40a15b5945
For fine-grained access control based on user and VNF information for API resources, this patch does the following things: 1.Add three comparison attributes of area, vendor, and tenant for the enhanced Tacker policy. 2.Convert special roles to API attributes in context. 3.Modify the API process to support Tacker policy authorize. 4.Add the Tacker policy filter to the list API processes. Implements: blueprint enhance-api-policy Change-Id: I5b4c39387860133a3bcf4544f18a6353c80773f6
758 lines
26 KiB
YAML
758 lines
26 KiB
YAML
- nodeset:
|
|
name: openstack-4-nodes-focal
|
|
nodes:
|
|
- name: controller
|
|
label: ubuntu-focal
|
|
- name: controller-tacker
|
|
label: ubuntu-focal
|
|
- name: compute1
|
|
label: ubuntu-focal
|
|
- name: compute2
|
|
label: ubuntu-focal
|
|
groups:
|
|
# Nodes running the compute service
|
|
- name: compute
|
|
nodes:
|
|
- compute1
|
|
- compute2
|
|
# Nodes that are not the controller
|
|
- name: subnode
|
|
nodes:
|
|
- controller-tacker
|
|
- compute1
|
|
- compute2
|
|
# Switch node for multinode networking setup
|
|
- name: switch
|
|
nodes:
|
|
- controller
|
|
# Peer nodes for multinode networking setup
|
|
- name: peers
|
|
nodes:
|
|
- controller-tacker
|
|
- compute1
|
|
- compute2
|
|
|
|
- nodeset:
|
|
name: openstack-4-nodes-jammy
|
|
nodes:
|
|
- name: controller
|
|
label: ubuntu-jammy
|
|
- name: controller-tacker
|
|
label: ubuntu-jammy
|
|
- name: compute1
|
|
label: ubuntu-jammy
|
|
- name: compute2
|
|
label: ubuntu-jammy
|
|
groups:
|
|
# Nodes running the compute service
|
|
- name: compute
|
|
nodes:
|
|
- compute1
|
|
- compute2
|
|
# Nodes that are not the controller
|
|
- name: subnode
|
|
nodes:
|
|
- controller-tacker
|
|
- compute1
|
|
- compute2
|
|
# Switch node for multinode networking setup
|
|
- name: switch
|
|
nodes:
|
|
- controller
|
|
# Peer nodes for multinode networking setup
|
|
- name: peers
|
|
nodes:
|
|
- controller-tacker
|
|
- compute1
|
|
- compute2
|
|
|
|
- nodeset:
|
|
name: openstack-k8s-4-nodes-jammy
|
|
nodes:
|
|
- name: controller
|
|
label: ubuntu-jammy
|
|
- name: controller-tacker
|
|
label: ubuntu-jammy
|
|
- name: controller-k8s
|
|
label: ubuntu-jammy
|
|
- name: compute1
|
|
label: ubuntu-jammy
|
|
groups:
|
|
- name: compute
|
|
nodes:
|
|
- controller-k8s
|
|
- compute1
|
|
- name: subnode
|
|
nodes:
|
|
- controller-tacker
|
|
- controller-k8s
|
|
- compute1
|
|
- name: switch
|
|
nodes:
|
|
- controller
|
|
- name: peers
|
|
nodes:
|
|
- controller-tacker
|
|
- controller-k8s
|
|
- compute1
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-legacy
|
|
parent: devstack
|
|
description: |
|
|
Base multinodes job for devstack-based functional tests
|
|
nodeset: openstack-4-nodes-jammy
|
|
pre-run: playbooks/devstack/pre.yaml
|
|
run: playbooks/devstack/run.yaml
|
|
post-run: playbooks/devstack/post.yaml
|
|
roles:
|
|
- zuul: openstack-infra/devstack
|
|
timeout: 10800
|
|
required-projects:
|
|
- openstack/cinder
|
|
- openstack/glance
|
|
- openstack/keystone
|
|
- openstack/neutron
|
|
- openstack/nova
|
|
- openstack/placement
|
|
- openstack/aodh
|
|
- openstack/blazar
