Browse Source

Merge "[devstack][ci] Modify firewall in ds-plugin" into stable/ussuri

changes/79/728079/1
Zuul 1 year ago
committed by Gerrit Code Review
parent
commit
2d83f94ab5
  1. 15
      contrib/ci/post_test_hook.sh
  2. 2
      contrib/ci/pre_test_hook.sh
  3. 25
      devstack/plugin.sh
  4. 5
      devstack/settings
  5. 5
      doc/source/contributor/samples/cephfs_local.conf
  6. 3
      doc/source/contributor/samples/container_local.conf
  7. 3
      doc/source/contributor/samples/lvm_local.conf
  8. 3
      doc/source/contributor/samples/zfsonlinux_local.conf
  9. 1
      playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
  10. 1
      playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
  11. 1
      playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
  12. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
  13. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml
  14. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml
  15. 1
      playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml

15
contrib/ci/post_test_hook.sh

@ -345,21 +345,6 @@ export OS_USER_DOMAIN_NAME=$ADMIN_DOMAIN_NAME
source $BASE/new/manila/contrib/ci/common.sh
manila_wait_for_drivers_init $MANILA_CONF
TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
source $BASE/new/devstack/openrc admin admin
public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID )
iniset $TEMPEST_CONFIG network public_network_id $public_net_id

2
contrib/ci/pre_test_hook.sh

@ -47,6 +47,8 @@ echo "MANILA_SHARE_BACKEND2_NAME=PARIS" >> $localconf
echo "MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}" >> $localconf
echo "MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:=False}" >> $localconf
# === Handle script arguments ===
# First argument is expected to be a boolean-like value for DHSS.
DHSS=$1

25
devstack/plugin.sh

@ -1018,6 +1018,24 @@ function install_libraries {
fi
}
function allow_host_ports_for_share_mounting {
TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to
# host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
}
function setup_ipv6 {
# This will fail with multiple default routes and is not needed in CI
@ -1272,6 +1290,13 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
echo_summary "Update Tempest config"
update_tempest
if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then
echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host"
allow_host_ports_for_share_mounting
fi
fi
if [[ "$1" == "unstack" ]]; then

5
devstack/settings

@ -158,6 +158,11 @@ MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1} # deprecated
MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2} # deprecated
MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2} # deprecated
# Enable this option when using a storage backend that is on the same host
# as the devstack host, these iptable rules are necessary to allow mounting
# shares from the host
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False}
# Options for configuration of LVM share driver
SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M}
SHARE_GROUP=${SHARE_GROUP:-lvm-shares}

5
doc/source/contributor/samples/cephfs_local.conf

@ -36,4 +36,7 @@ MANILA_CEPH_DRIVER=cephfsnfs
# CEPHFS backend options
MANILA_SERVICE_IMAGE_ENABLED=False
MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=False'
MANILA_CONFIGURE_DEFAULT_TYPES=True
MANILA_CONFIGURE_DEFAULT_TYPES=True
# Required for mounting shares
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

3
doc/source/contributor/samples/container_local.conf

@ -33,3 +33,6 @@ MANILA_OPTGROUP_vienna_driver_handles_share_servers=True
MANILA_OPTGROUP_prague_driver_handles_share_servers=True
MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=false'
MANILA_CONFIGURE_DEFAULT_TYPES=True
# Required for mounting shares
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

3
doc/source/contributor/samples/lvm_local.conf

@ -34,3 +34,6 @@ MANILA_OPTGROUP_denver_driver_handles_share_servers=False
SHARE_BACKING_FILE_SIZE=32000M
MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=True create_share_from_snapshot_support=True revert_to_snapshot_support=True mount_snapshot_support=True'
MANILA_CONFIGURE_DEFAULT_TYPES=True
# Required for mounting shares
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

3
doc/source/contributor/samples/zfsonlinux_local.conf

@ -34,3 +34,6 @@ MANILA_OPTGROUP_mumbai_driver_handles_share_servers=False
MANILA_REPLICA_STATE_UPDATE_INTERVAL=60
MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS='snapshot_support=True create_share_from_snapshot_support=True replication_type=readable'
MANILA_CONFIGURE_DEFAULT_TYPES=True
# Required for mounting shares
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

1
playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml

@ -52,6 +52,7 @@
export ENABLED_SERVICES=tempest
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
# Keep localrc to be able to set some vars in pre_test_hook
export KEEP_LOCALRC=1

1
playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml

@ -51,6 +51,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
export DEVSTACK_GATE_USE_PYTHON3=True

1
playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml

@ -51,6 +51,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
export DEVSTACK_GATE_USE_PYTHON3=True

1
playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml

@ -103,6 +103,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest
export OVERRIDE_ENABLED_SERVICES

1
playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml

@ -65,6 +65,7 @@
export DEVSTACK_GATE_NEUTRON=1
export DEVSTACK_PROJECT_FROM_GIT="python-manilaclient"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
export MANILA_SETUP_IPV6=True
export RUN_MANILA_IPV6_TESTS=True

1
playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run-ipv6.yaml

@ -51,6 +51,7 @@
export MANILA_SETUP_IPV6=True
export RUN_MANILA_IPV6_TESTS=True
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
# Basic services needed for minimal job
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest

1
playbooks/legacy/manila-tempest-minimal-dsvm-lvm/run.yaml

@ -49,6 +49,7 @@
export MANILA_SETUP_IPV6=True
export RUN_MANILA_IPV6_TESTS=True
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
# Basic services needed for minimal job
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest

Loading…
Cancel
Save