Enable API TLS in the functional test

Add vault to the functional test bundle and enable TLS on all charms that support it. We want the functional tests to validate operation of Octavia with multiple units. When using TLS this will not work without also enabling HA because of certificate hostname mismatch. Remove all non-HA bundles and do HA by default. Change-Id: Ib1aafe0c26abc8876e073942fda2e4a1ecabbbb2
2019-08-27 07:37:51 +02:00 · 2019-08-27 07:37:51 +02:00 · cc2363f755
parent 7bd18d7b64
commit cc2363f755
16 changed files with 95 additions and 451 deletions
--- a/src/tests/bundles/bionic-rocky-ha.yaml
+++ b/src/tests/bundles/bionic-rocky-ha.yaml
@ -60,6 +60,20 @@ relations:
  - glance-simplestreams-sync:amqp
 - - keystone:identity-credentials
  - octavia-diskimage-retrofit:identity-credentials
+- - vault:shared-db
+  - mysql:shared-db
+- - vault:certificates
+  - glance:certificates
+- - vault:certificates
+  - keystone:certificates
+- - vault:certificates
+  - neutron-api:certificates
+- - vault:certificates
+  - nova-cloud-controller:certificates
+- - vault:certificates
+  - octavia:certificates
+- - vault:certificates
+  - octavia-diskimage-retrofit:certificates
 applications:
  glance:
    charm: cs:~openstack-charmers-next/glance
@ -145,3 +159,6 @@ applications:
    options:
      amp-image-tag: 'octavia-amphora'
      retrofit-uca-pocket: rocky
+  vault:
+    charm: cs:~openstack-charmers-next/vault
+    num_units: 1
--- a/src/tests/bundles/bionic-rocky-lxd.yaml
+++ b/src/tests/bundles/bionic-rocky-lxd.yaml
@ -67,6 +67,20 @@ relations:
  - glance-simplestreams-sync:amqp
 - - keystone:identity-credentials
  - octavia-diskimage-retrofit:identity-credentials
+- - vault:shared-db
+  - mysql:shared-db
+- - vault:certificates
+  - glance:certificates
+- - vault:certificates
+  - keystone:certificates
+- - vault:certificates
+  - neutron-api:certificates
+- - vault:certificates
+  - nova-cloud-controller:certificates
+- - vault:certificates
+  - octavia:certificates
+- - vault:certificates
+  - octavia-diskimage-retrofit:certificates
 applications:
  glance:
    charm: cs:~openstack-charmers-next/glance
@ -166,3 +180,6 @@ applications:
    charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
    options:
      amp-image-tag: 'octavia-amphora'
+  vault:
+    charm: cs:~openstack-charmers-next/vault
+    num_units: 1
--- a/src/tests/bundles/bionic-rocky.yaml
+++ b/src/tests/bundles/bionic-rocky.yaml
@ -1,141 +0,0 @@
-series: bionic
-relations:
- - glance:image-service
-  - nova-cloud-controller:image-service
- - glance:image-service
-  - nova-compute:image-service
- - mysql:shared-db
-  - glance:shared-db
- - mysql:shared-db
-  - keystone:shared-db
- - mysql:shared-db
-  - neutron-api:shared-db
- - mysql:shared-db
-  - nova-cloud-controller:shared-db
- - mysql:shared-db
-  - octavia:shared-db
- - keystone:identity-service
-  - glance:identity-service
- - keystone:identity-service
-  - nova-cloud-controller:identity-service
- - keystone:identity-service
-  - neutron-api:identity-service
- - keystone:identity-service
-  - octavia:identity-service
- - nova-compute:cloud-compute
-  - nova-cloud-controller:cloud-compute
- - rabbitmq-server:amqp
-  - neutron-api:amqp
- - rabbitmq-server:amqp
-  - glance:amqp
- - rabbitmq-server:amqp
-  - nova-cloud-controller:amqp
- - rabbitmq-server:amqp
-  - nova-compute:amqp
- - rabbitmq-server:amqp
-  - octavia:amqp
- - neutron-api:neutron-api
-  - nova-cloud-controller:neutron-api
- - neutron-api:neutron-load-balancer
-  - octavia:neutron-api
- - rabbitmq-server:amqp
-  - neutron-openvswitch:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch:neutron-plugin-api
- - neutron-openvswitch:neutron-plugin
-  - nova-compute:neutron-plugin
- - rabbitmq-server:amqp
-  - neutron-openvswitch-octavia:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch-octavia:neutron-plugin-api
- - neutron-openvswitch-octavia:neutron-plugin
-  - octavia:neutron-openvswitch
