openstack/glance
Code Issues Proposed changes
ba5f556d27
glance/.zuul.yaml
Ade Lee 0f13754f84 Add fips check jobs 
Some jobs have been modified to run to confirm that functionality is
still working when FIPS is enabled on the nodes.

As the FIPS tests currently run on centos nodes, code is added
to the test-setup script to set up the databases correctly.  Also had
to increase the swap space on the nodes; see [0] for an explanation.

The current FIPS jobs run using python 3.6 on centos-8-stream.  We will
modify these to run on centos-9-stream and python 3.9 in a
subsequent patch.

[0] https://review.opendev.org/c/openstack/devstack/+/803706

Change-Id: I060d8247c7b09f63990ea411e6c6a056bb50410d
2022-02-03 13:19:20 -05:00

418 lines
13 KiB
YAML
Raw Blame History

- job:
name: glance-code-constants-check
parent: tox
description: |
Tests to catch when code constants have gotten out of sync.
vars:
tox_envlist: gateonly
irrelevant-files:
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^api-ref/.*$
- ^doc/.*$
- ^etc/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- ^tox.ini$
- ^\.zuul\.yaml$
- job:
name: glance-tox-oslo-tips-base
parent: tox
abstract: true
nodeset: ubuntu-focal
timeout: 2400
description: Abstract job for Glance vs. oslo libraries
# NOTE(rosmaita): we only need functional test jobs, oslo is
# already running periodic jobs using our unit tests. Those
# jobs are configured for glance in openstack/project-config/
# zuul.d/projects.yaml using the template 'periodic-jobs-with-oslo-master'
# which is defined in openstack/openstack-zuul-jobs/zuul.d/
# project-templates.yaml; the jobs the template refers to are
# defined in openstack/openstack-zuul-jobs/zuul.d/jobs.yaml
required-projects:
- name: openstack/debtcollector
- name: openstack/futurist
- name: openstack/oslo.concurrency
- name: openstack/oslo.config
- name: openstack/oslo.context
- name: openstack/oslo.db
- name: openstack/oslo.i18n
- name: openstack/oslo.log
- name: openstack/oslo.messaging
- name: openstack/oslo.middleware
- name: openstack/oslo.policy
- name: openstack/oslo.utils
- name: openstack/osprofiler
- name: openstack/stevedore
- name: openstack/taskflow
- job:
name: glance-tox-functional-py39-rbac-defaults
parent: openstack-tox-functional-py39
voting: false
description: |
Glance py39 functional tests with enforce_secure_rbac=True
vars:
python_version: 3.9
tox_envlist: functional-py39-rbac
- job:
name: glance-tox-functional-py39-oslo-tips
parent: glance-tox-oslo-tips-base
description: |
Glance py39 functional tests vs. oslo libraries masters
vars:
python_version: 3.9
tox_envlist: functional-py39
- job:
name: glance-tox-functional-py36-oslo-tips
parent: glance-tox-oslo-tips-base
description: |
Glance py36 functional tests vs. oslo libraries masters
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: functional-py36
- job:
name: glance-tox-keystone-tips-base
parent: tox
abstract: true
nodeset: ubuntu-focal
timeout: 2400
description: Abstract job for Glance vs. keystone
required-projects:
- name: openstack/keystoneauth
- name: openstack/keystonemiddleware
- name: openstack/python-keystoneclient
- job:
name: glance-tox-py39-keystone-tips
parent: glance-tox-keystone-tips-base
description: |
Glance py39 unit tests vs. keystone masters
vars:
python_version: 3.9
tox_envlist: py39
- job:
name: glance-tox-py36-keystone-tips
parent: glance-tox-keystone-tips-base
description: |
Glance py36 unit tests vs. keystone masters
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: py36
- job:
name: glance-tox-functional-py39-keystone-tips
parent: glance-tox-keystone-tips-base
description: |
Glance py39 functional tests vs. keystone masters
vars:
python_version: 3.9
tox_envlist: functional-py39
- job:
name: glance-tox-functional-py36-keystone-tips
parent: glance-tox-keystone-tips-base
description: |
Glance py36 functional tests vs. keystone masters
