c491835877
Change-Id: Icb249cb96621dd358413ff96f7aacb5ee63d6452
1044 lines
43 KiB
Python
1044 lines
43 KiB
Python
import amulet
|
|
import time
|
|
import subprocess
|
|
import json
|
|
|
|
from neutronclient.v2_0 import client as neutronclient
|
|
|
|
from charmhelpers.contrib.openstack.amulet.deployment import (
|
|
OpenStackAmuletDeployment
|
|
)
|
|
|
|
from charmhelpers.contrib.openstack.amulet.utils import (
|
|
OpenStackAmuletUtils,
|
|
DEBUG,
|
|
# ERROR
|
|
)
|
|
|
|
from charmhelpers.contrib.openstack.utils import (
|
|
CompareOpenStackReleases,
|
|
)
|
|
# Use DEBUG to turn on debug logging
|
|
u = OpenStackAmuletUtils(DEBUG)
|
|
|
|
|
|
class NeutronGatewayBasicDeployment(OpenStackAmuletDeployment):
|
|
"""Amulet tests on a basic neutron-gateway deployment."""
|
|
|
|
def __init__(self, series, openstack=None, source=None,
|
|
stable=False):
|
|
"""Deploy the entire test environment."""
|
|
super(NeutronGatewayBasicDeployment, self).__init__(series, openstack,
|
|
source, stable)
|
|
self._add_services()
|
|
self._add_relations()
|
|
self._configure_services()
|
|
self._deploy()
|
|
|
|
u.log.info('Waiting on extended status checks...')
|
|
self.exclude_services = []
|
|
self._auto_wait_for_status(exclude_services=self.exclude_services)
|
|
|
|
self.d.sentry.wait()
|
|
self._initialize_tests()
|
|
|
|
def _add_services(self):
|
|
"""Add services
|
|
|
|
Add the services that we're testing, where neutron-gateway is local,
|
|
and the rest of the service are from lp branches that are
|
|
compatible with the local charm (e.g. stable or next).
|
|
"""
|
|
this_service = {'name': 'neutron-gateway'}
|
|
other_services = [
|
|
{'name': 'percona-cluster', 'constraints': {'mem': '3072M'}},
|
|
{'name': 'rabbitmq-server'},
|
|
{'name': 'keystone'},
|
|
{'name': 'glance'}, # satisfy workload status
|
|
{'name': 'nova-cloud-controller'},
|
|
{'name': 'nova-compute'}, # satisfy workload stat
|
|
{'name': 'neutron-openvswitch'},
|
|
{'name': 'neutron-api'}
|
|
]
|
|
|
|
super(NeutronGatewayBasicDeployment, self)._add_services(
|
|
this_service, other_services)
|
|
|
|
def _add_relations(self):
|
|
"""Add all of the relations for the services."""
|
|
relations = {
|
|
'keystone:shared-db': 'percona-cluster:shared-db',
|
|
'neutron-gateway:amqp': 'rabbitmq-server:amqp',
|
|
'nova-cloud-controller:quantum-network-service':
|
|
'neutron-gateway:quantum-network-service',
|
|
'nova-cloud-controller:shared-db': 'percona-cluster:shared-db',
|
|
'nova-cloud-controller:identity-service': 'keystone:'
|
|
'identity-service',
|
|
'nova-cloud-controller:amqp': 'rabbitmq-server:amqp',
|
|
'neutron-api:shared-db': 'percona-cluster:shared-db',
|
|
'neutron-api:amqp': 'rabbitmq-server:amqp',
|
|
'neutron-api:neutron-api': 'nova-cloud-controller:neutron-api',
|
|
'neutron-api:identity-service': 'keystone:identity-service',
|
|
'glance:identity-service': 'keystone:identity-service',
|
|
'glance:shared-db': 'percona-cluster:shared-db',
|
|
'glance:amqp': 'rabbitmq-server:amqp',
|
|
'nova-cloud-controller:cloud-compute': 'nova-compute:'
|
|
'cloud-compute',
|
|
'nova-compute:amqp': 'rabbitmq-server:amqp',
|
|
'nova-compute:neutron-plugin': 'neutron-openvswitch:'
|
|
'neutron-plugin',
|
|
'rabbitmq-server:amqp': 'neutron-openvswitch:amqp',
|
|
'nova-compute:image-service': 'glance:image-service',
|
|
'nova-cloud-controller:image-service': 'glance:image-service',
|
|
'neutron-api:neutron-plugin-api': 'neutron-gateway:'
|
|
'neutron-plugin-api',
|
|
}
|
|
super(NeutronGatewayBasicDeployment, self)._add_relations(relations)
|
|
|
|
def _configure_services(self):
|
|
"""Configure all of the services."""
