openstack
/
openstack-ansible-os_barbican
Code Issues Proposed changes

Enable functional convergence testing 

This change adds variables and tasks for enabling developer mode to
allow for installing barbican without a repo server, moves the tasks
creating the barbican rabbit virtual host and mysql database from the
role to a playbook, and adds functional convergence test playbooks to
deploy rabbitmq, galera, keystone, and barbican.

The barbican.conf template has been updated to make use of the deployed
rabbit and galera servers and all other templated configuration files
have been updated from the current head of master.

Change-Id: I2716fbe6a5dbad2a3b7ce6e406098e463cf7d943
This commit is contained in:
Jimmy McCrory 2016-04-04 13:04:18 -07:00
parent d8583df31c
commit 37d90c5dd9
22 changed files with 634 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
defaults/main.yml
View File

@ -53,17 +53,24 @@ barbican_api_audit_map_overrides: {}
barbican_vassals_api_overrides: {}
barbican_git_repo: "https://git.openstack.org/openstack/barbican"
barbican_git_install_branch: 7b0cce90a59e5690d0a53a9dd3ef551103022845
barbican_git_install_branch: master
barbican_git_dest: "/opt/barbican_{{ barbican_git_install_branch |replace('/', '_') }}"
barbican_requirements_git_repo: https://git.openstack.org/openstack/requirements
barbican_requirements_git_install_branch: master
barbican_developer_mode: false
barbican_developer_constraints:
- "git+{{ barbican_git_repo }}@{{ barbican_git_install_branch }}#egg=barbican"
# Database vars
barbican_galera_database_name: barbican_service
barbican_galera_database: barbican
barbican_galera_user: barbican
# Rabbit vars
barbican_rpc_backend: rabbit
barbican_rabbitmq_userid: barbican
barbican_rabbitmq_virtualhost: /barbican
barbican_rabbitmq_vhost: /barbican
# Keystone AuthToken/Middleware
barbican_keystone_auth_plugin: password
@ -135,6 +142,7 @@ barbican_pip_packages:
- pecan
- pycadf
- pycrypto
- PyMySQL
- pyOpenSSL
- ldap3
- keystonemiddleware

61
extras/os-barbican-install.yml
View File

@ -74,6 +74,61 @@
when: is_metal | bool
tags:
- barbican-logs
- name: Ensure Rabbitmq vhost
rabbitmq_vhost:
name: "{{ barbican_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['barbican_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- barbican-rabbitmq
- barbican-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ barbican_rabbitmq_userid }}"
password: "{{ barbican_rabbitmq_password }}"
vhost: "{{ barbican_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
when:
- inventory_hostname == groups['barbican_all'][0]
- groups['rabbitmq_all']|length > 0
tags:
- barbican-rabbitmq
- barbican-rabbitmq-user
- name: Keystone create DB for service
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ galera_address }}"
name: "{{ barbican_galera_database }}"
state: "present"
when: inventory_hostname == groups['barbican_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
- name: Keystone grant access to the DB for the service
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ galera_address }}"
name: "{{ barbican_galera_database }}"
password: "{{ barbican_galera_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ barbican_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
when: inventory_hostname == groups['barbican_all'][0]
delegate_to: "{{ groups['galera_all'][0] }}"
tags:
- mysql-db-setup
roles:
- role: "openstack-ansible-barbican"
barbican_galera_address: "{{ galera_address }}"
@ -85,12 +140,12 @@
bind_port: "{{ barbican_service_port }}"
rpc_backend: "{{ barbican_rpc_backend }}"
host_href: "http://{{ barbican_rpc_backend }}:{{ barbican_service_port }}"
sql_connection: "mysql://{{ barbican_galera_user}}:{{ barbican_galera_password}}@{{ barbican_galera_address }}/{{ barbican_galera_database_name }}?charset=utf8"
sql_connection: "mysql://{{ barbican_galera_user}}:{{ barbican_galera_password }}@{{ barbican_galera_address }}/{{ barbican_galera_database }}?charset=utf8"
rabbit_port: "{{ rabbitmq_port }}"
rabbit_hosts: "{{ rabbitmq_servers }}"
rabbit_userid: "{{ barbican_rabbitmq_userid }}"
rabbit_password: "{{ barbican_rabbitmq_password }}"
rabbit_virtual_host: "{{ barbican_rabbitmq_virtualhost }}"
rabbit_virtual_host: "{{ barbican_rabbitmq_vhost }}"
rabbit_use_ssl: "{{ rabbitmq_use_ssl }}"
rabbit_notification_exchange: barbican
rabbit_notification_topic: notification
@ -99,7 +154,7 @@
rabbit_port: "{{ rabbitmq_port }}"
rabbit_userid: "{{ barbican_rabbitmq_userid }}"
rabbit_password: "{{ barbican_rabbitmq_password }}"
rabbit_virtual_host: "{{ barbican_rabbitmq_virtualhost }}"
rabbit_virtual_host: "{{ barbican_rabbitmq_vhost }}"
rabbit_use_ssl: "{{ rabbitmq_use_ssl }}"
rabbit_notification_exchange: barbican
rabbit_notification_topic: notification

