Browse Source

Merge "[devstack][ci] Modify firewall in ds-plugin" into stable/rocky

stable/rocky
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
509e2ab503
10 changed files with 38 additions and 15 deletions
  1. +0
    -15
      contrib/ci/post_test_hook.sh
  2. +2
    -0
      contrib/ci/pre_test_hook.sh
  3. +25
    -0
      devstack/plugin.sh
  4. +5
    -0
      devstack/settings
  5. +1
    -0
      playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml
  6. +1
    -0
      playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml
  7. +1
    -0
      playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml
  8. +1
    -0
      playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml
  9. +1
    -0
      playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml
  10. +1
    -0
      playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml

+ 0
- 15
contrib/ci/post_test_hook.sh View File

@@ -335,21 +335,6 @@ export OS_USER_DOMAIN_NAME=$ADMIN_DOMAIN_NAME
source $BASE/new/manila/contrib/ci/common.sh
manila_wait_for_drivers_init $MANILA_CONF


TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done

source $BASE/new/devstack/openrc admin admin
public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID )
iniset $TEMPEST_CONFIG network public_network_id $public_net_id


+ 2
- 0
contrib/ci/pre_test_hook.sh View File

@@ -42,6 +42,8 @@ echo "MANILA_SHARE_BACKEND2_NAME=PARIS" >> $localconf

echo "MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=${MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE:=True}" >> $localconf

echo "MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:=False}" >> $localconf

# === Handle script arguments ===
# First argument is expected to be a boolean-like value for DHSS.
DHSS=$1


+ 25
- 0
devstack/plugin.sh View File

@@ -959,6 +959,24 @@ function install_libraries {
fi
}

function allow_host_ports_for_share_mounting {

TCP_PORTS=(2049 111 32803 892 875 662)
UDP_PORTS=(111 32769 892 875 662)
for ipcmd in iptables ip6tables; do
# (aovchinnikov): extra rules are needed to allow instances talk to
# host.
sudo $ipcmd -N manila-nfs
sudo $ipcmd -I INPUT 1 -j manila-nfs
for port in ${TCP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m tcp -p tcp --dport $port -j ACCEPT
done
for port in ${UDP_PORTS[*]}; do
sudo $ipcmd -A manila-nfs -m udp -p udp --dport $port -j ACCEPT
done
done
}

function setup_ipv6 {

# This will fail with multiple default routes and is not needed in CI
@@ -1187,6 +1205,13 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then

echo_summary "Update Tempest config"
update_tempest


if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then
echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host"
allow_host_ports_for_share_mounting
fi

fi

if [[ "$1" == "unstack" ]]; then


+ 5
- 0
devstack/settings View File

@@ -145,6 +145,11 @@ MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-GENERIC1} # deprecated
MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-generic2} # deprecated
MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-GENERIC2} # deprecated

# Enable this option when using a storage backend that is on the same host
# as the devstack host, these iptable rules are necessary to allow mounting
# shares from the host
MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=${MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST:-False}

# Options for configuration of LVM share driver
SHARE_BACKING_FILE_SIZE=${SHARE_BACKING_FILE_SIZE:-8400M}
SHARE_GROUP=${SHARE_GROUP:-lvm-shares}


+ 1
- 0
playbooks/legacy/manila-tempest-dsvm-container-scenario-custom-image/run.yaml View File

@@ -52,6 +52,7 @@

export ENABLED_SERVICES=tempest
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

# Keep localrc to be able to set some vars in pre_test_hook
export KEEP_LOCALRC=1


+ 1
- 0
playbooks/legacy/manila-tempest-dsvm-postgres-container/run.yaml View File

@@ -53,6 +53,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

function pre_test_hook {
# 'dhss' - acronym for 'Driver Handles Share Servers',


+ 1
- 0
playbooks/legacy/manila-tempest-dsvm-postgres-zfsonlinux/run.yaml View File

@@ -53,6 +53,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

function pre_test_hook {
# 'dhss' - acronym for 'Driver Handles Share Servers',


+ 1
- 0
playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs-centos-7/run.yaml View File

@@ -103,6 +103,7 @@
export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest
export OVERRIDE_ENABLED_SERVICES



+ 1
- 0
playbooks/legacy/manila-tempest-minimal-dsvm-cephfs-nfs/run.yaml View File

@@ -66,6 +66,7 @@
export PROJECTS="openstack/devstack-plugin-ceph $PROJECTS"
export DEVSTACK_PROJECT_FROM_GIT="python-manilaclient"
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

export KEEP_LOCALRC=1
export PROJECTS="openstack/manila-tempest-plugin $PROJECTS"


+ 1
- 0
playbooks/legacy/manila-tempest-minimal-dsvm-lvm-centos-7/run.yaml View File

@@ -84,6 +84,7 @@
export MANILA_SETUP_IPV6=True
export RUN_MANILA_IPV6_TESTS=True
export MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE=False
export MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST=True

# Basic services needed for minimal job
OVERRIDE_ENABLED_SERVICES=key,mysql,rabbit,tempest


Loading…
Cancel
Save