openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Use the central test repository for Keystone 

Move to use the central test repository. Including a few changes to keep
consistency when moving.

* Change network range to fit into recommended infra ranges.
* Include memcached for future keystone testing

Change-Id: I6c79f291a5893d910a6dd743b39a01c7fac11bdb
This commit is contained in:
Andy McCrae 2016-09-02 10:39:04 +01:00
parent ec65f10b7e
commit d0e5097ecc
13 changed files with 45 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/group_vars/all_containers.yml
View File

@ -17,9 +17,9 @@ container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "lxcbr0"
bridge: "br-mgmt"
interface: "eth1"
netmask: "255.255.252.0"
netmask: "255.255.255.0"
type: "veth"
physical_host: localhost
properties:

17
tests/host_vars/localhost.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
bridges:
- "br-mgmt"

10
tests/inventory
View File

@ -1,8 +1,8 @@
[all]
localhost ansible_connection=local ansible_become=True
infra1 ansible_ssh_host=10.100.100.2 ansible_host=10.100.100.2 ansible_become=True ansible_user=root
keystone1 ansible_ssh_host=10.100.100.3 ansible_host=10.100.100.3 ansible_become=True ansible_user=root
keystone2 ansible_ssh_host=10.100.100.4 ansible_host=10.100.100.4 ansible_become=True ansible_user=root
infra1 ansible_ssh_host=10.1.0.2 ansible_host=10.1.0.2 ansible_become=True ansible_user=root
keystone1 ansible_ssh_host=10.1.0.3 ansible_host=10.1.0.3 ansible_become=True ansible_user=root
keystone2 ansible_ssh_host=10.1.0.4 ansible_host=10.1.0.4 ansible_become=True ansible_user=root
[all_containers]
infra1
@ -15,9 +15,13 @@ infra1
[galera_all]
infra1
[memcached_all]
infra1
[service_all:children]
rabbitmq_all
galera_all
memcached_all
[keystone_all]
keystone1

2
tests/keystone-overrides.yml Normal file
View File

@ -0,0 +1,2 @@
---
install_test_packages: True

32
tests/test-install-infra.yml
View File

@ -1,32 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"

110
tests/test-install-keystone.yml
View File

@ -1,110 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying keystone
hosts: "infra1"
user: root
gather_facts: true
tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "127.0.0.1"
name: "{{ keystone_galera_database }}"
state: "present"
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "127.0.0.1"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
vars_files:
- test-vars.yml
- name: Playbook for deploying keystone
hosts: keystone_all
user: root
gather_facts: true
roles:
- role: "{{ rolename | basename }}"
tasks:
# needed by the functional test playbook below
- name: Install httplib2 so we can use the uri module
pip:
name: httplib2
vars_files:
- test-vars.yml
- name: Playbook for functional testing keystone
hosts: keystone_all
user: root
gather_facts: false
tasks:
- name: Check the keystone api
uri:
url: "http://localhost:{{ item }}"
status_code: 300
register: result
until: result.status == 300
retries: 5
delay: 10
with_items:
- 5000
- 35357
- name: Check for expected users
keystone:
command: get_user
user_name: "{{ item }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
with_items:
- "admin"
- "keystone"
- name: Check for expected projects
keystone:
command: get_project
project_name: "{{ item }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
with_items:
- "admin"
- "service"
vars_files:
- test-vars.yml

2
tests/test-keystone-functional.yml
View File

@ -69,4 +69,4 @@
when: keystone_ssl_key_stats.stat.mode != "0640"
vars_files:
- test-vars.yml
- playbooks/test-vars.yml

33
tests/test-prepare-containers.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for creating containers
hosts: all_containers
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
debug: true
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1

