Add new multi ssh configuration options

This patch add new configuration options for the multiple strategies
for ssh access to VMs.

Partially implements: blueprint ssh-auth-strategy

Change-Id: I16cdbe0982aa35b752828054b6be2cae6c51c6ef

etc/tempest.conf.sample

@@ -253,10 +253,6 @@
 # image. (string value)
 #image_alt_ssh_user = root
 
-# Password used to authenticate to an instance using the alternate
-# image. (string value)
-#image_alt_ssh_password = password
-
 # Time in seconds between build status checks. (integer value)
 #build_interval = 1
 
@@ -269,16 +265,16 @@
 #run_ssh = false
 
 # Auth method used for authenticate to the instance. Valid choices
-# are: keypair, configured, adminpass. keypair: start the servers with
+# are: keypair, configured, adminpass and disabled. Keypair: start the
-# an ssh keypair. configured: use the configured user and password.
+# servers with a ssh keypair. Configured: use the configured user and
-# adminpass: use the injected adminPass. disabled: avoid using ssh
+# password. Adminpass: use the injected adminPass. Disabled: avoid
-# when it is an option. (string value)
+# using ssh when it is an option. (string value)
 #ssh_auth_method = keypair
 
 # How to connect to the instance? fixed: using the first ip belongs
-# the fixed network floating: creating and using a floating ip (string
+# the fixed network floating: creating and using a floating ip.
-# value)
+# (string value)
-#ssh_connect_method = fixed
+#ssh_connect_method = floating
 
 # User name used to authenticate to an instance. (string value)
 #ssh_user = root
@@ -301,7 +297,8 @@
 # Name of the fixed network that is visible to all test tenants. If
 # multiple networks are available for a tenant this is the network
 # which will be used for creating servers if tempest does not create a
-# network or a network is not specified elsewhere (string value)
+# network or a network is not specified elsewhere. It may be used for
+# ssh validation only if floating IPs are disabled. (string value)
 #fixed_network_name = <None>
 
 # Network used for SSH connections. Ignored if
@@ -326,10 +323,6 @@
 # Allowed values: public, admin, internal, publicURL, adminURL, internalURL
 #endpoint_type = publicURL
 
-# Path to a private key file for SSH access to remote hosts (string
-# value)
-#path_to_private_key = <None>
-
 # Expected device name when a volume is attached to an instance
 # (string value)
 #volume_device_name = vdb
@@ -746,14 +739,19 @@
 # The mask bits for tenant ipv6 subnets (integer value)
 #tenant_network_v6_mask_bits = 64
 
-# Whether tenant network connectivity should be evaluated directly
+# Whether tenant networks can be reached directly from the test
-# (boolean value)
+# client. This must be set to True when the 'fixed' ssh_connect_method
+# is selected. (boolean value)
 #tenant_networks_reachable = false
 
 # Id of the public network that provides external connectivity (string
 # value)
 #public_network_id =
 
+# Default floating network name. Used to allocate floating IPs when
+# neutron is enabled. (string value)
+#floating_network_name = <None>
+
 # Id of the public router that provides external connectivity. This
 # should only be used when Neutron's 'allow_overlapping_ips' is set to
 # 'False' in neutron.conf. usually not needed past 'Grizzly' release
@@ -1071,6 +1069,38 @@
 #too_slow_to_test = true
 
 
+[validation]
+
+#
+# From tempest.config
+#
+
+# Default IP type used for validation: -fixed: uses the first IP
+# belonging to the fixed network -floating: creates and uses a
+# floating IP (string value)
+# Allowed values: fixed, floating
+#connect_method = floating
+
+# Default authentication method to the instance. Only ssh via keypair
+# is supported for now. Additional methods will be handled in a
+# separate spec. (string value)
+# Allowed values: keypair
+#auth_method = keypair
+
+# Default IP version for ssh connections. (integer value)
+#ip_version_for_ssh = 4
+
+# Timeout in seconds to wait for ping to succeed. (integer value)
+#ping_timeout = 120
+
+# Timeout in seconds to wait for the TCP connection to be successful.
+# (integer value)
+#connect_timeout = 60
+
+# Timeout in seconds to wait for the ssh banner. (integer value)
+#ssh_timeout = 300
+
+
 [volume]
 
