Merge "Scoped RBAC Devstack Plugin support"
This commit is contained in:
Zuul
Gerrit Code Review
commit
c71583fc8a
|
|
@ -182,12 +182,26 @@ if [[ "$hostdomain" =~ "rax" ]]; then
|
|||
# we should make a helper method...
|
||||
fi
|
||||
|
||||
|
||||
# Oslo Policy, as of Wallaby defaults to not enforcing request scope
|
||||
# against requestors. This is anticipated to change in Xena or after
|
||||
# the Xena release of OpenStack.
|
||||
IRONIC_ENFORCE_SCOPE=$(trueorfalse False IRONIC_ENFORCE_SCOPE)
|
||||
|
||||
if [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]]; then
|
||||
OS_CLOUD=devstack-system-admin
|
||||
else
|
||||
OS_CLOUD=devstack-admin
|
||||
fi
|
||||
|
||||
# Versions and command line for API client
|
||||
IRONIC_DEFAULT_API_VERSION=${IRONIC_DEFAULT_API_VERSION:-}
|
||||
IRONIC_CMD="openstack baremetal"
|
||||
IRONIC_CMD="openstack --os-cloud $OS_CLOUD baremetal"
|
||||
if [[ -n "$IRONIC_DEFAULT_API_VERSION" ]]; then
|
||||
IRONIC_CMD="$IRONIC_CMD --os-baremetal-api-version $IRONIC_DEFAULT_API_VERSION"
|
||||
fi
|
||||
|
||||
# Settings!
|
||||
IRONIC_ENABLED_HARDWARE_TYPES=${IRONIC_ENABLED_HARDWARE_TYPES:-"ipmi,fake-hardware"}
|
||||
# list of all available driver interfaces types
|
||||
IRONIC_DRIVER_INTERFACE_TYPES="bios boot power management deploy console inspect raid rescue storage network vendor"
|
||||
|
|
@ -1324,7 +1338,7 @@ function configure_ironic_provision_network {
|
|||
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
|
||||
die_if_not_set $LINENO IRONIC_PROVISION_SUBNET_GATEWAY "You must specify the IRONIC_PROVISION_SUBNET_GATEWAY"
|
||||
|
||||
net_id=$(openstack network create --provider-network-type $IRONIC_PROVISION_PROVIDER_NETWORK_TYPE \
|
||||
net_id=$(openstack --os-cloud $OS_CLOUD network create --provider-network-type $IRONIC_PROVISION_PROVIDER_NETWORK_TYPE \
|
||||
--provider-physical-network "$PHYSICAL_NETWORK" \
|
||||
${IRONIC_PROVISION_SEGMENTATION_ID:+--provider-segment $IRONIC_PROVISION_SEGMENTATION_ID} \
|
||||
${IRONIC_PROVISION_NETWORK_NAME} -f value -c id)
|
||||
|
|
@ -1333,20 +1347,20 @@ function configure_ironic_provision_network {
|
|||
|
||||
if [[ "${IRONIC_USE_NEUTRON_SEGMENTS}" == "True" ]]; then
|
||||
local net_segment_id
|
||||
net_segment_id=$(openstack network segment list --network $net_id -f value -c ID)
|
||||
net_segment_id=$(openstack --os-cloud $OS_CLOUD network segment list --network $net_id -f value -c ID)
|
||||
die_if_not_set $LINENO net_segment_id "Failure getting net_segment_id for $IRONIC_PROVISION_NETWORK_NAME"