|
|
neutron_gateway_config = {'aa-profile-mode': 'enforce'}
|
|
keystone_config = {
|
|
'admin-password': 'openstack',
|
|
'admin-token': 'ubuntutesting',
|
|
}
|
|
nova_cc_config = {
|
|
'network-manager': 'Neutron',
|
|
}
|
|
pxc_config = {
|
|
'dataset-size': '25%',
|
|
'max-connections': 1000,
|
|
'root-password': 'ChangeMe123',
|
|
'sst-password': 'ChangeMe123',
|
|
}
|
|
configs = {
|
|
'neutron-gateway': neutron_gateway_config,
|
|
'keystone': keystone_config,
|
|
'percona-cluster': pxc_config,
|
|
'nova-cloud-controller': nova_cc_config
|
|
}
|
|
super(NeutronGatewayBasicDeployment, self)._configure_services(configs)
|
|
|
|
def _run_action(self, unit_id, action, *args):
|
|
command = ["juju", "action", "do", "--format=json", unit_id, action]
|
|
command.extend(args)
|
|
output = subprocess.check_output(command)
|
|
output_json = output.decode(encoding="UTF-8")
|
|
data = json.loads(output_json)
|
|
action_id = data[u'Action queued with id']
|
|
return action_id
|
|
|
|
def _wait_on_action(self, action_id):
|
|
command = ["juju", "action", "fetch", "--format=json", action_id]
|
|
while True:
|
|
try:
|
|
output = subprocess.check_output(command)
|
|
except Exception as e:
|
|
print(e)
|
|
return False
|
|
output_json = output.decode(encoding="UTF-8")
|
|
data = json.loads(output_json)
|
|
if data[u"status"] == "completed":
|
|
return True
|
|
elif data[u"status"] == "failed":
|
|
return False
|
|
time.sleep(2)
|
|
|
|
def _initialize_tests(self):
|
|
"""Perform final initialization before tests get run."""
|
|
# Access the sentries for inspecting service units
|
|
self.pxc_sentry = self.d.sentry['percona-cluster'][0]
|
|
self.keystone_sentry = self.d.sentry['keystone'][0]
|
|
self.rmq_sentry = self.d.sentry['rabbitmq-server'][0]
|
|
self.nova_cc_sentry = self.d.sentry['nova-cloud-controller'][0]
|
|
self.neutron_gateway_sentry = self.d.sentry['neutron-gateway'][0]
|
|
self.neutron_api_sentry = self.d.sentry['neutron-api'][0]
|
|
|
|
# pidof is failing to find neutron-server on stein
|
|
# use pgrep instead.
|
|
if self._get_openstack_release() >= self.bionic_stein:
|
|
self.pgrep_full = True
|
|
else:
|
|
self.pgrep_full = False
|
|
|
|
# Authenticate admin with keystone
|
|
self.keystone_session, self.keystone = u.get_default_keystone_session(
|
|
self.keystone_sentry,
|
|
openstack_release=self._get_openstack_release())
|
|
|
|
# Authenticate admin with neutron
|
|
self.neutron = neutronclient.Client(session=self.keystone_session)
|
|
|
|
def get_private_address(self, unit):
|
|
"""Return the private address of the given sentry unit."""
|
|
address, retcode = unit.run('unit-get private-address')
|
|
assert retcode == 0, 'error retrieving unit private address'
|
|
return address.strip()
|
|
|
|
def test_100_services(self):
|
|
"""Verify the expected services are running on the corresponding
|
|
service units."""
|
|
neutron_services = ['neutron-dhcp-agent',
|
|
'neutron-lbaas-agent',
|
|
'neutron-metadata-agent',
|
|
'neutron-metering-agent',
|
|
'neutron-plugin-openvswitch-agent']
|
|
|
|
if self._get_openstack_release() <= self.trusty_icehouse:
|
|
neutron_services.append('neutron-vpn-agent')
|
|
if self._get_openstack_release() >= self.trusty_mitaka:
|
|
neutron_services.append('neutron-l3-agent')
|
|
# neutron-plugin-openvswitch-agent -> neutron-openvswitch-agent
|
|
neutron_services.remove('neutron-plugin-openvswitch-agent')
|
|
neutron_services.append('neutron-openvswitch-agent')
|
|
if self._get_openstack_release() >= self.xenial_newton:
|
|
neutron_services.remove('neutron-lbaas-agent')
|
|
neutron_services.append('neutron-lbaasv2-agent')
|
|
|
|
commands = {
|
|
self.neutron_gateway_sentry: neutron_services
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.trusty_liberty:
|
|
commands[self.keystone_sentry] = ['apache2']
|
|
|
|
ret = u.validate_services_by_name(commands)
|
|
if ret:
|
|
amulet.raise_status(amulet.FAIL, msg=ret)
|
|
|
|
def test_102_service_catalog(self):
|
|
"""Verify that the service catalog endpoint data is valid."""
|
|
u.log.debug('Checking keystone service catalog...')
|
|
endpoint_check = {
|
|
'adminURL': u.valid_url,
|
|
'id': u.not_null,
|
|
'region': 'RegionOne',
|
|
'publicURL': u.valid_url,
|
|
'internalURL': u.valid_url
|
|
}
|
|
expected = {
|
|
'network': [endpoint_check],
|
|
}
|
|
actual = self.keystone.service_catalog.get_endpoints()
|
|
|
|
ret = u.validate_svc_catalog_endpoint_data(
|
|
expected,
|
|
actual,
|
|
openstack_release=self._get_openstack_release())
|
|
if ret:
|
|
amulet.raise_status(amulet.FAIL, msg=ret)
|
|
|
|
def test_104_network_endpoint(self):
|
|
"""Verify the neutron network endpoint data."""
|
|
u.log.debug('Checking neutron network api endpoint data...')
