Use openstack-ansible-tests for os-nova role

Move Nova to use the central testing repository.
Incorporate the Ansible 2.1.1 changes with the move to central testing
repository.

Change-Id: I98ba72fee246a87faaf54fa33181e6be04a912cd
This commit is contained in:
Andy McCrae 2016-09-16 16:59:31 +01:00
parent ce6a6ebe1f
commit 35d85e953f
24 changed files with 108 additions and 813 deletions

5
.gitignore vendored
View File

@ -29,6 +29,7 @@ doc/build/
*.log *.log
*.sql *.sql
*.sqlite *.sqlite
logs/*
# OS generated files # # OS generated files #
###################### ######################
@ -61,6 +62,8 @@ releasenotes/build
# Test temp files # Test temp files
tests/plugins tests/plugins
tests/playbooks
tests/test.retry
# Files created by vagrant testing # Vagrant artifacts
.vagrant .vagrant

View File

@ -210,8 +210,8 @@ nova_novncproxy_proto: http
nova_novncproxy_port: 6080 nova_novncproxy_port: 6080
nova_novncproxy_base_uri: "{{ nova_novncproxy_proto }}://{{ external_lb_vip_address }}:{{ nova_novncproxy_port }}" nova_novncproxy_base_uri: "{{ nova_novncproxy_proto }}://{{ external_lb_vip_address }}:{{ nova_novncproxy_port }}"
nova_novncproxy_base_url: "{{ nova_novncproxy_base_uri }}/vnc_auto.html" nova_novncproxy_base_url: "{{ nova_novncproxy_base_uri }}/vnc_auto.html"
nova_novncproxy_vncserver_proxyclient_address: "{{ ansible_ssh_host }}" nova_novncproxy_vncserver_proxyclient_address: "{{ ansible_host }}"
nova_novncproxy_vncserver_listen: "{{ ansible_ssh_host }}" nova_novncproxy_vncserver_listen: "{{ ansible_host }}"
nova_novncproxy_agent_enabled: True nova_novncproxy_agent_enabled: True
nova_novncproxy_program_name: nova-novncproxy nova_novncproxy_program_name: nova-novncproxy
nova_novncproxy_git_repo: https://github.com/kanaka/novnc nova_novncproxy_git_repo: https://github.com/kanaka/novnc

33
manual-test.rc Normal file
View File

@ -0,0 +1,33 @@
export VIRTUAL_ENV=$(pwd)
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
# TODO (odyssey4me) These are only here as they are non-standard folder
# names for Ansible 1.9.x. We are using the standard folder names for
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
export ANSIBLE_ACTION_PLUGINS=${HOME}/.ansible/plugins/action
export ANSIBLE_CALLBACK_PLUGINS=${HOME}/.ansible/plugins/callback
export ANSIBLE_FILTER_PLUGINS=${HOME}/.ansible/plugins/filter
export ANSIBLE_LOOKUP_PLUGINS=${HOME}/.ansible/plugins/lookup
# This is required as the default is the current path or a path specified
# in ansible.cfg
export ANSIBLE_LIBRARY=${HOME}/.ansible/plugins/library
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
export ANSIBLE_ROLES_PATH=${HOME}/.ansible/roles:$(pwd)/..
export ANSIBLE_SSH_ARGS="-o ControlMaster=no \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o ServerAliveInterval=64 \
-o ServerAliveCountMax=1024 \
-o Compression=no \
-o TCPKeepAlive=yes \
-o VerifyHostKeyDNS=no \
-o ForwardX11=no \
-o ForwardAgent=yes"
echo "Run manual functional tests by executing the following:"
echo "# ./.tox/functional/bin/ansible-playbook -i tests/inventory tests/test.yml -e \"rolename=$(pwd)\""

