CI: Fix devstack plugin with RBAC changes

Changes a neutron call to be project scoped as system
scoped can't create a resource and, and removes the unset
which no longer makes sense now that
I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
has merged removing the legacy vars from devstack.

Also renames intenral use setting of OS_CLOUD to IRONIC_OS_CLOUD
as some services were still working with system scope or some sort
of mixed state occuring previously as some of the environment variables
were present still, however they have been removed from devstack.

This change *does* explicitly set an OS_CLOUD variable as well on
the base ironic job. This is because things like grenade for Xena
will expect the variable to be present.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/818449
Change-Id: I912527d7396a9c6d8ee7e90f0c3fd84461d443c1
This commit is contained in:
Julia Kreger 2021-11-18 11:52:30 -08:00
parent f90b5a6c11
commit 350c2f7a50
2 changed files with 24 additions and 19 deletions

View File

@ -189,14 +189,14 @@ fi
IRONIC_ENFORCE_SCOPE=$(trueorfalse False IRONIC_ENFORCE_SCOPE) IRONIC_ENFORCE_SCOPE=$(trueorfalse False IRONIC_ENFORCE_SCOPE)
if [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]]; then if [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]]; then
OS_CLOUD=devstack-system-admin IRONIC_OS_CLOUD=devstack-system-admin
else else
OS_CLOUD=devstack-admin IRONIC_OS_CLOUD=devstack-admin
fi fi
# Versions and command line for API client # Versions and command line for API client
IRONIC_DEFAULT_API_VERSION=${IRONIC_DEFAULT_API_VERSION:-} IRONIC_DEFAULT_API_VERSION=${IRONIC_DEFAULT_API_VERSION:-}
IRONIC_CMD="openstack --os-cloud $OS_CLOUD baremetal" IRONIC_CMD="openstack --os-cloud $IRONIC_OS_CLOUD baremetal"
if [[ -n "$IRONIC_DEFAULT_API_VERSION" ]]; then if [[ -n "$IRONIC_DEFAULT_API_VERSION" ]]; then
IRONIC_CMD="$IRONIC_CMD --os-baremetal-api-version $IRONIC_DEFAULT_API_VERSION" IRONIC_CMD="$IRONIC_CMD --os-baremetal-api-version $IRONIC_DEFAULT_API_VERSION"
fi fi
@ -1972,25 +1972,16 @@ function start_ironic_api {
fi fi
} }
# Unsets environment variables so the client doesn't try to be too smart
# and reads from clouds.yaml.
function remove_client_environment_variables {
unset OS_PROJECT_DOMAIN_ID
unset OS_PROJECT_NAME
unset OS_USER_DOMAIN_ID
}
# start_ironic_conductor() - Used by start_ironic(). # start_ironic_conductor() - Used by start_ironic().
# Starts Ironic conductor. # Starts Ironic conductor.
function start_ironic_conductor { function start_ironic_conductor {
run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE" run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE"
remove_client_environment_variables
# Wait up to 30 seconds for ironic-conductor to start and register itself # Wait up to 30 seconds for ironic-conductor to start and register itself
local attempt local attempt
local max_attempts=7 local max_attempts=7
for attempt in $(seq 1 $max_attempts); do for attempt in $(seq 1 $max_attempts); do
if openstack --os-cloud $OS_CLOUD baremetal driver list | grep -q $IRONIC_DEPLOY_DRIVER; then if openstack --os-cloud $IRONIC_OS_CLOUD baremetal driver list | grep -q $IRONIC_DEPLOY_DRIVER; then
break break
fi fi
@ -1999,7 +1990,7 @@ function start_ironic_conductor {
fi fi
echo "Still waiting for ironic-conductor to start, current state:" echo "Still waiting for ironic-conductor to start, current state:"
openstack --os-cloud $OS_CLOUD baremetal driver list openstack --os-cloud $IRONIC_OS_CLOUD baremetal driver list
sleep 5 sleep 5
done done
} }
@ -2024,8 +2015,10 @@ function create_ovs_taps {
# Work around: No netns exists on host until a Neutron port is created. We # Work around: No netns exists on host until a Neutron port is created. We
# need to create one in Neutron to know what netns to tap into prior to the # need to create one in Neutron to know what netns to tap into prior to the
# first node booting. # first node booting.
# NOTE(TheJulia): So.. Neutron doesn't allow a port to be created as a
# system scoped admin, which makes sense.
local port_id local port_id
port_id=$(openstack --os-cloud $OS_CLOUD port create --network ${ironic_net_id} temp_port -c id -f value) port_id=$(openstack --os-cloud devstack-admin port create --network ${ironic_net_id} temp_port -c id -f value)
die_if_not_set $LINENO port_id "Failed to create neutron port" die_if_not_set $LINENO port_id "Failed to create neutron port"
# intentional sleep to make sure the tag has been set to port # intentional sleep to make sure the tag has been set to port
@ -2230,9 +2223,9 @@ function wait_for_nova_resources {
# TODO(dtantsur): switch to Placement OSC plugin, once it exists # TODO(dtantsur): switch to Placement OSC plugin, once it exists
local token local token
token=$(openstack --os-cloud $OS_CLOUD token issue -f value -c id) token=$(openstack --os-cloud $IRONIC_OS_CLOUD token issue -f value -c id)
local endpoint local endpoint
endpoint=$(openstack --os-cloud $OS_CLOUD endpoint list --service placement --interface public -f value -c URL) endpoint=$(openstack --os-cloud $IRONIC_OS_CLOUD endpoint list --service placement --interface public -f value -c URL)
die_if_not_set $LINENO endpoint "Cannot find Placement API endpoint" die_if_not_set $LINENO endpoint "Cannot find Placement API endpoint"
local i local i
@ -2303,7 +2296,7 @@ function provide_nodes {
local attempt local attempt
for attempt in $(seq 1 $IRONIC_CLEANING_ATTEMPTS); do for attempt in $(seq 1 $IRONIC_CLEANING_ATTEMPTS); do
local available local available
available=$(openstack --os-cloud $OS_CLOUD baremetal node list --provision-state available -f value -c UUID) available=$(openstack --os-cloud $IRONIC_OS_CLOUD baremetal node list --provision-state available -f value -c UUID)
local nodes_not_finished= local nodes_not_finished=
for node_id in $nodes; do for node_id in $nodes; do
@ -3140,7 +3133,7 @@ function ironic_configure_tempest {
if is_service_enabled nova; then if is_service_enabled nova; then
local bm_flavor_id local bm_flavor_id
bm_flavor_id=$(openstack --os-cloud $OS_CLOUD flavor show baremetal -f value -c id) bm_flavor_id=$(openstack --os-cloud $IRONIC_OS_CLOUD flavor show baremetal -f value -c id)
die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor" die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor"
iniset $TEMPEST_CONFIG compute flavor_ref $bm_flavor_id iniset $TEMPEST_CONFIG compute flavor_ref $bm_flavor_id
iniset $TEMPEST_CONFIG compute flavor_ref_alt $bm_flavor_id iniset $TEMPEST_CONFIG compute flavor_ref_alt $bm_flavor_id