|
|
- openstack/blazar-nova
|
|
- openstack/horizon
|
|
- openstack/barbican
|
|
- openstack/heat
|
|
- openstack/networking-sfc
|
|
- openstack/python-barbicanclient
|
|
- openstack/python-blazarclient
|
|
- openstack/python-tackerclient
|
|
- openstack/tacker
|
|
- openstack/tacker-horizon
|
|
- x/fenix
|
|
vars:
|
|
devstack_localrc:
|
|
CELLSV2_SETUP: singleconductor
|
|
PHYSICAL_NETWORK: mgmtphysnet0
|
|
OVS_BRIDGE_MAPPINGS: public:br-ex,mgmtphysnet0:br-infra
|
|
DATABASE_TYPE: mysql
|
|
KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
GNOCCHI_SERVICE_HOST: "{{ hostvars['controller-tacker']['nodepool']['private_ipv4'] }}"
|
|
Q_SERVICE_PLUGIN_CLASSES: ovn-router,networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin,neutron.services.qos.qos_plugin.QoSPlugin,qos
|
|
L2_AGENT_EXTENSIONS: qos
|
|
DEVSTACK_PARALLEL: True
|
|
OVN_L3_CREATE_PUBLIC_NETWORK: true
|
|
OVN_DBS_LOG_LEVEL: dbg
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
|
|
test_matrix_configs: [neutron]
|
|
zuul_work_dir: src/opendev.org/openstack/tacker
|
|
host-vars:
|
|
controller:
|
|
devstack_local_conf:
|
|
post-config:
|
|
# NOTE: workaround for Heat timeout due to communication
|
|
# problem between nova and neutron.
|
|
$NEUTRON_CONF:
|
|
DEFAULT:
|
|
client_socket_timeout: 60
|
|
$NEUTRON_DHCP_CONF:
|
|
DEFAULT:
|
|
enable_isolated_metadata: True
|
|
$CINDER_CONF:
|
|
lvmdriver-1:
|
|
image_volume_cache_enabled: False
|
|
devstack_plugins:
|
|
heat: https://opendev.org/openstack/heat
|
|
networking-sfc: https://opendev.org/openstack/networking-sfc
|
|
aodh: https://opendev.org/openstack/aodh
|
|
barbican: https://opendev.org/openstack/barbican
|
|
blazar: https://opendev.org/openstack/blazar
|
|
fenix: https://opendev.org/x/fenix
|
|
devstack_services:
|
|
# Core services enabled for this branch.
|
|
# This list replaces the test-matrix.
|
|
# Shared services
|
|
mysql: true
|
|
rabbit: true
|
|
tls-proxy: false
|
|
# Keystone services
|
|
key: true
|
|
# Glance services
|
|
g-api: true
|
|
# Nova services
|
|
n-api: true
|
|
n-api-meta: true
|
|
n-cond: true
|
|
n-cpu: false
|
|
n-novnc: true
|
|
n-sch: true
|
|
placement-api: true
|
|
# OVN services
|
|
ovn-controller: true
|
|
ovn-northd: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
# Neutron services
|
|
q-svc: true
|
|
q-qos: true
|
|
q-ovn-metadata-agent: true
|
|
# Cinder services
|
|
c-api: true
|
|
c-sch: true
|
|
c-vol: true
|
|
cinder: true
|
|
# Services we don't need.
|
|
# This section is not really needed, it's for readability.
|
|
horizon: false
|
|
tempest: false
|
|
swift: false
|
|
s-account: false
|
|
s-container: false
|
|
s-object: false
|
|
s-proxy: false
|
|
c-bak: false
|
|
tox_install_siblings: false
|
|
controller-tacker:
|
|
devstack_plugins:
|
|
tacker: https://opendev.org/openstack/tacker
|
|
devstack_services:
|
|
# OVN services
|
|
ovn-controller: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
# Neutron services
|
|
q-ovn-metadata-agent: true
|
|
# Tacker services
|
|
tacker: true
|
|
tacker-conductor: true
|
|
tox_envlist: dsvm-functional-legacy
|
|
group-vars:
|
|
compute:
|
|
# Since a VirtualInterfaceCreateException occurs during a test,
|
|
# the setting of network-vif-plugged is changed by the reference of
|
|
# the following URL.
|
|
# https://bugs.launchpad.net/heat/+bug/1694371
|
|
devstack_local_conf:
|
|
post-config:
|
|
$NOVA_CONF:
|
|
DEFAULT:
|
|
vif_plugging_is_fatal: False
|
|
subnode:
|
|
devstack_localrc:
|
|
CELLSV2_SETUP: singleconductor
|
|
PHYSICAL_NETWORK: mgmtphysnet0
|
|
OVS_BRIDGE_MAPPINGS: public:br-ex,mgmtphysnet0:br-infra
|
|
DATABASE_TYPE: mysql
|
|
KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
GNOCCHI_SERVICE_HOST: "{{ hostvars['controller-tacker']['nodepool']['private_ipv4'] }}"
|
|
TACKER_HOST: "{{ hostvars['controller-tacker']['nodepool']['private_ipv4'] }}"
|
|
TACKER_MODE: standalone
|
|
IS_ZUUL_FT: True
|
|
# NOTES:
|
|
# - Without this ugly inline template, we would have to overwrite devstack_localrc
|
|
# as a whole in some way. However keeping up with parent jobs' definitions would
|
|
# be too costly. E.g., ADMIN_PASSWORD, NETWORK_GATEWAY, etc. Too many variables.
|
|
# - The reason we set CEILOMETER_BACKEND=none for compute nodes is that otherwise
|
|
# gnocchi setup would run on every compute nodes (esp. multiple asynchronous calls
|
|
# of recreate_database() would be disastrous). Unused api servers would also be
|
|
# deployed on each compute node.
|
|
CEILOMETER_BACKEND: "{% if 'compute' in group_names %}none{% else %}gnocchi{% endif %}"
|
|
Q_SERVICE_PLUGIN_CLASSES: "qos,\
|
|
networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin,\
|
|
neutron.services.qos.qos_plugin.QoSPlugin,\
|
|
ovn-router"
|
|
L2_AGENT_EXTENSIONS: qos
|
|
ENABLE_CHASSIS_AS_GW: false
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
|
|
devstack_services:
|
|
# To override the parent job's definitions.
|
|
tls-proxy: false
|
|
# OVN services
|
|
ovn-controller: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
# Neutron services
|
|
q-ovn-metadata-agent: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol
|
|
parent: tacker-functional-devstack-multinode-legacy
|
|
description: |
|
|
Multinodes job for SOL devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-sol
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-v2
|
|
parent: tacker-functional-devstack-multinode-sol
|
|
description: |
|
|
Multinodes job for SOL V2 devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
server_notification:
|
|
server_notification: true
|
|
prometheus_plugin:
|
|
auto_scaling: true
|
|
auto_healing: true
|
|
tox_envlist: dsvm-functional-sol-v2
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-multi-tenant
|
|
parent: tacker-functional-devstack-multinode-sol
|
|
description: |
|
|
Multinodes job for SOL Multi tenant devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-sol-multi-tenant
|
|
vars:
|
|
setup_multi_tenant: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-separated-nfvo
|
|
parent: tacker-functional-devstack-multinode-sol
|
|
description: |
|
|
Multinodes job for SOL devstack-based functional tests
|
|
with separated NFVO
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
connect_vnf_packages:
|
|
base_url: http://127.0.0.1:9990/vnfpkgm/v1/vnf_packages
|
|
pipeline: package_content,vnfd,artifacts
|
|
connect_grant:
|
|
base_url: http://127.0.0.1:9990/grant/v1/grants
|
|
openstack_vim:
|
|
stack_retries: 120
|
|
tox_envlist: dsvm-functional-sol-separated-nfvo
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-separated-nfvo-v2
|
|
parent: tacker-functional-devstack-multinode-sol
|
|
description: |
|
|
Multinodes job for SOL devstack-based functional tests
|
|
with separated V2 NFVO
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
v2_nfvo:
|
|
use_external_nfvo: True
|
|
endpoint: http://127.0.0.1:9990
|
|
token_endpoint: http://127.0.0.1:9990/token
|
|
client_id: 229ec984de7547b2b662e968961af5a4
|
|
client_password: devstack
|
|
use_client_secret_basic: True
|
|
tox_envlist: dsvm-functional-sol-separated-nfvo-v2
|
|
|
|
# TODO(manpreetk): As per the 2023.1 testing runtime, we need to run atleast
|
|
# one job on Focal. This job can be removed as per the future testing
|
|
# runtime (whenever we drop the Ubuntu Focal testing).
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-v2-ubuntu-focal
|
|
parent: tacker-functional-devstack-multinode-sol-v2
|
|
description: |
|
|
Multinode job for SOL V2 devstack-based functional tests on Ubuntu focal
|
|
nodeset: openstack-4-nodes-focal
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-sol-v2-ubuntu-focal
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-kubernetes
|
|
parent: devstack
|
|
description: |
|
|
Multinodes job for SOL devstack-based kubernetes functional tests
|
|
nodeset: openstack-k8s-4-nodes-jammy
|
|
pre-run: playbooks/devstack/pre.yaml
|
|
run: playbooks/devstack/run.yaml
|
|
post-run: playbooks/devstack/post.yaml
|
|
roles:
|
|
- zuul: openstack-infra/devstack
|
|
timeout: 10800
|
|
required-projects:
|
|
- openstack/barbican
|
|
- openstack/cinder
|
|
- openstack/devstack-gate
|
|
- openstack/devstack-plugin-container
|
|
- openstack/glance
|
|
- openstack/heat
|
|
- openstack/horizon
|
|
- openstack/keystone
|
|
- openstack/kuryr-kubernetes
|
|
- openstack/neutron
|
|
- openstack/nova
|
|
- openstack/octavia
|
|
- openstack/placement
|
|
- openstack/python-barbicanclient
|
|
- openstack/python-blazarclient
|
|
- openstack/python-octaviaclient
|
|
- openstack/python-tackerclient
|
|
- openstack/tacker
|
|
- openstack/tacker-horizon
|
|
host-vars:
|
|
controller:
|
|
devstack_plugins:
|
|
barbican: https://opendev.org/openstack/barbican
|
|
heat: https://opendev.org/openstack/heat
|
|
neutron: https://opendev.org/openstack/neutron
|
|
octavia: https://opendev.org/openstack/octavia
|
|
devstack_services:
|
|
base: false
|
|
c-api: true
|
|
c-bak: false
|
|
c-sch: true
|
|
c-vol: true
|
|
cinder: true
|
|
coredns: false
|
|
etcd3: true
|
|
g-api: true
|
|
g-reg: true
|
|
horizon: false
|
|
key: true
|
|
mysql: true
|
|
n-api-meta: true
|
|
n-api: true
|
|
n-cond: true
|
|
n-cpu: false
|
|
n-novnc: true
|
|
n-sch: true
|
|
neutron: true
|
|
o-api: true
|
|
o-cw: true
|
|
o-hk: true
|
|
o-hm: true
|
|
octavia: true
|
|
placement-api: true
|
|
placement-client: true
|
|
ovn-controller: true
|
|
ovn-northd: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
q-qos: true
|
|
q-svc: true
|
|
q-ovn-metadata-agent: true
|
|
rabbit: true
|
|
s-account: false
|
|
s-container: false
|
|
s-object: false
|
|
s-proxy: false
|
|
swift: false
|
|
tempest: false
|
|
tls-proxy: false
|
|
tox_install_siblings: false
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
kubernetes_vim:
|
|
stack_retries: 120
|
|
devstack_services:
|
|
ovn-controller: true
|
|
ovn-northd: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
q-ovn-metadata-agent: true
|
|
tacker: true
|
|
tacker-conductor: true
|
|
devstack_plugins:
|
|
tacker: https://opendev.org/openstack/tacker
|
|
tox_envlist: dsvm-functional-sol-kubernetes
|
|
controller-k8s:
|
|
devstack_local_conf: {}
|
|
devstack_plugins:
|
|
