Create sasl user in func test

Change-Id: I8f0941bd847f26e0ba5ec925606ee30396be9230
This commit is contained in:
Andy Smith 2018-07-11 15:23:42 -04:00
parent 75eda42f7c
commit 5490543352
15 changed files with 104 additions and 69 deletions

View File

@ -2,4 +2,3 @@
host=review.openstack.org
port=29418
project=openstack/ansible-role-qdrouterd.git
defaultbranch=master

View File

@ -30,24 +30,25 @@ qdrouterd_log_file: "/var/log/qdrouterd/qdrouterd.log"
qdrouterd_host_count: "{{ groups['qdrouterd_all'] | length}}"
qdrouterd_mode: "{% if qdrouterd_host_count == '1' %}standalone{% else %}interior{% endif %}"
qdrouterd_listener_addr: 0.0.0.0
qdrouterd_listener_port: 31459
qdrouterd_listener_port_ssl: 31459
qdrouterd_listener_port_plain: 31460
qdrouterd_listener_auth_peer: "no"
qdrouterd_listener_sasl_mech: "ANONYMOUS"
qdrouterd_listener_sasl_mech: "ANONYMOUS PLAIN"
qdrouterd_irl_addr: 0.0.0.0
qdrouterd_irl_port: 31460
qdrouterd_irl_port_ssl: 31461
qdrouterd_irl_port_plain: 31462
qdrouterd_irl_auth_peer: "no"
qdrouterd_irl_sasl_mech: "ANONYMOUS"
qdrouterd_irl_sasl_mech: "ANONYMOUS PLAIN"
qdrouterd_worker_threads: 4
qdrouterd_sasl_conf_path: "/etc/sasl2"
qdrouterd_sasl_conf_file: "/etc/sasl2/qdrouterd.conf"
qdrouterd_log_module: "DEFAULT"
qdrouterd_log_enable: "info+"
qdrouterd_log_enable: "trace+"
# Qdrouterd SSL support
qdrouterd_require_ssl: "yes"
qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd.pem"
qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/qdrouterd.key"
#qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/qdrouterd-ca.pem"
qdrouterd_ssl_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.pem"
qdrouterd_ssl_key: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd.key"
#qdrouterd_ssl_ca_cert: "{{ qdrouterd_etc_conf_path }}/ssl/qdrouterd-ca.pem"
# Set qdrouterd_ssl_sefl_signed_regen to true if you want to generate a new
# SSL certificate for Qdrouterd when this playbook runs. You can also change

View File

@ -23,8 +23,8 @@ galaxy_info:
- 7
- name: Ubuntu
versions:
- trusty
- xenial
- bionic
categories:
- messaging
- cloud

View File

@ -24,10 +24,9 @@
tags:
- always
- include: qdrouterd_pre_install.yml
- import_tasks: qdrouterd_pre_install.yml
- include: qdrouterd_install.yml
static: no
- import_tasks: qdrouterd_install.yml
# Qdrouterd SSL/TLS listener configuration
#
@ -39,18 +38,17 @@
#
# playbooks/roles/qdrouterd/defaults/main.yml
#
- include: qdrouterd_ssl_self_signed.yml
static: no
- include_tasks: qdrouterd_ssl_self_signed.yml
when: >
qdrouterd_user_ssl_cert is not defined or
qdrouterd_user_ssl_key is not defined
tags:
- qdrouterd-config
- include: qdrouterd_ssl_user_provided.yml
- import_tasks: qdrouterd_ssl_user_provided.yml
tags:
- qdrouterd-config
- include: qdrouterd_post_install.yml
- import_tasks: qdrouterd_post_install.yml
tags:
- qdrouterd-config

View File

@ -13,22 +13,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- include: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
- include_tasks: "qdrouterd_install_{{ ansible_pkg_mgr }}.yml"
tags:
- qdrouterd-apt-packages
- qdrouterd-yum-packages
- qdrouterd_server-install
- name: Reload the systemd daemon
systemd:
daemon_reload: yes
when:
- install_qdrouterd is changed
- install_qdrouterd is changed
tags:
- qdrouterd-apt-packages
- qdrouterd-yum-packages
- qdrouterd_server-install
- include: qdrouterd_started.yml
- import_tasks: qdrouterd_started.yml
tags:
- qdrouterd_server-config

