Fix up amulet for queens

* Fix up amulet tests to use keystone v3 clients. * Remove admin_* and auth_* for Queens l3_agent and metadata config files as they no longer appears to be used. Change-Id: Ib952740b0061f76083307d04a772f613a9ba0002
2018-02-25 16:21:22 +00:00 · 2018-02-25 16:21:22 +00:00 · 7fd04bba83
commit 7fd04bba83
parent b475a397e3
9 changed files with 344 additions and 75 deletions
--- a/hooks/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/amulet/utils.py
@ -367,13 +367,36 @@ class OpenStackAmuletUtils(AmuletUtils):
                              project_domain_name=None, project_name=None):
        """Authenticate with Keystone"""
        self.log.debug('Authenticating with keystone...')
-        port = 5000
-        if admin_port:
-            port = 35357
-        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
-                                        port)
-        if not api_version or api_version == 2:
-            ep = base_ep + "/v2.0"
+        if not api_version:
+            api_version = 2
+        sess, auth = self.get_keystone_session(
+            keystone_ip=keystone_ip,
+            username=username,
+            password=password,
+            api_version=api_version,
+            admin_port=admin_port,
+            user_domain_name=user_domain_name,
+            domain_name=domain_name,
+            project_domain_name=project_domain_name,
+            project_name=project_name
+        )
+        if api_version == 2:
+            client = keystone_client.Client(session=sess)
+        else:
+            client = keystone_client_v3.Client(session=sess)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(sess)
+        return client
+
+    def get_keystone_session(self, keystone_ip, username, password,
+                             api_version=False, admin_port=False,
+                             user_domain_name=None, domain_name=None,
+                             project_domain_name=None, project_name=None):
+        """Return a keystone session object"""
+        ep = self.get_keystone_endpoint(keystone_ip,
+                                        api_version=api_version,
+                                        admin_port=admin_port)
+        if api_version == 2:
            auth = v2.Password(
                username=username,
                password=password,
@ -381,12 +404,7 @@ class OpenStackAmuletUtils(AmuletUtils):
                auth_url=ep
            )
            sess = keystone_session.Session(auth=auth)
-            client = keystone_client.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
        else:
-            ep = base_ep + "/v3"
            auth = v3.Password(
                user_domain_name=user_domain_name,
                username=username,
@ -397,10 +415,57 @@ class OpenStackAmuletUtils(AmuletUtils):
                auth_url=ep
            )
            sess = keystone_session.Session(auth=auth)
-            client = keystone_client_v3.Client(session=sess)
+        return (sess, auth)
+
+    def get_keystone_endpoint(self, keystone_ip, api_version=None,
+                              admin_port=False):
+        """Return keystone endpoint"""
+        port = 5000
+        if admin_port:
+            port = 35357
+        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
+                                        port)
+        if api_version == 2:
+            ep = base_ep + "/v2.0"
+        else:
+            ep = base_ep + "/v3"
+        return ep
+
+    def get_default_keystone_session(self, keystone_sentry,
+                                     openstack_release=None):
+        """Return a keystone session object and client object assuming standard
+           default settings
+
+           Example call in amulet tests:
+               self.keystone_session, self.keystone = u.get_default_keystone_session(
+                   self.keystone_sentry,
+                   openstack_release=self._get_openstack_release())
+
+           The session can then be used to auth other clients:
+               neutronclient.Client(session=session)
+               aodh_client.Client(session=session)
+               eyc
+        """
+        self.log.debug('Authenticating keystone admin...')
+        api_version = 2
+        client_class = keystone_client.Client
+        # 11 => xenial_queens
+        if openstack_release and openstack_release >= 11:
+            api_version = 3
+            client_class = keystone_client_v3.Client
+        keystone_ip = keystone_sentry.info['public-address']
+        session, auth = self.get_keystone_session(
+            keystone_ip,
+            api_version=api_version,
+            username='admin',
+            password='openstack',
+            project_name='admin',
+            user_domain_name='admin_domain',
+            project_domain_name='admin_domain')
+        client = client_class(session=session)
        # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
+        client.auth_ref = auth.get_access(session)
+        return session, client

    def authenticate_keystone_admin(self, keystone_sentry, user, password,
                                    tenant=None, api_version=None,
--- a/hooks/charmhelpers/contrib/openstack/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/utils.py
@ -182,7 +182,7 @@ SWIFT_CODENAMES = OrderedDict([
    ('pike',
        ['2.13.0', '2.15.0']),
    ('queens',
-        ['2.16.0']),
+        ['2.16.0', '2.17.0']),
 ])

