From c1770ca3294c9e29216eb47cfb93eac2e9474c3d Mon Sep 17 00:00:00 2001 From: Liam Young Date: Thu, 20 Aug 2020 07:29:38 +0000 Subject: [PATCH] Ensure that certificates are correctly managed. When the certificates relation is ready before the HA relation is clustered, the VIP symlinks will not be created pointing at the correct certificates. This change updates the HA handlers to ensure that the certificate relation is handled after clustering, if there are any certificate relations. There was no functional test coverage for HA and TLS deployments so this change also add a test for those and CMR too. Having said that, the test initialises vault once the deployments are complete so is unlikely to trigger #1886077 the tests to check there is no regression of existing functionality. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/389 Change-Id: I7c9c81318dbbcea618ac3781b8f19e8159e56bcb Closes-Bug: #1886077 (cherry picked from commit b9905a9d3239fa59c18b4eaa25c44d02918c5c8c) --- .gitignore | 1 + hooks/horizon_hooks.py | 6 +++ test-requirements.txt | 1 + tests/bundles/bionic-queens-cmr-vault.yaml | 47 +++++++++++++++++++ tests/bundles/bionic-vault.yaml | 12 +++++ .../overlays/bionic-queens-cmr-vault.yaml.j2 | 12 +++++ tests/bundles/overlays/bionic-vault.yaml.j2 | 7 +++ tests/tests.yaml | 17 +++++++ 8 files changed, 103 insertions(+) create mode 100644 tests/bundles/bionic-queens-cmr-vault.yaml create mode 100644 tests/bundles/bionic-vault.yaml create mode 100644 tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2 create mode 100644 tests/bundles/overlays/bionic-vault.yaml.j2 diff --git a/.gitignore b/.gitignore index 1997ae74..d0cd35ce 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ tags .settings .stestr func-results.json +tests/keystone_juju_ca_cert.crt diff --git a/hooks/horizon_hooks.py b/hooks/horizon_hooks.py index daed2fd5..1bbfaa4b 100755 --- a/hooks/horizon_hooks.py +++ b/hooks/horizon_hooks.py @@ -267,6 +267,12 @@ def ha_relation_joined(relation_id=None): relation_set(relation_id=relation_id, **settings) +@hooks.hook('ha-relation-changed') +def ha_changed(): + for relid in relation_ids('certificates'): + certs_changed(relation_id=relid) + + @hooks.hook('website-relation-joined') def website_relation_joined(): relation_set(port=70, diff --git a/test-requirements.txt b/test-requirements.txt index 7d9c2587..3ca60cbc 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7,6 +7,7 @@ # requirements. They are intertwined. Also, Zaza itself should specify # all of its own requirements and if it doesn't, fix it there. # +setuptools<50.0.0 charm-tools>=2.4.4 requests>=2.18.4 mock>=1.2 diff --git a/tests/bundles/bionic-queens-cmr-vault.yaml b/tests/bundles/bionic-queens-cmr-vault.yaml new file mode 100644 index 00000000..7fceb21f --- /dev/null +++ b/tests/bundles/bionic-queens-cmr-vault.yaml @@ -0,0 +1,47 @@ +series: bionic + +comment: + - 'machines section to decide order of deployment. database sooner = faster' + - 'virt-type=kvm is workaround while awaiting new release of python-libjuju' + +machines: + '0': + constraints: virt-type=kvm mem=3072M + '1': + constraints: virt-type=kvm + '2': + constraints: virt-type=kvm mem=3072M + '3': + constraints: virt-type=kvm mem=3072M + '4': + constraints: virt-type=kvm mem=3072M + +relations: + - ["keystone:shared-db", "mysql:shared-db"] + - ["openstack-dashboard:shared-db", "mysql:shared-db"] + - ["openstack-dashboard:identity-service", "keystone:identity-service"] + - ["openstack-dashboard:ha", "hacluster:ha"] + +applications: + mysql: + charm: cs:~openstack-charmers-next/percona-cluster + num_units: 1 + to: + - '0' + keystone: + charm: cs:~openstack-charmers-next/keystone + num_units: 1 + to: + - '1' + openstack-dashboard: + charm: ../../../openstack-dashboard + num_units: 3 + to: + - '2' + - '3' + - '4' + hacluster: + charm: cs:~openstack-charmers-next/hacluster + options: + corosync_transport: unicast + cluster_count: 3 diff --git a/tests/bundles/bionic-vault.yaml b/tests/bundles/bionic-vault.yaml new file mode 100644 index 00000000..1eaa3e54 --- /dev/null +++ b/tests/bundles/bionic-vault.yaml @@ -0,0 +1,12 @@ +series: bionic +services: + vault: + num_units: 1 + series: bionic + charm: cs:~openstack-charmers-next/vault + mysql: + charm: cs:~openstack-charmers-next/percona-cluster + num_units: 1 +relations: +- - vault:shared-db + - mysql:shared-db diff --git a/tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2 b/tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2 new file mode 100644 index 00000000..03f3cb0e --- /dev/null +++ b/tests/bundles/overlays/bionic-queens-cmr-vault.yaml.j2 @@ -0,0 +1,12 @@ +applications: + openstack-dashboard: + options: + vip: '{{ OS_VIP00 }}' +relations: +- - openstack-dashboard:certificates + - vault:certificates +- - keystone:certificates + - vault:certificates +saas: + vault: + url: admin/{{ vault }}.vault diff --git a/tests/bundles/overlays/bionic-vault.yaml.j2 b/tests/bundles/overlays/bionic-vault.yaml.j2 new file mode 100644 index 00000000..4127e626 --- /dev/null +++ b/tests/bundles/overlays/bionic-vault.yaml.j2 @@ -0,0 +1,7 @@ +applications: + vault: + offers: + vault: + endpoints: + - secrets + - certificates diff --git a/tests/tests.yaml b/tests/tests.yaml index d4cbf804..06b9299b 100644 --- a/tests/tests.yaml +++ b/tests/tests.yaml @@ -6,6 +6,9 @@ comment: smoke_bundles: - bionic-stein gate_bundles: + - bionic-train-gr: + - vault: bionic-vault + - dashboard: bionic-queens-cmr-vault - trusty-mitaka - xenial-mitaka - xenial-ocata @@ -23,9 +26,19 @@ dev_bundles: - groovy-victoria configure: + - vault: + - zaza.openstack.charm_tests.vault.setup.auto_initialize_no_validation_no_wait + - dashboard: + - zaza.openstack.charm_tests.keystone.setup.wait_for_cacert + - zaza.openstack.charm_tests.keystone.setup.add_demo_user - zaza.openstack.charm_tests.keystone.setup.add_demo_user tests: + - vault: + - zaza.charm_tests.noop.tests.NoopTest + - dashboard: + - zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests + - zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests - zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardTests - zaza.openstack.charm_tests.openstack_dashboard.tests.OpenStackDashboardPolicydTests tests_options: @@ -33,3 +46,7 @@ tests_options: service: openstack-dashboard force_deploy: - groovy-victoria +target_deploy_status: + vault: + workload-status: blocked + workload-status-message: Vault needs to be initialized