|
||||
fi
|
||||
|
||||
local subnet_id
|
||||
if [[ "$IRONIC_IP_VERSION" == '4' ]]; then
|
||||
subnet_id="$(openstack subnet create --ip-version 4 \
|
||||
subnet_id="$(openstack --os-cloud $OS_CLOUD subnet create --ip-version 4 \
|
||||
${IRONIC_PROVISION_ALLOCATION_POOL:+--allocation-pool $IRONIC_PROVISION_ALLOCATION_POOL} \
|
||||
${net_segment_id:+--network-segment $net_segment_id} \
|
||||
$IRONIC_PROVISION_PROVIDER_SUBNET_NAME \
|
||||
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
|
||||
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
|
||||
else
|
||||
subnet_id="$(openstack subnet create --ip-version 6 \
|
||||
subnet_id="$(openstack --os-cloud $OS_CLOUD subnet create --ip-version 6 \
|
||||
--ipv6-address-mode dhcpv6-stateful \
|
||||
--ipv6-ra-mode dhcpv6-stateful \
|
||||
--dns-nameserver 2001:4860:4860::8888 \
|
||||
|
|
@ -1355,21 +1369,21 @@ function configure_ironic_provision_network {
|
|||
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
|
||||
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
|
||||
# NOTE(TheJulia): router must be attached to the subnet for RAs.
|
||||
openstack router add subnet $IRONIC_ROUTER_NAME $subnet_id
|
||||
openstack --os-cloud $OS_CLOUD router add subnet $IRONIC_ROUTER_NAME $subnet_id
|
||||
|
||||
# We're going to be using this router of public access to tenant networks
|
||||
PUBLIC_ROUTER_ID=$(openstack router show -c id -f value $IRONIC_ROUTER_NAME)
|
||||
PUBLIC_ROUTER_ID=$(openstack --os-cloud $OS_CLOUD router show -c id -f value $IRONIC_ROUTER_NAME)
|
||||
fi
|
||||
|
||||
die_if_not_set $LINENO subnet_id "Failure creating SUBNET_ID for $IRONIC_PROVISION_NETWORK_NAME"
|
||||
|
||||
ironic_provision_network_ip=$IRONIC_PROVISION_SUBNET_GATEWAY
|
||||
else
|
||||
net_id=$(openstack network show $IRONIC_PROVISION_NETWORK_NAME -f value -c id)
|
||||
net_id=$(openstack --os-cloud $OS_CLOUD network show $IRONIC_PROVISION_NETWORK_NAME -f value -c id)
|
||||
ironic_provision_network_ip=$IRONIC_PROVISION_SUBNET_SUBNODE_IP
|
||||
fi
|
||||
|
||||
IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-`openstack network show ${net_id} -f value -c provider:segmentation_id`}
|
||||
IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-`openstack --os-cloud $OS_CLOUD network show ${net_id} -f value -c provider:segmentation_id`}
|
||||
provision_net_prefix=${IRONIC_PROVISION_SUBNET_PREFIX##*/}
|
||||
|
||||
# Set provision network GW on physical interface
|
||||
|
|
@ -1450,6 +1464,10 @@ function configure_ironic {
|
|||
if [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" == "" ]] || [[ "$IRONIC_JSON_RPC_AUTH_STRATEGY" == "keystone" ]]; then
