Ensure that certificates are correctly managed.
When the certificates relation is ready before the HA relation is clustered, the VIP symlinks will not be created pointing at the correct certificates. This change updates the HA handlers to ensure that the certificate relation is handled after clustering, if there are any certificate relations. There was no functional test coverage for HA and TLS deployments so this change also add a test for those and CMR too. Having said that, the test initialises vault once the deployments are complete so is unlikely to trigger #1886077 the tests to check there is no regression of exising functionality. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/389 Change-Id: I7c9c81318dbbcea618ac3781b8f19e8159e56bcb Closes-Bug: #1886077
This commit is contained in:
parent
d566af19a2
commit
b9905a9d32
|
@ -9,3 +9,4 @@ tags
|
|||
.settings
|
||||
.stestr
|
||||
func-results.json
|
||||
tests/keystone_juju_ca_cert.crt
|
||||
|
|
|
@ -267,6 +267,12 @@ def ha_relation_joined(relation_id=None):
|
|||
relation_set(relation_id=relation_id, **settings)
|
||||
|
||||
|
||||
@hooks.hook('ha-relation-changed')
|
||||
def ha_changed():
|
||||
for relid in relation_ids('certificates'):
|
||||
certs_changed(relation_id=relid)
|
||||
|
||||
|
||||
@hooks.hook('website-relation-joined')
|
||||
def website_relation_joined():
|
||||
relation_set(port=70,
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
series: bionic
|
||||
|
||||
comment:
|
||||
- 'machines section to decide order of deployment. database sooner = faster'
|
||||
- 'virt-type=kvm is workaround while awaiting new release of python-libjuju'
|
||||
|
||||
machines:
|
||||
'0':
|
||||
constraints: virt-type=kvm mem=3072M
|
||||
'1':
|
||||
constraints: virt-type=kvm
|
||||
'2':
|
||||
constraints: virt-type=kvm mem=3072M
|
||||
'3':
|
||||
constraints: virt-type=kvm mem=3072M
|
||||
'4':
|
||||
constraints: virt-type=kvm mem=3072M
|
||||
|
||||
relations:
|
||||
- ["keystone:shared-db", "mysql:shared-db"]
|
||||
- ["openstack-dashboard:shared-db", "mysql:shared-db"]
|
||||
- ["openstack-dashboard:identity-service", "keystone:identity-service"]
|
||||
- ["openstack-dashboard:ha", "hacluster:ha"]
|
||||
|
||||
applications:
|
||||
mysql:
|
||||
charm: cs:~openstack-charmers-next/percona-cluster
|
||||
num_units: 1
|
||||
to:
|
||||
- '0'
|
||||
keystone:
|
||||
charm: cs:~openstack-charmers-next/keystone
|
||||
num_units: 1
|
||||
to:
|
||||
- '1'
|
||||
openstack-dashboard:
|
||||
charm: ../../../openstack-dashboard
|
||||
num_units: 3
|
||||
to:
|
||||
- '2'
|
||||
- '3'
|
||||
- '4'
|
||||
hacluster:
|
||||
charm: cs:~openstack-charmers-next/hacluster
|
||||
options:
|
||||
corosync_transport: unicast
|
||||
cluster_count: 3
|
|
@ -0,0 +1,12 @@
|
|||
series: bionic
|
||||
services:
|
||||
vault:
|
||||
num_units: 1
|
||||
series: bionic
|
||||
charm: cs:~openstack-charmers-next/vault
|
||||
mysql:
|
||||
charm: cs:~openstack-charmers-next/percona-cluster
|
||||
num_units: 1
|
||||
relations:
|
||||
- - vault:shared-db
|
||||
- mysql:shared-db
|
|
@ -0,0 +1,12 @@
|
|||
applications:
|
||||
openstack-dashboard:
|
||||
options:
|
||||
vip: '{{ OS_VIP00 }}'
|
||||
relations:
|
||||
- - openstack-dashboard:certificates
|
||||
- vault:certificates
|
||||
- - keystone:certificates
|
||||
- vault:certificates
|
||||
saas:
|
||||
vault:
|
||||
url: admin/{{ vault }}.vault
|
|
@ -0,0 +1,7 @@
|
|||
applications:
|
||||
vault:
|
||||
offers:
|
||||
vault:
|
||||
endpoints:
|
||||
- secrets
|
||||
- certificates
|
|
@ -6,6 +6,9 @@ comment:
|
|||
smoke_bundles:
|
||||
- bionic-stein
|
||||
gate_bundles:
|
||||
- bionic-train-gr:
|
||||
- vault: bionic-vault
|
||||
- dashboard: bionic-queens-cmr-vault
|
||||
- trusty-mitaka
|
||||
- xenial-mitaka
|
||||
- xenial-ocata
|
||||
|
@ -23,9 +26,19 @@ dev_bundles:
|
|||
- groovy-victoria
|
||||
|
||||
configure:
|
||||
- vault:
|
||||
- zaza.openstack.charm_tests.vault.setup.auto_initialize_no_validation_no_wait
|
||||
- dashboard:
|
||||
- zaza.openstack.charm_tests.keystone.setup.wait_for_cacert
|
||||
- zaza.openstack.charm_tests.keystone.setup.add_demo_user
|
||||
- zaza.openstack.charm_tests.keystone.setup.add_demo_user
|
||||
|
||||
tests:
|
||||
- vault:
|
||||
- zaza.charm_tests.noop.tests.NoopTest
|
||||
- dashboard:
|
||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests
|
||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests
|
||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests
|
||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests
|
||||
tests_options:
|
||||
|
@ -33,3 +46,7 @@ tests_options:
|
|||
service: openstack-dashboard
|
||||
force_deploy:
|
||||
- groovy-victoria
|
||||
target_deploy_status:
|
||||
vault:
|
||||
workload-status: blocked
|
||||
workload-status-message: Vault needs to be initialized
|
||||
|
|
Loading…
Reference in New Issue