Ensure that certificates are correctly managed.
When the certificates relation is ready before the
HA relation is clustered, the VIP symlinks will not
be created pointing at the correct certificates. This
change updates the HA handlers to ensure that the
certificate relation is handled after clustering,
if there are any certificate relations.
There was no functional test coverage for HA and TLS
deployments so this change also add a test for
those and CMR too. Having said that, the test
initialises vault once the deployments are
complete so is unlikely to trigger #1886077 the tests
to check there is no regression of existing
functionality.
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/389
Change-Id: I7c9c81318dbbcea618ac3781b8f19e8159e56bcb
Closes-Bug: #1886077
(cherry picked from commit b9905a9d32
)
This commit is contained in:
parent
72c1e81670
commit
c1770ca329
1
.gitignore
vendored
1
.gitignore
vendored
@ -9,3 +9,4 @@ tags
|
|||||||
.settings
|
.settings
|
||||||
.stestr
|
.stestr
|
||||||
func-results.json
|
func-results.json
|
||||||
|
tests/keystone_juju_ca_cert.crt
|
||||||
|
@ -267,6 +267,12 @@ def ha_relation_joined(relation_id=None):
|
|||||||
relation_set(relation_id=relation_id, **settings)
|
relation_set(relation_id=relation_id, **settings)
|
||||||
|
|
||||||
|
|
||||||
|
@hooks.hook('ha-relation-changed')
|
||||||
|
def ha_changed():
|
||||||
|
for relid in relation_ids('certificates'):
|
||||||
|
certs_changed(relation_id=relid)
|
||||||
|
|
||||||
|
|
||||||
@hooks.hook('website-relation-joined')
|
@hooks.hook('website-relation-joined')
|
||||||
def website_relation_joined():
|
def website_relation_joined():
|
||||||
relation_set(port=70,
|
relation_set(port=70,
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
# requirements. They are intertwined. Also, Zaza itself should specify
|
# requirements. They are intertwined. Also, Zaza itself should specify
|
||||||
# all of its own requirements and if it doesn't, fix it there.
|
# all of its own requirements and if it doesn't, fix it there.
|
||||||
#
|
#
|
||||||
|
setuptools<50.0.0
|
||||||
charm-tools>=2.4.4
|
charm-tools>=2.4.4
|
||||||
requests>=2.18.4
|
requests>=2.18.4
|
||||||
mock>=1.2
|
mock>=1.2
|
||||||
|
47
tests/bundles/bionic-queens-cmr-vault.yaml
Normal file
47
tests/bundles/bionic-queens-cmr-vault.yaml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
series: bionic
|
||||||
|
|
||||||
|
comment:
|
||||||
|
- 'machines section to decide order of deployment. database sooner = faster'
|
||||||
|
- 'virt-type=kvm is workaround while awaiting new release of python-libjuju'
|
||||||
|
|
||||||
|
machines:
|
||||||
|
'0':
|
||||||
|
constraints: virt-type=kvm mem=3072M
|
||||||
|
'1':
|
||||||
|
constraints: virt-type=kvm
|
||||||
|
'2':
|
||||||
|
constraints: virt-type=kvm mem=3072M
|
||||||
|
'3':
|
||||||
|
constraints: virt-type=kvm mem=3072M
|
||||||
|
'4':
|
||||||
|
constraints: virt-type=kvm mem=3072M
|
||||||
|
|
||||||
|
relations:
|
||||||
|
- ["keystone:shared-db", "mysql:shared-db"]
|
||||||
|
- ["openstack-dashboard:shared-db", "mysql:shared-db"]
|
||||||
|
- ["openstack-dashboard:identity-service", "keystone:identity-service"]
|
||||||
|
- ["openstack-dashboard:ha", "hacluster:ha"]
|
||||||
|
|
||||||
|
applications:
|
||||||
|
mysql:
|
||||||
|
charm: cs:~openstack-charmers-next/percona-cluster
|
||||||
|
num_units: 1
|
||||||
|
to:
|
||||||
|
- '0'
|
||||||
|
keystone:
|
||||||
|
charm: cs:~openstack-charmers-next/keystone
|
||||||
|
