From f35cbf50f9fa9118d29762096cedf29647804493 Mon Sep 17 00:00:00 2001 From: ibumarskov Date: Tue, 13 Sep 2016 12:00:41 +0300 Subject: [PATCH] Implementation of TC with uploading CA bundle file for vCenter Change-Id: I9339801647a7083c6c629a92416ab7f866606e75 Closes-bug: #1623864 Blueprint: custom-ca-bundle-verify-vcenter-cert (cherry picked from commit fbc83fa059b04457b9510629944a51434886ed45) --- fuelweb_test/settings.py | 7 + system_test/actions/vcenter_actions.py | 188 ++++++++++++++---- system_test/tests/vcenter/test_vcenter_dvs.py | 4 +- .../settings/vmware/dvs/dvs_1cluster.yaml | 2 +- .../settings/vmware/dvs/dvs_main.yaml | 2 +- .../settings/vmware/vcenter_glance.yaml | 4 +- .../settings/vmware/vcenter_main.yaml | 2 + ...ultiroles_computevmware_cindervmware.yaml} | 0 8 files changed, 168 insertions(+), 41 deletions(-) rename system_test/tests_templates/tests_configs/vcenter_dvs/{vcenter_multiroles_computevmware_cindervmvare.yaml => vcenter_multiroles_computevmware_cindervmware.yaml} (100%) diff --git a/fuelweb_test/settings.py b/fuelweb_test/settings.py index f846532b2..9b32f3d84 100644 --- a/fuelweb_test/settings.py +++ b/fuelweb_test/settings.py @@ -372,8 +372,15 @@ DEBUG_MODE = get_var_as_bool('DEBUG_MODE', True) VCENTER_IP = os.environ.get('VCENTER_IP') VCENTER_USERNAME = os.environ.get('VCENTER_USERNAME') VCENTER_PASSWORD = os.environ.get('VCENTER_PASSWORD') +VCENTER_CERT_BYPASS = os.environ.get('VCENTER_CERT_BYPASS', True) +VCENTER_CERT_URL = os.environ.get('VCENTER_CERT_URL') VCENTER_DATACENTER = os.environ.get('VC_DATACENTER') VCENTER_DATASTORE = os.environ.get('VC_DATASTORE') +VCENTER_GLANCE_IP = os.environ.get('VCENTER_GLANCE_IP') +VCENTER_GLANCE_USERNAME = os.environ.get('VCENTER_GLANCE_USERNAME') +VCENTER_GLANCE_PASSWORD = os.environ.get('VCENTER_GLANCE_PASSWORD') +VCENTER_GLANCE_CERT_BYPASS = os.environ.get('VCENTER_GLANCE_CERT_BYPASS', True) +VCENTER_GLANCE_CERT_URL = os.environ.get('VCENTER_GLANCE_CERT_URL') VMWARE_IMG_URL = os.environ.get('VMWARE_IMG_URL') VMWARE_IMG_NAME = os.environ.get('VMWARE_IMG_NAME') VMWARE_IMG_LOGIN = os.environ.get('VMWARE_IMG_LOGIN') diff --git a/system_test/actions/vcenter_actions.py b/system_test/actions/vcenter_actions.py index 7c79f8818..13f1c2676 100644 --- a/system_test/actions/vcenter_actions.py +++ b/system_test/actions/vcenter_actions.py @@ -22,6 +22,7 @@ from proboscis import SkipTest from proboscis.asserts import assert_equal from proboscis.asserts import assert_not_equal from proboscis.asserts import assert_true +import requests from fuelweb_test.helpers.os_actions import OpenStackActions from fuelweb_test.helpers.ssh_manager import SSHManager @@ -88,25 +89,29 @@ class VMwareActions(object): enabled=True) @staticmethod - def config_attr_vcenter(vmware_attr, vc_user, vc_host, vc_az, vc_pwd): + def config_attr_vcenter(vmware_attr, vc_user, vc_host, vc_az, vc_pwd, + ca_bypass, ca_file): """Update and return the dictionary with vCenter attributes.""" logger.info('Configuring vCenter...') - vc_values = vmware_attr['editable']['value'] - computes = vc_values['availability_zones'][0]['nova_computes'][:] - vcenter_value = { - "availability_zones": [{ - "vcenter_username": vc_user, - "nova_computes": computes, - "vcenter_host": vc_host, - "az_name": vc_az, - "vcenter_password": vc_pwd - }] + vc_values = vmware_attr['editable']['value']['availability_zones'][0] + computes = vc_values['nova_computes'][:] + + az_params = { + "vcenter_username": vc_user, + "nova_computes": computes, + "vcenter_host": vc_host, + "az_name": vc_az, + "vcenter_password": vc_pwd, + "vcenter_insecure": ca_bypass, + "vcenter_ca_file": ca_file } - vmware_attr['editable']['value'].update(vcenter_value) + + vc_values.update(az_params) return vmware_attr - def config_attr_glance(self, vmware_attr, host, user, pwd, dc, ds): + def config_attr_glance(self, vmware_attr, host, user, pwd, dc, ds, + ca_bypass, ca_file): """Update and return the dictionary with Glance attributes.""" cluster_attr = self.fuel_web.client.get_cluster_attributes( self.cluster_id) @@ -120,7 +125,9 @@ class VMwareActions(object): "vcenter_username": user, "vcenter_password": pwd, "datacenter": dc, - "datastore": ds + "datastore": ds, + "vcenter_insecure": ca_bypass, + "ca_file": ca_file } } @@ -179,20 +186,37 @@ class VMwareActions(object): self.cluster_id) settings = vmware_vcenter['settings'] + cert_data = {} + if not settings['ca_bypass']: + file_url = settings['ca_file'] + r = requests.get(file_url) + cert_data["content"] = r.text + cert_data["name"] = file_url.split('/')[-1] vmware_attr = self.config_attr_vcenter(vmware_attr=vmware_attr, vc_user=settings['user'], vc_host=settings['host'], vc_az=settings['az'], - vc_pwd=settings['pwd']) + vc_pwd=settings['pwd'], + ca_bypass=settings['ca_bypass'], + ca_file=cert_data) glance = vmware_vcenter['glance'] if glance['enable']: - vmware_attr = self.config_attr_glance(vmware_attr=vmware_attr, - host=glance['host'], - user=glance['user'], - pwd=glance['pwd'], - dc=glance['datacenter'], - ds=glance['datastore']) + cert_data = {} + if not glance['ca_bypass']: + file_url = glance['ca_file'] + r = requests.get(file_url) + cert_data["content"] = r.text + cert_data["name"] = file_url.split('/')[-1] + vmware_attr = \ + self.config_attr_glance(vmware_attr=vmware_attr, + host=glance['host'], + user=glance['user'], + pwd=glance['pwd'], + dc=glance['datacenter'], + ds=glance['datastore'], + ca_bypass=glance['ca_bypass'], + ca_file=cert_data) vmware_attr = self.config_attr_computes( vmware_attr=vmware_attr, clusters=vmware_vcenter['nova-compute']) @@ -212,7 +236,9 @@ class VMwareActions(object): vc_user='user', vc_host='8.8.8.8', vc_az='az', - vc_pwd='pwd') + vc_pwd='pwd', + ca_bypass=True, + ca_file='') glance = vmware_vcenter['glance'] if glance['enable']: @@ -221,7 +247,9 @@ class VMwareActions(object): user='user', pwd='pwd', dc='dc', - ds='!@#$%^&*()') + ds='!@#$%^&*()', + ca_bypass=True, + ca_file='') clusters = [{ 'cluster': 'Cluster1!', @@ -266,7 +294,8 @@ class VMwareActions(object): 'datastore_regex': nova['datastore_regex'], 'host_username': az['vcenter_username'], 'host_password': az['vcenter_password'], - 'host_ip': az['vcenter_host'] + 'host_ip': az['vcenter_host'], + 'insecure': az['vcenter_insecure'] } return conf_dict @@ -285,32 +314,117 @@ class VMwareActions(object): self.cluster_id, ["controller"]) for nova in nova_computes: target_node = nova['target_node']['current']['id'] + conf_dict = self.get_nova_conf_dict(az, nova) if target_node == 'controllers': conf_path = '/etc/nova/nova-compute.d/vmware-vcenter_{0}.' \ 'conf'.format(nova['service_name']) for node in ctrl_nodes: - hostname = node['hostname'] - ip = node['ip'] - conf_dict = self.get_nova_conf_dict(az, nova) - params = (hostname, ip, conf_path, conf_dict) + params = (node['hostname'], node['ip'], conf_path, + conf_dict) data.append(params) else: conf_path = '/etc/nova/nova-compute.conf' for node in nodes: if node['hostname'] == target_node: - hostname = node['hostname'] - ip = node['ip'] - conf_dict = self.get_nova_conf_dict(az, nova) - params = (hostname, ip, conf_path, conf_dict) + params = (node['hostname'], node['ip'], conf_path, + conf_dict) data.append(params) for hostname, ip, conf_path, conf_dict in data: logger.info("Check nova conf of {0}".format(hostname)) - for key in conf_dict.keys(): - cmd = 'cat {0} | grep {1}={2}'.format(conf_path, key, - conf_dict[key]) - logger.debug('CMD: {}'.format(cmd)) - SSHManager().execute_on_remote(ip, cmd) + self.check_config(ip, conf_path, conf_dict) + + @staticmethod + def get_cinder_conf_dict(settings): + """Return cinder-vmware conf_dict. + + :param settings: vcenter settings (api), dict + :return: dict + """ + conf_dict = { + 'vmware_host_ip': settings['vcenter_host'], + 'vmware_host_username': settings['vcenter_username'], + 'vmware_host_password': settings['vcenter_password'], + 'vmware_insecure': settings['vcenter_insecure'] + } + return conf_dict + + @deferred_decorator([make_snapshot_if_step_fail]) + @action + def check_cinder_conf(self): + """Verify cinder-vmware configuration.""" + vmware_attr = self.fuel_web.client.get_cluster_vmware_attributes( + self.cluster_id) + az = vmware_attr['editable']['value']['availability_zones'][0] + + nodes = self.fuel_web.get_nailgun_cluster_nodes_by_roles( + self.cluster_id, ["cinder-vmware"]) + if not nodes: + raise SkipTest() + + conf_path = '/etc/cinder/cinder.d/vmware-vcenter.conf' + conf_dict = self.get_cinder_conf_dict(az) + data = [(n['hostname'], n['ip']) for n in nodes] + + for hostname, ip in data: + logger.info("Check cinder conf of {0}".format(hostname)) + self.check_config(ip, conf_path, conf_dict) + + @staticmethod + def get_glance_conf_dict(settings): + """Return vmware glance backend conf_dict. + + :param settings: glance settings (api), dict + :return: dict + """ + datastore = "{0}:{1}".format(settings['datacenter'], + settings['datastore']) + conf_dict = { + 'vmware_server_host': settings['vcenter_host'], + 'vmware_server_username': settings['vcenter_username'], + 'vmware_server_password': settings['vcenter_password'], + 'vmware_datastores': datastore, + 'vmware_insecure': settings['vcenter_insecure'] + } + return conf_dict + + @deferred_decorator([make_snapshot_if_step_fail]) + @action + def check_glance_conf(self): + """Verify vmware glance backend configuration.""" + cluster_attr = self.fuel_web.client.get_cluster_attributes( + self.cluster_id) + if not cluster_attr['editable']['storage']['images_vcenter']['value']: + raise SkipTest() + + vmware_attr = self.fuel_web.client.get_cluster_vmware_attributes( + self.cluster_id) + glance_settings = vmware_attr['editable']['value']['glance'] + + ctrl_nodes = self.fuel_web.get_nailgun_cluster_nodes_by_roles( + self.cluster_id, ["controller"]) + + conf_path = '/etc/glance/glance-api.conf' + conf_dict = self.get_glance_conf_dict(glance_settings) + data = [(n['hostname'], n['ip']) for n in ctrl_nodes] + + for hostname, ip in data: + logger.info("Check glance conf of {0}".format(hostname)) + self.check_config(ip, conf_path, conf_dict) + + @staticmethod + def check_config(host, path, settings): + """Return vmware glance backend conf_dict. + + :param host: host url or ip, string + :param path: config path, string + :param settings: settings, dict + """ + for key in settings.keys(): + cmd = 'grep {1} {0} | grep -i "{2}"'.format(path, key, + settings[key]) + logger.debug('CMD: {}'.format(cmd)) + SSHManager().check_call(host, cmd) @deferred_decorator([make_snapshot_if_step_fail]) @action diff --git a/system_test/tests/vcenter/test_vcenter_dvs.py b/system_test/tests/vcenter/test_vcenter_dvs.py index 27dbc9ecc..4880aef4c 100644 --- a/system_test/tests/vcenter/test_vcenter_dvs.py +++ b/system_test/tests/vcenter/test_vcenter_dvs.py @@ -181,7 +181,7 @@ class DeployWithCustomHostname(ActionTest, BaseActions, VMwareActions): @testcase(groups=['system_test', 'system_test.vcenter', - 'system_test.vcenter.check_nova_config']) + 'system_test.vcenter.check_vcenter_configs']) class CheckNovaConfig(ActionTest, BaseActions, VMwareActions): """Deploy cluster with vCenter and custom hostname. @@ -212,6 +212,8 @@ class CheckNovaConfig(ActionTest, BaseActions, VMwareActions): 'configure_vcenter', 'deploy_cluster', 'check_nova_conf', + 'check_cinder_conf', + 'check_glance_conf', 'health_check_sanity_smoke_ha' ] diff --git a/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_1cluster.yaml b/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_1cluster.yaml index 798d511eb..bedd34c32 100644 --- a/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_1cluster.yaml +++ b/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_1cluster.yaml @@ -1,3 +1,3 @@ --- -dvswitch_name: !os_env DVS_NAME, Cluster1:Cluster1 +dvswitch_name: !os_env DVS_NAME, "Cluster1:Cluster1:dvUplink1;dvUplink2:dvUplink3" dvs_fw_driver: false diff --git a/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_main.yaml b/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_main.yaml index a85ed9c09..f9b10b73a 100644 --- a/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_main.yaml +++ b/system_test/tests_templates/cluster_configs/settings/vmware/dvs/dvs_main.yaml @@ -1,3 +1,3 @@ --- -dvswitch_name: !os_env DVS_NAME, Cluster1:Cluster1;Cluster2:Cluster2 +dvswitch_name: !os_env DVS_NAME, "Cluster1:Cluster1:dvUplink1;dvUplink2:dvUplink3\nCluster2:Cluster2:dvUplink1;dvUplink2:dvUplink3" dvs_fw_driver: false diff --git a/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_glance.yaml b/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_glance.yaml index 76a679e10..5eaca8974 100644 --- a/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_glance.yaml +++ b/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_glance.yaml @@ -4,4 +4,6 @@ host: !os_env VCENTER_GLANCE_IP, 172.16.0.254 user: !os_env VCENTER_GLANCE_USERNAME, administrator@vsphere.local pwd: !os_env VCENTER_GLANCE_PASSWORD, Qwer!1234 datacenter: !os_env VCENTER_DATACENTER, Datacenter -datastore: !os_env VCENTER_DATASTORE, nfs \ No newline at end of file +datastore: !os_env VCENTER_DATASTORE, nfs +ca_bypass: !os_env VCENTER_GLANCE_CERT_BYPASS, True +ca_file: !os_env VCENTER_GLANCE_CERT_URL, None \ No newline at end of file diff --git a/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_main.yaml b/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_main.yaml index a490d23c1..a5d5360d8 100644 --- a/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_main.yaml +++ b/system_test/tests_templates/cluster_configs/settings/vmware/vcenter_main.yaml @@ -3,3 +3,5 @@ az: vcenter host: !os_env VCENTER_IP, 172.16.0.254 user: !os_env VCENTER_USERNAME, administrator@vsphere.local pwd: !os_env VCENTER_PASSWORD, Qwer!1234 +ca_bypass: !os_env VCENTER_CERT_BYPASS, True +ca_file: !os_env VCENTER_CERT_URL, None \ No newline at end of file diff --git a/system_test/tests_templates/tests_configs/vcenter_dvs/vcenter_multiroles_computevmware_cindervmvare.yaml b/system_test/tests_templates/tests_configs/vcenter_dvs/vcenter_multiroles_computevmware_cindervmware.yaml similarity index 100% rename from system_test/tests_templates/tests_configs/vcenter_dvs/vcenter_multiroles_computevmware_cindervmvare.yaml rename to system_test/tests_templates/tests_configs/vcenter_dvs/vcenter_multiroles_computevmware_cindervmware.yaml