 # >= Liberty version->codename mapping
--- a/templates/queens/l3_agent.ini
+++ b/templates/queens/l3_agent.ini
@ -0,0 +1,30 @@
+# newton
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+interface_driver = openvswitch
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+handle_internal_only_routers = {{ handle_internal_only_router }}
+{% if plugin == 'n1kv' %}
+l3_agent_manager = neutron.agent.l3_agent.L3NATAgentWithStateReport
+external_network_bridge = br-int
+ovs_use_veth = False
+use_namespaces = True
+{% else %}
+ovs_use_veth = True
+{% endif %}
+{% if external_configuration_new -%}
+gateway_external_network_id =
+external_network_bridge =
+{% elif ext_net_id %}
+gateway_external_network_id = {{ ext_net_id }}
+{% else %}
+# Set default to deprecated external networking config
+external_network_bridge = br-ex
+{% endif -%}
+agent_mode = {{ agent_mode }}
+
+[AGENT]
+extensions = fwaas
--- a/templates/queens/metadata_agent.ini
+++ b/templates/queens/metadata_agent.ini
@ -0,0 +1,15 @@
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+# Metadata service seems to cache neutron api url from keystone so trigger
+# restart if it changes: {{ quantum_url }}
+[DEFAULT]
+root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+state_path = /var/lib/neutron
+# Gateway runs a metadata API server locally
+nova_metadata_ip = {{ local_ip }}
+nova_metadata_port = 8775
+metadata_proxy_shared_secret = {{ shared_secret }}
+cache_url = memory://?default_ttl=5
+metadata_workers = {{ workers }}
--- a/tests/basic_deployment.py
+++ b/tests/basic_deployment.py
@ -155,19 +155,12 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
        self.neutron_api_sentry = self.d.sentry['neutron-api'][0]

        # Authenticate admin with keystone
-        self.keystone = u.authenticate_keystone_admin(self.keystone_sentry,
-                                                      user='admin',
-                                                      password='openstack',
-                                                      tenant='admin')
+        self.keystone_session, self.keystone = u.get_default_keystone_session(
+            self.keystone_sentry,
+            openstack_release=self._get_openstack_release())

        # Authenticate admin with neutron
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')
-        self.neutron = neutronclient.Client(auth_url=ep,
-                                            username='admin',
-                                            password='openstack',
-                                            tenant_name='admin',
-                                            region_name='RegionOne')
+        self.neutron = neutronclient.Client(session=self.keystone_session)

    def get_private_address(self, unit):
        """Return the private address of the given sentry unit."""
@ -220,7 +213,10 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
        }
        actual = self.keystone.service_catalog.get_endpoints()

-        ret = u.validate_svc_catalog_endpoint_data(expected, actual)
+        ret = u.validate_svc_catalog_endpoint_data(
+            expected,
+            actual,
+            openstack_release=self._get_openstack_release())
        if ret:
            amulet.raise_status(amulet.FAIL, msg=ret)

@ -237,8 +233,13 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
            'publicurl': u.valid_url,
            'service_id': u.not_null
        }
-        ret = u.validate_endpoint_data(endpoints, admin_port, internal_port,
-                                       public_port, expected)
+        ret = u.validate_endpoint_data(
+            endpoints,
+            admin_port,
+            internal_port,
+            public_port,
+            expected,
+            openstack_release=self._get_openstack_release())

        if ret:
            amulet.raise_status(amulet.FAIL,
@ -657,11 +658,6 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
        """Verify the data in the l3 agent config file."""
        u.log.debug('Checking neutron gateway l3 agent config file data...')
        unit = self.neutron_gateway_sentry
-        ncc_ng_rel = self.nova_cc_sentry.relation(
-            'quantum-network-service',
-            'neutron-gateway:quantum-network-service')
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')

        conf = '/etc/neutron/l3_agent.ini'

