openstack/kayobe
Code Issues Proposed changes
Files
c8f105a9070e25cee613962683639a351aad185c
kayobe/ansible/roles/kolla-ansible/tests/test-extras.yml
Mark Goddard c8f105a907 Support internal API TLS encryption 
Kolla Ansible Train introduces support for TLS encryption of the
internal API. This change introduces support for internal API encryption
in Kayobe.

The following new variables are introduced:

* kolla_enable_tls_internal
* kolla_internal_tls_cert
* kolla_internal_fqdn_cacert

Also only set kolla_*_fqdn_cacert in globals.yml if set.

Change-Id: If432afde374fe247d09c952e110c9567e17daea1
Story: 2006959
Task: 37649
2019-12-11 17:13:38 +00:00

513 lines
20 KiB
YAML
Raw Blame History

---
- hosts: localhost
connection: local
tasks:
- name: Add a seed host to the inventory
add_host:
name: test-seed
groups: seed
ansible_host: "1.2.3.4"
kolla_api_interface: "eth0"
kolla_bifrost_network_interface: "eth1"
- name: Add a controller host to the inventory
add_host:
name: test-controller
groups: controllers
ansible_host: "1.2.3.5"
kolla_network_interface: "eth0"
kolla_external_vip_interface: "eth1"
kolla_api_interface: "eth2"
kolla_storage_interface: "eth3"
kolla_cluster_interface: "eth4"
kolla_dns_interface: "eth5"
kolla_neutron_external_interfaces: "eth6,eth7"
kolla_neutron_bridge_names: "br0,br1"
kolla_provision_interface: "eth8"
kolla_inspector_dnsmasq_interface: "eth9"
kolla_tunnel_interface: "eth10"
kolla_ceph_storage_interface: "eth11"
kolla_ceph_cluster_interface: "eth12"
kolla_swift_storage_interface: "eth13"
kolla_swift_replication_interface: "eth14"
- name: Add a compute host to the inventory
add_host:
name: test-compute
groups: compute
ansible_host: "1.2.3.6"
kolla_network_interface: "eth0"
kolla_api_interface: "eth2"
kolla_storage_interface: "eth3"
kolla_neutron_external_interfaces: "eth4,eth5"
kolla_neutron_bridge_names: "br0,br1"
kolla_tunnel_interface: "eth6"
kolla_ceph_storage_interface: "eth7"
- name: Create a temporary directory
tempfile:
state: directory
register: tempfile_result
- block:
- name: Test the kolla-ansible role with default values
include_role:
name: ../../kolla-ansible
vars:
kolla_ansible_source_path: "{{ temp_path }}/src"
kolla_ansible_ctl_install_type: "source"
kolla_ansible_source_url: "http://github.com/openstack/kolla-ansible"
kolla_ansible_source_version: "master"
kolla_ansible_venv: "{{ temp_path }}/venv"
kolla_ansible_vault_password: "fake-password"
kolla_config_path: "{{ temp_path }}/etc/kolla"
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
# Config.
kolla_ansible_user: "fake-user"
kolla_ansible_group: "fake-group"
kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type"
kolla_docker_namespace: "fake-namespace"
kolla_docker_registry: "fake-registry"
kolla_docker_registry_username: "fake-username"
kolla_docker_registry_password: "fake-password"
kolla_openstack_release: "fake-release"
kolla_internal_vip_address: "10.0.0.1"
kolla_internal_fqdn: "fake.internal.fqdn"
kolla_external_vip_address: "10.0.0.2"
kolla_external_fqdn: "fake.external.fqdn"
# Inventory mapping.
kolla_overcloud_inventory_top_level_group_map:
control:
groups:
- controllers
compute:
groups:
- compute
kolla_overcloud_inventory_kolla_top_level_groups:
- "control"
- "compute"
kolla_neutron_ml2_type_drivers:
- "fake-ml2-type-1"
- "fake-ml2-type-2"
kolla_neutron_ml2_tenant_network_types:
- "fake-ml2-tenant-type-1"
- "fake-ml2-tenant-type-2"
kolla_enable_tls_external: False
kolla_external_fqdn_cert: "fake-cert"
kolla_enable_tls_internal: False
kolla_internal_fqdn_cert: "fake-cert"
kolla_openstack_logging_debug: True
grafana_local_admin_user_name: "grafana-admin"
kolla_inspector_dhcp_pool_start: "1.2.3.4"
kolla_inspector_dhcp_pool_end: "1.2.3.5"
kolla_inspector_default_gateway: "1.2.3.6"
