Add 'tls' scenario

This patch adds new 'tls' scenario along with its jobs. TLS scenario changes two things in default deployment: - TLS is enabled on all openstack endpoints(by default only public endpoint is available over https). - TLS backend is enabled for all services(traffic between haproxy and service backends is encrypted) Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/876429 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/874810 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/879380 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/874966 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/873654 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/821011 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/879379 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/879517 Change-Id: If4cc13e3d0907e36de6d932936cac81f02b4dc2c
2023-05-02 15:34:57 +02:00 · 2023-05-02 15:34:57 +02:00 · b029cfd880
parent a2f46717e9
commit b029cfd880
4 changed files with 47 additions and 0 deletions
--- a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
+++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
@ -180,6 +180,9 @@
    - src: user_variables_stepca.yml.j2
      dest: user_variables_stepca.yml
      condition: "{{ 'stepca' in bootstrap_host_scenarios_expanded }}"
+    - src: user_variables_tls.yml.j2
+      dest: user_variables_tls.yml
+      condition: "{{ 'tls' in bootstrap_host_scenarios_expanded }}"

 - name: Copy modified cinder-volume env.d file for ceph scenario
  copy:
--- a/tests/roles/bootstrap-host/templates/user_variables_tls.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables_tls.yml.j2
@ -0,0 +1,16 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+openstack_service_adminuri_proto: https
+openstack_service_internaluri_proto: https
+haproxy_ssl_all_vips: true
+openstack_service_backend_ssl: True
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -426,6 +426,11 @@
    parent: openstack-ansible-deploy-aio
    nodeset: ubuntu-jammy

+- job:
+    name: openstack-ansible-deploy-aio_metal_tls-ubuntu-jammy
+    parent: openstack-ansible-deploy-aio
+    nodeset: ubuntu-jammy
+
 - job:
    name: openstack-ansible-upgrade-aio_lxc-ubuntu-jammy
    parent: openstack-ansible-deploy-aio
@ -448,6 +453,11 @@
    parent: openstack-ansible-deploy-aio-infra
    nodeset: ubuntu-jammy

+- job:
+    name: openstack-ansible-deploy-infra_lxc_tls-ubuntu-jammy
+    parent: openstack-ansible-deploy-aio-infra
+    nodeset: ubuntu-jammy
+
 - job:
    name: openstack-ansible-deploy-hosts_lxc-ubuntu-jammy
    parent: openstack-ansible-deploy-aio-hosts
@ -760,6 +770,11 @@
    parent: openstack-ansible-deploy-aio
    nodeset: rockylinux-9

+- job:
+    name: openstack-ansible-deploy-infra_lxc_tls-rockylinux-9
+    parent: openstack-ansible-deploy-aio
+    nodeset: rockylinux-9
+
 - job:
    name: openstack-ansible-deploy-hosts_distro_lxc-rockylinux-9
    parent: openstack-ansible-deploy-aio
@ -812,6 +827,11 @@
    parent: openstack-ansible-deploy-aio
    nodeset: rockylinux-9

+- job:
+    name: openstack-ansible-deploy-aio_metal_tls-rockylinux-9
+    parent: openstack-ansible-deploy-aio
+    nodeset: rockylinux-9
+
 - job:
    name: openstack-ansible-deploy-aio_telemetry_metal-rockylinux-9
    parent: openstack-ansible-deploy-aio
--- a/zuul.d/project-templates.yaml
+++ b/zuul.d/project-templates.yaml
@ -90,16 +90,20 @@
        - openstack-ansible-deploy-infra_lxc-centos-9-stream:
            voting: false
        - openstack-ansible-deploy-infra_lxc-rockylinux-9
+        - openstack-ansible-deploy-infra_lxc_tls-rockylinux-9
        - openstack-ansible-deploy-infra_lxc-debian-bullseye
        - openstack-ansible-deploy-infra_lxc-ubuntu-focal
        - openstack-ansible-deploy-infra_lxc-ubuntu-jammy
        - openstack-ansible-deploy-infra_lxc_stepca-ubuntu-jammy
+        - openstack-ansible-deploy-infra_lxc_tls-ubuntu-jammy
    gate:
      jobs:
        - openstack-ansible-deploy-infra_lxc-rockylinux-9
+        - openstack-ansible-deploy-infra_lxc_tls-rockylinux-9
        - openstack-ansible-deploy-infra_lxc-debian-bullseye
        - openstack-ansible-deploy-infra_lxc-ubuntu-jammy
        - openstack-ansible-deploy-infra_lxc_stepca-ubuntu-jammy
+        - openstack-ansible-deploy-infra_lxc_tls-ubuntu-jammy
    periodic:
      jobs:
        - openstack-ansible-deploy-infra_lxc-ubuntu-jammy
@ -166,6 +170,8 @@
        - openstack-ansible-deploy-aio_metal-rockylinux-9
        - openstack-ansible-deploy-aio_metal-ubuntu-focal
        - openstack-ansible-deploy-aio_metal-ubuntu-jammy
+        - openstack-ansible-deploy-aio_metal_tls-rockylinux-9
+        - openstack-ansible-deploy-aio_metal_tls-ubuntu-jammy
        - openstack-ansible-upgrade-aio_metal-rockylinux-9
        - openstack-ansible-upgrade-aio_metal-ubuntu-focal
        - openstack-ansible-upgrade_yoga-aio_metal-ubuntu-focal
@ -174,6 +180,8 @@
        - openstack-ansible-deploy-aio_metal-debian-bullseye
        - openstack-ansible-deploy-aio_metal-rockylinux-9
        - openstack-ansible-deploy-aio_metal-ubuntu-jammy
+        - openstack-ansible-deploy-aio_metal_tls-rockylinux-9
+        - openstack-ansible-deploy-aio_metal_tls-ubuntu-jammy

 - project-template:
    name: openstack-ansible-deploy-aio_telemetry_metal-jobs