@ -675,11 +671,6 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
                                'OVSInterfaceDriver')
        expected = {
            'interface_driver': interface_driver,
-            'auth_url': ep,
-            'auth_region': 'RegionOne',
-            'admin_tenant_name': 'services',
-            'admin_password': ncc_ng_rel['service_password'],
-            'admin_user': ncc_ng_rel['service_username'],
            'root_helper': 'sudo /usr/bin/neutron-rootwrap '
                           '/etc/neutron/rootwrap.conf',
            'ovs_use_veth': 'True',
@ -745,19 +736,9 @@ class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
        u.log.debug('Checking neutron gateway metadata agent '
                    'config file data...')
        unit = self.neutron_gateway_sentry
-        ep = self.keystone.service_catalog.url_for(service_type='identity',
-                                                   interface='publicURL')
-        nova_cc_relation = self.nova_cc_sentry.relation(
-            'quantum-network-service',
-            'neutron-gateway:quantum-network-service')

        conf = '/etc/neutron/metadata_agent.ini'
        expected = {
-            'auth_url': ep,
-            'auth_region': 'RegionOne',
-            'admin_tenant_name': 'services',
-            'admin_password': nova_cc_relation['service_password'],
-            'admin_user': nova_cc_relation['service_username'],
            'root_helper': 'sudo neutron-rootwrap '
                           '/etc/neutron/rootwrap.conf',
            'state_path': '/var/lib/neutron',
--- a/tests/charmhelpers/contrib/openstack/amulet/deployment.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/deployment.py
@ -21,6 +21,9 @@ from collections import OrderedDict
 from charmhelpers.contrib.amulet.deployment import (
    AmuletDeployment
 )
+from charmhelpers.contrib.openstack.amulet.utils import (
+    OPENSTACK_RELEASES_PAIRS
+)

 DEBUG = logging.DEBUG
 ERROR = logging.ERROR
@ -271,11 +274,8 @@ class OpenStackAmuletDeployment(AmuletDeployment):
           release.
           """
        # Must be ordered by OpenStack release (not by Ubuntu release):
-        (self.trusty_icehouse, self.trusty_kilo, self.trusty_liberty,
-         self.trusty_mitaka, self.xenial_mitaka, self.xenial_newton,
-         self.yakkety_newton, self.xenial_ocata, self.zesty_ocata,
-         self.xenial_pike, self.artful_pike, self.xenial_queens,
-         self.bionic_queens,) = range(13)
+        for i, os_pair in enumerate(OPENSTACK_RELEASES_PAIRS):
+            setattr(self, os_pair, i)

        releases = {
            ('trusty', None): self.trusty_icehouse,
--- a/tests/charmhelpers/contrib/openstack/amulet/utils.py
+++ b/tests/charmhelpers/contrib/openstack/amulet/utils.py
@ -50,6 +50,13 @@ ERROR = logging.ERROR

 NOVA_CLIENT_VERSION = "2"

+OPENSTACK_RELEASES_PAIRS = [
+    'trusty_icehouse', 'trusty_kilo', 'trusty_liberty',
+    'trusty_mitaka', 'xenial_mitaka', 'xenial_newton',
+    'yakkety_newton', 'xenial_ocata', 'zesty_ocata',
+    'xenial_pike', 'artful_pike', 'xenial_queens',
+    'bionic_queens']
+

 class OpenStackAmuletUtils(AmuletUtils):
    """OpenStack amulet utilities.
@ -63,6 +70,33 @@ class OpenStackAmuletUtils(AmuletUtils):
        super(OpenStackAmuletUtils, self).__init__(log_level)

