openstack/puppet-openstack-integration
Code Issues Proposed changes

Add support to all Scenarios to work with Fedora and RedHat > 7

Browse Source 
Disable SSL as currently there are known issues in services
to work with python3 + SSL on Fedora.

Also fixed following:-
- watcher to work without SSL
- Handle source /etc/bashrc for users don't have .bashrc created
- Install python3-rbd in Fedora and RedHat > 7

Change-Id: I5b67f40ec3c687f5282c65e10b4a1ee1fe5528f3
This commit is contained in:
yatin 2018-12-17 20:06:39 +05:30
parent 22a04c2a10
commit 0c938590d2
8 changed files with 131 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fixtures/scenario001.pp
View File

@ -15,14 +15,35 @@
#
if ($::os_package_type == 'debian') {
$wsgi_mod_package = 'libapache2-mod-wsgi-py3'
$wsgi_mod_lib = 'mod_wsgi.so'
}
elsif ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
$wsgi_mod_package = 'python3-mod_wsgi'
$wsgi_mod_lib = 'mod_wsgi_python3.so'
}
if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
include ::apache::params
class { '::apache':
mod_packages => merge($::apache::params::mod_packages, {
'wsgi' => 'libapache2-mod-wsgi-py3',
'wsgi' => $wsgi_mod_package,
}),
mod_libs => merge($::apache::params::mod_libs, {
'wsgi' => $wsgi_mod_lib,
})
}
}
if ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
case $::osfamily {
'Debian': {
$ipv6 = false
@ -46,12 +67,14 @@ case $::osfamily {
include ::openstack_integration
class { '::openstack_integration::config':
ssl => true,
ssl => $ssl,
ipv6 => $ipv6,
rpc_backend => $om_rpc,
notify_backend => $om_notify,
}
include ::openstack_integration::cacert
if $ssl {
include ::openstack_integration::cacert
}
include ::openstack_integration::memcached
include ::openstack_integration::rabbitmq
if ($om_rpc == 'amqp') {

29
fixtures/scenario002.pp
View File

@ -15,14 +15,35 @@
#
if ($::os_package_type == 'debian') {
$wsgi_mod_package = 'libapache2-mod-wsgi-py3'
$wsgi_mod_lib = 'mod_wsgi.so'
}
elsif ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
$wsgi_mod_package = 'python3-mod_wsgi'
$wsgi_mod_lib = 'mod_wsgi_python3.so'
}
if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
include ::apache::params
class { '::apache':
mod_packages => merge($::apache::params::mod_packages, {
'wsgi' => 'libapache2-mod-wsgi-py3',
'wsgi' => $wsgi_mod_package,
}),
mod_libs => merge($::apache::params::mod_libs, {
'wsgi' => $wsgi_mod_lib,
})
}
}
if ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
case $::osfamily {
'Debian': {
$ipv6 = false
@ -40,10 +61,12 @@ case $::osfamily {
include ::openstack_integration
class { '::openstack_integration::config':
ssl => true,
ssl => $ssl,
ipv6 => $ipv6,
}
include ::openstack_integration::cacert
if $ssl {
include ::openstack_integration::cacert
}
include ::openstack_integration::memcached
include ::openstack_integration::rabbitmq
include ::openstack_integration::mysql

29
fixtures/scenario003.pp
View File

@ -15,14 +15,35 @@
#
if ($::os_package_type == 'debian') {
$wsgi_mod_package = 'libapache2-mod-wsgi-py3'
$wsgi_mod_lib = 'mod_wsgi.so'
}
elsif ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
$wsgi_mod_package = 'python3-mod_wsgi'
$wsgi_mod_lib = 'mod_wsgi_python3.so'
}
if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
include ::apache::params
class { '::apache':
mod_packages => merge($::apache::params::mod_packages, {
'wsgi' => 'libapache2-mod-wsgi-py3',
'wsgi' => $wsgi_mod_package,
}),
mod_libs => merge($::apache::params::mod_libs, {
'wsgi' => $wsgi_mod_lib,
})
}
}
if ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
case $::osfamily {
'Debian': {
$ipv6 = false
@ -56,10 +77,12 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease
include ::openstack_integration
class { '::openstack_integration::config':
ssl => true,
ssl => $ssl,
ipv6 => $ipv6,
}
include ::openstack_integration::cacert
if $ssl {
include ::openstack_integration::cacert
}
include ::openstack_integration::memcached
include ::openstack_integration::rabbitmq
include ::openstack_integration::mysql