- - glance-simplestreams-sync:juju-info
-  - octavia-diskimage-retrofit:juju-info
- - keystone:identity-service
-  - glance-simplestreams-sync:identity-service
- - rabbitmq-server:amqp
-  - glance-simplestreams-sync:amqp
- - keystone:identity-credentials
-  - octavia-diskimage-retrofit:identity-credentials
-applications:
-  glance:
-    charm: cs:~openstack-charmers-next/glance
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-rocky
-  keystone:
-    charm: cs:~openstack-charmers-next/keystone
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-rocky
-  mysql:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/percona-cluster
-    num_units: 1
-  neutron-api:
-    charm: cs:~openstack-charmers-next/neutron-api
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-rocky
-      debug: True
-      flat-network-providers: physnet1
-      neutron-security-groups: True
-      enable-dvr: True
-  neutron-openvswitch:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      enable-local-dhcp-and-metadata: True
-      use-dvr-snat: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-      bridge-mappings: physnet1:br-ex
-  neutron-openvswitch-octavia:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-  nova-cloud-controller:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/nova-cloud-controller
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-rocky
-      debug: True
-      network-manager: Neutron
-  nova-compute:
-    constraints: mem=10240M
-    charm: cs:~openstack-charmers-next/nova-compute
-    num_units: 2
-    options:
-      openstack-origin: cloud:bionic-rocky
-      debug: True
-  octavia:
-    series: bionic
-    charm: ../../../octavia
-    num_units: 3
-    options:
-      openstack-origin: cloud:bionic-rocky
-      debug: True
-      spare-pool-size: 2
-      loadbalancer-topology: 'ACTIVE_STANDBY'
-  rabbitmq-server:
-    charm: cs:~openstack-charmers-next/rabbitmq-server
-    num_units: 1
-  glance-simplestreams-sync:
-    charm: cs:~openstack-charmers-next/glance-simplestreams-sync
-    num_units: 1
-    options:
-      source: ppa:simplestreams-dev/trunk
-      use_swift: False
-  octavia-diskimage-retrofit:
-    charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
-    options:
-      amp-image-tag: 'octavia-amphora'
-      retrofit-uca-pocket: rocky
--- a/src/tests/bundles/bionic-stein-ha.yaml
+++ b/src/tests/bundles/bionic-stein-ha.yaml
@ -60,6 +60,20 @@ relations:
  - glance-simplestreams-sync:amqp
 - - keystone:identity-credentials
  - octavia-diskimage-retrofit:identity-credentials
+- - vault:shared-db
+  - mysql:shared-db
+- - vault:certificates
+  - glance:certificates
+- - vault:certificates
+  - keystone:certificates
+- - vault:certificates
+  - neutron-api:certificates
+- - vault:certificates
+  - nova-cloud-controller:certificates
+- - vault:certificates
+  - octavia:certificates
+- - vault:certificates
+  - octavia-diskimage-retrofit:certificates
 applications:
  glance:
    charm: cs:~openstack-charmers-next/glance
@ -145,3 +159,6 @@ applications:
    options:
      amp-image-tag: 'octavia-amphora'
      retrofit-uca-pocket: stein
+  vault:
+    charm: cs:~openstack-charmers-next/vault
+    num_units: 1
--- a/src/tests/bundles/bionic-stein.yaml
+++ b/src/tests/bundles/bionic-stein.yaml
@ -1,141 +0,0 @@
-series: bionic
-relations:
- - glance:image-service
-  - nova-cloud-controller:image-service
- - glance:image-service
-  - nova-compute:image-service
- - mysql:shared-db
-  - glance:shared-db
- - mysql:shared-db
-  - keystone:shared-db
- - mysql:shared-db
-  - neutron-api:shared-db
- - mysql:shared-db
-  - nova-cloud-controller:shared-db
- - mysql:shared-db
-  - octavia:shared-db
- - keystone:identity-service
-  - glance:identity-service
- - keystone:identity-service
-  - nova-cloud-controller:identity-service
- - keystone:identity-service
-  - neutron-api:identity-service
- - keystone:identity-service
-  - octavia:identity-service
