Update Ceph-rgw helm tests

Change-Id: I7b328da18ef10840baf8454e2fb3abaeeb542068
This commit is contained in:
Renis Makadia 2018-12-06 08:49:23 +00:00 committed by Matthew Heler
parent b591e0754a
commit 458b8f6692
4 changed files with 150 additions and 14 deletions

View File

@ -15,18 +15,110 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
set -ex set -ex
function rgw_replicas_validation() #NOTE: This function tests keystone based auth. It uses ceph_config_helper
#container image that has openstack and ceph installed
function rgw_keystone_bucket_validation ()
{ {
available_rgw_count=$(ceph -s -f json-pretty | jq '.servicemap.services.rgw.daemons | del(.["summary"]) | length') echo "function: rgw_keystone_bucket_validation"
openstack service list
if [ "x${available_rgw_count}" == "x${CEPH_RGW_REPLICAS}" ]; then echo "--> creating openstack_test_container container"
echo "Correct number of RGWs available: ${available_rgw_count}" openstack container create 'openstack_test_container'
echo "--> rgw bucket list"
radosgw-admin bucket list
all_buckets_stats=$(radosgw-admin bucket stats --format json)
bucket_stat=$(echo $all_buckets_stats | jq -c '.[] | select(.bucket | contains("openstack_test_container"))')
if [[ -z ${bucket_stat} ]]; then
echo "--> rgw bucket openstack_test_container not found"
exit 1
else else
echo "Incorrect number of RGWs. Expected count: ${CEPH_RGW_REPLICAS}, Available count: ${available_rgw_count}" echo "--> rgw bucket openstack_test_container found"
echo "--> deleting openstack_test_container container"
openstack container delete openstack_test_container
echo "--> bucket list after deleting container"
radosgw-admin bucket list
fi
}
#NOTE: This function tests s3 based auto. It uses ceph_rgw container image which has
# s3cmd util install
function rgw_s3_bucket_validation ()
{
echo "function: rgw_s3_bucket_validation"
bucket=s3://rgw-test-bucket
create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate)
if [ $? -eq 0 ]; then
echo "Bucket $bucket created"
echo "Hello world!" > /tmp/hello.txt
s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File uploaded to bucket"
fi
s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File downloaded from bucket"
fi
content=$(cat /tmp/output.txt)
echo $content
if [ "Hello" == "${content}" ]; then
echo "Content matches from downloaded file using s3cmd"
fi
s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
fi
s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File from bucket is deleted"
fi
s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "Bucket is deleted"
fi
else
echo "Error during s3cmd execution"
exit 1 exit 1
fi fi
} }
rgw_replicas_validation if [ {{ .Values.conf.rgw_ks.enabled }} == true ];
then
echo "--> Keystone is enabled. Calling function to test keystone based auth "
rgw_keystone_bucket_validation
fi
if [ {{ .Values.conf.rgw_s3.enabled }} == true ];
then
echo "--> S3 is enabled. Calling function to test S2 based auth "
rgw_s3_bucket_validation
fi

View File

@ -62,6 +62,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
initContainers: initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ if .Values.conf.rgw_ks.enabled }}
- name: ceph-keyring-placement - name: ceph-keyring-placement
{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
securityContext: securityContext:
@ -80,14 +81,23 @@ spec:
subPath: key subPath: key
readOnly: true readOnly: true
containers: containers:
- name: ceph-rgw-validation - name: ceph-rgw-ks-validation
{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env: env:
- name: CEPH_DEPLOYMENT_NAMESPACE {{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
value: {{ .Values.endpoints.ceph_mon.namespace }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
- name: CEPH_RGW_REPLICAS - name: OS_AUTH_TYPE
value: "{{ .Values.pod.replicas.rgw }}" valueFrom:
secretKeyRef:
name: {{ $.Values.secrets.identity.user_rgw }}
key: OS_AUTH_TYPE
- name: OS_TENANT_NAME
valueFrom:
secretKeyRef:
name: {{ $.Values.secrets.identity.user_rgw }}
key: OS_TENANT_NAME
{{- end }}
command: command:
- /tmp/helm-tests.sh - /tmp/helm-tests.sh
volumeMounts: volumeMounts:
@ -120,3 +130,28 @@ spec:
name: ceph-rgw-etc name: ceph-rgw-etc
defaultMode: 0444 defaultMode: 0444
{{- end }} {{- end }}
{{ if .Values.conf.rgw_s3.enabled }}
containers:
- name: ceph-rgw-s3-validation
{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
{{- end }}
- name: RGW_HOST
value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
command:
- /tmp/helm-tests.sh
volumeMounts:
- name: ceph-rgw-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
- name: ceph-rgw-bin
configMap:
name: ceph-rgw-bin
defaultMode: 0555
{{- end }}
{{- end }}

View File

@ -18,6 +18,9 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "swift" }} {{- range $key1, $userClass := tuple "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }} {{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
{{ $osAuthType := $auth.os_auth_type }}
{{ $osTenantName := $auth.os_tenant_name }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -25,6 +28,8 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}} {{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
{{- end }} OS_AUTH_TYPE: {{ $osAuthType | b64enc }}
OS_TENANT_NAME: {{ $osTenantName | b64enc }}
{{ end }}
{{- end }} {{- end }}

View File

@ -396,6 +396,8 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
os_auth_type: password
os_tenant_name: admin
swift: swift:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
@ -404,6 +406,8 @@ endpoints:
project_name: service project_name: service
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
os_auth_type: password
os_tenant_name: admin
hosts: hosts:
default: keystone default: keystone
internal: keystone-api internal: keystone-api
@ -496,4 +500,4 @@ manifests:
secret_keystone: true secret_keystone: true
service_ingress_rgw: true service_ingress_rgw: true
service_rgw: true service_rgw: true
helm_tests: false helm_tests: true