View File

@ -24,23 +24,23 @@ if [ ! "$(which pip)" ]; then
fi fi
# Install bindep and tox # Install bindep and tox
pip install bindep tox sudo pip install bindep tox
# CentOS 7 requires two additional packages: # CentOS 7 requires two additional packages:
# redhat-lsb-core - for bindep profile support # redhat-lsb-core - for bindep profile support
# epel-release - required to install python-ndg_httpsclient/python2-pyasn1 # epel-release - required to install python-ndg_httpsclient/python2-pyasn1
if [ "$(which yum)" ]; then if [ "$(which yum)" ]; then
yum -y install redhat-lsb-core epel-release sudo yum -y install redhat-lsb-core epel-release
fi fi
# Install OS packages using bindep # Install OS packages using bindep
if apt-get -v >/dev/null 2>&1 ; then if apt-get -v >/dev/null 2>&1 ; then
apt-get update sudo apt-get update
DEBIAN_FRONTEND=noninteractive \ DEBIAN_FRONTEND=noninteractive \
apt-get -q --option "Dpkg::Options::=--force-confold" \ sudo apt-get -q --option "Dpkg::Options::=--force-confold" \
--assume-yes install `bindep -b -f bindep.txt test` --assume-yes install `bindep -b -f bindep.txt test`
else else
yum install -y `bindep -b -f bindep.txt test` sudo yum install -y `bindep -b -f bindep.txt test`
fi fi
# run through each tox env and execute the test # run through each tox env and execute the test

View File

@ -13,7 +13,6 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
ansible_ssh_host: "{{ ansible_host }}"
container_name: "{{ inventory_hostname }}" container_name: "{{ inventory_hostname }}"
container_networks: container_networks:
management_address: management_address:

View File

@ -1,5 +1,5 @@
--- ---
# Copyright 2015, Rackspace US, Inc. # Copyright 2016, Rackspace US, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,11 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Playbook for deploying tempest ansible_host: 10.1.1.101
hosts: openstack1 ansible_become: True
user: root ansible_user: root
gather_facts: true tunnel_address: 10.1.2.101
roles:
- role: "os_tempest"
vars_files:
- test-vars.yml

View File

@ -17,3 +17,14 @@ neutron_provider_networks:
network_types: "vxlan,flat" network_types: "vxlan,flat"
network_mappings: "flat:eth12" network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000" network_vxlan_ranges: "1:1000"
ansible_become: True
neutron_local_ip: 10.1.2.1
ansible_python_interpreter: "/usr/bin/python2"
bridges:
- name: "br-mgmt"
ip_addr: "10.1.1.1"
- name: "br-vxlan"
ip_addr: "10.1.2.1"
- name: "br-vlan"
ip_addr: "10.1.3.1"
veth_peer: "eth12"

View File

@ -17,3 +17,8 @@ neutron_provider_networks:
network_types: "vxlan,flat" network_types: "vxlan,flat"
network_mappings: "flat:eth12" network_mappings: "flat:eth12"
network_vxlan_ranges: "1:1000" network_vxlan_ranges: "1:1000"
ansible_host: 10.1.1.102
ansible_become: True
ansible_user: root
tunnel_address: 10.1.2.102
neutron_local_ip: 10.1.2.102

View File

@ -1,7 +1,7 @@
[all] [all]
localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1 localhost
infra1 ansible_host=10.100.102.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 infra1
openstack1 ansible_host=10.100.102.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 openstack1
[all_containers] [all_containers]
infra1 infra1
@ -13,9 +13,13 @@ infra1
[galera_all] [galera_all]
infra1 infra1
[memcached_all]
infra1
[service_all:children] [service_all:children]
rabbitmq_all rabbitmq_all
galera_all galera_all
memcached_all
[keystone_all] [keystone_all]
openstack1 openstack1

18
tests/iptables-clear.sh → tests/nova-overrides.yml Executable file → Normal file
View File

@ -1,5 +1,4 @@
#!/bin/bash ---
#
# Copyright 2015, Rackspace US, Inc. # Copyright 2015, Rackspace US, Inc.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
@ -13,14 +12,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
#
iptables -F # This ensures that libvirt-python is built from source. A pre-built wheel
iptables -X # can be missing libvirt capabilities from the installed version of
iptables -t nat -F # libvirt-bin, leading to nova-compute failing to start.
iptables -t nat -X # TODO(jmccrory) Revisit this at some point
iptables -t mangle -F pip_install_options: "--no-binary libvirt-python"
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

View File

@ -1,65 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying glance
hosts: glance_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ glance_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ glance_rabbitmq_userid }}"
password: "{{ glance_rabbitmq_password }}"
vhost: "{{ glance_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ glance_galera_database }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ glance_galera_database }}"
password: "{{ glance_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ glance_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['glance_all'][0]
roles:
- role: "os_glance"
vars_files:
- test-vars.yml

View File

@ -1,32 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying infra services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"