8
meta/main.yml
View File

@ -15,7 +15,11 @@ galaxy_info:
- barbican
dependencies:
- role: pip_lock_down
when:
- not barbican_developer_mode | bool
- role: pip_install
when:
- barbican_developer_mode | bool
- apt_package_pinning
- galera_client
- pip_install
- pip_lock_down

30
tasks/database-setup.yml
View File

@ -13,36 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create Barbican's database tables
mysql_db:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ barbican_galera_address }}"
name: "{{ barbican_galera_database_name }}"
state: "present"
tags:
- barbican-database-setup
- barbican-db-setup
- barbican-setup
- name: Give Barbican database access
mysql_user:
login_user: "{{ galera_root_user }}"
login_password: "{{ galera_root_password }}"
login_host: "{{ barbican_galera_address }}"
name: "{{ barbican_galera_user }}"
password: "{{ barbican_galera_password }}"
priv: "{{ barbican_galera_database_name }}.*:ALL"
host: "{{ item }}"
state: "present"
with_items:
- "localhost"
- "%"
tags:
- barbican-database-setup
- barbican-db-setup
- barbican-setup
- name: Perform a synchronization of the Barbican database
command: "barbican-db-manage upgrade"
sudo: yes

46
tasks/install.yml
View File

@ -39,11 +39,55 @@
- barbican-apt-packages
- barbican-install
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
content: |
{% for item in barbican_developer_constraints %}
{{ item }}
{% endfor %}
when:
- barbican_developer_mode | bool
tags:
- barbican-install
- barbican-pip-packages
- name: Clone requirements git repository
git:
repo: "{{ barbican_requirements_git_repo }}"
dest: "/opt/requirements"
clone: yes
update: yes
version: "{{ barbican_requirements_git_install_branch }}"
when:
- barbican_developer_mode | bool
tags:
- barbican-install
- barbican-pip-packages
- name: Add constraints to pip_install_options fact for developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt"
when:
- barbican_developer_mode | bool
tags:
- barbican-install
- barbican-pip-packages
- name: Set pip_install_options_fact when not in developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }}"
when:
- not barbican_developer_mode | bool
tags:
- barbican-install
- barbican-pip-packages
- name: Install pip packages for Barbican
pip:
name: "{{ item }}"
state: "present"
extra_args: "{{ pip_install_options |default('') }}"
extra_args: "{{ pip_install_options_fact }}"
register: install_barbican_pip_packages
until: install_barbican_pip_packages |success
retries: 5

4
tasks/main.yml
View File

@ -17,10 +17,6 @@
- include: pre-install.yml
- include: messaging-setup.yml
when: >
inventory_hostname == groups['barbican_all'][0]
- include: install.yml
- include: post-install.yml

38
tasks/messaging-setup.yml
View File

@ -1,38 +0,0 @@
---
# Copyright 2016, Ian Cordasco
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure the Barbican RabbitMQ virtualhost exists
rabbitmq_vhost:
name: "{{ barbican_rabbitmq_virtualhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- barbican-rabbitmq
- barbican-rabbitmq-vhost
- barbican-rabbitmq-virtualhost
- name: Ensure the Barbican RabbitMQ user exists
rabbitmq_user:
user: "{{ barbican_rabbitmq_userid }}"
password: "{{ barbican_rabbitmq_password }}"
vhost: "{{ barbican_rabbitmq_virtualhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- barbican-rabbitmq
- barbican-rabbitmq-user

3
templates/barbican-api-paste.ini.j2
View File

@ -71,6 +71,3 @@ unwind = false
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = barbican
latent_allow_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
latent_expose_headers = X-Auth-Token, X-Openstack-Request-Id, X-Project-Id, X-Identity-Status, X-User-Id, X-Storage-Token, X-Domain-Id, X-User-Domain-Id, X-Project-Domain-Id, X-Roles
latent_allow_methods = GET, PUT, POST, DELETE, PATCH