- - nova-compute:cloud-compute
-  - nova-cloud-controller:cloud-compute
- - rabbitmq-server:amqp
-  - neutron-api:amqp
- - rabbitmq-server:amqp
-  - glance:amqp
- - rabbitmq-server:amqp
-  - nova-cloud-controller:amqp
- - rabbitmq-server:amqp
-  - nova-compute:amqp
- - rabbitmq-server:amqp
-  - octavia:amqp
- - neutron-api:neutron-api
-  - nova-cloud-controller:neutron-api
- - neutron-api:neutron-load-balancer
-  - octavia:neutron-api
- - rabbitmq-server:amqp
-  - neutron-openvswitch:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch:neutron-plugin-api
- - neutron-openvswitch:neutron-plugin
-  - nova-compute:neutron-plugin
- - rabbitmq-server:amqp
-  - neutron-openvswitch-octavia:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch-octavia:neutron-plugin-api
- - neutron-openvswitch-octavia:neutron-plugin
-  - octavia:neutron-openvswitch
- - glance-simplestreams-sync:juju-info
-  - octavia-diskimage-retrofit:juju-info
- - keystone:identity-service
-  - glance-simplestreams-sync:identity-service
- - rabbitmq-server:amqp
-  - glance-simplestreams-sync:amqp
- - keystone:identity-credentials
-  - octavia-diskimage-retrofit:identity-credentials
-applications:
-  glance:
-    charm: cs:~openstack-charmers-next/glance
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-stein
-  keystone:
-    charm: cs:~openstack-charmers-next/keystone
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-stein
-  mysql:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/percona-cluster
-    num_units: 1
-  neutron-api:
-    charm: cs:~openstack-charmers-next/neutron-api
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-stein
-      debug: True
-      flat-network-providers: physnet1
-      neutron-security-groups: True
-      enable-dvr: True
-  neutron-openvswitch:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      enable-local-dhcp-and-metadata: True
-      use-dvr-snat: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-      bridge-mappings: physnet1:br-ex
-  neutron-openvswitch-octavia:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-  nova-cloud-controller:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/nova-cloud-controller
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-stein
-      debug: True
-      network-manager: Neutron
-  nova-compute:
-    constraints: mem=10240M
-    charm: cs:~openstack-charmers-next/nova-compute
-    num_units: 2
-    options:
-      openstack-origin: cloud:bionic-stein
-      debug: True
-  octavia:
-    series: bionic
-    charm: ../../../octavia
-    num_units: 3
-    options:
-      openstack-origin: cloud:bionic-stein
-      debug: True
-      spare-pool-size: 2
-      loadbalancer-topology: 'ACTIVE_STANDBY'
-  rabbitmq-server:
-    charm: cs:~openstack-charmers-next/rabbitmq-server
-    num_units: 1
-  glance-simplestreams-sync:
-    charm: cs:~openstack-charmers-next/glance-simplestreams-sync
-    num_units: 1
-    options:
-      source: ppa:simplestreams-dev/trunk
-      use_swift: False
-  octavia-diskimage-retrofit:
-    charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
-    options:
-      amp-image-tag: 'octavia-amphora'
-      retrofit-uca-pocket: stein
--- a/src/tests/bundles/bionic-train-ha.yaml
+++ b/src/tests/bundles/bionic-train-ha.yaml
@ -63,6 +63,22 @@ relations:
 - [ placement, mysql ]
 - [ placement, keystone ]
 - [ placement, nova-cloud-controller ]
+- - vault:shared-db
+  - mysql:shared-db
+- - vault:certificates
+  - glance:certificates
+- - vault:certificates
+  - keystone:certificates
+- - vault:certificates
+  - neutron-api:certificates
+- - vault:certificates
+  - nova-cloud-controller:certificates
+- - vault:certificates
+  - octavia:certificates
+- - vault:certificates
+  - octavia-diskimage-retrofit:certificates
+- - vault:certificates
+  - placement:certificates
 applications:
  glance:
    charm: cs:~openstack-charmers-next/glance
@ -154,4 +170,7 @@ applications:
    constraints: mem=1G