29
fixtures/scenario004.pp
View File

@ -15,14 +15,35 @@
#
if ($::os_package_type == 'debian') {
$wsgi_mod_package = 'libapache2-mod-wsgi-py3'
$wsgi_mod_lib = 'mod_wsgi.so'
}
elsif ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
$wsgi_mod_package = 'python3-mod_wsgi'
$wsgi_mod_lib = 'mod_wsgi_python3.so'
}
if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
include ::apache::params
class { '::apache':
mod_packages => merge($::apache::params::mod_packages, {
'wsgi' => 'libapache2-mod-wsgi-py3',
'wsgi' => $wsgi_mod_package,
}),
mod_libs => merge($::apache::params::mod_libs, {
'wsgi' => $wsgi_mod_lib,
})
}
}
if ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
if $::operatingsystem == 'Ubuntu' {
$ipv6 = false
# Watcher packages are not available in Ubuntu repository.
@ -43,11 +64,13 @@ if $::operatingsystem == 'Ubuntu' {
include ::openstack_integration
class { '::openstack_integration::config':
ssl => true,
ssl => $ssl,
ipv6 => $ipv6,
}
include ::openstack_integration::cacert
if $ssl {
include ::openstack_integration::cacert
}
include ::openstack_integration::memcached
include ::openstack_integration::rabbitmq
include ::openstack_integration::mysql

11
functions
View File

@ -224,10 +224,13 @@ function catch_selinux_alerts() {
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
echo "non-critical RabbitMQ AVC, ignoring it now."
# FIXME(ykarel) catch_selinux_alerts not work with non ssl scenarios(no rabbitmq alert),
# currently running scenario-py3 without ssl because glance py3 has issues when
# running with eventlet + ssl: https://bugs.launchpad.net/glance/+bug/1769006
elif [[ "$SCENARIO" = "scenario-py3" ]]; then
echo "non ssl scenario-py3, ignoring it now."
# currently running all scenarios without ssl in Fedora, and scenario-py3 in CentOS/Fedora,
# because glance,nova,mistral py3 has issues when running with eventlet + ssl:
# glance https://bugs.launchpad.net/glance/+bug/1769006
# nova https://bugs.launchpad.net/nova/+bug/1808975
# mistral https://bugs.launchpad.net/mistral/+bug/1808953
elif [ -f /etc/fedora-release -o "$SCENARIO" = "scenario-py3" ]; then
echo "non ssl scenario, ignoring it now."
else
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
exit 1

11
manifests/ceph.pp
View File

@ -23,6 +23,17 @@ class openstack_integration::ceph (
$ms_bind_ipv6 = undef
}
# FIXME(ykarel) python2-rbd is installed as a indirect dependency for 'ceph' package,
# but we need to install python3-rbd in Fedora until 'ceph' package is fixed.
if ($::os_package_type == 'debian') or ($::operatingsystem == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
ensure_resource('package', 'python3-rbd', {
name => 'python3-rbd',
ensure => 'present',
})
}
class { '::ceph::profile::params':
fsid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c',
manage_repo => false, # repo already managed in openstack_integration::repo

6
manifests/watcher.pp
View File

@ -24,9 +24,9 @@ class openstack_integration::watcher {
# TODO: Support SSL
class { '::watcher::keystone::auth':
password => 'a_big_secret',
public_url => "https://${::openstack_integration::config::ip_for_url}:9322",
admin_url => "https://${::openstack_integration::config::ip_for_url}:9322",
internal_url => "https://${::openstack_integration::config::ip_for_url}:9322",
public_url => "${::openstack_integration::config::base_url}:9322",
admin_url => "${::openstack_integration::config::base_url}:9322",
internal_url => "${::openstack_integration::config::base_url}:9322",
}
class {'::watcher::keystone::authtoken':
password => 'a_big_secret',

6
run_tests.sh
View File

@ -85,6 +85,12 @@ if [ -f ~/.gemrc ]; then
cat ~/.gemrc | $SUDO tee /root/.gemrc
fi
# handle umask issue after "pam" new release, this is needed when run_tests.sh
# is run remotely via ansible using a user which doesn't have .bashrc file
if [ -f /etc/fedora-release -a -f /etc/bashrc ]; then
source /etc/bashrc
fi
print_header 'Clone Tempest, plugins & pre-cache CirrOS'
# TODO(pabelanger): Move this into tools/install_tempest.sh and add logic so we
# can clone tempest outside of the gate. Also, tempest should be sandboxed into