|
|
endpoints = self.keystone.endpoints.list()
|
|
admin_port = internal_port = public_port = '9696'
|
|
expected = {
|
|
'id': u.not_null,
|
|
'region': 'RegionOne',
|
|
'adminurl': u.valid_url,
|
|
'internalurl': u.valid_url,
|
|
'publicurl': u.valid_url,
|
|
'service_id': u.not_null
|
|
}
|
|
ret = u.validate_endpoint_data(
|
|
endpoints,
|
|
admin_port,
|
|
internal_port,
|
|
public_port,
|
|
expected,
|
|
openstack_release=self._get_openstack_release())
|
|
|
|
if ret:
|
|
amulet.raise_status(amulet.FAIL,
|
|
msg='glance endpoint: {}'.format(ret))
|
|
|
|
def test_202_neutron_gateway_rabbitmq_amqp_relation(self):
|
|
"""Verify the neutron-gateway to rabbitmq-server amqp relation data"""
|
|
u.log.debug('Checking neutron-gateway:rmq amqp relation data...')
|
|
unit = self.neutron_gateway_sentry
|
|
relation = ['amqp', 'rabbitmq-server:amqp']
|
|
expected = {
|
|
'username': 'neutron',
|
|
'private-address': u.valid_ip,
|
|
'vhost': 'openstack'
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-gateway amqp', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_203_rabbitmq_neutron_gateway_amqp_relation(self):
|
|
"""Verify the rabbitmq-server to neutron-gateway amqp relation data"""
|
|
u.log.debug('Checking rmq:neutron-gateway amqp relation data...')
|
|
unit = self.rmq_sentry
|
|
relation = ['amqp', 'neutron-gateway:amqp']
|
|
expected = {
|
|
'private-address': u.valid_ip,
|
|
'password': u.not_null,
|
|
'hostname': u.valid_ip
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('rabbitmq amqp', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_204_neutron_gateway_network_service_relation(self):
|
|
"""Verify the neutron-gateway to nova-cc quantum-network-service
|
|
relation data"""
|
|
u.log.debug('Checking neutron-gateway:nova-cc net svc '
|
|
'relation data...')
|
|
unit = self.neutron_gateway_sentry
|
|
relation = ['quantum-network-service',
|
|
'nova-cloud-controller:quantum-network-service']
|
|
expected = {
|
|
'private-address': u.valid_ip
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-gateway network-service', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_205_nova_cc_network_service_relation(self):
|
|
"""Verify the nova-cc to neutron-gateway quantum-network-service
|
|
relation data"""
|
|
u.log.debug('Checking nova-cc:neutron-gateway net svc '
|
|
'relation data...')
|
|
unit = self.nova_cc_sentry
|
|
relation = ['quantum-network-service',
|
|
'neutron-gateway:quantum-network-service']
|
|
expected = {
|
|
'service_protocol': 'http',
|
|
'service_tenant': 'services',
|
|
'quantum_url': u.valid_url,
|
|
'quantum_port': '9696',
|
|
'service_port': '5000',
|
|
'region': 'RegionOne',
|
|
'service_password': u.not_null,
|
|
'quantum_host': u.valid_ip,
|
|
'auth_port': '35357',
|
|
'auth_protocol': 'http',
|
|
'private-address': u.valid_ip,
|
|
'keystone_host': u.valid_ip,
|
|
'quantum_plugin': 'ovs',
|
|
'auth_host': u.valid_ip,
|
|
'service_tenant_name': 'services'
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.xenial_ocata:
|
|
# Ocata or later
|
|
expected['service_username'] = 'nova_placement'
|
|
elif self._get_openstack_release() >= self.trusty_kilo:
|
|
# Kilo or later
|
|
expected['service_username'] = 'nova'
|
|
else:
|
|
# Juno or earlier
|
|
expected['service_username'] = 'ec2_nova_s3'
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('nova-cc network-service', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_206_neutron_api_shared_db_relation(self):
|
|
"""Verify the neutron-api to mysql shared-db relation data"""
|
|
u.log.debug('Checking neutron-api:mysql db relation data...')
|
|
unit = self.neutron_api_sentry
|
|
relation = ['shared-db', 'percona-cluster:shared-db']
|
|
expected = {
|
|
'private-address': u.valid_ip,
|
|
'database': 'neutron',
|
|
'username': 'neutron',
|
|
'hostname': u.valid_ip
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-api shared-db', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_207_shared_db_neutron_api_relation(self):
|
|
"""Verify the mysql to neutron-api shared-db relation data"""
|
|
u.log.debug('Checking mysql:neutron-api db relation data...')
|
|
unit = self.pxc_sentry
|
|
relation = ['shared-db', 'neutron-api:shared-db']
|
|
expected = {
|
|
'db_host': u.valid_ip,
|
|
'private-address': u.valid_ip,
|
|
'password': u.not_null,
|
|
'allowed_units': u.not_null,
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('mysql shared-db', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_208_neutron_api_amqp_relation(self):
|
|
"""Verify the neutron-api to rabbitmq-server amqp relation data"""
|
|
u.log.debug('Checking neutron-api:amqp relation data...')
|
|
unit = self.neutron_api_sentry
|
|
relation = ['amqp', 'rabbitmq-server:amqp']
|
|
expected = {
|
|
'username': 'neutron',
|
|
'private-address': u.valid_ip,
|
|
'vhost': 'openstack'
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-api amqp', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_209_amqp_neutron_api_relation(self):
|
|
"""Verify the rabbitmq-server to neutron-api amqp relation data"""
|
|
u.log.debug('Checking amqp:neutron-api relation data...')
|
|
unit = self.rmq_sentry
|
|
relation = ['amqp', 'neutron-api:amqp']
|
|
expected = {
|
|
'hostname': u.valid_ip,
|
|
'private-address': u.valid_ip,
|
|
'password': u.not_null
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('rabbitmq amqp', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_210_neutron_api_keystone_identity_relation(self):
|
|
"""Verify the neutron-api to keystone identity-service relation data"""
|
|
u.log.debug('Checking neutron-api:keystone id relation data...')