    options:
      openstack-origin: cloud:bionic-train
-      debug: true
+      debug: true
+  vault:
+    charm: cs:~openstack-charmers-next/vault
+    num_units: 1
--- a/src/tests/bundles/bionic-train.yaml
+++ b/src/tests/bundles/bionic-train.yaml
@ -1,151 +0,0 @@
-series: bionic
-relations:
- - glance:image-service
-  - nova-cloud-controller:image-service
- - glance:image-service
-  - nova-compute:image-service
- - mysql:shared-db
-  - glance:shared-db
- - mysql:shared-db
-  - keystone:shared-db
- - mysql:shared-db
-  - neutron-api:shared-db
- - mysql:shared-db
-  - nova-cloud-controller:shared-db
- - mysql:shared-db
-  - octavia:shared-db
- - keystone:identity-service
-  - glance:identity-service
- - keystone:identity-service
-  - nova-cloud-controller:identity-service
- - keystone:identity-service
-  - neutron-api:identity-service
- - keystone:identity-service
-  - octavia:identity-service
- - nova-compute:cloud-compute
-  - nova-cloud-controller:cloud-compute
- - rabbitmq-server:amqp
-  - neutron-api:amqp
- - rabbitmq-server:amqp
-  - glance:amqp
- - rabbitmq-server:amqp
-  - nova-cloud-controller:amqp
- - rabbitmq-server:amqp
-  - nova-compute:amqp
- - rabbitmq-server:amqp
-  - octavia:amqp
- - neutron-api:neutron-api
-  - nova-cloud-controller:neutron-api
- - neutron-api:neutron-load-balancer
-  - octavia:neutron-api
- - rabbitmq-server:amqp
-  - neutron-openvswitch:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch:neutron-plugin-api
- - neutron-openvswitch:neutron-plugin
-  - nova-compute:neutron-plugin
- - rabbitmq-server:amqp
-  - neutron-openvswitch-octavia:amqp
- - neutron-api:neutron-plugin-api
-  - neutron-openvswitch-octavia:neutron-plugin-api
- - neutron-openvswitch-octavia:neutron-plugin
-  - octavia:neutron-openvswitch
- - glance-simplestreams-sync:juju-info
-  - octavia-diskimage-retrofit:juju-info
- - keystone:identity-service
-  - glance-simplestreams-sync:identity-service
- - rabbitmq-server:amqp
-  - glance-simplestreams-sync:amqp
- - keystone:identity-credentials
-  - octavia-diskimage-retrofit:identity-credentials
- [ placement, mysql ]
- [ placement, keystone ]
- [ placement, nova-cloud-controller ]
-applications:
-  glance:
-    charm: cs:~openstack-charmers-next/glance
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-train
-  keystone:
-    charm: cs:~openstack-charmers-next/keystone
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-train
-  mysql:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/percona-cluster
-    num_units: 1
-  neutron-api:
-    charm: cs:~openstack-charmers-next/neutron-api
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-train
-      debug: True
-      flat-network-providers: physnet1
-      neutron-security-groups: True
-      enable-dvr: True
-  neutron-openvswitch:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      enable-local-dhcp-and-metadata: True
-      use-dvr-snat: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-      bridge-mappings: physnet1:br-ex
-  neutron-openvswitch-octavia:
-    series: bionic
-    charm: cs:~openstack-charmers-next/neutron-openvswitch
-    num_units: 0
-    options:
-      debug: True
-      prevent-arp-spoofing: False
-      firewall-driver: openvswitch
-  nova-cloud-controller:
-    constraints: mem=3072M
-    charm: cs:~openstack-charmers-next/nova-cloud-controller
-    num_units: 1
-    options:
-      openstack-origin: cloud:bionic-train
-      debug: True
-      network-manager: Neutron
-  nova-compute:
-    constraints: mem=10240M
-    charm: cs:~openstack-charmers-next/nova-compute
-    num_units: 2
-    options:
-      openstack-origin: cloud:bionic-train
-      debug: True
-  octavia:
-    series: bionic
-    charm: ../../../octavia
-    num_units: 3
-    options:
-      openstack-origin: cloud:bionic-train
-      debug: True
-      spare-pool-size: 2
-      loadbalancer-topology: 'ACTIVE_STANDBY'
-  rabbitmq-server:
-    charm: cs:~openstack-charmers-next/rabbitmq-server