devstack-plugin-container: https://opendev.org/openstack/devstack-plugin-container
|
|
kuryr-kubernetes: https://opendev.org/openstack/kuryr-kubernetes
|
|
devstack_services:
|
|
etcd3: false
|
|
kubernetes-master: true
|
|
kuryr-daemon: true
|
|
kuryr-kubernetes: true
|
|
octavia: false
|
|
ovn-controller: true
|
|
ovn-northd: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
q-ovn-metadata-agent: true
|
|
tox_install_siblings: false
|
|
group-vars:
|
|
subnode:
|
|
devstack_localrc:
|
|
CELLSV2_SETUP: singleconductor
|
|
DATABASE_TYPE: mysql
|
|
IS_ZUUL_FT: True
|
|
K8S_API_SERVER_IP: "{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}"
|
|
KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
KURYR_FORCE_IMAGE_BUILD: true
|
|
KURYR_K8S_API_PORT: 6443
|
|
KURYR_K8S_API_URL: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:${KURYR_K8S_API_PORT}"
|
|
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: false
|
|
KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID: shared-default-subnetpool-v4
|
|
# NOTES:
|
|
# - In Antelope cycle, Kubernetes version is updated to 1.25.
|
|
# https://blueprints.launchpad.net/tacker/+spec/update-k8s-helm-prometheus
|
|
KURYR_KUBERNETES_VERSION: 1.25.6
|
|
CONTAINER_ENGINE: crio
|
|
CRIO_VERSION: 1.25
|
|
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
OCTAVIA_AMP_IMAGE_FILE: "/tmp/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2"
|
|
OCTAVIA_AMP_IMAGE_NAME: "test-only-amphora-x64-haproxy-ubuntu-bionic"
|
|
OCTAVIA_AMP_IMAGE_SIZE: 3
|
|
OVS_BRIDGE_MAPPINGS: public:br-ex,mgmtphysnet0:br-infra
|
|
PHYSICAL_NETWORK: mgmtphysnet0
|
|
TACKER_HOST: "{{ hostvars['controller-tacker']['nodepool']['private_ipv4'] }}"
|
|
TACKER_MODE: standalone
|
|
USE_PYTHON3: true
|
|
ENABLE_CHASSIS_AS_GW: false
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
|
|
devstack_services:
|
|
dstat: false
|
|
horizon: false
|
|
n-api-meta: false
|
|
n-api: false
|
|
n-cauth: false
|
|
n-cond: false
|
|
n-cpu: true
|
|
n-novnc: false
|
|
n-obj: false
|
|
n-sch: false
|
|
ovn-controller: true
|
|
ovs-vswitchd: true
|
|
ovsdb-server: true
|
|
q-ovn-metadata-agent: true
|
|
tls-proxy: false
|
|
vars:
|
|
devstack_localrc:
|
|
CELLSV2_SETUP: singleconductor
|
|
DATABASE_TYPE: mysql
|
|
ETCD_USE_RAMDISK: true
|
|
IS_ZUUL_FT: True
|
|
KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
L2_AGENT_EXTENSIONS: qos
|
|
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
|
|
OCTAVIA_AMP_IMAGE_FILE: "/tmp/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2"
|
|
OCTAVIA_AMP_IMAGE_NAME: "test-only-amphora-x64-haproxy-ubuntu-bionic"
|
|
OCTAVIA_AMP_IMAGE_SIZE: 3
|
|
OVS_BRIDGE_MAPPINGS: public:br-ex,mgmtphysnet0:br-infra
|
|
PHYSICAL_NETWORK: mgmtphysnet0
|
|
Q_SERVICE_PLUGIN_CLASSES: ovn-router,neutron.services.qos.qos_plugin.QoSPlugin,qos
|
|
TACKER_HOST: "{{ hostvars['controller-tacker']['nodepool']['private_ipv4'] }}"
|
|
TACKER_MODE: standalone
|
|
USE_PYTHON3: true
|
|
DEVSTACK_PARALLEL: True
|
|
OVN_L3_CREATE_PUBLIC_NETWORK: true
|
|
OVN_DBS_LOG_LEVEL: dbg
|
|
Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
|
|
devstack_local_conf:
|
|
post-config:
|
|
$NEUTRON_DHCP_CONF:
|
|
DEFAULT:
|
|
enable_isolated_metadata: True
|
|
$OCTAVIA_CONF:
|
|
controller_worker:
|
|
amp_active_retries: 9999
|
|
kuryr_k8s_api_url: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:6443"