|
|
unit = self.neutron_api_sentry
|
|
relation = ['identity-service', 'keystone:identity-service']
|
|
api_ip = unit.relation('identity-service',
|
|
'keystone:identity-service')['private-address']
|
|
api_endpoint = 'http://{}:9696'.format(api_ip)
|
|
expected = {
|
|
'private-address': u.valid_ip,
|
|
'neutron_region': 'RegionOne',
|
|
'neutron_service': 'neutron',
|
|
'neutron_admin_url': api_endpoint,
|
|
'neutron_internal_url': api_endpoint,
|
|
'neutron_public_url': api_endpoint,
|
|
}
|
|
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-api identity-service', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_211_keystone_neutron_api_identity_relation(self):
|
|
"""Verify the keystone to neutron-api identity-service relation data"""
|
|
u.log.debug('Checking keystone:neutron-api id relation data...')
|
|
unit = self.keystone_sentry
|
|
relation = ['identity-service', 'neutron-api:identity-service']
|
|
rel_ks_id = unit.relation('identity-service',
|
|
'neutron-api:identity-service')
|
|
id_ip = rel_ks_id['private-address']
|
|
expected = {
|
|
'admin_token': 'ubuntutesting',
|
|
'auth_host': id_ip,
|
|
'auth_port': "35357",
|
|
'auth_protocol': 'http',
|
|
'private-address': id_ip,
|
|
'service_host': id_ip,
|
|
}
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-api identity-service', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_212_neutron_api_novacc_relation(self):
|
|
"""Verify the neutron-api to nova-cloud-controller relation data"""
|
|
u.log.debug('Checking neutron-api:novacc relation data...')
|
|
unit = self.neutron_api_sentry
|
|
relation = ['neutron-api', 'nova-cloud-controller:neutron-api']
|
|
api_ip = unit.relation('identity-service',
|
|
'keystone:identity-service')['private-address']
|
|
api_endpoint = 'http://{}:9696'.format(api_ip)
|
|
expected = {
|
|
'private-address': api_ip,
|
|
'neutron-plugin': 'ovs',
|
|
'neutron-url': api_endpoint,
|
|
}
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('neutron-api neutron-api', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_213_novacc_neutron_api_relation(self):
|
|
"""Verify the nova-cloud-controller to neutron-api relation data"""
|
|
u.log.debug('Checking novacc:neutron-api relation data...')
|
|
unit = self.nova_cc_sentry
|
|
relation = ['neutron-api', 'neutron-api:neutron-api']
|
|
cc_ip = unit.relation('neutron-api',
|
|
'neutron-api:neutron-api')['private-address']
|
|
cc_endpoint = 'http://{}:8774/v2'.format(cc_ip)
|
|
expected = {
|
|
'private-address': cc_ip,
|
|
'nova_url': cc_endpoint,
|
|
}
|
|
ret = u.validate_relation_data(unit, relation, expected)
|
|
if ret:
|
|
message = u.relation_error('nova-cc neutron-api', ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_301_neutron_ml2_config(self):
|
|
"""Verify the data in the ml2 config file. This is only available
|
|
since icehouse."""
|
|
|
|
unit = self.neutron_gateway_sentry
|
|
if self._get_openstack_release() < self.trusty_mitaka:
|
|
conf = '/etc/neutron/plugins/ml2/ml2_conf.ini'
|
|
expected = {
|
|
'ml2': {
|
|
'type_drivers': 'gre,vxlan,vlan,flat',
|
|
'tenant_network_types': 'gre,vxlan,vlan,flat',
|
|
'mechanism_drivers': 'openvswitch,hyperv,l2population'
|
|
},
|
|
'ml2_type_gre': {
|
|
'tunnel_id_ranges': '1:1000'
|
|
},
|
|
'ml2_type_vxlan': {
|
|
'vni_ranges': '1001:2000'
|
|
},
|
|
'ovs': {
|
|
'enable_tunneling': 'True',
|
|
'local_ip': self.get_private_address(unit)
|
|
},
|
|
'agent': {
|
|
'tunnel_types': 'gre',
|
|
'l2_population': 'True'
|
|
},
|
|
'securitygroup': {
|
|
'firewall_driver': 'neutron.agent.linux.iptables_firewall.'
|
|
'OVSHybridIptablesFirewallDriver'
|
|
}
|
|
}
|
|
else:
|
|
conf = '/etc/neutron/plugins/ml2/openvswitch_agent.ini'
|
|
expected = {
|
|
'ovs': {
|
|
'enable_tunneling': 'True',
|
|
'local_ip': self.get_private_address(unit)
|
|
},
|
|
'agent': {
|
|
'tunnel_types': 'gre',
|
|
'l2_population': 'True'
|
|
},
|
|
'securitygroup': {
|
|
'firewall_driver': 'neutron.agent.linux.iptables_firewall.'
|
|
'OVSHybridIptablesFirewallDriver'
|
|
}
|
|
}
|
|
|
|
for section, pairs in expected.iteritems():
|
|
ret = u.validate_config_data(unit, conf, section, pairs)
|
|
if ret:
|
|
message = "ml2 config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_302_neutron_dhcp_agent_config(self):
|
|
"""Verify the data in the dhcp agent config file."""
|
|
u.log.debug('Checking neutron gateway dhcp agent config file data...')