|
||||
configure_client_for json_rpc
|
||||
fi
|
||||
if [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]]; then
|
||||
iniset $IRONIC_CONF_FILE oslo_policy enforce_scope true
|
||||
iniset $IRONIC_CONF_FILE oslo_policy enforce_new_defaults true
|
||||
fi
|
||||
|
||||
# Set fast track options
|
||||
iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK
|
||||
|
|
@ -1566,11 +1584,22 @@ function configure_client_for {
|
|||
# keystoneauth auth plugin options
|
||||
iniset $IRONIC_CONF_FILE $service_config_section auth_type password
|
||||
iniset $IRONIC_CONF_FILE $service_config_section auth_url $KEYSTONE_SERVICE_URI
|
||||
# NOTE(TheJulia): This list is likely to become long as we turn on
|
||||
# support for system scoped enforcement of other services, but for now,
|
||||
# we really only care about inspector and we can figure out the others
|
||||
# as time and their devstack code supports it.
|
||||
if [[ "$service_config_section" == "inspector" ]] && [[ "$IRONIC_INSPECTOR_ENFORCE_SCOPE" == "True" ]]; then
|
||||
iniset $IRONIC_CONF_FILE $service_config_section system_scope all
|
||||
iniset $IRONIC_CONF_FILE $service_config_section username admin
|
||||
iniset $IRONIC_CONF_FILE $service_config_section password $ADMIN_PASSWORD
|
||||
|
||||
else
|
||||
iniset $IRONIC_CONF_FILE $service_config_section username ironic
|
||||
iniset $IRONIC_CONF_FILE $service_config_section password $SERVICE_PASSWORD
|
||||
iniset $IRONIC_CONF_FILE $service_config_section project_name $SERVICE_PROJECT_NAME
|
||||
iniset $IRONIC_CONF_FILE $service_config_section user_domain_id default
|
||||
iniset $IRONIC_CONF_FILE $service_config_section project_domain_id default
|
||||
fi
|
||||
iniset $IRONIC_CONF_FILE $service_config_section user_domain_id default
|
||||
# keystoneauth session options
|
||||
iniset $IRONIC_CONF_FILE $service_config_section cafile $SSL_BUNDLE_FILE
|
||||
# keystoneauth adapter options
|
||||
|
|
@ -1900,16 +1929,25 @@ function start_ironic_api {
|
|||
fi
|
||||
}
|
||||
|
||||
# Unsets environment variables so the client doesn't try to be too smart
|
||||
# and reads from clouds.yaml.
|
||||
function remove_client_environment_variables {
|
||||
unset OS_PROJECT_DOMAIN_ID
|
||||
unset OS_PROJECT_NAME
|
||||
unset OS_USER_DOMAIN_ID
|
||||
}
|
||||
|
||||
# start_ironic_conductor() - Used by start_ironic().
|
||||
# Starts Ironic conductor.
|
||||
function start_ironic_conductor {
|
||||
run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE"
|
||||
|
||||
remove_client_environment_variables
|
||||
# Wait up to 30 seconds for ironic-conductor to start and register itself
|
||||
local attempt
|
||||
local max_attempts=7
|
||||
for attempt in $(seq 1 $max_attempts); do
|
||||
if openstack baremetal driver list | grep -q $IRONIC_DEPLOY_DRIVER; then
|
||||
if openstack --os-cloud $OS_CLOUD baremetal driver list | grep -q $IRONIC_DEPLOY_DRIVER; then
|
||||
break
|
||||
fi
|
||||
|
||||
|
|
@ -1918,7 +1956,7 @@ function start_ironic_conductor {
|
|||
fi
|
||||
|
||||
echo "Still waiting for ironic-conductor to start, current state:"
|
||||
openstack baremetal driver list
|
||||
openstack --os-cloud $OS_CLOUD baremetal driver list
|
||||
sleep 5
|
||||
done
|
||||
}
|
||||
|
|
@ -1944,7 +1982,7 @@ function create_ovs_taps {
|
|||
# need to create one in Neutron to know what netns to tap into prior to the
|
||||
# first node booting.
|
||||
local port_id
|
||||
port_id=$(openstack port create --network ${ironic_net_id} temp_port -c id -f value)
|
||||
port_id=$(openstack --os-cloud $OS_CLOUD port create --network ${ironic_net_id} temp_port -c id -f value)
|
||||
die_if_not_set $LINENO port_id "Failed to create neutron port"
|
||||
|
||||
# intentional sleep to make sure the tag has been set to port
|
||||
|
|
@ -1971,11 +2009,11 @@ function create_ovs_taps {
|
|||
sudo ovs-vsctl -- --if-exists del-port $brbm_tap -- add-port $IRONIC_VM_NETWORK_BRIDGE $brbm_tap
|
||||
|
||||
# Remove the port needed only for workaround.
|
||||
openstack port delete $port_id
|
||||
openstack --os-cloud $OS_CLOUD port delete $port_id
|
||||
|
||||
# Finally, share the fixed tenant network across all tenants. This allows the host
|
||||
# to serve TFTP to a single network namespace via the tap device created above.
|
||||
openstack network set $ironic_net_id --share
|
||||
openstack --os-cloud $OS_CLOUD network set $ironic_net_id --share
|
||||
}
|
||||
|
||||
function setup_qemu_log_hook {
|
||||
|
|
@ -2095,7 +2133,7 @@ SUBSHELL
|
|||
|
||||
if [[ -z "${IRONIC_PROVISION_NETWORK_NAME}" ]]; then
|
||||
local ironic_net_id
|
||||
ironic_net_id=$(openstack network show "$PRIVATE_NETWORK_NAME" -c id -f value)
|
||||
ironic_net_id=$(openstack --os-cloud $OS_CLOUD network show "$PRIVATE_NETWORK_NAME" -c id -f value)