|
|
k8s_ssl_verify: true
|
|
# NOTES:
|
|
# - In Antelope cycle, Helm version is updated to 3.10.
|
|
# https://blueprints.launchpad.net/tacker/+spec/update-k8s-helm-prometheus
|
|
helm_version: "3.10.3"
|
|
test_matrix_configs: [neutron]
|
|
zuul_work_dir: src/opendev.org/openstack/tacker
|
|
zuul_copy_output:
|
|
'{{ devstack_log_dir }}/kubernetes': 'logs'
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-kubernetes-multi-tenant
|
|
parent: tacker-functional-devstack-multinode-sol-kubernetes
|
|
description: |
|
|
Multinodes job for SOL Kubernetes Multi tenant devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-sol-kubernetes-multi-tenant
|
|
vars:
|
|
setup_multi_tenant: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-libs-master
|
|
parent: tacker-functional-devstack-multinode-legacy
|
|
description: |
|
|
devstack-based functional tests with libs from the master branch
|
|
required-projects:
|
|
- openstack/heat-translator
|
|
- openstack/tosca-parser
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-kubernetes-v2
|
|
parent: tacker-functional-devstack-multinode-sol-kubernetes
|
|
description: |
|
|
Multinodes job for SOL Kubernetes V2 devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
v2_vnfm:
|
|
kubernetes_vim_rsc_wait_timeout: 800
|
|
prometheus_plugin:
|
|
fault_management: true
|
|
performance_management: true
|
|
auto_scaling: true
|
|
auto_healing: true
|
|
test_rule_with_promtool: true
|
|
tox_envlist: dsvm-functional-sol-kubernetes-v2
|
|
vars:
|
|
prometheus_setup: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-https-v2
|
|
parent: tacker-functional-devstack-multinode-sol
|
|
description: |
|
|
Multinodes job for SOL devstack-based functional tests
|
|
with https request
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
v2_vnfm:
|
|
notification_verify_cert: true
|
|
notification_ca_cert_file: /etc/https_server/ssl/ca.crt
|
|
use_oauth2_mtls_for_heat: false
|
|
heat_verify_cert: true
|
|
heat_ca_cert_file: /etc/https_server/ssl/ca.crt
|
|
prometheus_plugin:
|
|
fault_management: true
|
|
performance_management: true
|
|
auto_scaling: true
|
|
performance_management_package: tacker.sol_refactored.common.monitoring_plugin_base
|
|
performance_management_class: MonitoringPluginStub
|
|
v2_nfvo:
|
|
use_external_nfvo: true
|
|
endpoint: https://localhost:9990
|
|
token_endpoint: https://localhost:9990/token
|
|
client_id: 229ec984de7547b2b662e968961af5a4
|
|
client_password: devstack
|
|
nfvo_verify_cert: true
|
|
nfvo_ca_cert_file: /etc/https_server/ssl/ca.crt
|
|
use_client_secret_basic: true
|
|
tox_envlist: dsvm-functional-sol-https-v2
|
|
vars:
|
|
https_setup: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-kubernetes-oidc-auth
|
|
parent: tacker-functional-devstack-multinode-sol-kubernetes-v2
|
|
description: |
|
|
Multinodes job for Kubernetes OIDC Auth tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-sol_kubernetes_oidc_auth
|
|
vars:
|
|
keycloak_host: "{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}"
|
|
keycloak_http_port: 8080
|
|
keycloak_https_port: 8443
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-multinode-sol-v2-az-retry