    def validate_endpoint_data(self, endpoints, admin_port, internal_port,
+                               public_port, expected, openstack_release=None):
+        """Validate endpoint data. Pick the correct validator based on
+           OpenStack release. Expected data should be in the v2 format:
+           {
+               'id': id,
+               'region': region,
+               'adminurl': adminurl,
+               'internalurl': internalurl,
+               'publicurl': publicurl,
+               'service_id': service_id}
+
+           """
+        validation_function = self.validate_v2_endpoint_data
+        xenial_queens = OPENSTACK_RELEASES_PAIRS.index('xenial_queens')
+        if openstack_release and openstack_release >= xenial_queens:
+                validation_function = self.validate_v3_endpoint_data
+                expected = {
+                    'id': expected['id'],
+                    'region': expected['region'],
+                    'region_id': 'RegionOne',
+                    'url': self.valid_url,
+                    'interface': self.not_null,
+                    'service_id': expected['service_id']}
+        return validation_function(endpoints, admin_port, internal_port,
+                                   public_port, expected)
+
+    def validate_v2_endpoint_data(self, endpoints, admin_port, internal_port,
                                  public_port, expected):
        """Validate endpoint data.

@ -141,7 +175,86 @@ class OpenStackAmuletUtils(AmuletUtils):
        if len(found) != expected_num_eps:
            return 'Unexpected number of endpoints found'

-    def validate_svc_catalog_endpoint_data(self, expected, actual):
+    def convert_svc_catalog_endpoint_data_to_v3(self, ep_data):
+        """Convert v2 endpoint data into v3.
+
+           {
+               'service_name1': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+               'service_name2': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+           }
+          """
+        self.log.warn("Endpoint ID and Region ID validation is limited to not "
+                      "null checks after v2 to v3 conversion")
+        for svc in ep_data.keys():
+            assert len(ep_data[svc]) == 1, "Unknown data format"
+            svc_ep_data = ep_data[svc][0]
+            ep_data[svc] = [
+                {
+                    'url': svc_ep_data['adminURL'],
+                    'interface': 'admin',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null},
+                {
+                    'url': svc_ep_data['publicURL'],
+                    'interface': 'public',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null},
+                {
+                    'url': svc_ep_data['internalURL'],
+                    'interface': 'internal',
+                    'region': svc_ep_data['region'],
+                    'region_id': self.not_null,
+                    'id': self.not_null}]
+        return ep_data
+
+    def validate_svc_catalog_endpoint_data(self, expected, actual,
+                                           openstack_release=None):
+        """Validate service catalog endpoint data. Pick the correct validator
+           for the OpenStack version. Expected data should be in the v2 format:
+           {
+               'service_name1': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+               'service_name2': [
+                   {
+                       'adminURL': adminURL,
+                       'id': id,
+                       'region': region.
+                       'publicURL': publicURL,
+                       'internalURL': internalURL
+                   }],
+           }
+
+           """
+        validation_function = self.validate_v2_svc_catalog_endpoint_data
+        xenial_queens = OPENSTACK_RELEASES_PAIRS.index('xenial_queens')
+        if openstack_release and openstack_release >= xenial_queens:
+            validation_function = self.validate_v3_svc_catalog_endpoint_data
+            expected = self.convert_svc_catalog_endpoint_data_to_v3(expected)
+        return validation_function(expected, actual)
+
+    def validate_v2_svc_catalog_endpoint_data(self, expected, actual):
        """Validate service catalog endpoint data.