View File

@ -1,65 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['keystone_all'][0]
roles:
- role: os_keystone
vars_files:
- test-vars.yml

View File

@ -1,118 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Make /lib/modules accessible on neutron_agent containers
hosts: neutron_agent
user: root
gather_facts: true
tasks:
- name: Use the unconfined aa profile
lxc_container:
name: "{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to: "{{ physical_host }}"
- name: Neutron extra lxc config
lxc_container:
name: "{{ container_name }}"
container_command: |
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
container_config:
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
delegate_to: "{{ physical_host }}"
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
- name: Add iptables rule for communication w/ metadata agent
command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill
- name: Deploy neutron
hosts: neutron_all
user: root
gather_facts: true
pre_tasks:
# NOTE: These are typically installed in the repo server where we build the
# neutron wheel
- name: Install packages required to build neutron python package
apt:
name: "{{ item }}"
with_items:
- libffi-dev
when: inventory_hostname in groups['neutron_all']
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ neutron_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ neutron_rabbitmq_userid }}"
password: "{{ neutron_rabbitmq_password }}"
vhost: "{{ neutron_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ neutron_galera_database }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ neutron_galera_database }}"
password: "{{ neutron_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ neutron_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['neutron_all'][0]
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
delegate_to: localhost
- name: Determine the existing Ubuntu repo URL (only on OpenStack-CI)
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo_url
changed_when: false
when: nodepool.stat.exists | bool
delegate_to: localhost
- name: Set Ubuntu Cloud Archive repo URL based on discovered information
set_fact:
uca_apt_repo_url: "{{ ubuntu_repo_url.stdout | netorigin }}/ubuntu-cloud-archive"
when: nodepool.stat.exists | bool
roles:
- role: "os_neutron"
vars_files:
- test-vars.yml

View File

@ -1,114 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for deploying nova
hosts: nova_all
user: root
gather_facts: true
pre_tasks:
# NOTE: These are typically installed in the repo server where we build the
# nova wheel
- name: Install packages required to build nova python package
apt:
name: "{{ item }}"
with_items:
- libxml2-dev
- libxslt-dev
- libffi-dev
- pkg-config
- libvirt-dev
when: inventory_hostname in groups['nova_all']
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ nova_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ nova_rabbitmq_userid }}"
password: "{{ nova_rabbitmq_password }}"
vhost: "{{ nova_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
- name: Create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_galera_address }}"
name: "{{ nova_galera_database }}"
state: "present"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_galera_address }}"
name: "{{ nova_galera_database }}"
password: "{{ nova_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ nova_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.102.101"
when: inventory_hostname == groups['nova_all'][0]
- name: Create API DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_api_galera_address }}"
name: "{{ nova_api_galera_database }}"
state: "present"
when: inventory_hostname == groups['nova_all'][0]
- name: Grant access to the API DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ nova_api_galera_address }}"
name: "{{ nova_api_galera_user }}"
password: "{{ nova_api_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ nova_api_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
when: inventory_hostname == groups['nova_all'][0]
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
delegate_to: localhost
- name: Determine the existing Ubuntu repo URL (only on OpenStack-CI)
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo_url
changed_when: false
when: nodepool.stat.exists | bool
delegate_to: localhost
- name: Set Ubuntu Cloud Archive repo URL based on discovered information
set_fact:
uca_apt_repo_url: "{{ ubuntu_repo_url.stdout | netorigin }}/ubuntu-cloud-archive"
when: nodepool.stat.exists | bool
roles:
- role: "{{ rolename | basename }}"
vars_files:
- test-vars.yml

View File

@ -14,7 +14,7 @@
# limitations under the License. # limitations under the License.
- name: Playbook for functional testing of nova - name: Playbook for functional testing of nova
hosts: nova_api_os_compute hosts: utility_all[0]
user: root user: root
gather_facts: false gather_facts: false
tasks: tasks:
@ -27,4 +27,4 @@
retries: 3 retries: 3
delay: 5 delay: 5
vars_files: vars_files:
- test-vars.yml - playbooks/test-vars.yml

