Browse Source

Merge "[devstack][ci] Modify firewall in ds-plugin" into stable/queens

changes/74/730874/1
Zuul 1 year ago
committed by Gerrit Code Review
parent
commit
0d5a1873f2
  1. 15
      contrib/ci/post_test_hook.sh
  2. 2
      contrib/ci/pre_test_hook.sh
  3. 25
      devstack/plugin.sh
  4. 5
      devstack/settings
  5. 1
      playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
  6. 1
      playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
  7. 1
      playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
  8. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
  9. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml

15
contrib/ci/post_test_hook.sh

@ -334,21 +334,6 @@ export OS_USER_DOMAIN_NAME=$ADMIN_DOMAIN_NAME
source $BASE/new/manila/contrib/ci/common.sh
manila_wait_for_drivers_init $MANILA_CONF
TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
source $BASE/new/devstack/openrc admin admin
public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID )
iniset $TEMPEST_CONFIG network public_network_id $public_net_id

2
contrib/ci/pre_test_hook.sh

@ -43,6 +43,8 @@ echo "MANILA_SHARE_BACKEND2_NAME=PARIS" >> $localconf
echo "MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}" >> $localconf
echo "MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:=False}" >> $localconf
# === Handle script arguments ===
# First argument is expected to be a boolean-like value for DHSS.
DHSS=$1

25
devstack/plugin.sh

@ -961,6 +961,24 @@ function install_libraries {
fi
}
function allow_host_ports_for_share_mounting {
TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to
# host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
}
function setup_ipv6 {
# This will fail with multiple default routes and is not needed in CI
@ -1189,6 +1207,13 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
echo_summary "Update Tempest config"
update_tempest
if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then
echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host"
allow_host_ports_for_share_mounting
fi
fi
if [[ "$1" == "unstack" ]]; then

5
devstack/settings

@ -149,6 +149,11 @@ MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1} # deprecated
MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2} # deprecated
MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2} # deprecated
# Enable this option when using a storage backend that is on the same host
# as the devstack host, these iptable rules are necessary to allow mounting
# shares from the host
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False}
# Options for configuration of LVM share driver
SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M}
SHARE_GROUP=${SHARE_GROUP:-lvm-shares}

1
playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml

@ -52,6 +52,7 @@
export ENABLED_SERVICES=tempest
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
# Keep localrc to be able to set some vars in pre_test_hook
export KEEP_LOCALRC=1

1
playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml

@ -53,6 +53,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
function pre_test_hook {
# 'dhss' - acronym for 'Driver Handles Share Servers',

1
playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml

@ -53,6 +53,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
function pre_test_hook {
# 'dhss' - acronym for 'Driver Handles Share Servers',

1
playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml

@ -77,6 +77,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest
export OVERRIDE_ENABLED_SERVICES

1
playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml

@ -58,6 +58,7 @@
export MANILA_SETUP_IPV6=True
export RUN_MANILA_IPV6_TESTS=True
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
# Basic services needed for minimal job
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest

Loading…
Cancel
Save