10
templates/barbican.conf.j2
View File

@ -38,7 +38,7 @@ max_allowed_request_size_in_bytes = 1000000
#sql_connection = sqlite:///barbican.sqlite
# Note: For absolute addresses, use '////' slashes after 'sqlite:'
# Uncomment for a more global development environment
sql_connection = sqlite:////var/lib/barbican/barbican.sqlite
sql_connection = mysql+pymysql://{{ barbican_galera_user }}:{{ barbican_galera_password }}@{{ barbican_galera_address }}/{{ barbican_galera_database }}?charset=utf8
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
@ -117,14 +117,14 @@ max_limit_paging = 100
# Rabbit and HA configuration:
ampq_durable_queues = True
rabbit_userid=guest
rabbit_password=guest
rabbit_userid = {{ barbican_rabbitmq_userid }}
rabbit_password = {{ barbican_rabbitmq_password }}
rabbit_ha_queues = True
rabbit_port=5672
rabbit_port = {{ rabbitmq_port }}
# For HA, specify queue nodes in cluster, comma delimited:
# For example: rabbit_hosts=192.168.50.8:5672, 192.168.50.9:5672
rabbit_hosts=localhost:5672
rabbit_hosts={{ rabbitmq_servers }}
# For HA, specify queue nodes in cluster as 'user@host:5672', comma delimited, ending with '/offset':
# For example: transport_url = rabbit://guest@192.168.50.8:5672,guest@192.168.50.9:5672/

6
templates/policy.json.j2
View File

@ -74,5 +74,9 @@
"quotas:get": "rule:all_users",
"project_quotas:get": "rule:service_admin",
"project_quotas:put": "rule:service_admin",
"project_quotas:delete": "rule:service_admin"
"project_quotas:delete": "rule:service_admin",
"secret_meta:get": "rule:all_but_audit",
"secret_meta:post": "rule:admin_or_creator",
"secret_meta:put": "rule:admin_or_creator",
"secret_meta:delete": "rule:admin_or_creator"
}

32
tests/ansible-role-requirements.yml
View File

@ -6,6 +6,34 @@
src: https://git.openstack.org/openstack/openstack-ansible-galera_client
scm: git
version: master
- name: galera_server
src: https://git.openstack.org/openstack/openstack-ansible-galera_server
scm: git
version: master
- name: lxc_container_create
src: https://git.openstack.org/openstack/openstack-ansible-lxc_container_create
scm: git
version: master
- name: lxc_hosts
src: https://git.openstack.org/openstack/openstack-ansible-lxc_hosts
scm: git
version: master
- name: memcached_server
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
scm: git
version: master
- name: openstack_hosts
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
scm: git
version: master
- name: openstack_openrc
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
scm: git
version: master
- name: os_keystone
src: https://git.openstack.org/openstack/openstack-ansible-os_keystone
scm: git
version: master
- name: pip_install
src: https://git.openstack.org/openstack/openstack-ansible-pip_install
scm: git
@ -14,3 +42,7 @@
src: https://git.openstack.org/openstack/openstack-ansible-pip_lock_down
scm: git
version: master
- name: rabbitmq_server
src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
scm: git
version: master

27
tests/group_vars/all_containers.yml Normal file
View File

@ -0,0 +1,27 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ansible_ssh_host: "{{ ansible_host }}"
container_name: "{{ inventory_hostname }}"
container_networks:
management_address:
address: "{{ ansible_host }}"
bridge: "lxcbr0"
interface: "eth1"
netmask: "255.255.252.0"
type: "veth"
physical_host: localhost
properties:
service_name: "{{ inventory_hostname }}"

27
tests/inventory
View File

@ -1,2 +1,29 @@
[all]
localhost ansible_connection=local ansible_become=True
infra1 ansible_host=10.100.100.2 ansible_become=True ansible_user=root
keystone1 ansible_host=10.100.100.3 ansible_become=True ansible_user=root
barbican1 ansible_host=10.100.100.4 ansible_become=True ansible_user=root
[all_containers]
infra1
keystone1
barbican1
[rabbitmq_all]
infra1
[galera_all]
infra1
[service_all:children]
rabbitmq_all
galera_all
[keystone_all]
keystone1
[barbican_api]
barbican1
[barbican_all:children]
barbican_api