# Enable everything.
kolla_enable_aodh: True
kolla_enable_barbican: True
kolla_enable_blazar: True
kolla_enable_ceilometer: True
kolla_enable_central_logging: True
kolla_enable_ceph: True
kolla_enable_ceph_rgw: True
kolla_enable_chrony: True
kolla_enable_cinder: True
kolla_enable_cinder_backend_hnas_iscsi: True
kolla_enable_cinder_backend_hnas_nfs: True
kolla_enable_cinder_backend_iscsi: True
kolla_enable_cinder_backend_lvm: True
kolla_enable_cinder_backend_nfs: True
kolla_enable_cloudkitty: True
kolla_enable_congress: True
kolla_enable_designate: True
kolla_enable_elasticsearch: True
kolla_enable_etcd: True
kolla_enable_freezer: True
kolla_enable_gnocchi: True
kolla_enable_grafana: True
kolla_enable_haproxy: True
kolla_enable_heat: True
kolla_enable_horizon: True
kolla_enable_influxdb: True
kolla_enable_ironic: True
kolla_enable_ironic_neutron_agent: True
kolla_enable_kafka: True
kolla_enable_karbor: True
kolla_enable_kibana: True
kolla_enable_kuryr: True
kolla_enable_magnum: True
kolla_enable_manila: True
kolla_enable_manila_backend_generic: True
kolla_enable_manila_backend_hnas: True
kolla_enable_mariadb: True
kolla_enable_mistral: True
kolla_enable_monasca: True
kolla_enable_mongodb: True
kolla_enable_murano: True
kolla_enable_multipathd: True
kolla_enable_neutron_agent_ha: True
kolla_enable_neutron_bgp_dragent: True
kolla_enable_neutron_dvr: True
kolla_enable_neutron_fwaas: True
kolla_enable_neutron_lbaas: True
kolla_enable_neutron_provider_networks: True
kolla_enable_neutron_qos: True
kolla_enable_neutron_vpnaas: True
kolla_enable_nova_serialconsole_proxy: True
kolla_enable_octavia: True
kolla_enable_osprofiler: True
kolla_enable_panko: True
kolla_enable_prometheus: True
kolla_enable_rally: True
kolla_enable_searchlight: True
kolla_enable_sahara: True
kolla_enable_senlin: True
kolla_enable_skydive: True
kolla_enable_solum: True
kolla_enable_storm: True
kolla_enable_swift: True
kolla_enable_tacker: True
kolla_enable_telegraf: True
kolla_enable_tempest: True
kolla_enable_trove: True
kolla_enable_watcher: True
kolla_enable_zookeeper: True
kolla_enable_zun: True
kolla_extra_globals:
extra-global-1: "extra-val-1"
extra-global-2: "extra-val-2"
kolla_ansible_custom_passwords:
custom-password-1: "custom-password-1"
custom-password-2: "custom-password-2"
kolla_nova_compute_ironic_host: "controller1"
- name: Verify kolla-ansible installation
shell: ". {{ temp_path }}/venv/bin/activate && kolla-ansible -h"
changed_when: False
- name: Verify ansible installation
command: "{{ temp_path }}/venv/bin/ansible -h"
changed_when: False
- name: Validate variables are absent from globals.yml
debug:
var: globals_yml
vars:
# NOTE: Can't use set_fact for this, as it causes kolla-ansible
# Jinja expressions to be evaluated.
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
- name: Validate globals.yml contents
assert:
that:
- item.key in globals_yml
- globals_yml[item.key] == item.value
msg: >
Unexpected value for variable "{{ item.key }}" in globals.yml.