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/neutron/dhcp_agent.ini'
|
|
|
|
cmp_os_release = CompareOpenStackReleases(
|
|
self._get_openstack_release_string()
|
|
)
|
|
if cmp_os_release >= 'mitaka':
|
|
interface_driver = 'openvswitch'
|
|
else:
|
|
interface_driver = ('neutron.agent.linux.interface.'
|
|
'OVSInterfaceDriver')
|
|
expected = {
|
|
'state_path': '/var/lib/neutron',
|
|
'interface_driver': interface_driver,
|
|
'dhcp_driver': 'neutron.agent.linux.dhcp.Dnsmasq',
|
|
'root_helper': 'sudo /usr/bin/neutron-rootwrap '
|
|
'/etc/neutron/rootwrap.conf',
|
|
'ovs_use_veth': 'True'
|
|
}
|
|
section = 'DEFAULT'
|
|
|
|
ret = u.validate_config_data(unit, conf, section, expected)
|
|
if ret:
|
|
message = "dhcp agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_303_neutron_fwaas_driver_config(self):
|
|
"""Verify the data in the fwaas driver config file. This is only
|
|
available since havana."""
|
|
u.log.debug('Checking neutron gateway fwaas config file data...')
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/neutron/fwaas_driver.ini'
|
|
expected = {
|
|
'enabled': 'True'
|
|
}
|
|
section = 'fwaas'
|
|
|
|
if self._get_openstack_release() >= self.bionic_stein:
|
|
# Stein or later
|
|
expected['driver'] = 'iptables_v2'
|
|
expected['agent_version'] = 'v2'
|
|
elif self._get_openstack_release() >= self.xenial_newton:
|
|
# Newton or later
|
|
expected['driver'] = 'iptables'
|
|
expected['agent_version'] = 'v1'
|
|
elif self._get_openstack_release() >= self.trusty_kilo:
|
|
# Kilo or later
|
|
expected['driver'] = ('neutron_fwaas.services.firewall.drivers.'
|
|
'linux.iptables_fwaas.IptablesFwaasDriver')
|
|
else:
|
|
# Juno or earlier
|
|
expected['driver'] = ('neutron.services.firewall.drivers.linux.'
|
|
'iptables_fwaas.IptablesFwaasDriver')
|
|
|
|
ret = u.validate_config_data(unit, conf, section, expected)
|
|
if ret:
|
|
message = "fwaas driver config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_304_neutron_l3_agent_config(self):
|
|
"""Verify the data in the l3 agent config file."""
|
|
u.log.debug('Checking neutron gateway l3 agent config file data...')
|
|
unit = self.neutron_gateway_sentry
|
|
|
|
conf = '/etc/neutron/l3_agent.ini'
|
|
|
|
cmp_os_release = CompareOpenStackReleases(
|
|
self._get_openstack_release_string()
|
|
)
|
|
if cmp_os_release >= 'mitaka':
|
|
interface_driver = 'openvswitch'
|
|
else:
|
|
interface_driver = ('neutron.agent.linux.interface.'
|
|
'OVSInterfaceDriver')
|
|
expected = {
|
|
'interface_driver': interface_driver,
|
|
'root_helper': 'sudo /usr/bin/neutron-rootwrap '
|
|
'/etc/neutron/rootwrap.conf',
|
|
'ovs_use_veth': 'True',
|
|
'handle_internal_only_routers': 'True'
|
|
}
|
|
section = 'DEFAULT'
|
|
|
|
ret = u.validate_config_data(unit, conf, section, expected)
|
|
if ret:
|
|
message = "l3 agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_305_neutron_lbaas_agent_config(self):
|
|
"""Verify the data in the lbaas agent config file. This is only
|
|
available since havana."""
|
|
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/neutron/lbaas_agent.ini'
|
|
cmp_os_release = CompareOpenStackReleases(
|
|
self._get_openstack_release_string()
|
|
)
|
|
if cmp_os_release >= 'mitaka':
|
|
interface_driver = 'openvswitch'
|
|
else:
|
|
interface_driver = ('neutron.agent.linux.interface.'
|
|
'OVSInterfaceDriver')
|
|
expected = {
|
|
'DEFAULT': {
|
|
'interface_driver': interface_driver,
|
|
'periodic_interval': '10',
|
|
'ovs_use_veth': 'False',
|
|
},
|
|
'haproxy': {
|
|
'loadbalancer_state_path': '$state_path/lbaas',
|
|
'user_group': 'nogroup'
|
|
}
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.xenial_newton:
|
|
expected['DEFAULT']['device_driver'] = \
|
|
('neutron_lbaas.drivers.haproxy.namespace_driver.'
|
|
'HaproxyNSDriver')
|
|
expected['DEFAULT'].pop('periodic_interval')
|
|
expected['DEFAULT'].pop('ovs_use_veth')
|
|
elif self._get_openstack_release() >= self.trusty_kilo:
|
|
expected['DEFAULT']['device_driver'] = \
|
|
('neutron_lbaas.services.loadbalancer.drivers.haproxy.'
|
|
'namespace_driver.HaproxyNSDriver')
|
|
else:
|
|
# Juno or earlier
|
|
expected['DEFAULT']['device_driver'] = \
|
|
('neutron.services.loadbalancer.drivers.haproxy.'
|
|
'namespace_driver.HaproxyNSDriver')
|
|
|
|
for section, pairs in expected.iteritems():
|
|
ret = u.validate_config_data(unit, conf, section, pairs)
|
|
if ret:
|
|
message = "lbaas agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_306_neutron_metadata_agent_config(self):
|
|
"""Verify the data in the metadata agent config file."""
