cinder/tools/test-setup.sh
Ade Lee 933a7b7e6c Add fips check jobs
This patch adds two new FIPS enabled jobs to determine if there are any
issues when FIPS is enabled.

Because the FIPS jobs currently run on centos, code is added to the
test setup script to set up the databases correctly.  Also had
to increase the swap space on the nodes; see [0] for an explanation.

[0] https://review.opendev.org/c/openstack/devstack/+/803706

Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-nfs/+/847087
Depends-On: https://review.opendev.org/c/openstack/cinder-tempest-plugin/+/847086

Change-Id: Ib85b6ecc6f1b12eb8afa866e56afbfb13aad0cba
2023-04-18 19:45:55 +00:00

96 lines
3.2 KiB
Bash
Executable File

#!/bin/bash -xe
# This script will be run by OpenStack CI before unit tests are run,
# it sets up the test system as needed.
# Developers should setup their test systems in a similar way.
# This setup needs to be run as a user that can run sudo.
# The root password for the MySQL database; pass it in via
# MYSQL_ROOT_PW.
DB_ROOT_PW=${MYSQL_ROOT_PW:-insecure_slave}
# This user and its password are used by the tests, if you change it,
# your tests might fail.
DB_USER=openstack_citest
DB_PW=openstack_citest
function is_rhel7 {
[ -f /usr/bin/yum ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 7'
}
function is_rhel8 {
[ -f /usr/bin/dnf ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 8'
}
function is_rhel9 {
[ -f /usr/bin/dnf ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 9'
}
function set_conf_line { # file regex value
sudo sh -c "grep -q -e '$2' $1 && \
sed -i 's|$2|$3|g' $1 || \
echo '$3' >> $1"
}
if is_rhel7 || is_rhel8 || is_rhel9; then
# mysql needs to be started on centos/rhel
sudo systemctl restart mariadb.service
# postgres setup for centos
sudo postgresql-setup --initdb
PG_CONF=/var/lib/pgsql/data/postgresql.conf
set_conf_line $PG_CONF '^password_encryption =.*' 'password_encryption = scram-sha-256'
PG_HBA=/var/lib/pgsql/data/pg_hba.conf
set_conf_line $PG_HBA '^local[ \t]*all[ \t]*all.*' 'local all all peer'
set_conf_line $PG_HBA '^host[ \t]*all[ \t]*all[ \t]*127.0.0.1\/32.*' 'host all all 127.0.0.1/32 scram-sha-256'
set_conf_line $PG_HBA '^host[ \t]*all[ \t]*all[ \t]*::1\/128.*' 'host all all ::1/128 scram-sha-256'
sudo systemctl restart postgresql.service
fi
sudo -H mysqladmin -u root password $DB_ROOT_PW
# It's best practice to remove anonymous users from the database. If
# an anonymous user exists, then it matches first for connections and
# other connections from that host will not work.
sudo -H mysql -u root -p$DB_ROOT_PW -h localhost -e "
DELETE FROM mysql.user WHERE User='';
FLUSH PRIVILEGES;
CREATE USER '$DB_USER'@'%' IDENTIFIED BY '$DB_PW';
GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'%' WITH GRANT OPTION;"
# Now create our database.
mysql -u $DB_USER -p$DB_PW -h 127.0.0.1 -e "
SET default_storage_engine=MYISAM;
DROP DATABASE IF EXISTS openstack_citest;
CREATE DATABASE openstack_citest CHARACTER SET utf8;"
# Same for PostgreSQL
# Setup user
root_roles=$(sudo -H -u postgres psql -t -c "
SELECT 'HERE' from pg_roles where rolname='$DB_USER'")
if [[ ${root_roles} == *HERE ]];then
sudo -H -u postgres psql -c "ALTER ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PW'"
else
sudo -H -u postgres psql -c "CREATE ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PW'"
fi
# Store password for tests
cat << EOF > $HOME/.pgpass
*:*:*:$DB_USER:$DB_PW
EOF
chmod 0600 $HOME/.pgpass
# Now create our database
psql -h 127.0.0.1 -U $DB_USER -d template1 -c "DROP DATABASE IF EXISTS openstack_citest"
createdb -h 127.0.0.1 -U $DB_USER -l C -T template0 -E utf8 openstack_citest