|
||||
create_ovs_taps $ironic_net_id
|
||||
|
||||
# NOTE(vsaienko) Neutron no longer setup routing to private network.
|
||||
|
|
@ -2120,7 +2158,7 @@ SUBSHELL
|
|||
replace_range=${SUBNETPOOL_PREFIX_V6}
|
||||
fi
|
||||
fi
|
||||
pub_router_id=$(openstack router show $Q_ROUTER_NAME -f value -c id)
|
||||
pub_router_id=$(openstack --os-cloud $OS_CLOUD router show $Q_ROUTER_NAME -f value -c id)
|
||||
# Select the text starting at "src ", and grabbing the following field.
|
||||
r_net_gateway=$(sudo ip netns exec qrouter-$pub_router_id ip -$IRONIC_IP_VERSION route get $dns_server |grep dev | sed s/^.*src\ // |awk '{ print $1 }')
|
||||
sudo ip route replace $replace_range via $r_net_gateway
|
||||
|
|
@ -2149,9 +2187,9 @@ function wait_for_nova_resources {
|
|||
|
||||
# TODO(dtantsur): switch to Placement OSC plugin, once it exists
|
||||
local token
|
||||
token=$(openstack token issue -f value -c id)
|
||||
token=$(openstack --os-cloud $OS_CLOUD token issue -f value -c id)
|
||||
local endpoint
|
||||
endpoint=$(openstack endpoint list --service placement --interface public -f value -c URL)
|
||||
endpoint=$(openstack --os-cloud $OS_CLOUD endpoint list --service placement --interface public -f value -c URL)
|
||||
die_if_not_set $LINENO endpoint "Cannot find Placement API endpoint"
|
||||
|
||||
local i
|
||||
|
|
@ -2222,7 +2260,7 @@ function provide_nodes {
|
|||
local attempt
|
||||
for attempt in $(seq 1 $IRONIC_CLEANING_ATTEMPTS); do
|
||||
local available
|
||||
available=$(openstack baremetal node list --provision-state available -f value -c UUID)
|
||||
available=$(openstack --os-cloud $OS_CLOUD baremetal node list --provision-state available -f value -c UUID)
|
||||
|
||||
local nodes_not_finished=
|
||||
for node_id in $nodes; do
|
||||
|
|
@ -2252,7 +2290,7 @@ function wait_for_ironic_neutron_agent_report_state_for_all_nodes {
|
|||
local attempt
|
||||
for attempt in $(seq 1 $IRONIC_NEUTRON_AGENT_REPORT_STATE_ATTEMPTS); do
|
||||
local reported
|
||||
reported=$(openstack network agent list -f value -c Host -c Binary | grep ironic-neutron-agent | cut -d ' ' -f 1 | paste -s -d ' ')
|
||||
reported=$(openstack --os-cloud $OS_CLOUD network agent list -f value -c Host -c Binary | grep ironic-neutron-agent | cut -d ' ' -f 1 | paste -s -d ' ')
|
||||
echo "Currently reported nodes: $reported"
|
||||
|
||||
local can_break
|
||||
|
|
@ -2532,26 +2570,26 @@ function enroll_nodes {
|
|||
if [[ "$HOST_TOPOLOGY_ROLE" != "subnode" ]]; then
|
||||
local adjusted_disk
|
||||
adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
|
||||
openstack flavor create --ephemeral $ironic_ephemeral_disk --ram $ironic_node_ram --disk $adjusted_disk --vcpus $ironic_node_cpu baremetal
|
||||
openstack --os-cloud $OS_CLOUD flavor create --ephemeral $ironic_ephemeral_disk --ram $ironic_node_ram --disk $adjusted_disk --vcpus $ironic_node_cpu baremetal
