openstack
/
puppet-openstack-integration
Code Issues Proposed changes
Collection of scripts and manifests for module testing
648 Commits 10 Branches 10 Tags 34 MiB
Puppet 78%
Shell 19.4%
Ruby 2.5%
Go to file
David Moreau-Simard 61ba93a2b0 Update SSL certificates with SubjectAltNames 
A recent update to urllib tightened some checks around SSL [1].
This prompted an update to Devstack in order to work properly [2].

Jobs running into this problem without having a SubjectAltName
provided will see an error that looks like:

    SSLError: hostname '127.0.0.1' doesn't match either of
    '127.0.0.1', 'localhost'

Let's also update the certificates to provide the SubjectAltName
and provide a way to easily update the certificates if required
in the future.

[1]: df9d503a8e/CHANGES.rst (118-2016-09-26)
[2]: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=69e3c0aac99981f17c76c22111e5c397824b8428

Change-Id: I94a586b333ba6a99ef831c853a19ab127b502d6f
 		2016-09-29 00:20:08 -04:00
contrib Update SSL certificates with SubjectAltNames 2016-09-29 00:20:08 -04:00
files Update SSL certificates with SubjectAltNames 2016-09-29 00:20:08 -04:00
fixtures Add Designate test coverage to scenario003 2016-09-28 10:09:15 -04:00
hiera Add hiera support 2016-07-15 20:49:10 +00:00
manifests Merge "Add Designate test coverage to scenario003" 2016-09-28 20:50:12 +00:00
templates Add Designate test coverage to scenario003 2016-09-28 10:09:15 -04:00
.gitignore Update SSL certificates with SubjectAltNames 2016-09-29 00:20:08 -04:00
.gitreview Added .gitreview 2015-06-23 19:27:13 +00:00
Gemfile Gemfile: use puppet-openstack_spec_helper 2016-06-27 14:40:22 +00:00
LICENSE Add LICENSE file 2015-07-13 14:58:14 -04:00
Puppetfile Add Designate test coverage to scenario003 2016-09-28 10:09:15 -04:00
README.md Update SSL certificates with SubjectAltNames 2016-09-29 00:20:08 -04:00
Rakefile Remove class_parameter_defaults puppet-lint check 2015-11-12 12:47:22 +01:00
all-in-one.sh Support of Ubuntu 16.04 LTS Xenial deployments 2016-05-26 20:40:18 -04:00
bindep.txt Move other-requirements.txt to bindep.txt 2016-08-12 21:10:15 +02:00
copy_logs.sh copy_logs: Copy the generated openrc to the logs if it's there 2016-09-12 11:03:12 -04:00
external_modules.txt Add puppet-kmod modules to the integration 2016-07-28 16:31:16 +05:30
functions Update cp line to remove redundant param 2016-09-23 16:03:57 -04:00
install_modules.sh Force symlink creation 2016-06-15 14:06:36 +03:00
install_modules_unit.sh Ensure $GEM_BIN_DIR is in $PATH 2016-06-13 14:11:46 -04:00
openstack_modules.txt Remove puppet-openstack-integration from openstack_modules 2016-09-22 09:06:11 -04:00
run_tests.sh Provision from pre-cached/pre-downloaded CirrOS image 2016-09-23 10:26:07 -04:00

README.md

puppet-openstack-integration

Table of Contents

  1. Overview - What is Puppet OpenStack Integration?
  2. Description - What does the project do?
  3. Development - Guide for contributing
  4. All-in-one - How to deploy a cloud with Puppet
  5. Contributors - Those with commits

Overview

Puppet OpenStack Integration makes sure we can continuously test and validate OpenStack setups deployed with Puppet modules. The repository itself contains some scripts and Puppet manifests that help to deploy OpenStack in OpenStack Infrastructure environment.

Description

OpenStack Infrastructure is deploying three jobs per supported Operating System (Ubuntu and CentOS): scenario001, scenario002 and scenario003.

OpenStack services are balanced between three scenarios because OpenStack Infastructure Jenkins slaves can not afford the load of running everything on the same node. One manifest (scenario-aio) is used for people who want to run a simple All-In-One scenario.

- scenario001 scenario002 scenario003 scenario-aio
ssl yes yes yes no
ipv6 centos7 centos7 centos7 no
keystone X X X X
tokens uuid uuid fernet uuid
glance rbd swift file file
nova rbd X X X
neutron ovs ovs linuxbridge ovs
lbaas v2 v2 v2 v2
cinder rbd iscsi iscsi
ceilometer X
aodh X
designate bind
gnocchi rbd
heat X
swift X
sahara X
trove X
horizon X X
ironic X
zaqar X
barbican X
ceph X
mongodb X

When the Jenkins slave is created, the run_tests.sh script will executed. This script will execute install_modules.sh that prepare /etc/puppet/modules with all Puppet modules dependencies.

Then, it will execute Puppet a first time by applying a scenario manifest. If the first run executes without error, a second Puppet run will be executed to verify there is no change in the catalog and make sure the Puppet run is idempotent.

If Puppet runs are successful, the script will run Tempest Smoke tests, that will execute some scenarios & API tests. It covers what we want to validate, and does not take too much time.

Development

Developer documentation for the entire Puppet OpenStack project:

Note: SSL Certificates

puppet-openstack-integration ships it's own SSL keys and certificates in order to be able to test implementations secured over SSL/TLS.

It doesn't re-generate new ones every time for the sake of simplicity: we're not testing that we can generate certificates properly, we're testing services.

The configuration as well as the commands used to generate these keys and certificates are stored in the contrib directory.

All-In-One

If you're new in Puppet OpenStack and you want to deploy an All-In-One setup of an OpenStack Cloud with the Puppet modules, please follow the steps:

git clone git://git.openstack.org/openstack/puppet-openstack-integration
cd puppet-openstack-integration
./all-in-one.sh

or

curl -sL http://git.openstack.org/cgit/openstack/puppet-openstack-integration/plain/all-in-one.sh | bash

Look at Description to see which services it will install (scenario-aio).

Contributors