View File

@ -25,7 +25,7 @@
apt_repository:
repo: "{{ qdrouterd_ppa_repo }}"
update_cache: True
codename: xenial
codename: "{{ ansible_distribution_release }}"
state: present
tags:
- qdrouterd-rep

View File

@ -26,13 +26,11 @@
tags:
- qdrouterd-config
- name: Create the log directory
- name: Create the lib directory
file:
path: "/var/lib/qdrouterd/"
state: "directory"
group: "qdrouterd"
owner: "qdrouterd"
recurse: true
mode: "0755"
tags:
- qdrouterd-config
@ -46,6 +44,5 @@
tags:
- qdrouterd-config
- include: qdrouterd_restart.yml
static: no
- include_tasks: qdrouterd_restart.yml
when: qdrouterd_config_changed is changed

View File

@ -13,7 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- include: qdrouterd_stopped.yml
- include: qdrouterd_started.yml
- import_tasks: qdrouterd_stopped.yml
- import_tasks: qdrouterd_started.yml

View File

@ -15,11 +15,11 @@
# We create the self-signed SSL certificate and key only on the first
# Qdrouterd container.
- include: qdrouterd_ssl_key_create.yml
- include_tasks: qdrouterd_ssl_key_create.yml
when: inventory_hostname == groups[qdrouterd_host_group][0]
- include: qdrouterd_ssl_key_store.yml
- include_tasks: qdrouterd_ssl_key_store.yml
when: inventory_hostname == groups[qdrouterd_host_group][0]
- include: qdrouterd_ssl_key_distribute.yml
- include_tasks: qdrouterd_ssl_key_distribute.yml
when: inventory_hostname != groups[qdrouterd_host_group][0]

View File

@ -7,7 +7,6 @@ router {
saslConfigName: {{ qdrouterd_service_name }}
}
{% if qdrouterd_require_ssl == 'yes' %}
sslProfile {
name: {{ ansible_hostname }}
{% if qdrouterd_ssl_ca_cert is defined %}
@ -16,15 +15,20 @@ sslProfile {
certFile: {{ qdrouterd_ssl_cert }}
keyFile: {{ qdrouterd_ssl_key }}
}
{% endif %}
listener {
host: {{ qdrouterd_listener_addr }}
port: {{ qdrouterd_listener_port }}
port: {{ qdrouterd_listener_port_ssl }}
role: normal
{% if qdrouterd_require_ssl == 'yes' %}
sslProfile: {{ ansible_hostname }}
{% endif %}
authenticatePeer: {{ qdrouterd_listener_auth_peer }}
saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
}
listener {
host: {{ qdrouterd_listener_addr }}
port: {{ qdrouterd_listener_port_plain }}
role: normal
authenticatePeer: {{ qdrouterd_listener_auth_peer }}
saslMechanisms: {{ qdrouterd_listener_sasl_mech }}
}
@ -32,11 +36,17 @@ listener {
{% if qdrouterd_host_count > '1' %}
listener {
host: {{ qdrouterd_irl_addr }}
port: {{ qdrouterd_irl_port }}
port: {{ qdrouterd_irl_port_ssl }}
role: inter-router
{% if qdrouterd_require_ssl == 'yes' %}
sslProfile: {{ ansible_hostname }}
{% endif %}
authenticatePeer: {{ qdrouterd_irl_auth_peer }}
saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
}
listener {
host: {{ qdrouterd_irl_addr }}
port: {{ qdrouterd_irl_port_plain }}
role: inter-router
authenticatePeer: {{ qdrouterd_irl_auth_peer }}
saslMechanisms: {{ qdrouterd_irl_sasl_mech }}
}
@ -47,7 +57,7 @@ listener {
connector {
host: {{ hostvars[router]['ansible_eth0']['ipv4']['address'] }}
role: inter-router
port: {{ qdrouterd_irl_port }}
port: {{ qdrouterd_irl_port_plain }}
}
{% endif %}
{% endfor %}