|
|
parent: tacker-functional-devstack-multinode-sol-v2
|
|
description: |
|
|
Multinodes job for retry of AZ selection in SOL V2 devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
v2_nfvo:
|
|
test_grant_zone_list: az-1
|
|
v2_vnfm:
|
|
placement_fallback_best_effort: true
|
|
server_notification:
|
|
server_notification: true
|
|
devstack_services:
|
|
n-cpu: true
|
|
placement-client: true
|
|
tox_envlist: dsvm-functional-sol-v2-az-retry
|
|
vars:
|
|
setup_multi_az: true
|
|
controller_tacker_hostname: "{{ hostvars['controller-tacker']['ansible_hostname'] }}"
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-enhanced-policy-sol
|
|
parent: tacker-functional-devstack-multinode-legacy
|
|
description: |
|
|
Enhanced policy job for SOL devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-enhanced-policy-sol
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
oslo_policy:
|
|
enhanced_tacker_policy: True
|
|
vars:
|
|
config_enhanced_policy: true
|
|
|
|
- job:
|
|
name: tacker-functional-devstack-enhanced-policy-sol-kubernetes
|
|
parent: tacker-functional-devstack-multinode-sol-kubernetes-v2
|
|
description: |
|
|
Enhanced policy job for SOL Kubernetes devstack-based functional tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-functional-enhanced-policy-sol-kubernetes
|
|
devstack_local_conf:
|
|
post-config:
|
|
$TACKER_CONF:
|
|
oslo_policy:
|
|
enhanced_tacker_policy: True
|
|
vars:
|
|
config_enhanced_policy: true
|
|
|
|
- job:
|
|
name: tacker-compliance-devstack-multinode-sol
|
|
parent: tacker-functional-devstack-multinode-legacy
|
|
description: |
|
|
Multinodes job for SOL devstack-based compliance tests
|
|
host-vars:
|
|
controller-tacker:
|
|
tox_envlist: dsvm-compliance-sol-api
|
|
voting: false
|
|
|
|
- project:
|
|
templates:
|
|
- check-requirements
|
|
- openstack-cover-jobs
|
|
- openstack-python3-jobs
|
|
- publish-openstack-docs-pti
|
|
- release-notes-jobs-python3
|
|
check:
|
|
jobs:
|
|
- tacker-functional-devstack-multinode-legacy:
|
|
# TODO(ueha): Remove the job after Legacy APIs obsolete
|
|
voting: false
|
|
- tacker-functional-devstack-multinode-sol
|
|
- tacker-functional-devstack-multinode-sol-separated-nfvo
|
|
- tacker-functional-devstack-multinode-sol-kubernetes
|
|
- tacker-functional-devstack-multinode-libs-master:
|
|
# TODO(ueha): Remove the job after Legacy APIs obsolete
|
|
voting: false
|
|
- tacker-functional-devstack-multinode-sol-v2
|
|
- tacker-functional-devstack-multinode-sol-separated-nfvo-v2
|
|
- tacker-functional-devstack-multinode-sol-v2-ubuntu-focal
|
|
- tacker-functional-devstack-multinode-sol-kubernetes-v2
|
|
- tacker-functional-devstack-multinode-sol-multi-tenant
|
|
- tacker-functional-devstack-multinode-sol-https-v2
|
|
- tacker-functional-devstack-multinode-sol-kubernetes-multi-tenant
|
|
- tacker-functional-devstack-kubernetes-oidc-auth
|
|
- tacker-functional-devstack-multinode-sol-v2-az-retry
|
|
- tacker-functional-devstack-enhanced-policy-sol
|
|
- tacker-functional-devstack-enhanced-policy-sol-kubernetes
|
|
- tacker-compliance-devstack-multinode-sol
|