Expected "{{ item.value }}", actual
"{{ globals_yml.get(item.key, '<missing>') }}".
with_dict: "{{ expected_variables }}"
vars:
# NOTE: Can't use set_fact for this, as it causes kolla-ansible
# Jinja expressions to be evaluated.
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
expected_variables:
config_strategy: "COPY_ALWAYS"
kolla_user: "fake-user"
kolla_group: "fake-group"
kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type"
openstack_release: "fake-release"
kolla_internal_vip_address: "10.0.0.1"
kolla_internal_fqdn: "fake.internal.fqdn"
kolla_external_vip_address: "10.0.0.2"
kolla_external_fqdn: "fake.external.fqdn"
node_custom_config: "{{ temp_path }}/etc/kolla/config"
docker_namespace: "fake-namespace"
docker_registry: "fake-registry"
docker_registry_username: "fake-username"
docker_registry_password: "fake-password"
neutron_plugin_agent: "openvswitch"
kolla_enable_tls_external: False
kolla_external_fqdn_cert: "fake-cert"
kolla_enable_tls_internal: False
kolla_internal_fqdn_cert: "fake-cert"
openstack_logging_debug: True
grafana_admin_username: "grafana-admin"
ironic_dnsmasq_dhcp_range: "1.2.3.4,1.2.3.5"
ironic_dnsmasq_default_gateway: "1.2.3.6"
# NOTE: The following options are not present in globals.yml.
# It's possible this is related to the use of hostvars and
# include_role, caused by something like
# https://github.com/ansible/ansible/issues/19305.
#enable_aodh: True
#enable_barbican: True
#enable_blazar: True
#enable_ceilometer: True
#enable_central_logging: True
#enable_ceph: True
#enable_ceph_rgw: True
#enable_chrony: True
#enable_cinder: True
#enable_cinder_backend_iscsi: True
#enable_cinder_backend_hnas_iscsi: True
#enable_cinder_backend_hnas_nfs: True
#enable_cinder_backend_lvm: True
#enable_cinder_backend_nfs: True
#enable_cloudkitty: True
#enable_congress: True
#enable_designate: True
#enable_elasticsearch: True
#enable_etcd: True
#enable_freezer: True
#enable_gnocchi: True
#enable_grafana: True
#enable_haproxy: True
#enable_heat: True
#enable_horizon: True
#enable_influxdb: True
#enable_ironic: True
#enable_ironic_neutron_agent: True
#enable_kafka: True
#enable_karbor: True
#enable_kibana: True
#enable_kuryr: True
#enable_magnum: True
#enable_manila: True
#enable_manila_backend_generic: True
#enable_manila_backend_hnas: True
#enable_mariadb: True
#enable_mistral: True
#enable_monasca: True
#enable_mongodb: True
#enable_murano: True
#enable_multipathd: True
#enable_neutron_agent_ha: True
#enable_neutron_bgp_dragent: True
#enable_neutron_dvr: True
#enable_neutron_fwaas: True
#enable_neutron_lbaas: True
#enable_neutron_provider_networks: True
#enable_neutron_qos: True
#enable_neutron_vpnaas: True
#enable_nova_serialconsole_proxy: True
#enable_octavia: True
#enable_osprofiler: True
#enable_panko: True
#enable_prometheus: True
#enable_rally: True
#enable_sahara: True
#enable_searchlight: True
#enable_skydive: True
#enable_solum: True
#enable_senlin: True
#enable_storm: True
#enable_swift: True
#enable_tacker: True
#enable_telegraf: True
#enable_tempest: True
#enable_trove: True
#enable_watcher: True
#enable_zookeeper: True
#enable_zun: True
extra-global-1: "extra-val-1"
extra-global-2: "extra-val-2"
- name: Validate variables are absent from globals.yml
assert:
that: item not in globals_yml
msg: >
Unexpected variable "{{ item }}" found in globals.yml, value
"{{ globals_yml.get(item) }}".
with_items: "{{ unexpected_variables }}"
vars:
# NOTE: Can't use set_fact for this, as it causes kolla-ansible
# Jinja expressions to be evaluated.
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
unexpected_variables:
- enable_glance
- enable_ironic
- enable_neutron
- enable_nova
- network_interface
- api_interface
- kolla_external_vip_interface
- storage_interface
- cluster_interface
- ceph_storage_interface
- ceph_cluster_interface
- swift_storage_interface
- swift_replication_interface
- provision_interface
- ironic_dnsmasq_interface
- dns_interface
- tunnel_interface
- bifrost_network_interface
- neutron_external_interface
- neutron_bridge_name
- name: Create a vault password file
copy:
content: "fake-password"
dest: "{{ temp_path ~ '/vault-pass' }}"
- name: Decrypt passwords.yml
command: ansible-vault decrypt --vault-password-file {{ temp_path ~ '/vault-pass' }} {{ temp_path ~ '/etc/kolla/passwords.yml' }}
changed_when: False
- name: Validate passwords.yml contents
assert:
that: item in passwords_yml
msg: >
Expected variable "{{ item }}" not present in passwords.yml.