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: functional-py36
- job:
name: glance-tox-glance_store-tips-base
parent: tox
abstract: true
nodeset: ubuntu-focal
timeout: 2400
description: Abstract job for Glance vs. glance_store
required-projects:
- name: openstack/glance_store
- job:
name: glance-tox-py39-glance_store-tips
parent: glance-tox-glance_store-tips-base
description: |
Glance py39 unit tests vs. glance_store master
vars:
python_version: 3.9
tox_envlist: py39
- job:
name: glance-tox-py36-glance_store-tips
parent: glance-tox-glance_store-tips-base
description: |
Glance py36 unit tests vs. glance_store master
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: py36
- job:
name: glance-tox-functional-py39-glance_store-tips
parent: glance-tox-glance_store-tips-base
description: |
Glance py39 functional tests vs. glance_store master
vars:
python_version: 3.9
tox_envlist: functional-py39
- job:
name: glance-tox-functional-py36-glance_store-tips
parent: glance-tox-glance_store-tips-base
description: |
Glance py36 functional tests vs. glance_store master
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: functional-py36
- job:
name: glance-tox-cursive-tips-base
parent: tox
abstract: true
nodeset: ubuntu-focal
timeout: 2400
description: Abstract job for Glance vs. cursive and related libs
required-projects:
- name: x/cursive
- name: openstack/python-barbicanclient
- name: openstack/castellan
- job:
name: glance-tox-py39-cursive-tips
parent: glance-tox-cursive-tips-base
description: |
Glance py39 unit tests vs. cursive (and related libs) master
vars:
python_version: 3.9
tox_envlist: py39
- job:
name: glance-tox-py36-cursive-tips
parent: glance-tox-cursive-tips-base
description: |
Glance py36 unit tests vs. cursive (and related libs) master
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: py36
- job:
name: glance-tox-functional-py39-cursive-tips
parent: glance-tox-cursive-tips-base
description: |
Glance py39 functional tests vs. cursive (and related libs) master
vars:
python_version: 3.9
tox_envlist: functional-py39
- job:
name: glance-tox-functional-py36-cursive-tips
parent: glance-tox-cursive-tips-base
description: |
Glance py36 functional tests vs. cursive (and related libs) master
nodeset: ubuntu-bionic
vars:
python_version: 3.6
tox_envlist: functional-py36
- job:
name: tempest-integrated-storage-import
parent: tempest-integrated-storage
description: |
The regular tempest-integrated-storage job but with glance metadata injection
post-run: playbooks/post-check-metadata-injection.yaml
vars:
zuul_copy_output:
/etc/glance-remote: logs
devstack_localrc:
GLANCE_STANDALONE: False
GLANCE_USE_IMPORT_WORKFLOW: True
devstack_services:
g-api-r: true
devstack_local_conf:
post-config:
$GLANCE_API_CONF:
DEFAULT:
enabled_import_methods: "[\"copy-image\", \"glance-direct\"]"
wsgi:
python_interpreter: /usr/bin/python3
$GLANCE_IMAGE_IMPORT_CONF:
image_import_opts:
image_import_plugins: "['inject_image_metadata', 'image_conversion']"
inject_metadata_properties:
ignore_user_roles:
inject: |
"glance_devstack_test":"doyouseeme?"
image_conversion:
output_format: raw
- job:
name: glance-multistore-cinder-import-fips
parent: tempest-integrated-storage-import
description: |
The regular import workflow job to test with multiple cinder stores with
fips enabled
nodeset: devstack-single-node-centos-8-stream
pre-run: playbooks/enable-fips.yaml
vars:
configure_swap_size: 4096
devstack_localrc:
USE_CINDER_FOR_GLANCE: True
GLANCE_ENABLE_MULTIPLE_STORES: True
CINDER_ENABLED_BACKENDS: lvm:lvmdriver-1,lvm:lvmdriver-2
GLANCE_CINDER_DEFAULT_BACKEND: lvmdriver-1
devstack_local_conf:
test-config:
"$TEMPEST_CONFIG":
validation:
ssh_key_type: 'ecdsa'
- job:
name: tempest-integrated-storage-import-standalone
parent: tempest-integrated-storage-import
description: |
The regular tempest-integrated-storage-import-workflow job but with glance in
standalone mode
vars:
devstack_services:
g-api-r: false