75
tests/test-install-barbican.yml Normal file
View File

@ -0,0 +1,75 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy Barbican
hosts: barbican_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ barbican_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['barbican_all'][0]
tags:
- barbican-rabbitmq
- barbican-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ barbican_rabbitmq_userid }}"
password: "{{ barbican_rabbitmq_password }}"
vhost: "{{ barbican_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['barbican_all'][0]
tags:
- barbican-rabbitmq
- barbican-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ barbican_galera_database }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['barbican_all'][0]
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ barbican_galera_database }}"
password: "{{ barbican_galera_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ barbican_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['barbican_all'][0]
tags:
- mysql-db-setup
roles:
- role: "{{ rolename | basename }}"
vars_files:
- test-vars.yml

32
tests/test-install-infra.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy infrastructure services
hosts: service_all
user: root
gather_facts: true
roles:
- role: "rabbitmq_server"
rabbitmq_cookie_token: secrete
- role: "galera_server"
galera_root_password: secrete
galera_root_user: root
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_wsrep_provider_options:
- { option: "gcache.size", value: "32M" }
galera_server_id: "{{ inventory_hostname | string_2_int }}"

75
tests/test-install-keystone.yml Normal file
View File

@ -0,0 +1,75 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy keystone
hosts: keystone_all
user: root
gather_facts: true
pre_tasks:
- name: Ensure rabbitmq vhost
rabbitmq_vhost:
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- keystone-rabbitmq
- keystone-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
user: "{{ keystone_rabbitmq_userid }}"
password: "{{ keystone_rabbitmq_password }}"
vhost: "{{ keystone_rabbitmq_vhost }}"
configure_priv: ".*"
read_priv: ".*"
write_priv: ".*"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- keystone-rabbitmq
- keystone-rabbitmq-user
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "10.100.100.2"
when: inventory_hostname == groups['keystone_all'][0]
tags:
- mysql-db-setup
roles:
- role: os_keystone
vars_files:
- test-vars.yml

54
tests/test-prepare-containers.yml Normal file
View File

@ -0,0 +1,54 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create test containers
hosts: all_containers
connection: local
gather_facts: false
pre_tasks:
- name: Destroy test containers
lxc_container:
name: "{{ container_name }}"
state: "absent"
delegate_to: "{{ physical_host }}"
tags:
- container-destroy
- name: Destroy container service directories
file:
path: "{{ item }}"
state: "absent"
with_items:
- "/openstack/{{ container_name }}"
- "/openstack/backup/{{ container_name }}"
- "/openstack/log/{{ container_name }}"
- "/var/lib/lxc/{{ container_name }}"
- "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}"
delegate_to: "{{ physical_host }}"
tags:
- container-directories
roles:
- role: "lxc_container_create"
lxc_container_release: trusty
lxc_container_backing_store: dir
global_environment_variables:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1

55
tests/test-prepare-host.yml Normal file
View File

@ -0,0 +1,55 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Perform basic LXC host setup
hosts: localhost
pre_tasks:
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
user: root
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
manage_dir: no
- set_fact:
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
- name: Check if this is an OpenStack-CI nodepool instance
stat:
path: /etc/nodepool/provider
register: nodepool
- name: Set the files to copy into the container cache for OpenStack-CI instances
set_fact:
lxc_container_cache_files:
- { src: '/etc/pip.conf', dest: '/etc/pip.conf' }
- { src: '/etc/apt/apt.conf.d/99unauthenticated', dest: '/etc/apt/apt.conf.d/99unauthenticated' }
when: nodepool.stat.exists | bool
- name: Determine the existing Ubuntu repo configuration
shell: 'awk "/^deb .*ubuntu\/? {{ ansible_distribution_release }} main/ {print \$2; exit}" /etc/apt/sources.list'
register: ubuntu_repo
changed_when: false
- name: Set apt repo facts based on discovered information
set_fact:
lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}"
roles:
- role: "lxc_hosts"
lxc_net_address: 10.100.100.1
lxc_net_dhcp_range: 10.100.100.8,10.100.100.253
lxc_net_bridge: lxcbr0
lxc_kernel_options:
- { key: 'fs.inotify.max_user_instances', value: 1024 }
lxc_container_caches:
- url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
name: "trusty.tgz"
sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
chroot_path: trusty/rootfs-amd64

