8f54f5ef82
... because the subcommand does not exist actually. The command fails with the following error in recent CentOS Stream 9. ``` Error: Unknown command: force-enable Usage: /usr/bin/update-ca-trust [extract] [-o DIR|--output=DIR] Update the system trust store in /etc/pki/ca-trust/extracted. COMMANDS (absent/empty command): Same as the extract command described below. extract: Instruct update-ca-trust to scan the source configuration in /usr/share/pki/ca-trust-source and /etc/pki/ca-trust/source and produce updated versions of the consolidated configuration files stored below the /etc/pki/ca-trust/extracted directory hierarchy. EXTRACT OPTIONS -o DIR, --output=DIR: Write the extracted trust store into the given directory instead of updating /etc/pki/ca-trust/extracted. ``` Change-Id: I38bbfc08a73823d2fd6e00974e277130cbff7e12 (cherry picked from commitfe9a9105cb) (cherry picked from commit93d2fc72b8) (cherry picked from commit5a8111eb22)
Team and repository tags
puppet-openstack-integration
Table of Contents
- Overview - What is Puppet OpenStack Integration?
- Description - What does the project do?
- Development - Guide for contributing
- All-in-one - How to deploy a cloud with Puppet
- Contributors - Those with commits
Overview
Puppet OpenStack Integration makes sure we can continuously test and validate OpenStack setups deployed with Puppet modules. The repository itself contains some scripts and Puppet manifests that help to deploy OpenStack in OpenStack Infrastructure environment.
Description
OpenStack Infrastructure is deploying four jobs per supported Operating System (Ubuntu and CentOS): scenario001, scenario002, scenario003, scenario004, and scenario005.
The manifest files under the fixtures directory is used to compose the required services for each senario. The manifest files under the manifests directory is used to set up basic set of a single component (like nova, cinder and so on).
OpenStack services are balanced between four scenarios because OpenStack Infastructure Jenkins slaves can not afford the load of running everything on the same node. One manifest (scenario-aio) is used for people who want to run a simple All-In-One scenario.
| - | scenario001 | scenario002 | scenario003 | scenario004 | scenario005 | scenario-aio |
|---|---|---|---|---|---|---|
| ssl | yes | yes | yes | yes | yes | no |
| ipv6 | centos9 | centos9 | centos9 | centos9 | centos9 | no |
| keystone | X | X | X | X | X | X |
| glance | rbd | swift | file | swift+rgw | cinder | file |
| nova | rbd | X | X | rbd | X | X |
| placement | X | X | X | X | X | X |
| neutron | ovs | ovs | ovn | ovs | ovn | ovs |
| cinder | rbd | iscsi | iscsi | iscsi | ||
| manila | lvm | |||||
| ceilometer | X | X | ||||
| aodh | X | X | ||||
| designate | bind | |||||
| backup | swift | |||||
| gnocchi | rbd | swift | ||||
| heat | X | X | ||||
| swift | X | |||||
| trove | X | |||||
| horizon | X | X | X | |||
| ironic | X | |||||
| zaqar | X | |||||
| magnum | X | |||||
| mistral | X | |||||
| barbican | X | X | ||||
| ceph | X | X | ||||
| ceph rgw | X | |||||
| vitrage | X | |||||
| watcher | X | |||||
| bgpvpn-api | X | |||||
| bgp-dr | X | |||||
| redis | X | X | X | |||
| l2gw | X | |||||
| octavia | X | X | ||||
| om rpc | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit |
| om notify | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit |
When the Jenkins slave is created, the run_tests.sh script will be executed. This script will execute install_modules.sh that prepare /etc/puppet/modules with all Puppet modules dependencies.
Then, it will execute Puppet a first time by applying a scenario manifest. If the first run executes without error, a second Puppet run will be executed to verify there is no change in the catalog and make sure the Puppet run is idempotent.
If Puppet runs are successful, the script will run Tempest Smoke tests, that will execute some scenarios & API tests. It covers what we want to validate, and does not take too much time.
Development
Developer documentation for the entire Puppet OpenStack project:
Note: SSL Certificates
puppet-openstack-integration ships it's own SSL keys and certificates in order to be able to test implementations secured over SSL/TLS.
It doesn't re-generate new ones every time for the sake of simplicity: we're not testing that we can generate certificates properly, we're testing services.
The configuration as well as the commands used to generate these keys and certificates are stored in the contrib directory.
All-In-One
If you're new in Puppet OpenStack and you want to deploy an All-In-One setup of an OpenStack Cloud with the Puppet modules, please follow the steps:
git clone https://opendev.org/openstack/puppet-openstack-integration
cd puppet-openstack-integration
./all-in-one.sh
Look at Description to see which services it will install (scenario-aio).