View File

@ -16,6 +16,7 @@
qdrouterd_ssl_cert: /etc/qpid-dispatch/ssl/qdrouterd.pem
qdrouterd_ssl_key: /etc/qpid-dispatch/ssl/qdrouterd.key
qdrouterd_worker_threads: 2
qdrouterd_require_ssl: no
qdrouterd_listener_port: 31459
qdrouterd_irl_port: 31460
qdrouterd_listener_port_ssl: 31459
qdrouterd_listener_port_plain: 31460
qdrouterd_irl_port_ssl: 31461
qdrouterd_irl_port_plain: 31462

View File

@ -65,26 +65,59 @@
that:
- "'workerThreads' in qdrouterd_config_contents"
- name: Get general statistics of qdrouterd
- name: Get general statistics of qdrouterd plain
command: "qdstat -g -b 0.0.0.0:31460"
register: qdrouterd_statistics_plain
changed_when: false
- name: Print qdrouterd_statistics plain
debug:
var: qdrouterd_statistics_plain
- name: Get qdrouterd node view using plain
command: "qdstat -nv -b 0.0.0.0:31460"
register: qdrouterd_nv_plain
changed_when: false
- name: Print qdrouterd_nv using plain
debug:
var: qdrouterd_nv_plain
- name: Get general statistics of qdrouterd using ssl
command: "qdstat -g -b 0.0.0.0:31459"
register: qdrouterd_statistics
register: qdrouterd_statistics_ssl
changed_when: false
- name: Print qdrouterd_statistics
- name: Print qdrouterd_statistics using ssl
debug:
var: qdrouterd_statistics
var: qdrouterd_statistics_ssl
- name: Get qdrouterd node view
- name: Get qdrouterd node view using ssl
command: "qdstat -nv -b 0.0.0.0:31459"
register: qdrouterd_nv
register: qdrouterd_nv_ssl
changed_when: false
- name: Print qdrouterd_nv
- name: Print qdrouterd_nv using ssl
debug:
var: qdrouterd_nv
var: qdrouterd_nv_ssl
- name: Ensure SSL cert/key checksums are identical across the mesh
assert:
that:
- hostvars['container1']['qdrouterd_ssl_cert_checksum'] == hostvars['container2']['qdrouterd_ssl_cert_checksum'] == hostvars['container3']['qdrouterd_ssl_cert_checksum']
- hostvars['container1']['qdrouterd_ssl_key_checksum'] == hostvars['container2']['qdrouterd_ssl_key_checksum'] == hostvars['container3']['qdrouterd_ssl_key_checksum']
- name: Create a sasl user
shell: "echo secret | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u QPID myguest"
args:
creates: /var/lib/qdrouterd/qdrouterd.sasldb
- name: Get sasl user list
command: "sasldblistusers2 -f /var/lib/qdrouterd/qdrouterd.sasldb"
register: sasl_list
changed_when: false
- name: Check for user in sasl list
assert:
that:
- "'myguest@QPID:' in sasl_list.stdout"

View File

@ -14,10 +14,10 @@
# limitations under the License.
# Setup the host
- include: common/test-setup-host.yml
- import_playbook: common/test-setup-host.yml
# Install previous version qdrouterd server
- include: test-install-qdrouterd.yml
# Install Qdrouterd server
- import_playbook: test-install-qdrouterd.yml
# Run functional tests
- include: test-qdrouterd-functional.yml
- import_playbook: test-qdrouterd-functional.yml

View File

@ -14,9 +14,11 @@
# limitations under the License.
qdrouterd_distro_packages:
- openssl
- python-qpid-proton
- cyrus-sasl-lib
- cyrus-sasl-plain
- cyrus-sasl-md5
- qpid-dispatch-router
- qpid-dispatch-tools

View File

@ -20,15 +20,15 @@
check:
jobs:
- openstack-ansible-linters
- openstack-ansible-functional-centos-7:
voting: false
- openstack-ansible-functional-centos-7
- openstack-ansible-functional-opensuse-423:
voting: false
- openstack-ansible-functional-ubuntu-xenial:
voting: false
- openstack-ansible-functional-ubuntu-bionic
experimental:
jobs:
- openstack-ansible-integrated-deploy-aio
gate:
jobs:
- openstack-ansible-linters
- openstack-ansible-functional-centos-7
- openstack-ansible-functional-ubuntu-bionic