openstack/neutron
Code Issues Proposed changes
Files
c23f17902350611fc60c2de5fb97d0b57190250b
neutron/zuul.d/tempest-singlenode.yaml
Ade Lee 8b71efd792 Add FIPS enabled scenario jobs 
Add ML2/OVS and ML2/OVN tempest jobs with FIPS enabled.
Right now, the FIPS jobs run on Centos 8 stream.

For now those jobs are added to the experimental queue but
we should think about adding them to periodic maybe.

In the Wallaby backport we additionally had to disable TLS
due to bug [1].

[1] https://bugs.launchpad.net/neutron/+bug/1911128

Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>

Conflicts:
    zuul.d/project.yaml

Change-Id: I974c7d04d13a87bbbd4de6164578724a2cfd85cc
(cherry picked from commit a1a895a6e5)
2022-03-22 12:03:54 +00:00

498 lines
15 KiB
YAML
Raw Blame History

- job:
name: neutron-tempest-base
description: Base job for tempest to test Neutron
parent: tempest-integrated-networking
abstract: true
timeout: 10800
required-projects:
- openstack/neutron
- openstack/tempest
pre-run: playbooks/configure_ebtables.yaml
vars:
tempest_concurrency: 4
devstack_localrc:
Q_ML2_TENANT_NETWORK_TYPE: vxlan
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch,linuxbridge
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
# OVN services
ovn-controller: false
ovn-northd: false
ovs-vswitchd: false
ovsdb-server: false
q-ovn-metadata-agent: false
# Neutron services
q-agt: true
q-dhcp: true
q-l3: true
q-meta: true
q-metering: true
q-svc: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
# Swift services
s-account: false
s-container: false
s-object: false
s-proxy: false
- job:
name: neutron-ovs-base
description: Base job for tempest to test Neutron with ML2/OVS driver
parent: neutron-tempest-base
vars:
devstack_localrc:
Q_AGENT: openvswitch
irrelevant-files: &openvswitch-irrelevant-files
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^doc/.*$
- ^neutron/locale/.*$
- ^neutron/tests/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- ^tools/.*$
- ^tox.ini$
- ^vagrant/.*$
- ^neutron/agent/ovn/.*$
- ^neutron/agent/windows/.*$
- ^neutron/plugins/ml2/drivers/linuxbridge/.*$
- ^neutron/plugins/ml2/drivers/macvtap/.*$
- ^neutron/plugins/ml2/drivers/mech_sriov/.*$
- ^neutron/plugins/ml2/drivers/ovn/.*$
- ^neutron/services/ovn_l3/.*$
- ^neutron/services/logapi/drivers/ovn/.*$
- ^neutron/services/portforwarding/drivers/ovn/.*$
- ^neutron/services/qos/drivers/linuxbridge/.*$
- ^neutron/services/qos/drivers/ovn/.*$
- ^neutron/services/trunk/drivers/linuxbridge/.*$
- ^neutron/services/trunk/drivers/ovn/.*$
- ^neutron/cmd/ovn/.*$
- ^neutron/common/ovn/.*$
- ^zuul.d/(?!(project)).*\.yaml
- job:
name: neutron-tempest-dvr
parent: neutron-ovs-base
vars:
devstack_localrc:
Q_DVR_MODE: dvr_snat
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
- job:
name: neutron-tempest-linuxbridge
parent: neutron-tempest-base
vars:
devstack_localrc:
Q_AGENT: linuxbridge
irrelevant-files:
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^doc/.*$
- ^neutron/locale/.*$
- ^neutron/tests/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- ^tools/.*$
- ^tox.ini$
- ^vagrant/.*$
- ^neutron/agent/linux/openvswitch_firewall/.*$
- ^neutron/agent/ovn/.*$
- ^neutron/agent/windows/.*$
- ^neutron/plugins/ml2/drivers/openvswitch/.*$
- ^neutron/plugins/ml2/drivers/macvtap/.*$
- ^neutron/plugins/ml2/drivers/mech_sriov/.*$
- ^neutron/plugins/ml2/drivers/ovn/.*$
- ^neutron/services/ovn_l3/.*$
- ^neutron/services/logapi/drivers/openvswitch/.*$
- ^neutron/services/logapi/drivers/ovn/.*$
- ^neutron/services/portforwarding/drivers/ovn/.*$
- ^neutron/services/qos/drivers/openvswitch/.*$
- ^neutron/services/qos/drivers/ovn/.*$
- ^neutron/services/trunk/drivers/openvswitch/.*$
- ^neutron/services/trunk/drivers/ovn/.*$
- ^neutron/cmd/ovn/.*$
- ^neutron/common/ovn/.*$
- ^zuul.d/(?!(project)).*\.yaml
- job:
name: neutron-tempest-iptables_hybrid
parent: neutron-ovs-base
vars:
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
tls-proxy: false
tempest: true
neutron-dns: true
neutron-qos: true
neutron-segments: true
neutron-trunk: true