devstack_localrc:
GLANCE_STANDALONE: True
- job:
name: glance-ceph-thin-provisioning
parent: devstack-plugin-ceph-tempest-py3
description: |
Just like devstack-plugin-ceph-tempest-py3, but with thin provisioning enabled
required-projects:
- name: openstack/glance_store
vars:
devstack_local_conf:
post-config:
$GLANCE_API_CONF:
glance_store:
rbd_thin_provisioning: True
- project:
templates:
- check-requirements
- integrated-gate-storage
- openstack-python3-yoga-jobs
- periodic-stable-jobs
- publish-openstack-docs-pti
- release-notes-jobs-python3
check:
jobs:
- openstack-tox-functional-py36-fips
- openstack-tox-functional-py39
- glance-tox-functional-py39-rbac-defaults
- glance-code-constants-check
- glance-ceph-thin-provisioning:
voting: false
irrelevant-files: &tempest-irrelevant-files
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^api-ref/.*$
- ^glance/hacking/.*$
- ^glance/locale/.*$
- ^glance/tests/.*$
- ^doc/.*$
- ^releasenotes/.*$
- ^tools/.*$
- ^tox.ini$
- ^\.zuul\.yaml$
- tempest-integrated-storage:
irrelevant-files: *tempest-irrelevant-files
- tempest-integrated-storage-import:
irrelevant-files: *tempest-irrelevant-files
- tempest-integrated-storage-import-standalone:
irrelevant-files: *tempest-irrelevant-files
- glance-multistore-cinder-import-fips:
irrelevant-files: *tempest-irrelevant-files
- grenade:
irrelevant-files: *tempest-irrelevant-files
- tempest-ipv6-only:
irrelevant-files: *tempest-irrelevant-files
- nova-ceph-multistore:
irrelevant-files: *tempest-irrelevant-files
- glance-secure-rbac-protection-functional
gate:
jobs:
- openstack-tox-functional-py36
- openstack-tox-functional-py39
- tempest-integrated-storage:
irrelevant-files: *tempest-irrelevant-files
- tempest-integrated-storage-import:
irrelevant-files: *tempest-irrelevant-files
- tempest-integrated-storage-import-standalone:
irrelevant-files: *tempest-irrelevant-files
- grenade:
irrelevant-files: *tempest-irrelevant-files
- tempest-ipv6-only:
irrelevant-files: *tempest-irrelevant-files
- nova-ceph-multistore:
irrelevant-files: *tempest-irrelevant-files
- glance-secure-rbac-protection-functional
experimental:
jobs:
- glance-tox-py39-glance_store-tips
- glance-tox-py36-glance_store-tips
- glance-tox-functional-py39-glance_store-tips
- glance-tox-functional-py36-glance_store-tips
- barbican-tempest-plugin-simple-crypto
- grenade-multinode
- tempest-pg-full:
irrelevant-files: *tempest-irrelevant-files
periodic:
jobs:
# NOTE(rosmaita): we only want the "tips" jobs to be run against
# master, hence the 'branches' qualifiers below. Without them, when
# a stable branch is cut, the tests would be run against the stable
# branch as well, which is pointless because these libraries are
# frozen (more or less) in the stable branches.
#
# The "tips" jobs can be removed from the stable branch .zuul.yaml
# files if someone is so inclined, but that would require manual
# maintenance, so we do not do it by default. Another option is
# to define these jobs in the openstack/project-config repo.
# That would make us less agile in adjusting these tests, so we
# aren't doing that either.
- glance-tox-functional-py39-oslo-tips:
branches: master
- glance-tox-functional-py36-oslo-tips:
branches: master
- glance-tox-py39-keystone-tips:
branches: master
- glance-tox-py36-keystone-tips:
branches: master
- glance-tox-functional-py39-keystone-tips:
branches: master
- glance-tox-functional-py36-keystone-tips:
branches: master
- glance-tox-py39-glance_store-tips:
branches: master
- glance-tox-py36-glance_store-tips:
branches: master
- glance-tox-functional-py39-glance_store-tips:
branches: master
- glance-tox-functional-py36-glance_store-tips:
branches: master
- glance-tox-py39-cursive-tips:
branches: master
- glance-tox-py36-cursive-tips:
branches: master
- glance-tox-functional-py39-cursive-tips:
branches: master
- glance-tox-functional-py36-cursive-tips:
branches: master
View Git Blame Copy Permalink