Use tempest for testing

This commit updates os_nova to use tempest for functional testing of
nova.  For this to work on openstack-infra instances we have to drop
all existing iptables rules using iptables-clear.sh.  This commit also
updates the netmask used across containers as we currently have a mix
of /22 and /24.

Note that I couldn't get the vxlan traffic to work over
10.100.100.0/22, so I created br-vxlan and wired separate container
interfaces into that.

Change-Id: I33378e6275b70152d45357ac1ceb200ea4d5daf0

tests/ansible-role-requirements.yml

@@ -54,6 +54,10 @@
   src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
   scm: git
   version: master
+- name: os_tempest
+  src: https://git.openstack.org/openstack/openstack-ansible-os_tempest
+  scm: git
+  version: master
 - name: openstack_openrc
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
   scm: git

tests/group_vars/all_containers.yml

@@ -20,7 +20,18 @@ container_networks:
     address: "{{ ansible_host }}"
     bridge: "lxcbr0"
     interface: "eth1"
-    netmask: "255.255.252.0"
+    netmask: "255.255.255.0"
+    type: "veth"
+  tunnel_address:
+    address: "{{ tunnel_address }}"
+    bridge: "br-vxlan"
+    interface: "eth2"
+    netmask: "255.255.255.0"
+    type: "veth"
+  vlan_address:
+    bridge: "br-vlan"
+    interface: "eth3"
+    netmask: null
     type: "veth"
 physical_host: localhost
 properties:

tests/host_vars/localhost.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+neutron_provider_networks:
+  network_types: "vxlan,flat"
+  network_mappings: "flat:br-vlan"
+  network_vxlan_ranges: "1:1000"

tests/host_vars/openstack1.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+neutron_provider_networks:
+  network_types: "vxlan,flat"
+  network_mappings: "flat:eth3"
+  network_vxlan_ranges: "1:1000"

tests/inventory

@@ -1,7 +1,7 @@
 [all]
-localhost ansible_connection=local ansible_become=True
-infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root
-openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root
+localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1
+infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
+openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
 
 [all_containers]
 infra1

tests/iptables-clear.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT

tests/test-install-neutron.yml

@@ -13,6 +13,36 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Make /lib/modules accessible on neutron_agent containers
+  hosts: neutron_agent
+  user: root
+  gather_facts: true
+  tasks:
+    - name: Use the unconfined aa profile
+      lxc_container:
+        name: "{{ container_name }}"
+        container_config:
+          - "lxc.aa_profile=unconfined"
+      delegate_to: "{{ physical_host }}"
+    - name: Neutron extra lxc config
+      lxc_container:
+        name: "{{ container_name }}"
+        container_command: |
+          [[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
+        container_config:
+          - "lxc.cgroup.devices.allow=a *:* rmw"
+          - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
+      delegate_to: "{{ physical_host }}"
+    - name: Wait for ssh to be available
+      local_action:
+        module: wait_for
+        port: "{{ ansible_ssh_port | default('22') }}"
+        host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
+        search_regex: OpenSSH
+        delay: 1
+    - name: Add iptables rule for communication w/ metadata agent
+      command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill
+
 - name: Deploy neutron
   hosts: neutron_all
   user: root

tests/test-install-tempest.yml

@@ -0,0 +1,23 @@
+---
+# Copyright 2015, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Playbook for deploying tempest
+  hosts: openstack1
+  user: root
+  gather_facts: true
+  roles:
+    - role: "os_tempest"
+  vars_files:
+    - test-vars.yml