|
||||
|
||||
local resource_class=${IRONIC_DEFAULT_RESOURCE_CLASS^^}
|
||||
openstack flavor set baremetal --property "resources:CUSTOM_$resource_class"="1"
|
||||
openstack flavor set baremetal --property "resources:DISK_GB"="0"
|
||||
openstack flavor set baremetal --property "resources:MEMORY_MB"="0"
|
||||
openstack flavor set baremetal --property "resources:VCPU"="0"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "resources:CUSTOM_$resource_class"="1"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "resources:DISK_GB"="0"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "resources:MEMORY_MB"="0"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "resources:VCPU"="0"
|
||||
|
||||
openstack flavor set baremetal --property "cpu_arch"="$ironic_node_arch"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "cpu_arch"="$ironic_node_arch"
|
||||
|
||||
if [[ "$IRONIC_BOOT_MODE" == "uefi" ]]; then
|
||||
openstack flavor set baremetal --property "capabilities:boot_mode"="uefi"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "capabilities:boot_mode"="uefi"
|
||||
fi
|
||||
|
||||
for trait in $IRONIC_DEFAULT_TRAITS; do
|
||||
openstack flavor set baremetal --property "trait:$trait"="required"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "trait:$trait"="required"
|
||||
done
|
||||
|
||||
if [[ "$IRONIC_SECURE_BOOT" == "True" ]]; then
|
||||
openstack flavor set baremetal --property "capabilities:secure_boot"="true"
|
||||
openstack --os-cloud $OS_CLOUD flavor set baremetal --property "capabilities:secure_boot"="true"
|
||||
fi
|
||||
|
||||
# NOTE(dtantsur): sometimes nova compute fails to start with ironic due
|
||||
|
|
@ -2846,7 +2884,12 @@ function upload_baremetal_ironic_efiboot {
|
|||
fi
|
||||
|
||||
# load efiboot into glance
|
||||
IRONIC_EFIBOOT_ID=$(openstack \
|
||||
# NOTE(TheJulia): Glance requires a project ID be submitted with the
|
||||
# request *or* we just do it as the project scoped admin using the admin
|
||||
# project which in devstack's case is the demo project.
|
||||
# In other words, we can't use devstack-system-admin to upload the image
|
||||
# unless we set the project_id in the create reqeust.
|
||||
IRONIC_EFIBOOT_ID=$(openstack --os-cloud devstack-admin \
|
||||
image create \
|
||||
$efiboot_name \
|
||||
--public --disk-format=raw \
|
||||
|
|
@ -2920,7 +2963,7 @@ function upload_baremetal_ironic_deploy {
|
|||
|
||||
# load them into glance
|
||||
if ! is_deploy_iso_required; then
|
||||
IRONIC_DEPLOY_KERNEL_ID=$(openstack \
|
||||
IRONIC_DEPLOY_KERNEL_ID=$(openstack --os-cloud devstack-admin \
|
||||
image create \
|
||||
$ironic_deploy_kernel_name \
|
||||
--public --disk-format=aki \
|
||||
|
|
@ -2928,7 +2971,7 @@ function upload_baremetal_ironic_deploy {
|
|||
< $IRONIC_DEPLOY_KERNEL | grep ' id ' | get_field 2)
|