neutron-uplink-status-propagation: true
br-ex-tcpdump: true
br-int-flows: true
devstack_local_conf:
post-config:
$NEUTRON_CONF:
QUOTAS:
quota_router: 100
quota_floatingip: 500
quota_security_group: 100
quota_security_group_rule: 1000
# NOTE(slaweq): We can get rid of this hardcoded absolute path when
# devstack-tempest job will be switched to use lib/neutron instead of
# lib/neutron-legacy
"/$NEUTRON_CORE_PLUGIN_CONF":
ml2_type_vlan:
network_vlan_ranges: foo:1:10
agent:
enable_distributed_routing: True
l2_population: True
tunnel_types: vxlan,gre
arp_responder: True
securitygroup:
firewall_driver: iptables_hybrid
$NEUTRON_L3_CONF:
agent:
availability_zone: nova
$NEUTRON_DHCP_CONF:
agent:
availability_zone: nova
test-config:
$TEMPEST_CONFIG:
neutron_plugin_options:
provider_vlans: foo,
agent_availability_zone: nova
image_is_advanced: true
available_type_drivers: flat,geneve,vlan,gre,local,vxlan
- job:
name: neutron-tempest-postgres-full
parent: tempest-integrated-networking
timeout: 10800
required-projects:
- openstack/neutron
- openstack/tempest
vars:
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
postgresql: true
mysql: false
br-ex-tcpdump: true
br-int-flows: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
# Swift services
s-account: false
s-container: false
s-object: false
s-proxy: false
irrelevant-files: &tempest-db-irrelevant-files
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^doc/.*$
- ^neutron/locale/.*$
- ^neutron/tests/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- ^tools/.*$
- ^tox.ini$
- ^vagrant/.*$
- ^neutron/agent/.*$
- ^neutron/plugins/ml2/drivers/.*$
- ^zuul.d/(?!(project)).*\.yaml
- job:
name: neutron-tempest-mariadb-full
parent: tempest-integrated-networking
timeout: 10800
required-projects:
- openstack/neutron
- openstack/tempest
vars:
devstack_localrc:
MYSQL_SERVICE_NAME: mariadb
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
# Swift services
s-account: false
s-container: false
s-object: false
s-proxy: false
# NOTE(ralonsoh): once MariaDB default version in Ubuntu is bumped to
# >10.1, this workaround can be removed (bug 1855912)
pre-run: playbooks/add_mariadb_repo.yaml
irrelevant-files: *tempest-db-irrelevant-files
- job:
name: neutron-tempest-with-uwsgi
parent: tempest-integrated-networking
description: Run neutron Tempest tests with uwsgi
timeout: 10800
vars:
devstack_localrc:
NEUTRON_DEPLOY_MOD_WSGI: true
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
# Swift services
s-account: false
s-container: false
s-object: false
s-proxy: false
irrelevant-files: &irrelevant-files
- ^(test-|)requirements.txt$
- ^.*\.rst$
- ^doc/.*$
- ^neutron/locale/.*$
- ^neutron/tests/.*$
- ^releasenotes/.*$
- ^setup.cfg$
- ^tools/.*$
- ^tox.ini$
- ^vagrant/.*$
- ^zuul.d/(?!(project)).*\.yaml
- job:
name: neutron-tempest-with-uwsgi-loki
parent: neutron-tempest-with-uwsgi
timeout: 10800
vars:
devstack_services:
neutron-loki: true
irrelevant-files: *irrelevant-files
- job:
name: neutron-ovn-base
description: Base job for devstack/tempest to test Neutron with ovn driver.
parent: tempest-integrated-networking
timeout: 10800
required-projects: &ovn-base-required-projects
- openstack/neutron
- openstack/tempest
vars: &ovn-base-vars
tempest_concurrency: 4
devstack_local_conf:
test-config:
$TEMPEST_CONFIG:
neutron_plugin_options:
is_igmp_snooping_enabled: True
devstack_localrc:
CIRROS_VERSION: 0.5.1
DEFAULT_IMAGE_NAME: cirros-0.5.1-x86_64-uec
DEFAULT_IMAGE_FILE_NAME: cirros-0.5.1-x86_64-uec.tar.gz
Q_AGENT: ovn
ML2_L3_PLUGIN: ovn-router,trunk
Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
Q_ML2_PLUGIN_TYPE_DRIVERS: local,flat,vlan,geneve
Q_ML2_TENANT_NETWORK_TYPE: geneve
Q_USE_PROVIDERNET_FOR_PUBLIC: true
PHYSICAL_NETWORK: public
ENABLE_CHASSIS_AS_GW: true
OVN_L3_CREATE_PUBLIC_NETWORK: true
OVN_DBS_LOG_LEVEL: dbg
USE_PYTHON3: True
BUILD_TIMEOUT: 784
ENABLE_TLS: True
OVN_IGMP_SNOOPING_ENABLE: True
devstack_plugins:
neutron: https://opendev.org/openstack/neutron
zuul_copy_output:
'/var/log/ovn': 'logs'
'/var/log/openvswitch': 'logs'
'/var/lib/ovn': 'logs'
extensions_to_txt:
db: true
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
dstat: true
g-api: true
g-reg: true
keystone: true
n-api-meta: true
n-api: true
n-cauth: true
n-cond-cell1: true
n-cpu: true
n-novnc-cell1: true
n-sch: true
n-super-cond: true
q-ovn-metadata-agent: true
ovn-controller: true
ovn-northd: true
ovs-vswitchd: true
ovsdb-server: true
placement-api: true
q-svc: true
q-dns: true
etcd: false
q-agt: false
q-dhcp: false
q-l3: false
q-meta: false
q-metering: false
s-account: false
s-container-sync: false
s-container: false
s-object: false
s-proxy: false
tls-proxy: true
q-qos: true
q-port-forwarding: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
irrelevant-files: &ovn-irrelevant-files
- ^(test-|)requirements.txt$
- ^releasenotes/.*$
- ^doc/.*$
- ^setup.cfg$
- ^.*\.rst$
- ^neutron/locale/.*$
- ^neutron/tests/.*$
- ^tools/.*$
- ^tox.ini$
- ^neutron/agent/dhcp/.*$
- ^neutron/agent/l2/.*$
- ^neutron/agent/l3/.*$
- ^neutron/agent/metadata/.*$
- ^neutron/agent/windows/.*$
- ^neutron/agent/dhcp_agent.py
- ^neutron/agent/l3_agent.py
- ^neutron/agent/metadata_agent.py
- ^neutron/agent/resource_cache.py
- ^neutron/agent/rpc.py
- ^neutron/agent/securitygroup_rpc.py
- ^neutron/plugins/ml2/drivers/linuxbridge/.*$
- ^neutron/plugins/ml2/drivers/openvswitch/.*$
- ^neutron/plugins/ml2/drivers/macvtap/.*$
- ^neutron/plugins/ml2/drivers/mech_sriov/.*$
- ^neutron/services/qos/drivers/linuxbridge/.*$
- ^neutron/services/qos/drivers/openvswitch/.*$
- ^neutron/services/trunk/drivers/linuxbridge/.*$
- ^neutron/services/trunk/drivers/openvswitch/.*$
- ^neutron/scheduler/.*$
- ^zuul.d/(?!(project)).*\.yaml
- job:
name: neutron-tempest-ipv6-only
parent: tempest-ipv6-only
timeout: 10800
vars:
tox_envlist: integrated-network
devstack_localrc:
CIRROS_VERSION: 0.5.1
DEFAULT_IMAGE_NAME: cirros-0.5.1-x86_64-uec
DEFAULT_IMAGE_FILE_NAME: cirros-0.5.1-x86_64-uec.tar.gz
devstack_plugins:
neutron: https://opendev.org/openstack/neutron.git
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
# Cinder services
c-api: false
c-bak: false
c-sch: false
c-vol: false
cinder: false
# Swift services
s-account: false
s-container: false
s-object: false
s-proxy: false
irrelevant-files: *openvswitch-irrelevant-files
- job:
name: neutron-ovn-tempest-ovs-ipv6-only-base
description: Base job for devstack/tempest to test Neutron with ovn driver in an IPv6-only deployment
parent: devstack-tempest-ipv6
timeout: 10800
irrelevant-files: *ovn-irrelevant-files
required-projects: *ovn-base-required-projects
vars: *ovn-base-vars
- job:
name: neutron-ovn-tempest-ovs-release-ipv6-only
description: Job testing for devstack/tempest testing Neutron with ovn driver and latest released OVN branch in an IPv6-only deployment
parent: neutron-ovn-tempest-ovs-ipv6-only-base
vars:
# TODO(slaweq): remove test_reboot_server_hard from the blacklist when
# when bug https://bugs.launchpad.net/neutron/+bug/1906490 will be fixed
tempest_exclude_regex: "(^tempest.api.compute.servers.test_server_actions.ServerActionsTestJSON.test_reboot_server_hard)"
- job:
name: neutron-ovn-tempest-ovs-release
description: Job testing for devstack/tempest testing Neutron with ovn driver and latest released OVN branch
parent: neutron-ovn-base
- job:
name: neutron-ovs-tempest-fips
parent: neutron-ovs-base
nodeset: devstack-single-node-centos-8-stream
description: |
Scenario testing for a FIPS enabled Centos 8 system
pre-run: playbooks/enable-fips.yaml
vars:
configure_swap_size: 4096
devstack_services:
br-ex-tcpdump: true
br-int-flows: true
tls-proxy: false
devstack_local_conf:
test-config:
"$TEMPEST_CONFIG":
validation:
ssh_key_type: 'ecdsa'
- job:
name: neutron-ovn-tempest-ovs-release-fips
parent: neutron-ovn-tempest-ovs-release
nodeset: devstack-single-node-centos-8-stream
description: |
Scenario testing for a FIPS enabled Centos 8 system
pre-run: playbooks/enable-fips.yaml
vars:
configure_swap_size: 4096
devstack_local_conf:
test-config:
"$TEMPEST_CONFIG":
validation:
ssh_key_type: 'ecdsa'
devstack_localrc:
ENABLE_TLS: False
devstack_services:
tls-proxy: false
View Git Blame Copy Permalink