|
|
u.log.debug('Checking neutron gateway metadata agent '
|
|
'config file data...')
|
|
cmp_os_release = CompareOpenStackReleases(
|
|
self._get_openstack_release_string()
|
|
)
|
|
unit = self.neutron_gateway_sentry
|
|
if cmp_os_release >= 'rocky':
|
|
nova_metadata_ip_key = 'nova_metadata_host'
|
|
nova_metadata_ip_value = self.get_private_address(
|
|
self.nova_cc_sentry)
|
|
elif cmp_os_release >= 'queens':
|
|
nova_metadata_ip_key = 'nova_metadata_host'
|
|
nova_metadata_ip_value = self.get_private_address(unit)
|
|
else:
|
|
nova_metadata_ip_key = 'nova_metadata_ip'
|
|
nova_metadata_ip_value = self.get_private_address(unit)
|
|
|
|
conf = '/etc/neutron/metadata_agent.ini'
|
|
expected = {
|
|
'root_helper': 'sudo neutron-rootwrap '
|
|
'/etc/neutron/rootwrap.conf',
|
|
'state_path': '/var/lib/neutron',
|
|
nova_metadata_ip_key: nova_metadata_ip_value,
|
|
'nova_metadata_port': '8775',
|
|
'cache_url': 'memory://?default_ttl=5'
|
|
}
|
|
section = 'DEFAULT'
|
|
|
|
ret = u.validate_config_data(unit, conf, section, expected)
|
|
if ret:
|
|
message = "metadata agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_307_neutron_metering_agent_config(self):
|
|
"""Verify the data in the metering agent config file. This is only
|
|
available since havana."""
|
|
u.log.debug('Checking neutron gateway metering agent '
|
|
'config file data...')
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/neutron/metering_agent.ini'
|
|
|
|
interface_driver = ('neutron.agent.linux.interface.'
|
|
'OVSInterfaceDriver')
|
|
expected = {
|
|
'driver': 'neutron.services.metering.drivers.iptables.'
|
|
'iptables_driver.IptablesMeteringDriver',
|
|
'measure_interval': '30',
|
|
'report_interval': '300',
|
|
'interface_driver': interface_driver,
|
|
'use_namespaces': 'True'
|
|
}
|
|
section = 'DEFAULT'
|
|
|
|
ret = u.validate_config_data(unit, conf, section, expected)
|
|
if ret:
|
|
message = "metering agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_308_neutron_nova_config(self):
|
|
"""Verify the data in the nova config file."""
|
|
u.log.debug('Checking neutron gateway nova config file data...')
|
|
if self._get_openstack_release() >= self.bionic_rocky:
|
|
u.log.info("Skipping test, gateway has no nova config after "
|
|
"Queens")
|
|
return
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/nova/nova.conf'
|
|
|
|
rabbitmq_relation = self.rmq_sentry.relation(
|
|
'amqp', 'neutron-gateway:amqp')
|
|
nova_cc_relation = self.nova_cc_sentry.relation(
|
|
'quantum-network-service',
|
|
'neutron-gateway:quantum-network-service')
|
|
ep = self.keystone.service_catalog.url_for(service_type='identity',
|
|
interface='adminURL')
|
|
|
|
expected = {
|
|
'DEFAULT': {
|
|
'logdir': '/var/log/nova',
|
|
'state_path': '/var/lib/nova',
|
|
'root_helper': 'sudo nova-rootwrap /etc/nova/rootwrap.conf',
|
|
'verbose': 'False',
|
|
'use_syslog': 'False',
|
|
'api_paste_config': '/etc/nova/api-paste.ini',
|
|
'enabled_apis': 'metadata',
|
|
'multi_host': 'True',
|
|
'network_api_class': 'nova.network.neutronv2.api.API',
|
|
}
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.trusty_kilo:
|
|
# Kilo or later
|
|
expected['oslo_messaging_rabbit'] = {
|
|
'rabbit_userid': 'neutron',
|
|
'rabbit_virtual_host': 'openstack',
|
|
'rabbit_password': rabbitmq_relation['password'],
|
|
'rabbit_host': rabbitmq_relation['hostname'],
|
|
}
|
|
expected['oslo_concurrency'] = {
|
|
'lock_path': '/var/lock/nova'
|
|
}
|
|
if self._get_openstack_release() >= self.trusty_mitaka:
|
|
expected['neutron'] = {
|
|
'url': nova_cc_relation['quantum_url'],
|
|
'auth_type': 'password',
|
|
'project_domain_name': 'default',
|
|
'user_domain_name': 'default',
|
|
'project_name': 'services',
|
|
'username': nova_cc_relation['service_username'],
|
|
'password': nova_cc_relation['service_password'],
|
|
'auth_url': ep.split('/v')[0],
|
|
'region': 'RegionOne',
|
|
'service_metadata_proxy': 'True',
|
|
'metadata_proxy_shared_secret': u.not_null
|
|
}
|
|
else:
|
|
expected['neutron'] = {
|
|
'auth_strategy': 'keystone',
|
|
'url': nova_cc_relation['quantum_url'],
|
|
'admin_tenant_name': 'services',
|
|
'admin_username': nova_cc_relation['service_username'],
|
|
'admin_password': nova_cc_relation['service_password'],
|
|
'admin_auth_url': ep,
|
|
'service_metadata_proxy': 'True',
|
|
'metadata_proxy_shared_secret': u.not_null
|
|
}
|
|
else:
|
|
# Juno or earlier
|
|
expected['DEFAULT'].update({
|
|
'rabbit_userid': 'neutron',
|
|
'rabbit_virtual_host': 'openstack',
|
|
'rabbit_password': rabbitmq_relation['password'],
|
|
'rabbit_host': rabbitmq_relation['hostname'],
|
|
'lock_path': '/var/lock/nova',
|
|
'neutron_auth_strategy': 'keystone',
|
|
'neutron_url': nova_cc_relation['quantum_url'],
|
|
'neutron_admin_tenant_name': 'services',
|
|
'neutron_admin_username': nova_cc_relation['service_username'],
|
|
'neutron_admin_password': nova_cc_relation['service_password'],
|
|
'neutron_admin_auth_url': ep,
|
|
'service_neutron_metadata_proxy': 'True',
|
|
})
|
|
|
|
for section, pairs in expected.iteritems():
|
|
ret = u.validate_config_data(unit, conf, section, pairs)
|
|
if ret:
|
|
message = "nova config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_309_neutron_vpn_agent_config(self):
|
|
"""Verify the data in the vpn agent config file. This isn't available
|
|
prior to havana."""