||||
die_if_not_set $LINENO IRONIC_DEPLOY_KERNEL_ID "Failed to load kernel image into glance"
|
||||
|
||||
IRONIC_DEPLOY_RAMDISK_ID=$(openstack \
|
||||
IRONIC_DEPLOY_RAMDISK_ID=$(openstack --os-cloud devstack-admin \
|
||||
image create \
|
||||
$ironic_deploy_ramdisk_name \
|
||||
--public --disk-format=ari \
|
||||
|
|
@ -2937,7 +2980,7 @@ function upload_baremetal_ironic_deploy {
|
|||
die_if_not_set $LINENO IRONIC_DEPLOY_RAMDISK_ID "Failed to load ramdisk image into glance"
|
||||
|
||||
else
|
||||
IRONIC_DEPLOY_ISO_ID=$(openstack \
|
||||
IRONIC_DEPLOY_ISO_ID=$(openstack --os-cloud devstack-admin \
|
||||
image create \
|
||||
$(basename $IRONIC_DEPLOY_ISO) \
|
||||
--public --disk-format=iso \
|
||||
|
|
@ -2949,8 +2992,8 @@ function upload_baremetal_ironic_deploy {
|
|||
if is_ansible_with_tinyipa; then
|
||||
ironic_deploy_ramdisk_name="ansible-$ironic_deploy_ramdisk_name"
|
||||
fi
|
||||
IRONIC_DEPLOY_KERNEL_ID=$(openstack image show $ironic_deploy_kernel_name -f value -c id)
|
||||
IRONIC_DEPLOY_RAMDISK_ID=$(openstack image show $ironic_deploy_ramdisk_name -f value -c id)
|
||||
IRONIC_DEPLOY_KERNEL_ID=$(openstack --os-cloud $OS_CLOUD image show $ironic_deploy_kernel_name -f value -c id)
|
||||
IRONIC_DEPLOY_RAMDISK_ID=$(openstack --os-cloud $OS_CLOUD image show $ironic_deploy_ramdisk_name -f value -c id)
|
||||
fi
|
||||
|
||||
iniset $IRONIC_CONF_FILE conductor deploy_kernel $IRONIC_DEPLOY_KERNEL_ID
|
||||
|
|
@ -3063,7 +3106,7 @@ function ironic_configure_tempest {
|
|||
|
||||
if is_service_enabled nova; then
|
||||
local bm_flavor_id
|
||||
bm_flavor_id=$(openstack flavor show baremetal -f value -c id)
|
||||
bm_flavor_id=$(openstack --os-cloud $OS_CLOUD flavor show baremetal -f value -c id)
|
||||
die_if_not_set $LINENO bm_flavor_id "Failed to get id of baremetal flavor"
|
||||
iniset $TEMPEST_CONFIG compute flavor_ref $bm_flavor_id
|
||||
iniset $TEMPEST_CONFIG compute flavor_ref_alt $bm_flavor_id
|
||||
|
|
@ -3092,13 +3135,13 @@ function ironic_configure_tempest {
|
|||
|
||||
if is_service_enabled glance; then
|
||||
local image_uuid
|
||||
image_uuid=$(openstack image show $IRONIC_IMAGE_NAME -f value -c id)
|
||||
image_uuid=$(openstack --os-cloud $OS_CLOUD image show $IRONIC_IMAGE_NAME -f value -c id)
|
||||
iniset $TEMPEST_CONFIG compute image_ref $image_uuid
|
||||
iniset $TEMPEST_CONFIG compute image_ref_alt $image_uuid
|
||||
|
||||
image_uuid=$(openstack image show $IRONIC_WHOLEDISK_IMAGE_NAME -f value -c id)
|
||||
image_uuid=$(openstack --os-cloud $OS_CLOUD image show $IRONIC_WHOLEDISK_IMAGE_NAME -f value -c id)
|
||||
iniset $TEMPEST_CONFIG baremetal whole_disk_image_ref $image_uuid
|
||||
image_uuid=$(openstack image show $IRONIC_PARTITIONED_IMAGE_NAME -f value -c id)
|
||||
image_uuid=$(openstack --os-cloud $OS_CLOUD image show $IRONIC_PARTITIONED_IMAGE_NAME -f value -c id)
