Create sasl user in func test
Change-Id: I8f0941bd847f26e0ba5ec925606ee30396be9230
This commit is contained in:
parent
75eda42f7c
commit
5490543352
@ -2,4 +2,3 @@
|
||||
host=review.openstack.org
|
||||
port=29418
|
||||
project=openstack/ansible-role-qdrouterd.git
|
||||
defaultbranch=master
|
||||
|
@ -30,24 +30,25 @@ qdrouterd_log_file: "/var/log/qdrouterd/qdrouterd.log"
|
||||
qdrouterd_host_count: "{{ groups['qdrouterd_all'] | length}}"
|
||||
qdrouterd_mode: "{% if qdrouterd_host_count == '1' %}standalone{% else %}interior{% endif %}"
|
||||
qdrouterd_listener_addr: 0.0.0.0
|
||||
qdrouterd_listener_port: 31459
|
||||
qdrouterd_listener_port_ssl: 31459
|
||||
qdrouterd_listener_port_plain: 31460
|
||||
qdrouterd_listener_auth_peer: "no"
|
||||
qdrouterd_listener_sasl_mech: "ANONYMOUS"
|
||||
qdrouterd_listener_sasl_mech: "ANONYMOUS PLAIN"
|
||||
qdrouterd_irl_addr: 0.0.0.0
|
||||
qdrouterd_irl_port: 31460
|
||||
qdrouterd_irl_port_ssl: 31461
|
||||
qdrouterd_irl_port_plain: 31462
|
||||
qdrouterd_irl_auth_peer: "no"
|
||||
qdrouterd_irl_sasl_mech: "ANONYMOUS"
|
||||
qdrouterd_irl_sasl_mech: "ANONYMOUS PLAIN"
|
||||
qdrouterd_worker_threads: 4
|
||||
qdrouterd_sasl_conf_path: "/etc/sasl2"
|
||||
qdrouterd_sasl_conf_file: "/etc/sasl2/qdrouterd.conf"
|
||||
qdrouterd_log_module: "DEFAULT"
|
||||
qdrouterd_log_enable: "info+"
|
||||
qdrouterd_log_enable: "trace+"
|
||||
|
||||
# Qdrouterd SSL support
|
||||
qdrouterd_require_ssl: "yes"
|
||||
qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd.pem"
|
||||
qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/qdrouterd.key"
|
||||
#qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd-ca.pem"
|
||||
qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.pem"
|
||||
qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.key"
|
||||
#qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd-ca.pem"
|
||||
|
||||
# Set qdrouterd_ssl_sefl_signed_regen to true if you want to generate a new
|
||||
# SSL certificate for Qdrouterd when this playbook runs. You can also change
|
||||
|
@ -23,8 +23,8 @@ galaxy_info:
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
- xenial
|
||||
- bionic
|
||||
categories:
|
||||
- messaging
|
||||
- cloud
|
||||
|
@ -24,10 +24,9 @@
|
||||
tags:
|
||||
- always
|
||||
|
||||
- include: qdrouterd_pre_install.yml
|
||||
- import_tasks: qdrouterd_pre_install.yml
|
||||
|
||||
- include: qdrouterd_install.yml
|
||||
static: no
|
||||
- import_tasks: qdrouterd_install.yml
|
||||
|
||||
# Qdrouterd SSL/TLS listener configuration
|
||||
#
|
||||
@ -39,18 +38,17 @@
|
||||
#
|
||||
# playbooks/roles/qdrouterd/defaults/main.yml
|
||||
#
|
||||
- include: qdrouterd_ssl_self_signed.yml
|
||||
static: no
|
||||
- include_tasks: qdrouterd_ssl_self_signed.yml
|
||||
when: >
|
||||
qdrouterd_user_ssl_cert is not defined or
|
||||
qdrouterd_user_ssl_key is not defined
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
||||
- include: qdrouterd_ssl_user_provided.yml
|
||||
- import_tasks: qdrouterd_ssl_user_provided.yml
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
||||
- include: qdrouterd_post_install.yml
|
||||
|
||||
|
||||
- import_tasks: qdrouterd_post_install.yml
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
@ -13,22 +13,18 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
|
||||
- include_tasks: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
|
||||
tags:
|
||||
- qdrouterd-apt-packages
|
||||
- qdrouterd-yum-packages
|
||||
- qdrouterd_server-install
|
||||
|
||||
- name: Reload the systemd daemon
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
when:
|
||||
- install_qdrouterd is changed
|
||||
- install_qdrouterd is changed
|
||||
tags:
|
||||
- qdrouterd-apt-packages
|
||||
- qdrouterd-yum-packages
|
||||
- qdrouterd_server-install
|
||||
|
||||
- include: qdrouterd_started.yml
|
||||
- import_tasks: qdrouterd_started.yml
|
||||
tags:
|
||||
- qdrouterd_server-config
|
||||
|
@ -25,7 +25,7 @@
|
||||
apt_repository:
|
||||
repo: "{{ qdrouterd_ppa_repo }}"
|
||||
update_cache: True
|
||||
codename: xenial
|
||||
codename: "{{ ansible_distribution_release }}"
|
||||
state: present
|
||||
tags:
|
||||
- qdrouterd-rep
|
||||
|
@ -26,13 +26,11 @@
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
||||
- name: Create the log directory
|
||||
- name: Create the lib directory
|
||||
file:
|
||||
path: "/var/lib/qdrouterd/"
|
||||
state: "directory"
|
||||
group: "qdrouterd"
|
||||
owner: "qdrouterd"
|
||||
recurse: true
|
||||
mode: "0755"
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
||||
@ -46,6 +44,5 @@
|
||||
tags:
|
||||
- qdrouterd-config
|
||||
|
||||
- include: qdrouterd_restart.yml
|
||||
static: no
|
||||
- include_tasks: qdrouterd_restart.yml
|
||||
when: qdrouterd_config_changed is changed
|
||||
|
@ -13,7 +13,5 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: qdrouterd_stopped.yml
|
||||
- include: qdrouterd_started.yml
|
||||
|
||||
|
||||
- import_tasks: qdrouterd_stopped.yml
|
||||
- import_tasks: qdrouterd_started.yml
|
||||
|
@ -15,11 +15,11 @@
|
||||
|
||||
# We create the self-signed SSL certificate and key only on the first
|
||||
# Qdrouterd container.
|
||||
- include: qdrouterd_ssl_key_create.yml
|
||||
- include_tasks: qdrouterd_ssl_key_create.yml
|
||||
when: inventory_hostname == groups[qdrouterd_host_group][0]
|
||||
|
||||
- include: qdrouterd_ssl_key_store.yml
|
||||
- include_tasks: qdrouterd_ssl_key_store.yml
|
||||
when: inventory_hostname == groups[qdrouterd_host_group][0]
|
||||
|
||||
- include: qdrouterd_ssl_key_distribute.yml
|
||||
- include_tasks: qdrouterd_ssl_key_distribute.yml
|
||||
when: inventory_hostname != groups[qdrouterd_host_group][0]
|
||||
|
@ -7,7 +7,6 @@ router {
|
||||
saslConfigName: {{ qdrouterd_service_name }}
|
||||
}
|
||||
|
||||
{% if qdrouterd_require_ssl == 'yes' %}
|
||||
sslProfile {
|
||||
name: {{ ansible_hostname }}
|
||||
{% if qdrouterd_ssl_ca_cert is defined %}
|
||||
@ -16,15 +15,20 @@ sslProfile {
|
||||
certFile: {{ qdrouterd_ssl_cert }}
|
||||
keyFile: {{ qdrouterd_ssl_key }}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
listener {
|
||||
host: {{ qdrouterd_listener_addr }}
|
||||
port: {{ qdrouterd_listener_port }}
|
||||
port: {{ qdrouterd_listener_port_ssl }}
|
||||
role: normal
|
||||
{% if qdrouterd_require_ssl == 'yes' %}
|
||||
sslProfile: {{ ansible_hostname }}
|
||||
{% endif %}
|
||||
authenticatePeer: {{ qdrouterd_listener_auth_peer }}
|
||||
saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
|
||||
}
|
||||
|
||||
listener {
|
||||
host: {{ qdrouterd_listener_addr }}
|
||||
port: {{ qdrouterd_listener_port_plain }}
|
||||
role: normal
|
||||
authenticatePeer: {{ qdrouterd_listener_auth_peer }}
|
||||
saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
|
||||
}
|
||||
@ -32,11 +36,17 @@ listener {
|
||||
{% if qdrouterd_host_count > '1' %}
|
||||
listener {
|
||||
host: {{ qdrouterd_irl_addr }}
|
||||
port: {{ qdrouterd_irl_port }}
|
||||
port: {{ qdrouterd_irl_port_ssl }}
|
||||
role: inter-router
|
||||
{% if qdrouterd_require_ssl == 'yes' %}
|
||||
sslProfile: {{ ansible_hostname }}
|
||||
{% endif %}
|
||||
authenticatePeer: {{ qdrouterd_irl_auth_peer }}
|
||||
saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
|
||||
}
|
||||
|
||||
listener {
|
||||
host: {{ qdrouterd_irl_addr }}
|
||||
port: {{ qdrouterd_irl_port_plain }}
|
||||
role: inter-router
|
||||
authenticatePeer: {{ qdrouterd_irl_auth_peer }}
|
||||
saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
|
||||
}
|
||||
@ -47,7 +57,7 @@ listener {
|
||||
connector {
|
||||
host: {{ hostvars[router]['ansible_eth0']['ipv4']['address'] }}
|
||||
role: inter-router
|
||||
port: {{ qdrouterd_irl_port }}
|
||||
port: {{ qdrouterd_irl_port_plain }}
|
||||
}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
@ -16,6 +16,7 @@
|
||||
qdrouterd_ssl_cert: /etc/qpid-dispatch/ssl/qdrouterd.pem
|
||||
qdrouterd_ssl_key: /etc/qpid-dispatch/ssl/qdrouterd.key
|
||||
qdrouterd_worker_threads: 2
|
||||
qdrouterd_require_ssl: no
|
||||
qdrouterd_listener_port: 31459
|
||||
qdrouterd_irl_port: 31460
|
||||
qdrouterd_listener_port_ssl: 31459
|
||||
qdrouterd_listener_port_plain: 31460
|
||||
qdrouterd_irl_port_ssl: 31461
|
||||
qdrouterd_irl_port_plain: 31462
|
||||
|
@ -65,26 +65,59 @@
|
||||
that:
|
||||
- "'workerThreads' in qdrouterd_config_contents"
|
||||
|
||||
- name: Get general statistics of qdrouterd
|
||||
- name: Get general statistics of qdrouterd plain
|
||||
command: "qdstat -g -b 0.0.0.0:31460"
|
||||
register: qdrouterd_statistics_plain
|
||||
changed_when: false
|
||||
|
||||
- name: Print qdrouterd_statistics plain
|
||||
debug:
|
||||
var: qdrouterd_statistics_plain
|
||||
|
||||
- name: Get qdrouterd node view using plain
|
||||
command: "qdstat -nv -b 0.0.0.0:31460"
|
||||
register: qdrouterd_nv_plain
|
||||
changed_when: false
|
||||
|
||||
- name: Print qdrouterd_nv using plain
|
||||
debug:
|
||||
var: qdrouterd_nv_plain
|
||||
|
||||
- name: Get general statistics of qdrouterd using ssl
|
||||
command: "qdstat -g -b 0.0.0.0:31459"
|
||||
register: qdrouterd_statistics
|
||||
register: qdrouterd_statistics_ssl
|
||||
changed_when: false
|
||||
|
||||
- name: Print qdrouterd_statistics
|
||||
- name: Print qdrouterd_statistics using ssl
|
||||
debug:
|
||||
var: qdrouterd_statistics
|
||||
var: qdrouterd_statistics_ssl
|
||||
|
||||
- name: Get qdrouterd node view
|
||||
- name: Get qdrouterd node view using ssl
|
||||
command: "qdstat -nv -b 0.0.0.0:31459"
|
||||
register: qdrouterd_nv
|
||||
register: qdrouterd_nv_ssl
|
||||
changed_when: false
|
||||
|
||||
- name: Print qdrouterd_nv
|
||||
- name: Print qdrouterd_nv using ssl
|
||||
debug:
|
||||
var: qdrouterd_nv
|
||||
var: qdrouterd_nv_ssl
|
||||
|
||||
- name: Ensure SSL cert/key checksums are identical across the mesh
|
||||
assert:
|
||||
that:
|
||||
- hostvars['container1']['qdrouterd_ssl_cert_checksum'] == hostvars['container2']['qdrouterd_ssl_cert_checksum'] == hostvars['container3']['qdrouterd_ssl_cert_checksum']
|
||||
- hostvars['container1']['qdrouterd_ssl_key_checksum'] == hostvars['container2']['qdrouterd_ssl_key_checksum'] == hostvars['container3']['qdrouterd_ssl_key_checksum']
|
||||
|
||||
- name: Create a sasl user
|
||||
shell: "echo secret | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u QPID myguest"
|
||||
args:
|
||||
creates: /var/lib/qdrouterd/qdrouterd.sasldb
|
||||
|
||||
- name: Get sasl user list
|
||||
command: "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb"
|
||||
register: sasl_list
|
||||
changed_when: false
|
||||
|
||||
- name: Check for user in sasl list
|
||||
assert:
|
||||
that:
|
||||
- "'myguest@QPID:' in sasl_list.stdout"
|
||||
|
@ -14,10 +14,10 @@
|
||||
# limitations under the License.
|
||||
|
||||
# Setup the host
|
||||
- include: common/test-setup-host.yml
|
||||
- import_playbook: common/test-setup-host.yml
|
||||
|
||||
# Install previous version qdrouterd server
|
||||
- include: test-install-qdrouterd.yml
|
||||
# Install Qdrouterd server
|
||||
- import_playbook: test-install-qdrouterd.yml
|
||||
|
||||
# Run functional tests
|
||||
- include: test-qdrouterd-functional.yml
|
||||
- import_playbook: test-qdrouterd-functional.yml
|
||||
|
@ -14,9 +14,11 @@
|
||||
# limitations under the License.
|
||||
|
||||
qdrouterd_distro_packages:
|
||||
- openssl
|
||||
- python-qpid-proton
|
||||
- cyrus-sasl-lib
|
||||
- cyrus-sasl-plain
|
||||
- cyrus-sasl-md5
|
||||
- qpid-dispatch-router
|
||||
- qpid-dispatch-tools
|
||||
|
||||
|
@ -20,15 +20,15 @@
|
||||
check:
|
||||
jobs:
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7:
|
||||
voting: false
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-opensuse-423:
|
||||
voting: false
|
||||
- openstack-ansible-functional-ubuntu-xenial:
|
||||
voting: false
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
experimental:
|
||||
jobs:
|
||||
- openstack-ansible-integrated-deploy-aio
|
||||
gate:
|
||||
jobs:
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
|
Loading…
Reference in New Issue
Block a user