View File

@ -1,58 +0,0 @@
## The default networking requires several bridges. These bridges were named to be informative
## however they can be named what ever you like and is adaptable to any network infrastructure
## environment. This file serves as an example of how to setup basic networking and was ONLY
## built for the purpose of being an example and used expressly in the building of an ALL IN
## ONE development environment.
auto br-mgmt
iface br-mgmt inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Notice the bridge port is the vlan tagged interface
bridge_ports none
address 10.100.102.1
netmask 255.255.255.0
offload-sg off
auto br-vxlan
iface br-vxlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports none
address 10.100.101.1
netmask 255.255.255.0
offload-sg off
# To ensure ssh checksum is correct
up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
# To provide internet connectivity to instances
up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
auto br-vlan
iface br-vlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
address 10.1.13.200
netmask 255.255.254.0
offload-sg off
# Create veth pair, don't bomb if already exists
pre-up ip link add br-vlan-veth type veth peer name eth12 || true
# Set both ends UP
pre-up ip link set br-vlan-veth up
pre-up ip link set eth12 up
# Delete veth pair on DOWN
post-down ip link del br-vlan-veth || true
bridge_ports br-vlan-veth
# Add an additional address to br-vlan
iface br-vlan inet static
# Flat network default gateway
# -- This needs to exist somewhere for network reachability
# -- from the router namespace for floating IP paths.
# -- Putting this here is primarily for tempest to work.
address 10.1.13.1
netmask 255.255.255.0

View File

@ -1,31 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for creating containers
hosts: all_containers
gather_facts: false
roles:
- role: "lxc_container_create"
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1

View File

@ -1,93 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for configuring the LXC host
hosts: localhost
pre_tasks:
- name: Clear iptables rules
shell: ./iptables-clear.sh
# Make sure OS does not have a stale package cache.
- name: Update apt cache
apt:
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
- name: Set the files to copy into the container cache for OpenStack-CI instances
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
when: nodepool.stat.exists | bool
post_tasks:
- name: Ensure that /etc/network/interfaces.d/ exists
file:
path: /etc/network/interfaces.d/
state: directory
tags:
- networking-dir-create
- name: Copy network configuration
template:
src: test-nova-interfaces.cfg.j2
dest: /etc/network/interfaces.d/nova_interfaces.cfg
register: nova_interfaces
tags:
- networking-interfaces-file
- name: Ensure our interfaces.d configuration files are loaded automatically
lineinfile:
dest: /etc/network/interfaces
line: "source /etc/network/interfaces.d/*.cfg"
tags:
- networking-interfaces-load
- name: Shut down the network interfaces
command: "ifdown {{ item }}"
when: nova_interfaces | changed
with_items:
- br-mgmt
- br-vlan
- br-vxlan
tags:
- networking-interfaces-stop
- name: Start the network interfaces
command: "ifup {{ item }}"
when: nova_interfaces | changed
with_items:
- br-mgmt
- br-vlan
- br-vxlan
tags:
- networking-interfaces-start
- name: Add iptables rules for lxc natting
command: /usr/local/bin/lxc-system-manage iptables-create
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_netmask: 255.255.255.0
lxc_net_dhcp_range: 10.100.100.2,10.100.100.99
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }

View File

@ -1,33 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: we use become_user because setting become: no or become: false
# doesn't seem to override the ansible_become=true in the
# inventory
- name: Playbook for establishing ssh keys
hosts: localhost
become_user: "{{ ansible_ssh_user }}"
pre_tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: Get the calling user's key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"