|
||||
iniset $TEMPEST_CONFIG baremetal partition_image_ref $image_uuid
|
||||
fi
|
||||
|
||||
|
|
@ -3154,6 +3197,11 @@ function ironic_configure_tempest {
|
|||
# not enable it for real hardware, at least for now.
|
||||
iniset $TEMPEST_CONFIG baremetal_feature_enabled adoption True
|
||||
fi
|
||||
|
||||
if [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]]; then
|
||||
iniset $TEMPEST_CONFIG enforce_scope ironic True
|
||||
iniset $TEMPEST_CONFIG enforce_scope ironic_inspector True
|
||||
fi
|
||||
}
|
||||
|
||||
function get_ironic_node_prefix {
|
||||
|
|
|
|||
|
|
@ -185,6 +185,7 @@
|
|||
IRONIC_VM_VOLUME_COUNT: 2
|
||||
IRONIC_VM_SPECS_RAM: 1024
|
||||
IRONIC_VM_SPECS_CPU: 1
|
||||
IRONIC_ENFORCE_SCOPE: True
|
||||
# We're using a lot of disk space in this job. Some testing nodes have
|
||||
# a small root partition, so use /opt which is mounted from a bigger
|
||||
# ephemeral partition on such nodes
|
||||
|
|
@ -309,6 +310,7 @@
|
|||
IRONIC_TEMPEST_WHOLE_DISK_IMAGE: True
|
||||
IRONIC_VM_EPHEMERAL_DISK: 0
|
||||
IRONIC_AUTOMATED_CLEAN_ENABLED: False
|
||||
IRONIC_ENFORCE_SCOPE: True
|
||||
|
||||
- job:
|
||||
name: ironic-tempest-ipa-partition-uefi-pxe_ipmitool
|
||||
|
|
@ -348,6 +350,7 @@
|
|||
IRONIC_AUTOMATED_CLEAN_ENABLED: False
|
||||
SWIFT_ENABLE_TEMPURLS: True
|
||||
SWIFT_TEMPURL_KEY: secretkey
|
||||
IRONIC_ENFORCE_SCOPE: True
|
||||
devstack_services:
|
||||
c-api: True
|
||||
c-bak: True
|
||||
|
|
@ -396,6 +399,17 @@
|
|||
s-object: True
|
||||
s-proxy: True
|
||||
|
||||
- job:
|
||||
name: ironic-inspector-tempest-rbac-scope-enforced
|
||||
description: ironic-inspector-tempest-rbac-scope-enforced
|
||||
parent: ironic-inspector-tempest
|
||||
required-projects:
|
||||
- openstack/ironic-inspector
|
||||
vars:
|
||||
devstack_localrc:
|
||||
IRONIC_ENFORCE_SCOPE: True
|
||||
IRONIC_INSPECTOR_ENFORCE_SCOPE: True
|
||||
|
||||
- job:
|
||||
name: ironic-tempest-functional-python3
|
||||
description: ironic-tempest-functional-python3
|
||||
|
|
@ -431,6 +445,14 @@
|
|||
q-metering: False
|
||||
q-svc: False
|
||||
|
||||
- job:
|
||||
name: ironic-tempest-functional-rbac-scope-enforced
|
||||
description: ironic-tempest-funcitonal-rbac-scope-enforced
|
||||
parent: ironic-tempest-functional-python3
|
||||
vars:
|
||||
devstack_localrc:
|
||||
IRONIC_ENFORCE_SCOPE: True
|
||||
|
||||
- job:
|
||||
name: ironic-tempest-ipa-wholedisk-direct-tinyipa-multinode
|
||||
description: ironic-tempest-ipa-wholedisk-direct-tinyipa-multinode
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
jobs:
|
||||
- ironic-tox-unit-with-driver-libs
|
||||
- ironic-tempest-functional-python3
|
||||
- ironic-tempest-functional-rbac-scope-enforced
|
||||
- ironic-grenade
|
||||
- ironic-standalone
|
||||
- ironic-standalone-redfish
|
||||
|
|
@ -41,6 +42,8 @@
|
|||
voting: false
|
||||
- ironic-tempest-ipa-wholedisk-bios-ipmi-direct-dib:
|
||||
voting: false
|
||||
- ironic-inspector-tempest-rbac-scope-enforced:
|
||||
voting: false
|
||||
- bifrost-integration-tinyipa-ubuntu-focal:
|
||||
voting: false
|
||||
- bifrost-integration-redfish-vmedia-uefi-centos-8:
|
||||
|
|
@ -54,6 +57,7 @@
|
|||
jobs:
|
||||
- ironic-tox-unit-with-driver-libs
|
||||
- ironic-tempest-functional-python3
|
||||
- ironic-tempest-functional-rbac-scope-enforced
|
||||
- ironic-grenade
|
||||
- ironic-standalone
|
||||
- ironic-standalone-redfish
|
||||
|
|
|
|||
Loading…
Reference in New Issue