e40e6d934b
Currently we are setting "DNS.0 = ::1", but ::1 is not a valid A-Label for IDNA so the certificate is not correct. Additionally, we are setting wrong value for DNS.0 = 127.0.0.1 in the ipv4 certificate. Finally, removing issuerAltName from both ipv4 and ipv6 certificates as they are not needed for the jobs. New versions of python-cryptography are more strict to check certificates content and does not allow to have not compliant DNS names so we need to fix the certificate to bump python-cryptography. Note that horizont tempest plugin does not support ipaddress SANs based certificate validation so I'm disablint certificate validation for dashboard in this patch. Depends-On: Iea7a4b85ac64572fac0f0ad871649a79fbc1c0f5 Change-Id: Ib519d222e07e26d3683b24359e2f67728cdd8029 |
||
|---|---|---|
| contrib | ||
| files | ||
| fixtures | ||
| hiera | ||
| manifests | ||
| playbooks | ||
| templates | ||
| .gitignore | ||
| .gitreview | ||
| .zuul.yaml | ||
| all-in-one.sh | ||
| bindep.txt | ||
| configure_facts.sh | ||
| copy_logs.sh | ||
| external_modules.txt | ||
| functions | ||
| Gemfile | ||
| install_modules_unit.sh | ||
| install_modules.sh | ||
| LICENSE | ||
| openstack_modules.txt | ||
| Puppetfile | ||
| Rakefile | ||
| README.md | ||
| run_tests.sh | ||
Team and repository tags
puppet-openstack-integration
Table of Contents
- Overview - What is Puppet OpenStack Integration?
- Description - What does the project do?
- Development - Guide for contributing
- All-in-one - How to deploy a cloud with Puppet
- Contributors - Those with commits
Overview
Puppet OpenStack Integration makes sure we can continuously test and validate OpenStack setups deployed with Puppet modules. The repository itself contains some scripts and Puppet manifests that help to deploy OpenStack in OpenStack Infrastructure environment.
Description
OpenStack Infrastructure is deploying four jobs per supported Operating System (Ubuntu and CentOS): scenario001, scenario002, scenario003 and scenario004.
OpenStack services are balanced between four scenarios because OpenStack Infastructure Jenkins slaves can not afford the load of running everything on the same node. One manifest (scenario-aio) is used for people who want to run a simple All-In-One scenario.
| - | scenario001 | scenario002 | scenario003 | scenario004 | scenario-aio |
|---|---|---|---|---|---|
| ssl | yes | yes | yes | yes | no |
| ipv6 | centos7 | centos7 | centos7 | centos7 | no |
| keystone | X | X | X | X | X |
| glance | rbd | swift | file | swift+rgw | file |
| nova | rbd | X | X | rbd | X |
| neutron | ovs | ovs | linuxbridge | ovs | ovs |
| lbaas | v2 | v2 | v2 | v2 | |
| cinder | rbd | iscsi | iscsi | ||
| ceilometer | X | ||||
| aodh | X | ||||
| panko | X | ||||
| designate | bind | ||||
| backup | swift | ||||
| gnocchi | rbd | ||||
| ec2api | X | ||||
| heat | X | X | |||
| swift | X | ||||
| sahara | X | ||||
| trove | X | ||||
| horizon | X | X | |||
| ironic | X | ||||
| zaqar | X | ||||
| murano | X | ||||
| mistral | X | ||||
| barbican | X | ||||
| ceph | X | X | |||
| ceph rgw | X | ||||
| vitrage | X | ||||
| watcher | X | ||||
| bgpvpn-api | X | ||||
| redis | X | ||||
| l2gw | X | ||||
| om rpc | amqp1 | rabbit | rabbit | rabbit | rabbit |
| om notify | rabbit | rabbit | rabbit | rabbit | rabbit |
When the Jenkins slave is created, the run_tests.sh script will be executed. This script will execute install_modules.sh that prepare /etc/puppet/modules with all Puppet modules dependencies.
Then, it will execute Puppet a first time by applying a scenario manifest. If the first run executes without error, a second Puppet run will be executed to verify there is no change in the catalog and make sure the Puppet run is idempotent.
If Puppet runs are successful, the script will run Tempest Smoke tests, that will execute some scenarios & API tests. It covers what we want to validate, and does not take too much time.
Development
Developer documentation for the entire Puppet OpenStack project:
Note: SSL Certificates
puppet-openstack-integration ships it's own SSL keys and certificates in order to be able to test implementations secured over SSL/TLS.
It doesn't re-generate new ones every time for the sake of simplicity: we're not testing that we can generate certificates properly, we're testing services.
The configuration as well as the commands used to generate these keys and certificates are stored in the contrib directory.
All-In-One
If you're new in Puppet OpenStack and you want to deploy an All-In-One setup of an OpenStack Cloud with the Puppet modules, please follow the steps:
git clone git://git.openstack.org/openstack/puppet-openstack-integration
cd puppet-openstack-integration
./all-in-one.sh
Look at Description to see which services it will install (scenario-aio).