View File

@ -1,147 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cinder_backends_rbd_inuse: false
cinder_ceph_client: cinder
debug: true
external_lb_vip_address: 10.100.102.102
galera_client_drop_config_file: false
galera_root_user: root
galera_root_password: secrete
glance_container_mysql_password: "SuperSecrete"
glance_developer_mode: true
glance_galera_address: 10.100.102.101
glance_galera_database: glance
glance_git_install_branch: master
glance_host: "{{ internal_lb_vip_address }}"
glance_profiler_hmac_key: "secrete"
glance_rabbitmq_port: "{{ rabbitmq_port }}"
glance_rabbitmq_servers: "{{ rabbitmq_servers }}"
glance_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
glance_rabbitmq_password: "secrete"
glance_rabbitmq_userid: glance
glance_rabbitmq_vhost: /glance
glance_requirements_git_install_branch: master
glance_service_password: "secrete"
glance_service_port: 9292
glance_venv_tag: "testing"
internal_lb_vip_address: 10.100.102.102
keystone_admin_tenant_name: admin
keystone_admin_user_name: admin
keystone_auth_admin_password: SuperSecretePassword
keystone_container_mysql_password: "SuperSecrete"
keystone_developer_mode: true
keystone_galera_address: 10.100.102.101
keystone_galera_database: keystone
keystone_git_install_branch: master
keystone_rabbitmq_password: "secrete"
keystone_rabbitmq_port: "{{ rabbitmq_port }}"
keystone_rabbitmq_servers: "{{ rabbitmq_servers }}"
keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_requirements_git_install_branch: master
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminuri_insecure: false
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internaluri_insecure: false
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_password: "secrete"
keystone_service_region: RegionOne
keystone_venv_tag: "testing"
lxd_trust_password: "SuperSecrete"
memcached_encryption_key: "secrete"
memcached_servers: 127.0.0.1
neutron_container_mysql_password: SuperSecrete
neutron_developer_mode: true
neutron_galera_address: 10.100.102.101
neutron_galera_database: neutron
neutron_git_install_branch: master
neutron_ha_vrrp_auth_password: secrete
neutron_management_address: "{{ internal_lb_vip_address }}"
neutron_rabbitmq_port: "{{ rabbitmq_port }}"
neutron_rabbitmq_servers: "{{ rabbitmq_servers }}"
neutron_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
neutron_rabbitmq_password: secrete
neutron_rabbitmq_userid: neutron
neutron_rabbitmq_vhost: /neutron
neutron_requirements_git_install_branch: master
neutron_service_adminurl: http://{{ internal_lb_vip_address }}:9696
neutron_service_password: "secrete"
neutron_service_project_name: service
neutron_service_region: RegionOne
neutron_service_user_name: neutron
neutron_venv_tag: testing
nova_api_container_mysql_password: "SuperSecrete"
nova_api_galera_address: 10.100.102.101
nova_api_galera_database: nova_api
nova_api_galera_user: nova_api
nova_container_mysql_password: "SuperSecrete"
nova_developer_mode: true
nova_galera_address: 10.100.102.101
nova_galera_database: nova
nova_git_install_branch: master
nova_glance_api_servers: "http://{{ glance_host }}:{{ glance_service_port }}"
nova_keystone_auth_plugin: password
nova_management_address: "10.100.102.1"
nova_metadata_port: 8775
nova_metadata_proxy_secret: "secrete"
nova_novncproxy_vncserver_listen: localhost
nova_novncproxy_vncserver_proxyclient_address: localhost
nova_rabbitmq_port: "{{ rabbitmq_port }}"
nova_rabbitmq_servers: "{{ rabbitmq_servers }}"
nova_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
nova_rabbitmq_password: "secrete"
nova_rabbitmq_userid: nova
nova_rabbitmq_vhost: /nova
nova_requirements_git_install_branch: master
nova_service_adminurl: "http://{{ internal_lb_vip_address }}:8774"
nova_service_password: "secrete"
nova_service_project_domain_id: default
nova_service_project_name: service
nova_service_region: RegionOne
nova_service_user_domain_id: default
nova_service_user_name: nova
nova_bin: "/openstack/venvs/nova-{{ nova_venv_tag }}/bin"
nova_venv_tag: "testing"
openrc_os_auth_url: "http://127.0.0.1:5000/v3"
openrc_os_domain_name: "Default"
openrc_os_password: "{{ keystone_auth_admin_password }}"
# This ensures that libvirt-python is built from source. A pre-built wheel
# can be missing libvirt capabilities from the installed version of
# libvirt-bin, leading to nova-compute failing to start.
# TODO(jmccrory) Revisit this at some point
pip_install_options: "--no-binary libvirt-python"
rabbitmq_port: 5672
rabbitmq_servers: 10.100.102.101
rabbitmq_use_ssl: False
tempest_developer_mode: True
tempest_git_install_branch: master
tempest_venv_tag: "{{ tempest_git_install_branch }}"
# tempest_venv_bin is the same as the default in os_tempest role, but we set
# it again here so we can refer to it in test-nova-functional.yml
tempest_venv_bin: "/opt/tempest_{{ tempest_venv_tag }}/bin"
tempest_log_dir: "/var/log/"
tempest_main_group: glance_all
tempest_service_available_aodh: False
tempest_service_available_ceilometer: False
tempest_service_available_cinder: False
tempest_service_available_glance: True
tempest_service_available_heat: False
tempest_service_available_horizon: False
tempest_service_available_neutron: True
tempest_service_available_nova: True
tempest_service_available_swift: False