|
|
u.log.debug('Checking neutron gateway vpn agent config file data...')
|
|
unit = self.neutron_gateway_sentry
|
|
conf = '/etc/neutron/vpn_agent.ini'
|
|
expected = {
|
|
'ipsec': {
|
|
'ipsec_status_check_interval': '60'
|
|
}
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.trusty_kilo:
|
|
# Kilo or later
|
|
expected['vpnagent'] = {
|
|
'vpn_device_driver': 'neutron_vpnaas.services.vpn.'
|
|
'device_drivers.ipsec.OpenSwanDriver'
|
|
}
|
|
else:
|
|
# Juno or earlier
|
|
expected['vpnagent'] = {
|
|
'vpn_device_driver': 'neutron.services.vpn.device_drivers.'
|
|
'ipsec.OpenSwanDriver'
|
|
}
|
|
|
|
for section, pairs in expected.iteritems():
|
|
ret = u.validate_config_data(unit, conf, section, pairs)
|
|
if ret:
|
|
message = "vpn agent config error: {}".format(ret)
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
def test_400_create_network(self):
|
|
"""Create a network, verify that it exists, and then delete it."""
|
|
u.log.debug('Creating neutron network...')
|
|
self.neutron.format = 'json'
|
|
net_name = 'ext_net'
|
|
|
|
# Verify that the network doesn't exist
|
|
networks = self.neutron.list_networks(name=net_name)
|
|
net_count = len(networks['networks'])
|
|
if net_count != 0:
|
|
msg = "Expected zero networks, found {}".format(net_count)
|
|
amulet.raise_status(amulet.FAIL, msg=msg)
|
|
|
|
# Create a network and verify that it exists
|
|
network = {'name': net_name}
|
|
self.neutron.create_network({'network': network})
|
|
|
|
networks = self.neutron.list_networks(name=net_name)
|
|
u.log.debug('Networks: {}'.format(networks))
|
|
net_len = len(networks['networks'])
|
|
if net_len != 1:
|
|
msg = "Expected 1 network, found {}".format(net_len)
|
|
amulet.raise_status(amulet.FAIL, msg=msg)
|
|
|
|
u.log.debug('Confirming new neutron network...')
|
|
network = networks['networks'][0]
|
|
if network['name'] != net_name:
|
|
amulet.raise_status(amulet.FAIL, msg="network ext_net not found")
|
|
|
|
# Cleanup
|
|
u.log.debug('Deleting neutron network...')
|
|
self.neutron.delete_network(network['id'])
|
|
|
|
def test_401_enable_qos(self):
|
|
"""Check qos settings set via neutron-api charm"""
|
|
if self._get_openstack_release() >= self.trusty_mitaka:
|
|
unit = self.neutron_gateway_sentry
|
|
set_default = {'enable-qos': 'False'}
|
|
set_alternate = {'enable-qos': 'True'}
|
|
self.d.configure('neutron-api', set_alternate)
|
|
time.sleep(60)
|
|
self._auto_wait_for_status(exclude_services=self.exclude_services)
|
|
config = u._get_config(
|
|
unit,
|
|
'/etc/neutron/plugins/ml2/openvswitch_agent.ini')
|
|
extensions = config.get('agent', 'extensions').split(',')
|
|
if 'qos' not in extensions:
|
|
message = "qos not in extensions"
|
|
amulet.raise_status(amulet.FAIL, msg=message)
|
|
|
|
u.log.debug('Setting QoS back to {}'.format(
|
|
set_default['enable-qos']))
|
|
self.d.configure('neutron-api', set_default)
|
|
u.log.debug('OK')
|
|
|
|
def test_500_security_checklist_action(self):
|
|
"""Verify expected result on a default install"""
|
|
u.log.debug("Testing security-checklist")
|
|
sentry_unit = self.neutron_gateway_sentry
|
|
|
|
action_id = u.run_action(sentry_unit, "security-checklist")
|
|
u.wait_on_action(action_id)
|
|
data = amulet.actions.get_action_output(action_id, full_output=True)
|
|
assert data.get(u"status") == "completed", \
|
|
"Security check is expected to pass by default"
|
|
|
|
def test_900_restart_on_config_change(self):
|
|
"""Verify that the specified services are restarted when the
|
|
config is changed."""