71
tests/test-prepare-host.yml
View File

@ -1,71 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for configuring LXC host
hosts: localhost
pre_tasks:
- name: Ensure apt cache is always refreshed
apt:
update_cache: yes
when:
- ansible_pkg_mgr == 'apt'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
- name: Set the files to copy into the container cache for OpenStack-CI instances (rhel)
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
when:
- nodepool.stat.exists | bool
- ansible_pkg_mgr == 'yum'
- name: Set the files to copy into the container cache for OpenStack-CI instances (deb)
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
when:
- nodepool.stat.exists | bool
- ansible_pkg_mgr == 'apt'
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
changed_when: false
when: ansible_pkg_mgr == 'apt'
- name: Set apt repo facts based on discovered information
set_fact:
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
when: ansible_pkg_mgr == 'apt'
- name: install the epel repo rpm from a remote repo
yum:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
state: "present"
when: ansible_pkg_mgr == 'yum'
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }

33
tests/test-prepare-keys.yml
View File

@ -1,33 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: we use become_user because setting become: no or become: false
# doesn't seem to override the ansible_become=true in the
# inventory
- name: Playbook for establishing ssh keys
hosts: localhost
become_user: "{{ ansible_ssh_user }}"
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"

38
tests/test-vars.yml
View File

@ -1,38 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
external_lb_vip_address: 10.100.100.3
galera_client_drop_config_file: false
internal_lb_vip_address: 10.100.100.3
keystone_admin_tenant_name: admin
keystone_admin_user_name: admin
keystone_auth_admin_password: "SuperSecretePassword"
keystone_container_mysql_password: "SuperSecrete"
keystone_developer_mode: true
keystone_galera_address: 10.100.100.2
keystone_galera_database: keystone
keystone_git_install_branch: master
keystone_rabbitmq_password: "secrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_servers: 10.100.100.2
keystone_rabbitmq_use_ssl: true
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_requirements_git_install_branch: master
keystone_ssl: true
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
keystone_service_password: "secrete"
keystone_venv_tag: "testing"

10
tests/test.yml
View File

@ -14,19 +14,19 @@
# limitations under the License.
# Prepare the user ssh keys
- include: test-prepare-keys.yml
- include: playbooks/test-prepare-keys.yml
# Prepare the host
- include: test-prepare-host.yml
- include: playbooks/test-prepare-host.yml
# Prepare the containers
- include: test-prepare-containers.yml
- include: playbooks/test-prepare-containers.yml
# Install RabbitMQ/MariaDB
- include: test-install-infra.yml
- include: playbooks/test-install-infra.yml
# Install Keystone
- include: test-install-keystone.yml
- include: playbooks/test-install-keystone.yml
# Test Keystone
- include: test-keystone-functional.yml

18
tox.ini
View File

@ -112,6 +112,7 @@ setenv =
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/..
PYTHONUNBUFFERED = 1
commands =
rm -rf {homedir}/.ansible/plugins
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
@ -120,6 +121,9 @@ commands =
ansible-galaxy install \
--role-file={toxinidir}/tests/ansible-role-requirements.yml \
--force
rm -rf {toxinidir}/tests/playbooks
git clone https://git.openstack.org/openstack/openstack-ansible-tests \
{toxinidir}/tests/playbooks
[testenv:ansible-syntax]
@ -132,7 +136,7 @@ commands =
ansible-playbook -i {toxinidir}/tests/inventory \
--syntax-check \
--list-tasks \
-e "rolename={toxinidir}" \
-e "keystone_rolename={toxinidir}" \
{toxinidir}/tests/test.yml
@ -168,8 +172,8 @@ setenv =
commands =
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
-e @{toxinidir}/tests/keystone-overrides.yml \
-e "keystone_rolename={toxinidir}" \
{toxinidir}/tests/test.yml -vvvv
bash -c 'mkdir -p {toxinidir}/logs'
bash -c 'rsync -av --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
@ -191,8 +195,8 @@ setenv =
commands =
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
-e @{toxinidir}/tests/keystone-overrides.yml \
-e "keystone_rolename={toxinidir}" \
-e "keystone_mod_wsgi_enabled=False" \
{toxinidir}/tests/test.yml -vvvv
bash -c 'mkdir -p {toxinidir}/logs'
@ -215,8 +219,8 @@ setenv =
commands =
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
-e @{toxinidir}/tests/keystone-overrides.yml \
-e "keystone_rolename={toxinidir}" \
-e "keystone_apache_enabled=False" \
-e "keystone_mod_wsgi_enabled=False" \
{toxinidir}/tests/test.yml -vvvv