openstack
/
openstack-helm-infra
Code Issues Proposed changes

Merge "Update Ceph-rgw helm tests"

This commit is contained in:
Zuul 2018-12-13 22:39:22 +00:00 committed by Gerrit Code Review
parent 23967559a6 458b8f6692
commit f81e2c54d1
4 changed files with 150 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
ceph-rgw/templates/bin/_helm-tests.sh.tpl
View File

@ -15,18 +15,110 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
function rgw_replicas_validation()
#NOTE: This function tests keystone based auth. It uses ceph_config_helper
#container image that has openstack and ceph installed
function rgw_keystone_bucket_validation ()
{
available_rgw_count=$(ceph -s -f json-pretty | jq '.servicemap.services.rgw.daemons | del(.["summary"]) | length')
echo "function: rgw_keystone_bucket_validation"
openstack service list
if [ "x${available_rgw_count}" == "x${CEPH_RGW_REPLICAS}" ]; then
echo "Correct number of RGWs available: ${available_rgw_count}"
echo "--> creating openstack_test_container container"
openstack container create 'openstack_test_container'
echo "--> rgw bucket list"
radosgw-admin bucket list
all_buckets_stats=$(radosgw-admin bucket stats --format json)
bucket_stat=$(echo $all_buckets_stats | jq -c '.[] | select(.bucket | contains("openstack_test_container"))')
if [[ -z ${bucket_stat} ]]; then
echo "--> rgw bucket openstack_test_container not found"
exit 1
else
echo "Incorrect number of RGWs. Expected count: ${CEPH_RGW_REPLICAS}, Available count: ${available_rgw_count}"
echo "--> rgw bucket openstack_test_container found"
echo "--> deleting openstack_test_container container"
openstack container delete openstack_test_container
echo "--> bucket list after deleting container"
radosgw-admin bucket list
fi
}
#NOTE: This function tests s3 based auto. It uses ceph_rgw container image which has
# s3cmd util install
function rgw_s3_bucket_validation ()
{
echo "function: rgw_s3_bucket_validation"
bucket=s3://rgw-test-bucket
create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate)
if [ $? -eq 0 ]; then
echo "Bucket $bucket created"
echo "Hello world!" > /tmp/hello.txt
s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File uploaded to bucket"
fi
s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File downloaded from bucket"
fi
content=$(cat /tmp/output.txt)
echo $content
if [ "Hello" == "${content}" ]; then
echo "Content matches from downloaded file using s3cmd"
fi
s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
fi
s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "File from bucket is deleted"
fi
s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
if [ $? -ne 0 ]; then
echo "Error during s3cmd execution"
exit 1
else
echo "Bucket is deleted"
fi
else
echo "Error during s3cmd execution"
exit 1
fi
}
rgw_replicas_validation
if [ {{ .Values.conf.rgw_ks.enabled }} == true ];
then
echo "--> Keystone is enabled. Calling function to test keystone based auth "
rgw_keystone_bucket_validation
fi
if [ {{ .Values.conf.rgw_s3.enabled }} == true ];
then
echo "--> S3 is enabled. Calling function to test S2 based auth "
rgw_s3_bucket_validation
fi

45
ceph-rgw/templates/pod-helm-tests.yaml
View File

@ -62,6 +62,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
{{ if .Values.conf.rgw_ks.enabled }}
- name: ceph-keyring-placement
{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
securityContext:
@ -80,14 +81,23 @@ spec:
subPath: key
readOnly: true
containers:
- name: ceph-rgw-validation
- name: ceph-rgw-ks-validation
{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
- name: CEPH_DEPLOYMENT_NAMESPACE
value: {{ .Values.endpoints.ceph_mon.namespace }}
- name: CEPH_RGW_REPLICAS
value: "{{ .Values.pod.replicas.rgw }}"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
- name: OS_AUTH_TYPE
valueFrom:
secretKeyRef:
name: {{ $.Values.secrets.identity.user_rgw }}
key: OS_AUTH_TYPE
- name: OS_TENANT_NAME
valueFrom:
secretKeyRef:
name: {{ $.Values.secrets.identity.user_rgw }}
key: OS_TENANT_NAME
{{- end }}
command:
- /tmp/helm-tests.sh
volumeMounts:
@ -120,3 +130,28 @@ spec:
name: ceph-rgw-etc
defaultMode: 0444
{{- end }}
{{ if .Values.conf.rgw_s3.enabled }}
containers:
- name: ceph-rgw-s3-validation
{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
env:
{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
{{- end }}
- name: RGW_HOST
value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
command:
- /tmp/helm-tests.sh
volumeMounts:
- name: ceph-rgw-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
- name: ceph-rgw-bin
configMap:
name: ceph-rgw-bin
defaultMode: 0555
{{- end }}
{{- end }}

9
ceph-rgw/templates/secret-keystone-rgw.yaml
View File

@ -18,6 +18,9 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
{{ $osAuthType := $auth.os_auth_type }}
{{ $osTenantName := $auth.os_tenant_name }}
---
apiVersion: v1
kind: Secret
@ -25,6 +28,8 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
{{- end }}
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 }}
OS_AUTH_TYPE: {{ $osAuthType | b64enc }}
OS_TENANT_NAME: {{ $osTenantName | b64enc }}
{{ end }}
{{- end }}

6
ceph-rgw/values.yaml
View File

@ -396,6 +396,8 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
os_auth_type: password
os_tenant_name: admin
swift:
role: admin
region_name: RegionOne
@ -404,6 +406,8 @@ endpoints:
project_name: service
user_domain_name: service
project_domain_name: service
os_auth_type: password
os_tenant_name: admin
hosts:
default: keystone
internal: keystone-api
@ -496,4 +500,4 @@ manifests:
secret_keystone: true
service_ingress_rgw: true
service_rgw: true
helm_tests: false
helm_tests: true