View File

@ -14,31 +14,31 @@
# limitations under the License. # limitations under the License.
# Prepare the user ssh keys # Prepare the user ssh keys
- include: test-prepare-keys.yml - include: playbooks/test-prepare-keys.yml
# Prepare the host # Prepare the host
- include: test-prepare-host.yml - include: playbooks/test-prepare-host.yml
# Prepare the containers # Prepare the containers
- include: test-prepare-containers.yml - include: playbooks/test-prepare-containers.yml
# Install RabbitMQ/MariaDB # Install RabbitMQ/MariaDB
- include: test-install-infra.yml - include: playbooks/test-install-infra.yml
# Install Keystone # Install Keystone
- include: test-install-keystone.yml - include: playbooks/test-install-keystone.yml
# Install Glance # Install Glance
- include: test-install-glance.yml - include: playbooks/test-install-glance.yml
# Install Neutron # Install Neutron
- include: test-install-neutron.yml - include: playbooks/test-install-neutron.yml
# Install Nova # Install Nova
- include: test-install-nova.yml - include: playbooks/test-install-nova.yml
# Install Tempest # Install Tempest
- include: test-install-tempest.yml - include: playbooks/test-install-tempest.yml
# Test Nova # Test Nova
- include: test-nova-functional.yml - include: test-nova-functional.yml

16
tox.ini
View File

@ -87,7 +87,7 @@ commands =
[testenv:ansible] [testenv:ansible]
deps = deps =
{[testenv]deps} {[testenv]deps}
ansible==1.9.4 ansible==2.1.1
ansible-lint>=2.7.0,<3.0.0 ansible-lint>=2.7.0,<3.0.0
setenv = setenv =
{[testenv]setenv} {[testenv]setenv}
@ -106,6 +106,7 @@ setenv =
# This is required as the default is '/etc/ansible/roles' or a path # This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg # specified in ansible.cfg
ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/.. ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/..
ANSIBLE_TRANSPORT = "ssh"
commands = commands =
rm -rf {homedir}/.ansible/plugins rm -rf {homedir}/.ansible/plugins
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
@ -114,6 +115,9 @@ commands =
ansible-galaxy install \ ansible-galaxy install \
--role-file={toxinidir}/tests/ansible-role-requirements.yml \ --role-file={toxinidir}/tests/ansible-role-requirements.yml \
--force --force
rm -rf {toxinidir}/tests/playbooks
git clone https://git.openstack.org/openstack/openstack-ansible-tests \
{toxinidir}/tests/playbooks
[testenv:ansible-syntax] [testenv:ansible-syntax]
@ -126,7 +130,7 @@ commands =
ansible-playbook -i {toxinidir}/tests/inventory \ ansible-playbook -i {toxinidir}/tests/inventory \
--syntax-check \ --syntax-check \
--list-tasks \ --list-tasks \
-e "rolename={toxinidir}" \ -e "nova_rolename={toxinidir}" \
{toxinidir}/tests/test.yml {toxinidir}/tests/test.yml
@ -172,7 +176,8 @@ setenv =
commands = commands =
{[testenv:ansible]commands} {[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \ ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \ -e @{toxinidir}/tests/nova-overrides.yml \
-e "nova_rolename={toxinidir}" \
-e "install_test_packages=True" \ -e "install_test_packages=True" \
{toxinidir}/tests/test.yml -vvvv {toxinidir}/tests/test.yml -vvvv
{[testenv:func_logs]commands} {[testenv:func_logs]commands}
@ -194,8 +199,9 @@ setenv =
commands = commands =
{[testenv:ansible]commands} {[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \ ansible-playbook -i {toxinidir}/tests/inventory \
-e @{toxinidir}/tests/test-vars-lxd.yml \ -e @{toxinidir}/tests/nova-overrides.yml \
-e "rolename={toxinidir}" \ -e @{toxinidir}/tests/nova-overrides-lxd.yml \
-e "nova_rolename={toxinidir}" \
-e "install_test_packages=True" \ -e "install_test_packages=True" \
{toxinidir}/tests/test.yml -vvvv {toxinidir}/tests/test.yml -vvvv
{[testenv:func_logs]commands} {[testenv:func_logs]commands}