tests/test-nova-functional.yml

@@ -18,101 +18,9 @@
   user: root
   gather_facts: false
   tasks:
-    - name: Check the nova-api-os-compute service
-      uri:
-        url: "http://localhost:8774"
-        status_code: 200
-      register: nova_api_os_compute_status
-      until: nova_api_os_compute_status | success
-      retries: 5
-      delay: 5
-    - name: Check the nova-api-metadata service
-      uri:
-        url: "http://localhost:8775"
-        status_code: 200
-      register: nova_api_metadata_status
-      until: nova_api_metadata_status | success
-      retries: 5
-      delay: 5
-    - name: Check the nova-spicehtml5proxy service
-      uri:
-        url: "http://localhost:6082/spice_auto.html"
-        status_code: 200
-      register: nova_spice_status
-      until: nova_spice_status | success
-      retries: 5
-      delay: 5
-    - name: Install testing pip packages
-      pip:
-        name: "{{ item }}"
-      with_items:
-        - python-glanceclient
-        - python-neutronclient
-    - name: Set glance_image_name fact
-      set_fact:
-        glance_image_name: "functional-image-{{ 100|random }}"
-    - name: Set nova_instance_name fact
-      set_fact:
-        nova_instance_name: "functional-instance-{{ 100|random }}"
-    - name: Set neutron_net_name fact
-      set_fact:
-        neutron_net_name: "functional-net-{{ 100|random }}"
-    - name: Set neutron_subnet_name fact
-      set_fact:
-        neutron_subnet_name: "functional-subnet-{{ 100|random }}"
-    - name: Set nova_flavor_name fact
-      set_fact:
-        nova_flavor_name: "functional-flavor-{{ 100|random }}"
-    - name: Upload the Cirros image
-      glance:
-        command: 'image-create'
-        openrc_path: /root/openrc
-        image_name: "{{ glance_image_name }}"
-        image_url: "http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-uec.tar.gz"
-        image_container_format: bare
-        image_disk_format: qcow2
-        image_is_public: True
-      register: cirros_image_create
-      until: cirros_image_create | success
-      retries: 5
-      delay: 15
-    # NOTE: We need to ensure the image goes active before we attempt to boot
-    #       from it below
-    - name: Verify image goes active
-      shell: |
-        . /root/openrc
-        {{ nova_venv_bin }}/glance image-show {{ glance_images[glance_image_name]['id'] }} | grep active
-      register: image_status
-      until: image_status|success
-      retries: 5
-      delay: 5
-    - name: Create test network
-      neutron:
-        command: create_network
-        openrc_path: /root/openrc
-        net_name: "{{ neutron_net_name }}"
-    - name: Create test subnet
-      neutron:
-        command: create_subnet
-        openrc_path: /root/openrc
-        net_name: "{{ neutron_net_name }}"
-        subnet_name: "{{ neutron_subnet_name }}"
-        cidr: "192.168.74.0/24"
-    - name: Create test flavor
-      shell: |
-        . /root/openrc
-        {{ nova_venv_bin }}/nova flavor-create {{ nova_flavor_name }} 101 256 1 1
-    - name: Create nova instance
-      shell: |
-        . /root/openrc
-        {{ nova_venv_bin }}/nova boot --image {{ glance_image_name }} --flavor 101 --nic net-id={{ neutron_networks[neutron_net_name]['id'] }} {{ nova_instance_name }}
-    - name: Verify nova instance goes active
-      shell: |
-        . /root/openrc
-        {{ nova_venv_bin }}/nova show {{ nova_instance_name }} | grep ACTIVE
-      register: instance_status
-      until: instance_status|success
-      retries: 5
-      delay: 5
+    - name: Run tempest
+      command: /opt/openstack_tempest_gate.sh scenario
+      environment:
+        RUN_TEMPEST_OPTS: "--serial"
   vars_files:
     - test-vars.yml

tests/test-prepare-host.yml

@@ -16,6 +16,8 @@
 - name: Playbook for configuring the LXC host
   hosts: localhost
   pre_tasks:
+    - name: Clear iptables rules
+      shell: ./iptables-clear.sh
     # Make sure OS does not have a stale package cache.
     - name: Update apt cache
       apt:
@@ -46,9 +48,21 @@
       set_fact:
         lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
         lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
+  post_tasks:
+    - name: Create br-vxlan bridge
+      command: /sbin/brctl addbr br-vxlan
+    - name: IP br-vxlan
+      command: /sbin/ifconfig br-vxlan 10.100.101.1 netmask 255.255.255.0
+    - name: Create br-vlan bridge
+      command: /sbin/brctl addbr br-vlan
+    - name: IP br-vlan
+      command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0
+    - name: Add iptables rule to ensure ssh checksum is correct
+      command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
   roles:
     - role: "lxc_hosts"
       lxc_net_address: 10.100.100.1
+      lxc_net_netmask: 255.255.255.0
       lxc_net_dhcp_range: 10.100.100.2,10.100.100.99
       lxc_net_bridge: lxcbr0
       lxc_kernel_options:

tests/test-vars.yml

@@ -67,9 +67,6 @@ neutron_galera_database: neutron
 neutron_git_install_branch: master
 neutron_ha_vrrp_auth_password: secrete
 neutron_management_address: "{{ internal_lb_vip_address }}"
-neutron_provider_networks:
-  network_types: "vxlan"
-  network_vxlan_ranges: "1:1000"
 neutron_rabbitmq_password: secrete
 neutron_rabbitmq_userid: neutron
 neutron_rabbitmq_vhost: /neutron
@@ -113,4 +110,19 @@ openrc_os_password: "{{ keystone_auth_admin_password }}"
 rabbitmq_port: 5671
 rabbitmq_servers: 10.100.100.101
 rabbitmq_use_ssl: true
+tempest_developer_mode: True
+tempest_git_repo: https://git.openstack.org/openstack/tempest
+tempest_git_install_branch: 534a8dc60dfef116156b8f9ee60071a9bf4e4f90
+tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}"
+tempest_log_dir: "/var/log/"
+tempest_main_group: glance_all
+tempest_service_available_aodh: False
+tempest_service_available_ceilometer: False
+tempest_service_available_cinder: False
+tempest_service_available_glance: True
+tempest_service_available_heat: False
+tempest_service_available_horizon: False
+tempest_service_available_neutron: True
+tempest_service_available_nova: True
+tempest_service_available_swift: False
 verbose: true

tests/test.yml

@@ -37,5 +37,8 @@
 # Install Nova
 - include: test-install-nova.yml
 
+# Install Tempest
+- include: test-install-tempest.yml
+
 # Test Nova
 - include: test-nova-functional.yml

tox.ini

@@ -108,13 +108,16 @@ commands =
     rm -rf {homedir}/.ansible
     git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
               {homedir}/.ansible/plugins
+    # This plugin makes the ansible-playbook output easier to read
+    wget -O {homedir}/.ansible/plugins/callback/human_log.py \
+      https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
     ansible-galaxy install \
                    --role-file={toxinidir}/tests/ansible-role-requirements.yml \
                    --ignore-errors \
                    --force
     ansible-playbook -i {toxinidir}/tests/inventory \
                      -e "rolename={toxinidir}" \
-                     -vv \
+                     -vvvv \
                      {toxinidir}/tests/test.yml