-    num_units: 1
-  glance-simplestreams-sync:
-    charm: cs:~openstack-charmers-next/glance-simplestreams-sync
-    num_units: 1
-    options:
-      source: ppa:simplestreams-dev/trunk
-      use_swift: False
-  octavia-diskimage-retrofit:
-    charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
-    options:
-      amp-image-tag: 'octavia-amphora'
-      retrofit-uca-pocket: train
-  placement:
-    charm: cs:~openstack-charmers-next/placement
-    num_units: 1
-    constraints: mem=1G
-    options:
-      openstack-origin: cloud:bionic-train
-      debug: true
--- a/src/tests/bundles/disco-stein-ha.yaml
+++ b/src/tests/bundles/disco-stein-ha.yaml
@ -50,6 +50,8 @@ relations:
  - neutron-openvswitch-octavia:neutron-plugin-api
 - - neutron-openvswitch-octavia:neutron-plugin
  - octavia:neutron-openvswitch
+- - hacluster-octavia:ha
+  - octavia:ha
 - - glance-simplestreams-sync:juju-info
  - octavia-diskimage-retrofit:juju-info
 - - keystone:identity-service
@ -109,6 +111,9 @@ applications:
    num_units: 2
    options:
      debug: True
+  hacluster-octavia:
+    charm: cs:~openstack-charmers-next/hacluster
+    num_units: 0
  octavia:
    series: disco
    charm: ../../../octavia
--- a/src/tests/bundles/overlays/bionic-rocky-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-rocky-ha.yaml.j2
@ -1,4 +0,0 @@
-applications:
-  octavia:
-    options:
-        vip: '{{ OS_VIP00 }}'
--- a/src/tests/bundles/overlays/bionic-rocky-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-rocky-ha.yaml.j2
@ -0,0 +1 @@
+ha.j2
--- a/src/tests/bundles/overlays/bionic-rocky-lxd.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-rocky-lxd.yaml.j2
@ -0,0 +1 @@
+ha.j2
--- a/src/tests/bundles/overlays/bionic-stein-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-stein-ha.yaml.j2
@ -1,4 +0,0 @@
-applications:
-  octavia:
-    options:
-        vip: '{{ OS_VIP00 }}'
--- a/src/tests/bundles/overlays/bionic-stein-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-stein-ha.yaml.j2
@ -0,0 +1 @@
+ha.j2
--- a/src/tests/bundles/overlays/bionic-train-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-train-ha.yaml.j2
@ -1,4 +0,0 @@
-applications:
-  octavia:
-    options:
-        vip: '{{ OS_VIP00 }}'
--- a/src/tests/bundles/overlays/bionic-train-ha.yaml.j2
+++ b/src/tests/bundles/overlays/bionic-train-ha.yaml.j2
@ -0,0 +1 @@
+ha.j2
--- a/src/tests/bundles/overlays/disco-stein-ha.yaml.j2
+++ b/src/tests/bundles/overlays/disco-stein-ha.yaml.j2
@ -0,0 +1 @@
+ha.j2
--- a/src/tests/bundles/overlays/ha.j2
+++ b/src/tests/bundles/overlays/ha.j2
@ -0,0 +1,4 @@
+applications:
+  octavia:
+    options:
+      vip: '{{ OS_VIP00 }}'
--- a/src/tests/tests.yaml
+++ b/src/tests/tests.yaml
@ -3,16 +3,14 @@ gate_bundles:
 - bionic-train-ha
 - bionic-stein-ha
 - bionic-rocky-ha
- bionic-train
- bionic-stein
- bionic-rocky
- disco-stein
 smoke_bundles:
- bionic-train
+- bionic-train-ha
 comment: |
+  Move `disco-stein` backup to dev pending LP: #1841599
  The `bionic-rocky-lxd` bundle currently fails due to a bug in LXD.
    https://github.com/lxc/lxd/issues/4947
 dev_bundles:
+- disco-stein
 - bionic-rocky-lxd
 target_deploy_status:
  octavia:
@ -21,7 +19,11 @@ target_deploy_status:
  glance-simplestreams-sync:
    workload-status: active
    workload-status-message: Sync completed
+  vault:
+    workload-status: blocked
+    workload-status-message: Vault needs to be initialized
 configure:
+- zaza.openstack.charm_tests.vault.setup.auto_initialize
 - zaza.openstack.charm_tests.glance.setup.add_lts_image
 - zaza.openstack.charm_tests.octavia.diskimage_retrofit.setup.retrofit_amphora_image
 - zaza.openstack.charm_tests.octavia.setup.configure_octavia
--- a/src/wheelhouse.txt
+++ b/src/wheelhouse.txt
@ -6,3 +6,6 @@ python-neutronclient
 pyparsing==2.4.2
 neutron_lib
 pytest-runner
+# resolve conflict:
+# layer-basic requires setuptools<42, zipp>=2.0.0 requires setuptools>42
+zipp<2.0.0