|
|
|
|
sentry = self.neutron_gateway_sentry
|
|
juju_service = 'neutron-gateway'
|
|
|
|
# Expected default and alternate values
|
|
set_default = {'debug': 'False'}
|
|
set_alternate = {'debug': 'True'}
|
|
|
|
# Services which are expected to restart upon config change,
|
|
# and corresponding config files affected by the change
|
|
conf_file = '/etc/neutron/neutron.conf'
|
|
services = {
|
|
'neutron-dhcp-agent': conf_file,
|
|
'neutron-metadata-agent': conf_file,
|
|
'neutron-metering-agent': conf_file,
|
|
'neutron-openvswitch-agent': conf_file,
|
|
}
|
|
|
|
if self._get_openstack_release() <= self.trusty_icehouse:
|
|
services.update({'neutron-vpn-agent': conf_file})
|
|
if self._get_openstack_release() < self.xenial_newton:
|
|
services.update({'neutron-lbaas-agent': conf_file})
|
|
if self._get_openstack_release() >= self.xenial_newton:
|
|
services.update({'neutron-lbaasv2-agent': conf_file})
|
|
|
|
# Make config change, check for svc restart, conf file mod time change
|
|
u.log.debug('Making config change on {}...'.format(juju_service))
|
|
mtime = u.get_sentry_time(sentry)
|
|
self.d.configure(juju_service, set_alternate)
|
|
|
|
# sleep_time = 90
|
|
for s, conf_file in services.iteritems():
|
|
u.log.debug("Checking that service restarted: {}".format(s))
|
|
if not u.validate_service_config_changed(
|
|
sentry, mtime, s, conf_file, pgrep_full=self.pgrep_full):
|
|
self.d.configure(juju_service, set_default)
|
|
msg = "service {} didn't restart after config change".format(s)
|
|
amulet.raise_status(amulet.FAIL, msg=msg)
|
|
|
|
# Only do initial sleep on first service check
|
|
# sleep_time = 0
|
|
|
|
self.d.configure(juju_service, set_default)
|
|
|
|
def test_910_pause_and_resume(self):
|
|
"""The services can be paused and resumed. """
|
|
u.log.debug('Checking pause and resume actions...')
|
|
assert u.status_get(self.neutron_gateway_sentry)[0] == "active"
|
|
|
|
action_id = u.run_action(self.neutron_gateway_sentry, "pause")
|
|
assert u.wait_on_action(action_id), "Pause action failed."
|
|
assert u.status_get(self.neutron_gateway_sentry)[0] == "maintenance"
|
|
|
|
action_id = u.run_action(self.neutron_gateway_sentry, "resume")
|
|
assert u.wait_on_action(action_id), "Resume action failed."
|
|
assert u.status_get(self.neutron_gateway_sentry)[0] == "active"
|
|
u.log.debug('OK')
|
|
|
|
def test_920_change_aa_profile(self):
|
|
"""Test changing the Apparmor profile mode"""
|
|
|
|
# Services which are expected to restart upon config change,
|
|
# and corresponding config files affected by the change
|
|
services = {
|
|
'neutron-lbaas-agent':
|
|
'/etc/apparmor.d/usr.bin.neutron-lbaas-agent',
|
|
'neutron-metering-agent':
|
|
'/etc/apparmor.d/usr.bin.neutron-metering-agent',
|
|
'neutron-dhcp-agent': '/etc/apparmor.d/usr.bin.neutron-dhcp-agent',
|
|
'neutron-metadata-agent':
|
|
'/etc/apparmor.d/usr.bin.neutron-metadata-agent',
|
|
}
|
|
|
|
if self._get_openstack_release() >= self.xenial_mitaka:
|
|
services['neutron-l3-agent'] = (
|
|
'/etc/apparmor.d/usr.bin.neutron-l3-agent')
|
|
if self._get_openstack_release() >= self.xenial_newton:
|
|
services.pop('neutron-lbaas-agent')
|
|
services['neutron-lbaasv2-agent'] = ('/etc/apparmor.d/'
|
|
'usr.bin.neutron-lbaasv2-'
|
|
'agent')
|
|
|
|
sentry = self.neutron_gateway_sentry
|
|
juju_service = 'neutron-gateway'
|
|
mtime = u.get_sentry_time(sentry)
|
|
set_default = {'aa-profile-mode': 'enforce'}
|
|
set_alternate = {'aa-profile-mode': 'complain'}
|
|
sleep_time = 60
|
|
|
|
# Change to complain mode
|
|
self.d.configure(juju_service, set_alternate)
|
|
self._auto_wait_for_status(exclude_services=self.exclude_services)
|
|
|
|
for s, conf_file in services.iteritems():
|
|
u.log.debug("Checking that service restarted: {}".format(s))
|
|
if not u.validate_service_config_changed(
|
|
sentry, mtime, s, conf_file, sleep_time=sleep_time,
|
|
pgrep_full=self.pgrep_full):
|
|
|
|
self.d.configure(juju_service, set_default)
|
|
msg = "service {} didn't restart after config change".format(s)
|
|
amulet.raise_status(amulet.FAIL, msg=msg)
|
|
sleep_time = 0
|
|
|
|
output, code = sentry.run('aa-status '
|
|
'--complaining')
|
|
u.log.info("Assert output of aa-status --complaining >= 3. Result: {} "
|
|
"Exit Code: {}".format(output, code))
|
|
assert int(output) >= 3
|