33
tests/test-prepare-keys.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: we use become_user because setting become: no or become: false
# doesn't seem to override the ansible_become=true in the
# inventory
- name: Create ssh key pairs for use with containers
hosts: localhost
become_user: "{{ ansible_ssh_user }}"
tasks:
- name: Create ssh key pair for root
user:
name: "{{ ansible_ssh_user }}"
generate_ssh_key: "yes"
ssh_key_bits: 2048
ssh_key_file: ".ssh/id_rsa"
- name: get the calling users key
command: cat ~/.ssh/id_rsa.pub
register: key_get
- set_fact:
lxc_container_ssh_key: "{{ key_get.stdout }}"

50
tests/test-vars.yml Normal file
View File

@ -0,0 +1,50 @@
debug: true
external_lb_vip_address: 10.100.100.3
galera_client_drop_config_file: false
galera_client_drop_config_file: false
galera_root_password: secrete
internal_lb_vip_address: 10.100.100.3
keystone_admin_tenant_name: admin
keystone_admin_user_name: admin
keystone_auth_admin_password: SuperSecretePassword
keystone_container_mysql_password: SuperSecrete
keystone_developer_mode: true
keystone_galera_address: 10.100.100.2
keystone_galera_database: keystone
keystone_git_install_branch: stable/mitaka
keystone_rabbitmq_password: secrete
keystone_rabbitmq_port: 5671
keystone_rabbitmq_servers: 10.100.100.2
keystone_rabbitmq_use_ssl: false
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_requirements_git_install_branch: stable/mitaka
keystone_service_adminuri: "http://{{ internal_lb_vip_address }}:35357"
keystone_service_adminuri_insecure: false
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
keystone_service_internaluri_insecure: false
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
keystone_service_password: secrete
keystone_service_region: RegionOne
keystone_venv_tag: testing
memcached_encryption_key: secrete
memcached_servers: 127.0.0.1
barbican_galera_password: SuperSecrete
barbican_developer_mode: true
barbican_galera_address: 10.100.100.2
barbican_galera_database: barbican
barbican_git_install_branch: stable/mitaka
barbican_rabbitmq_password: secrete
barbican_rabbitmq_userid: barbican
barbican_rabbitmq_vhost: /barbican
barbican_requirements_git_install_branch: stable/mitaka
barbican_service_password: secrete
barbican_venv_tag: testing
openrc_os_auth_url: "http://127.0.0.1:5000/v3"
openrc_os_domain_name: Default
openrc_os_password: "{{ keystone_auth_admin_password }}"
rabbitmq_port: 5671
rabbitmq_servers: 10.100.100.2
rabbitmq_use_ssl: true
verbose: true

35
tests/test.yml
View File

@ -1,5 +1,32 @@
---
- hosts: localhost
remote_user: root
roles:
- role: "{{ rolename | basename }}"
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Prepare the user ssh keys
- include: test-prepare-keys.yml
# Prepare the host
- include: test-prepare-host.yml
# Prepare the containers
- include: test-prepare-containers.yml
# Install RabbitMQ/MariaDB
- include: test-install-infra.yml
# Install Keystone
- include: test-install-keystone.yml
# Install Barbican
- include: test-install-barbican.yml

32
tox.ini
View File

@ -106,26 +106,20 @@ commands =
[testenv:functional]
commands =
echo -e "\n *******************************************************\n" \
"**** Functional Testing is still to be implemented ****\n" \
"**** TODO: Write tests here ****\n" \
"*******************************************************\n"
# As a temporary measure, while functional testing is being worked on, we
# will not execute the functional test. This allows other patches to be
# worked on while the functional testing is being worked out.
#rm -rf {homedir}/.ansible
#git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
# {homedir}/.ansible/plugins
rm -rf {homedir}/.ansible
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
# This plugin makes the ansible-playbook output easier to read
#wget -O {homedir}/.ansible/plugins/callback/human_log.py \
# https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
#ansible-galaxy install \
# --role-file={toxinidir}/tests/ansible-role-requirements.yml \
# --ignore-errors \
# --force
#ansible-playbook -i {toxinidir}/tests/inventory \
# -e "rolename={toxinidir}" \
# {toxinidir}/tests/test.yml
wget -O {homedir}/.ansible/plugins/callback/human_log.py \
https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
ansible-galaxy install \
--role-file={toxinidir}/tests/ansible-role-requirements.yml \
--ignore-errors \
--force
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-vv \
{toxinidir}/tests/test.yml
[testenv:linters]