From 366ba8526e5b2fd3955cb86cec982066ac6ecd5c Mon Sep 17 00:00:00 2001
From: wuchunyang <wuchunyang@yovole.com>
Date: Wed, 3 Mar 2021 17:21:37 +0800
Subject: [PATCH] CI: octavia: create and test a load balancer

Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I20c1d9bddee5a046b521b9378bade2ab50612be0
---
 tests/run.yml                      |  16 ++++-
 tests/setup_gate.sh                |   6 ++
 tests/templates/globals-default.j2 |  14 ++++
 tests/test-octavia.sh              | 100 +++++++++++++++++++++++++++++
 zuul.d/base.yaml                   |  11 ++++
 zuul.d/jobs.yaml                   |  16 +++++
 zuul.d/project.yaml                |   2 +
 7 files changed, 164 insertions(+), 1 deletion(-)
 create mode 100644 tests/test-octavia.sh

diff --git a/tests/run.yml b/tests/run.yml
index bdeab457c0..75296e8b8c 100644
--- a/tests/run.yml
+++ b/tests/run.yml
@@ -274,6 +274,13 @@
         docker_image_tag: "{{ build_image_tag if need_build_image else (zuul.branch | basename) ~ docker_image_tag_suffix }}"
         docker_image_prefix: "{{ 'primary:4000/lokolla/' if need_build_image else 'kolla/' }}"
 
+    # NOTE(yoctozepto): k-a octavia-certificates should run before k-a bootstrap-servers
+    # because the latter hijacks /etc/kolla permissions (due to same directory on the
+    # same host being used by both)
+    - name: create TLS certificates for octavia
+      command: kolla-ansible octavia-certificates
+      when: scenario == 'octavia'
+
     # NOTE(mgoddard): We are using the script module here and later to ensure
     # we use the local copy of these scripts, rather than the one on the remote
     # host, which could be checked out to a previous release (in an upgrade
@@ -382,7 +389,7 @@
             EXT_NET_LOCAL_ADDR: "{{ neutron_external_network_prefix }}1/{{ neutron_external_network_prefix_length }}"
             EXT_NET_SLAVE_DEVICE: "{{ neutron_external_interface_name }}"
             SCENARIO: "{{ scenario }}"
-          when: openstack_core_tested or scenario in ['ironic', 'magnum', 'scenario_nfv', 'zun']
+          when: openstack_core_tested or scenario in ['ironic', 'magnum', 'scenario_nfv', 'zun', 'octavia']
 
         - name: Run test-core-openstack.sh script
           script:
@@ -430,6 +437,13 @@
             chdir: "{{ kolla_ansible_src_dir }}"
           when: scenario == "magnum"
 