with_items: "{{ expected_variables }}"
vars:
# NOTE: Can't use set_fact for this, as it causes kolla-ansible
# Jinja expressions to be evaluated.
passwords_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/passwords.yml') | from_yaml }}"
expected_variables:
- database_password
- custom-password-1
- custom-password-2
- name: Validate passwords.yml custom passwords
assert:
that:
- item.key in passwords_yml
- passwords_yml[item.key] == item.value
msg: >
Expected custom password "{{ item.key }}" not present in passwords.yml.
with_dict: "{{ expected_variables }}"
vars:
# NOTE: Can't use set_fact for this, as it causes kolla-ansible
# Jinja expressions to be evaluated.
passwords_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/passwords.yml') | from_yaml }}"
expected_variables:
custom-password-1: custom-password-1
custom-password-2: custom-password-2
- name: Check whether inventory files exist
stat:
path: "{{ temp_path ~ '/etc/kolla/inventory/' ~ item ~ '/hosts' }}"
with_items:
- seed
- overcloud
register: inventory_stat
- name: Validate inventory files
assert:
that:
- item.stat.exists
- item.stat.size > 0
msg: >
Inventory file {{ item.item }} was not found.
with_items: "{{ inventory_stat.results }}"
- name: Read inventory files
slurp:
src: "{{ item.stat.path }}"
with_items: "{{ inventory_stat.results }}"
register: inventory_slurp
- name: Validate seed inventory file contents
vars:
inventory_lines: "{{ (inventory_slurp.results[0].content | b64decode).splitlines() }}"
assert:
that: item in inventory_lines
with_items:
- test-seed
- name: Validate overcloud inventory file contents
vars:
inventory_lines: "{{ (inventory_slurp.results[1].content | b64decode).splitlines() }}"
assert:
that: item in inventory_lines
with_items:
- test-controller
- test-compute
- name: Check whether inventory host vars files exist
stat:
path: "{{ temp_path ~ '/etc/kolla/inventory/' ~ item }}"
with_items:
- seed/host_vars/test-seed
- overcloud/host_vars/test-controller
- overcloud/host_vars/test-compute
register: host_vars_stat
- name: Validate inventory host vars files
assert:
that:
- item.stat.exists
- item.stat.size > 0
msg: >
Inventory file {{ item.item }} was not found.
with_items: "{{ host_vars_stat.results }}"
- name: Read inventory host vars files
slurp:
src: "{{ item.stat.path }}"
with_items: "{{ host_vars_stat.results }}"
register: host_vars_slurp
- name: Validate inventory host vars file contents
assert:
that:
- host_vars_content is defined
- host_vars_content == item.1
with_together:
- "{{ host_vars_slurp.results }}"
- "{{ expected_contents }}"
vars:
host_vars_content: "{{ item.0.content | b64decode }}"
expected_contents:
- |
---
ansible_host: "1.2.3.4"
api_interface: "eth0"
bifrost_network_interface: "eth1"
- |
---
ansible_host: "1.2.3.5"
network_interface: "eth0"
api_interface: "eth2"
storage_interface: "eth3"
cluster_interface: "eth4"
ceph_storage_interface: "eth11"
ceph_cluster_interface: "eth12"
swift_storage_interface: "eth13"
swift_replication_interface: "eth14"
provision_interface: "eth8"
ironic_dnsmasq_interface: "eth9"
dns_interface: "eth5"
tunnel_interface: "eth10"
kolla_external_vip_interface: "eth1"
neutron_external_interface: "eth6,eth7"
neutron_bridge_name: "br0,br1"
- |
---
ansible_host: "1.2.3.6"
network_interface: "eth0"
api_interface: "eth2"
storage_interface: "eth3"
ceph_storage_interface: "eth7"
tunnel_interface: "eth6"
neutron_external_interface: "eth4,eth5"
neutron_bridge_name: "br0,br1"
always:
- name: Ensure the temporary directory is removed
file:
path: "{{ temp_path }}"
state: absent
- name: Refresh the inventory
meta: refresh_inventory
rescue:
- name: Flag that a failure occurred
set_fact:
test_failures: "{{ test_failures | default(0) | int + 1 }}"
vars:
temp_path: "{{ tempfile_result.path }}"
View Git Blame Copy Permalink