num_units: 1
|
||||||
|
to:
|
||||||
|
- '1'
|
||||||
|
openstack-dashboard:
|
||||||
|
charm: ../../../openstack-dashboard
|
||||||
|
num_units: 3
|
||||||
|
to:
|
||||||
|
- '2'
|
||||||
|
- '3'
|
||||||
|
- '4'
|
||||||
|
hacluster:
|
||||||
|
charm: cs:~openstack-charmers-next/hacluster
|
||||||
|
options:
|
||||||
|
corosync_transport: unicast
|
||||||
|
cluster_count: 3
|
12
tests/bundles/bionic-vault.yaml
Normal file
12
tests/bundles/bionic-vault.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
series: bionic
|
||||||
|
services:
|
||||||
|
vault:
|
||||||
|
num_units: 1
|
||||||
|
series: bionic
|
||||||
|
charm: cs:~openstack-charmers-next/vault
|
||||||
|
mysql:
|
||||||
|
charm: cs:~openstack-charmers-next/percona-cluster
|
||||||
|
num_units: 1
|
||||||
|
relations:
|
||||||
|
- - vault:shared-db
|
||||||
|
- mysql:shared-db
|
12
tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2
Normal file
12
tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
applications:
|
||||||
|
openstack-dashboard:
|
||||||
|
options:
|
||||||
|
vip: '{{ OS_VIP00 }}'
|
||||||
|
relations:
|
||||||
|
- - openstack-dashboard:certificates
|
||||||
|
- vault:certificates
|
||||||
|
- - keystone:certificates
|
||||||
|
- vault:certificates
|
||||||
|
saas:
|
||||||
|
vault:
|
||||||
|
url: admin/{{ vault }}.vault
|
7
tests/bundles/overlays/bionic-vault.yaml.j2
Normal file
7
tests/bundles/overlays/bionic-vault.yaml.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
applications:
|
||||||
|
vault:
|
||||||
|
offers:
|
||||||
|
vault:
|
||||||
|
endpoints:
|
||||||
|
- secrets
|
||||||
|
- certificates
|
@ -6,6 +6,9 @@ comment:
|
|||||||
smoke_bundles:
|
smoke_bundles:
|
||||||
- bionic-stein
|
- bionic-stein
|
||||||
gate_bundles:
|
gate_bundles:
|
||||||
|
- bionic-train-gr:
|
||||||
|
- vault: bionic-vault
|
||||||
|
- dashboard: bionic-queens-cmr-vault
|
||||||
- trusty-mitaka
|
- trusty-mitaka
|
||||||
- xenial-mitaka
|
- xenial-mitaka
|
||||||
- xenial-ocata
|
- xenial-ocata
|
||||||
@ -23,9 +26,19 @@ dev_bundles:
|
|||||||
- groovy-victoria
|
- groovy-victoria
|
||||||
|
|
||||||
configure:
|
configure:
|
||||||
|
- vault:
|
||||||
|
- zaza.openstack.charm_tests.vault.setup.auto_initialize_no_validation_no_wait
|
||||||
|
- dashboard:
|
||||||
|
- zaza.openstack.charm_tests.keystone.setup.wait_for_cacert
|
||||||
|
- zaza.openstack.charm_tests.keystone.setup.add_demo_user
|
||||||
- zaza.openstack.charm_tests.keystone.setup.add_demo_user
|
- zaza.openstack.charm_tests.keystone.setup.add_demo_user
|
||||||
|
|
||||||
tests:
|
tests:
|
||||||
|
- vault:
|
||||||
|
- zaza.charm_tests.noop.tests.NoopTest
|
||||||
|
- dashboard:
|
||||||
|
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests
|
||||||
|
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests
|
||||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests
|
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests
|
||||||
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests
|
- zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests
|
||||||
tests_options:
|
tests_options:
|
||||||
@ -33,3 +46,7 @@ tests_options:
|
|||||||
service: openstack-dashboard
|
service: openstack-dashboard
|
||||||
force_deploy:
|
force_deploy:
|
||||||
- groovy-victoria
|
- groovy-victoria
|
||||||
|
target_deploy_status:
|
||||||
|
vault:
|
||||||
|
workload-status: blocked
|
||||||
|
workload-status-message: Vault needs to be initialized
|
||||||
|
Loading…
Reference in New Issue
Block a user