 #

tempest/config.py

@@ -187,10 +187,6 @@ ComputeGroup = [
                default="root",
                help="User name used to authenticate to an instance using "
                     "the alternate image."),
-    cfg.StrOpt('image_alt_ssh_password',
-               default="password",
-               help="Password used to authenticate to an instance using "
-                    "the alternate image."),
     cfg.IntOpt('build_interval',
                default=1,
                help="Time in seconds between build status checks."),
@@ -205,16 +201,17 @@ ComputeGroup = [
     cfg.StrOpt('ssh_auth_method',
                default='keypair',
                help="Auth method used for authenticate to the instance. "
-                    "Valid choices are: keypair, configured, adminpass. "
+                    "Valid choices are: keypair, configured, adminpass "
-                    "keypair: start the servers with an ssh keypair. "
+                    "and disabled. "
-                    "configured: use the configured user and password. "
+                    "Keypair: start the servers with a ssh keypair. "
-                    "adminpass: use the injected adminPass. "
+                    "Configured: use the configured user and password. "
-                    "disabled: avoid using ssh when it is an option."),
+                    "Adminpass: use the injected adminPass. "
+                    "Disabled: avoid using ssh when it is an option."),
     cfg.StrOpt('ssh_connect_method',
-               default='fixed',
+               default='floating',
                help="How to connect to the instance? "
                     "fixed: using the first ip belongs the fixed network "
-                    "floating: creating and using a floating ip"),
+                    "floating: creating and using a floating ip."),
     cfg.StrOpt('ssh_user',
                default='root',
                help="User name used to authenticate to an instance."),
@@ -239,7 +236,8 @@ ComputeGroup = [
                     "tenants. If multiple networks are available for a tenant"
                     " this is the network which will be used for creating "
                     "servers if tempest does not create a network or a "
-                    "network is not specified elsewhere"),
+                    "network is not specified elsewhere. It may be used for "
+                    "ssh validation only if floating IPs are disabled."),
     cfg.StrOpt('network_for_ssh',
                default='public',
                help="Network used for SSH connections. Ignored if "
@@ -264,9 +262,6 @@ ComputeGroup = [
                choices=['public', 'admin', 'internal',
                         'publicURL', 'adminURL', 'internalURL'],
                help="The endpoint type to use for the compute service."),
-    cfg.StrOpt('path_to_private_key',
-               help="Path to a private key file for SSH access to remote "
-                    "hosts"),
     cfg.StrOpt('volume_device_name',
                default='vdb',
                help="Expected device name when a volume is attached to "
@@ -449,12 +444,16 @@ NetworkGroup = [
                help="The mask bits for tenant ipv6 subnets"),
     cfg.BoolOpt('tenant_networks_reachable',
                 default=False,
-                help="Whether tenant network connectivity should be "
+                help="Whether tenant networks can be reached directly from "
-                     "evaluated directly"),
+                     "the test client. This must be set to True when the "
+                     "'fixed' ssh_connect_method is selected."),
     cfg.StrOpt('public_network_id',
                default="",
                help="Id of the public network that provides external "
                     "connectivity"),
+    cfg.StrOpt('floating_network_name',
+               help="Default floating network name. Used to allocate floating "
+                    "IPs when neutron is enabled."),
     cfg.StrOpt('public_router_id',
                default="",
                help="Id of the public router that provides external "
@@ -536,6 +535,37 @@ MessagingGroup = [
                help='The maximum grace period for a claim'),
 ]
 
+validation_group = cfg.OptGroup(name='validation',
+                                title='SSH Validation options')
+
+ValidationGroup = [
+    cfg.StrOpt('connect_method',
+               default='floating',
+               choices=['fixed', 'floating'],
+               help='Default IP type used for validation: '
+                    '-fixed: uses the first IP belonging to the fixed network '
+                    '-floating: creates and uses a floating IP'),
+    cfg.StrOpt('auth_method',
+               default='keypair',
+               choices=['keypair'],
+               help='Default authentication method to the instance. '
+                    'Only ssh via keypair is supported for now. '
+                    'Additional methods will be handled in a separate spec.'),
+    cfg.IntOpt('ip_version_for_ssh',
+               default=4,
+               help='Default IP version for ssh connections.'),
+    cfg.IntOpt('ping_timeout',
+               default=120,
+               help='Timeout in seconds to wait for ping to succeed.'),
+    cfg.IntOpt('connect_timeout',
+               default=60,
+               help='Timeout in seconds to wait for the TCP connection to be '
+                    'successful.'),
+    cfg.IntOpt('ssh_timeout',
+               default=300,
+               help='Timeout in seconds to wait for the ssh banner.'),
+]
+
 volume_group = cfg.OptGroup(name='volume',
                             title='Block Storage Options')
 
@@ -1088,6 +1118,7 @@ _opts = [
     (network_group, NetworkGroup),
     (network_feature_group, NetworkFeaturesGroup),
     (messaging_group, MessagingGroup),
+    (validation_group, ValidationGroup),
     (volume_group, VolumeGroup),
     (volume_feature_group, VolumeFeaturesGroup),
     (object_storage_group, ObjectStoreGroup),
@@ -1148,6 +1179,7 @@ class TempestConfigPrivate(object):
         self.image_feature_enabled = _CONF['image-feature-enabled']
         self.network = _CONF.network
         self.network_feature_enabled = _CONF['network-feature-enabled']
+        self.validation = _CONF.validation
         self.volume = _CONF.volume
         self.volume_feature_enabled = _CONF['volume-feature-enabled']
         self.object_storage = _CONF['object-storage']