+        - name: Run test-octavia.sh script
+          script:
+            cmd: test-octavia.sh
+            executable: /bin/bash
+            chdir: "{{ kolla_ansible_src_dir }}"
+          when: scenario == "octavia"
+
         - name: Run test-monasca.sh script
           script:
             cmd: test-monasca.sh
diff --git a/tests/setup_gate.sh b/tests/setup_gate.sh
index aeff6c1687..ee69561607 100755
--- a/tests/setup_gate.sh
+++ b/tests/setup_gate.sh
@@ -20,6 +20,9 @@ function setup_openstack_clients {
     if [[ $SCENARIO == magnum ]]; then
         packages+=(python-designateclient python-magnumclient python-troveclient)
     fi
+    if [[ $SCENARIO == octavia ]]; then
+        packages+=(python-octaviaclient)
+    fi
     if [[ $SCENARIO == masakari ]]; then
         packages+=(python-masakariclient)
     fi
@@ -68,6 +71,9 @@ function prepare_images {
     if [[ $SCENARIO == "magnum" ]]; then
         GATE_IMAGES+=",^designate,^magnum,^trove"
     fi
+    if [[ $SCENARIO == "octavia" ]]; then
+        GATE_IMAGES+=",^octavia"
+    fi
     if [[ $SCENARIO == "masakari" ]]; then
         GATE_IMAGES+=",^masakari"
     fi
diff --git a/tests/templates/globals-default.j2 b/tests/templates/globals-default.j2
index 02930493aa..74a16bef20 100644
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@@ -164,3 +164,17 @@ enable_keystone: "yes"
 enable_monasca: "yes"
 enable_rabbitmq: "no"
 {% endif %}
+
+{% if scenario == "octavia" %}
+enable_octavia: "yes"
+# NOTE(wuchunyang): work around for qemu-kvm 5.1 can not attach second NIC.
+# more: http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020218.html
+octavia_amp_flavor:
+  name: "amphora"
+  is_public: no
+  vcpus: 2
+  ram: 1024
+  disk: 5
+octavia_network_type: "tenant"
+{% endif %}
+
diff --git a/tests/test-octavia.sh b/tests/test-octavia.sh
new file mode 100644
index 0000000000..758d38043b
--- /dev/null
+++ b/tests/test-octavia.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+
+# Test deployment of octavia.
+
+set -o xtrace
+set -o errexit
+
+# Enable unbuffered output for Ansible in Jenkins.
+export PYTHONUNBUFFERED=1
+
+
+function register_amphora_image {
+    amphora_url=https://tarballs.opendev.org/openstack/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2
+    curl -o amphora.qcow2 $amphora_url
+    (. /etc/kolla/octavia-openrc.sh && openstack image create amphora-x64-haproxy --file amphora.qcow2  --tag amphora --disk-format qcow2 --property hw_architecture='x86_64' --property hw_rng_model=virtio)
+}
+
+function test_octavia {
+    register_amphora_image
+
+    # Smoke test.
+    openstack loadbalancer list
+
+    # Create a Loadblanacer
+    openstack loadbalancer create --name lb --vip-subnet-id demo-subnet --wait
+    # Create a server to act as a backend.
+    openstack server create --wait --image cirros --flavor m1.tiny --key-name mykey --network demo-net lb_member --wait
+    member_fip=$(openstack floating ip create public1 -f value -c floating_ip_address)
+    openstack server add floating ip lb_member ${member_fip}
+    member_ip=$(openstack floating ip show ${member_fip} -f value -c fixed_ip_address)
+
+    # Dummy HTTP server.
+    attempts=12
+    for i in $(seq 1 ${attempts}); do
+        if ssh -v -o BatchMode=yes -o StrictHostKeyChecking=no cirros@${member_fip} 'nohup sh -c "while true; do echo -e \"HTTP/1.1 200 OK\n\n $(date)\" | sudo nc -l -p 8000; done &"'; then
+            break
+        elif [[ $i -eq ${attempts} ]]; then
+            echo "Failed to access server via SSH after ${attempts} attempts"
+            echo "Console log:"
+            openstack console log show lb_member
+            return 1
+        else
+            echo "Cannot access server - retrying"
+        fi
+        sleep 10
+    done
+
+    openstack loadbalancer listener create --name listener --protocol HTTP --protocol-port 8000 --wait lb
+    openstack loadbalancer pool create --name pool --lb-algorithm ROUND_ROBIN --listener listener --protocol HTTP --wait
+    openstack loadbalancer member create --subnet-id demo-subnet --address ${member_ip} --protocol-port 8000 pool --wait
+
+    # Add a floating IP to the load balancer.
+    lb_fip=$(openstack floating ip create public1 -f value -c name)
+    lb_vip=$(openstack loadbalancer show lb -f value -c vip_address)
+    lb_port_id=$(openstack port list --fixed-ip ip-address=$lb_vip -f value -c ID)
+    openstack floating ip set $lb_fip --port $lb_port_id
+
+    # Attempt to access the load balanced HTTP server.
+    attempts=12
+    for i in $(seq 1 ${attempts}); do
+        if curl $lb_fip:8000; then
+            break
+        elif [[ $i -eq ${attempts} ]]; then
+            echo "Failed to access load balanced service after ${attempts} attempts"
+            return 1
+        else
+            echo "Cannot access load balancer - retrying"
+        fi
+        sleep 10
+    done
+
+    # Clean up.
+    openstack loadbalancer delete lb --cascade --wait
+    openstack floating ip delete ${lb_fip}
+
+    openstack server remove floating ip lb_member ${member_fip}
+    openstack floating ip delete ${member_fip}
+    openstack server delete --wait lb_member
+}
+
+function test_octavia_logged {
+    . /etc/kolla/admin-openrc.sh
+    . ~/openstackclient-venv/bin/activate
+    test_octavia
+}
+
+function test_octavia_setup {
+    echo "Testing Octavia"
+    test_octavia_logged > /tmp/logs/ansible/test-octavia 2>&1
+    result=$?
+    if [[ $result != 0 ]]; then
+        echo "Testing Octavia failed. See ansible/test-octavia for details"
+    else
+        echo "Successfully tested Octavia. See ansible/test-octavia for details"
+    fi
+    return $result
+}
+
+test_octavia_setup
+
diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml
index 79105e2082..7e724f1980 100644
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@@ -137,6 +137,17 @@
     vars:
       scenario: magnum
 
+- job:
+    name: kolla-ansible-octavia-base
+    parent: kolla-ansible-base
+    voting: false
+    files:
+      - ^ansible/roles/(octavia|octavia-certificates)/
+      - ^tests/test-dashboard.sh
+      - ^tests/test-octavia.sh
+    vars:
+      scenario: octavia
+
 - job:
     name: kolla-ansible-masakari-base
     parent: kolla-ansible-base
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index d92bd13265..8216af8831 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -276,6 +276,22 @@
       base_distro: ubuntu
       install_type: source
 
+- job:
+    name: kolla-ansible-centos8-source-octavia
+    parent: kolla-ansible-octavia-base
+    nodeset: kolla-ansible-centos8
+    vars:
+      base_distro: centos
+      install_type: source
+
+- job:
+    name: kolla-ansible-ubuntu-source-octavia
+    parent: kolla-ansible-octavia-base
+    nodeset: kolla-ansible-focal
+    vars:
+      base_distro: ubuntu
+      install_type: source
+
 - job:
     name: kolla-ansible-ubuntu-source-masakari
     parent: kolla-ansible-masakari-base
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 9b90e5561d..332831c8f9 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -25,6 +25,8 @@
         - kolla-ansible-centos8-source-scenario-nfv
         - kolla-ansible-centos8-source-magnum
         - kolla-ansible-ubuntu-source-magnum
+        - kolla-ansible-centos8-source-octavia
+        - kolla-ansible-ubuntu-source-octavia
         - kolla-ansible-centos8-source-masakari
         - kolla-ansible-ubuntu-source-masakari
         - kolla-ansible-centos8-source-ironic