           Validate a list of actual service catalog endpoints vs a list of
@ -367,13 +480,36 @@ class OpenStackAmuletUtils(AmuletUtils):
                              project_domain_name=None, project_name=None):
        """Authenticate with Keystone"""
        self.log.debug('Authenticating with keystone...')
-        port = 5000
-        if admin_port:
-            port = 35357
-        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
-                                        port)
-        if not api_version or api_version == 2:
-            ep = base_ep + "/v2.0"
+        if not api_version:
+            api_version = 2
+        sess, auth = self.get_keystone_session(
+            keystone_ip=keystone_ip,
+            username=username,
+            password=password,
+            api_version=api_version,
+            admin_port=admin_port,
+            user_domain_name=user_domain_name,
+            domain_name=domain_name,
+            project_domain_name=project_domain_name,
+            project_name=project_name
+        )
+        if api_version == 2:
+            client = keystone_client.Client(session=sess)
+        else:
+            client = keystone_client_v3.Client(session=sess)
+        # This populates the client.service_catalog
+        client.auth_ref = auth.get_access(sess)
+        return client
+
+    def get_keystone_session(self, keystone_ip, username, password,
+                             api_version=False, admin_port=False,
+                             user_domain_name=None, domain_name=None,
+                             project_domain_name=None, project_name=None):
+        """Return a keystone session object"""
+        ep = self.get_keystone_endpoint(keystone_ip,
+                                        api_version=api_version,
+                                        admin_port=admin_port)
+        if api_version == 2:
            auth = v2.Password(
                username=username,
                password=password,
@ -381,12 +517,7 @@ class OpenStackAmuletUtils(AmuletUtils):
                auth_url=ep
            )
            sess = keystone_session.Session(auth=auth)
-            client = keystone_client.Client(session=sess)
-            # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
        else:
-            ep = base_ep + "/v3"
            auth = v3.Password(
                user_domain_name=user_domain_name,
                username=username,
@ -397,10 +528,57 @@ class OpenStackAmuletUtils(AmuletUtils):
                auth_url=ep
            )
            sess = keystone_session.Session(auth=auth)
-            client = keystone_client_v3.Client(session=sess)
+        return (sess, auth)
+
+    def get_keystone_endpoint(self, keystone_ip, api_version=None,
+                              admin_port=False):
+        """Return keystone endpoint"""
+        port = 5000
+        if admin_port:
+            port = 35357
+        base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'),
+                                        port)
+        if api_version == 2:
+            ep = base_ep + "/v2.0"
+        else:
+            ep = base_ep + "/v3"
+        return ep
+
+    def get_default_keystone_session(self, keystone_sentry,
+                                     openstack_release=None):
+        """Return a keystone session object and client object assuming standard
+           default settings
+
+           Example call in amulet tests:
+               self.keystone_session, self.keystone = u.get_default_keystone_session(
+                   self.keystone_sentry,
+                   openstack_release=self._get_openstack_release())
+
+           The session can then be used to auth other clients:
+               neutronclient.Client(session=session)
+               aodh_client.Client(session=session)
+               eyc
+        """
+        self.log.debug('Authenticating keystone admin...')
+        api_version = 2
+        client_class = keystone_client.Client
+        # 11 => xenial_queens
+        if openstack_release and openstack_release >= 11:
+            api_version = 3
+            client_class = keystone_client_v3.Client
+        keystone_ip = keystone_sentry.info['public-address']
+        session, auth = self.get_keystone_session(
+            keystone_ip,
+            api_version=api_version,
+            username='admin',
+            password='openstack',
+            project_name='admin',
+            user_domain_name='admin_domain',
+            project_domain_name='admin_domain')
+        client = client_class(session=session)
        # This populates the client.service_catalog
-            client.auth_ref = auth.get_access(sess)
-            return client
+        client.auth_ref = auth.get_access(session)
+        return session, client

    def authenticate_keystone_admin(self, keystone_sentry, user, password,
                                    tenant=None, api_version=None,
--- a/tests/charmhelpers/contrib/openstack/utils.py
+++ b/tests/charmhelpers/contrib/openstack/utils.py
@ -182,7 +182,7 @@ SWIFT_CODENAMES = OrderedDict([
    ('pike',
        ['2.13.0', '2.15.0']),
    ('queens',
-        ['2.16.0']),
+        ['2.16.0', '2.17.0']),
 ])

 # >= Liberty version->codename mapping
--- a/tests/gate-basic-xenial-queens
+++ b/tests/gate-basic-xenial-queens