View File

@ -64,6 +64,13 @@
# causes us an abnormally high job failure rate due to the ports # causes us an abnormally high job failure rate due to the ports
# not being found (as neutron crashed on initailization). # not being found (as neutron crashed on initailization).
Q_USE_SECGROUP: False Q_USE_SECGROUP: False
# NOTE(TheJulia): Project scoped admin as of Yoga cycle
# the core devstack code doesn't assert any environment variables
# upfront except for OS_CLOUd, which is defaulted to devstack-admin
# in the last keystone step which executes after ironic's base setup
# occurs. We navigate this just fine for yoga with fixes, however
# we need this variable for Xena and possibly Wallaby grenade.
OS_CLOUD: devstack-admin
devstack_plugins: devstack_plugins:
ironic: https://opendev.org/openstack/ironic ironic: https://opendev.org/openstack/ironic
tempest_plugins: tempest_plugins:
@ -854,6 +861,11 @@
SWIFT_TEMPURL_KEY: secretkey SWIFT_TEMPURL_KEY: secretkey
EBTABLES_RACE_FIX: True EBTABLES_RACE_FIX: True
LIBVIRT_STORAGE_POOL_PATH: /opt/libvirt/images LIBVIRT_STORAGE_POOL_PATH: /opt/libvirt/images
# NOTE(TheJulia): For now, not all services are aware
# of SRBAC and devstack changes have occured which
# delay this being set until after ironic's initial
# setup.
OS_CLOUD: devstack-admin
old: old:
IRONIC_VM_LOG_DIR: '{{ devstack_bases.old }}/ironic-bm-logs' IRONIC_VM_LOG_DIR: '{{ devstack_bases.old }}/ironic-bm-logs'
grenade_localrc: grenade_localrc: