provider_id.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/unmanaged_image_provider_name.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label
min-ready: 1

5
nodepool/tests/fixtures/wedge_test.yaml vendored
View File

@ -7,6 +7,11 @@ zookeeper-servers:
port: {zookeeper_port}
chroot: {zookeeper_chroot}
zookeeper-tls:
ca: {zookeeper_ca}
cert: {zookeeper_cert}
key: {zookeeper_key}
labels:
- name: fake-label1
min-ready: 1

5
nodepool/tests/unit/test_driver_aws.py
View File

@ -80,6 +80,11 @@ class TestDriverAws(tests.DBTestCase):
'port': self.zookeeper_port,
'chroot': self.zookeeper_chroot,
}
raw_config['zookeeper-tls'] = {
'ca': self.zookeeper_ca,
'cert': self.zookeeper_cert,
'key': self.zookeeper_key,
}
raw_config['providers'][0]['pools'][0]['subnet-id'] = subnet_id
raw_config['providers'][0]['pools'][0]['security-group-id'] = sg_id
raw_config['providers'][0]['pools'][1]['subnet-id'] = subnet_id

5
nodepool/tests/unit/test_driver_azure.py
View File

@ -169,6 +169,11 @@ class TestDriverAzure(tests.DBTestCase):
'port': self.zookeeper_port,
'chroot': self.zookeeper_chroot,
}
raw_config['zookeeper-tls'] = {
'ca': self.zookeeper_ca,
'cert': self.zookeeper_cert,
'key': self.zookeeper_key,
}
with tempfile.NamedTemporaryFile() as tf:
tf.write(yaml.safe_dump(
raw_config, default_flow_style=False).encode('utf-8'))

5
nodepool/tests/unit/test_driver_gce.py
View File

@ -248,6 +248,11 @@ class TestDriverGce(tests.DBTestCase):
'port': self.zookeeper_port,
'chroot': self.zookeeper_chroot,
}
raw_config['zookeeper-tls'] = {
'ca': self.zookeeper_ca,
'cert': self.zookeeper_cert,
'key': self.zookeeper_key,
}
with tempfile.NamedTemporaryFile() as tf:
tf.write(yaml.safe_dump(

15
nodepool/zk.py
View File

@ -983,11 +983,16 @@ class ZooKeeper(object):
hosts = buildZooKeeperHosts(host_list)
args = dict(hosts=hosts,
read_only=read_only)
if tls_key:
args['use_ssl'] = True
args['keyfile'] = tls_key
args['certfile'] = tls_cert
args['ca'] = tls_ca
args['use_ssl'] = True
if not (tls_key and tls_cert and tls_ca):
raise Exception("A TLS ZooKeeper connection is required; "
"please supply the zookeeper-tls "
"config values.")
args['keyfile'] = tls_key
args['certfile'] = tls_cert
args['ca'] = tls_ca
self.client = KazooClient(**args)
self.client.add_listener(self._connection_listener)
# Manually retry initial connection attempt

2
playbooks/nodepool-functional-container-openstack/pre.yaml
View File

@ -5,6 +5,8 @@
bindep_dir: "{{ zuul.projects['opendev.org/zuul/nodepool'].src_dir }}"
- role: test-setup
zuul_work_dir: "{{ zuul.projects['opendev.org/zuul/nodepool'].src_dir }}"
- role: ensure-zookeeper
zookeeper_use_tls: true
- ensure-docker
# Note: keep after ensure-docker
- use-buildset-registry

4
playbooks/nodepool-functional-container-openstack/templates/docker-compose.yaml.j2
View File

@ -23,6 +23,8 @@ services:
- /var/log/nodepool:/var/log/nodepool
# devstack tls-proxy puts CA here that is referenced by cloud config
- /opt/stack/data:/opt/stack/data:ro
# zookeeper certs
- /opt/zookeeper/ca:/opt/zookeeper/ca:ro
nodepool-launcher:
image: zuul/nodepool-launcher{{ nodepool_container_tag|default('') }}
@ -41,3 +43,5 @@ services:
- /var/log/nodepool:/var/log/nodepool
# devstack tls-proxy puts CA here that is referenced by cloud config
- /opt/stack/data:/opt/stack/data:ro
# zookeeper certs
- /opt/zookeeper/ca:/opt/zookeeper/ca:ro

7
playbooks/nodepool-functional-container-openstack/templates/nodepool.yaml.j2
View File

@ -3,7 +3,12 @@ images-dir: {{ NODEPOOL_DIB_BASE_PATH }}/images
zookeeper-servers:
- host: localhost
port: 2181
port: 2281
zookeeper-tls:
ca: /opt/zookeeper/ca/certs/cacert.pem
cert: /opt/zookeeper/ca/certs/client.pem
key: /opt/zookeeper/ca/keys/clientkey.pem
labels:
- name: test-image

Some files were not shown because too many files have changed in this diff Show More