Use tempest for testing 

This commit updates os_nova to use tempest for functional testing of
nova. For this to work on openstack-infra instances we have to drop
all existing iptables rules using iptables-clear.sh. This commit also
updates the netmask used across containers as we currently have a mix
of /22 and /24.
Note that I couldn't get the vxlan traffic to work over
10.100.100.0/22, so I created br-vxlan and wired separate container
interfaces into that.
Change-Id: I33378e6275b70152d45357ac1ceb200ea4d5daf0
This commit is contained in:
Matt Thompson
2016年04月20日 14:49:27 +01:00
parent a902528a24
commit 96a443f39d

View File

@@ -54,6 +54,10 @@
src:https://git.openstack.org/openstack/openstack-ansible-os_neutron
scm:git
version:master
- name:os_tempest
src:https://git.openstack.org/openstack/openstack-ansible-os_tempest
scm:git
version:master
- name:openstack_openrc
src:https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
scm:git

View File

@@ -20,7 +20,18 @@ container_networks:
address:"{{ ansible_host }}"
bridge:"lxcbr0"
interface:"eth1"
netmask:"255.255.252.0"
netmask:"255.255.255.0"
type:"veth"
tunnel_address:
address:"{{ tunnel_address }}"
bridge:"br-vxlan"
interface:"eth2"
netmask:"255.255.255.0"
type:"veth"
vlan_address:
bridge:"br-vlan"
interface:"eth3"
netmask:null
type:"veth"
physical_host:localhost
properties:

View File

@@ -0,0 +1,19 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
neutron_provider_networks:
network_types:"vxlan,flat"
network_mappings:"flat:br-vlan"
network_vxlan_ranges:"1:1000"

View File

@@ -0,0 +1,19 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
neutron_provider_networks:
network_types:"vxlan,flat"
network_mappings:"flat:eth3"
network_vxlan_ranges:"1:1000"

View File

@@ -1,7 +1,7 @@
[all]
localhost ansible_connection=local ansible_become=True
infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root
openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root
localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1
infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101
openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102
[all_containers]
infra1

26
tests/iptables-clear.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
#
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

View File

@@ -13,6 +13,36 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name:Make /lib/modules accessible on neutron_agent containers
hosts:neutron_agent
user:root
gather_facts:true
tasks:
- name:Use the unconfined aa profile
lxc_container:
name:"{{ container_name }}"
container_config:
- "lxc.aa_profile=unconfined"
delegate_to:"{{ physical_host }}"
- name:Neutron extra lxc config
lxc_container:
name:"{{ container_name }}"
container_command:|
[[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules"
container_config:
- "lxc.cgroup.devices.allow=a *:* rmw"
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
delegate_to:"{{ physical_host }}"
- name:Wait for ssh to be available
local_action:
module:wait_for
port:"{{ ansible_ssh_port | default('22') }}"
host:"{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex:OpenSSH
delay:1
- name:Add iptables rule for communication w/ metadata agent
command:/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill
- name:Deploy neutron
hosts:neutron_all
user:root

View File

@@ -0,0 +1,23 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name:Playbook for deploying tempest
hosts:openstack1
user:root
gather_facts:true
roles:
- role:"os_tempest"
vars_files:
- test-vars.yml

View File

@@ -18,101 +18,9 @@
user:root
gather_facts:false
tasks:
- name:Check the nova-api-os-compute service
uri:
url:"http://localhost:8774"
status_code:200
register:nova_api_os_compute_status
until:nova_api_os_compute_status | success
retries:5
delay:5
- name:Check the nova-api-metadata service
uri:
url:"http://localhost:8775"
status_code:200
register:nova_api_metadata_status
until:nova_api_metadata_status | success
retries:5
delay:5
- name:Check the nova-spicehtml5proxy service
uri:
url:"http://localhost:6082/spice_auto.html"
status_code:200
register:nova_spice_status
until:nova_spice_status | success
retries:5
delay:5
- name:Install testing pip packages
pip:
name:"{{ item }}"
with_items:
- python-glanceclient
- python-neutronclient
- name:Set glance_image_name fact
set_fact:
glance_image_name:"functional-image-{{ 100|random }}"
- name:Set nova_instance_name fact
set_fact:
nova_instance_name:"functional-instance-{{ 100|random }}"
- name:Set neutron_net_name fact
set_fact:
neutron_net_name:"functional-net-{{ 100|random }}"
- name:Set neutron_subnet_name fact
set_fact:
neutron_subnet_name:"functional-subnet-{{ 100|random }}"
- name:Set nova_flavor_name fact
set_fact:
nova_flavor_name:"functional-flavor-{{ 100|random }}"
- name:Upload the Cirros image
glance:
command:'image-create'
openrc_path:/root/openrc
image_name:"{{ glance_image_name }}"
image_url:"http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-uec.tar.gz"
image_container_format:bare
image_disk_format:qcow2
image_is_public:True
register:cirros_image_create
until:cirros_image_create | success
retries:5
delay:15
# NOTE: We need to ensure the image goes active before we attempt to boot
# from it below
- name:Verify image goes active
shell:|
. /root/openrc
{{ nova_venv_bin }}/glance image-show {{ glance_images[glance_image_name]['id'] }} | grep active
register:image_status
until:image_status|success
retries:5
delay:5
- name:Create test network
neutron:
command:create_network
openrc_path:/root/openrc
net_name:"{{ neutron_net_name }}"
- name:Create test subnet
neutron:
command:create_subnet
openrc_path:/root/openrc
net_name:"{{ neutron_net_name }}"
subnet_name:"{{ neutron_subnet_name }}"
cidr:"192.168.74.0/24"
- name:Create test flavor
shell:|
. /root/openrc
{{ nova_venv_bin }}/nova flavor-create {{ nova_flavor_name }} 101 256 1 1
- name:Create nova instance
shell:|
. /root/openrc
{{ nova_venv_bin }}/nova boot --image {{ glance_image_name }} --flavor 101 --nic net-id={{ neutron_networks[neutron_net_name]['id'] }} {{ nova_instance_name }}
- name:Verify nova instance goes active
shell:|
. /root/openrc
{{ nova_venv_bin }}/nova show {{ nova_instance_name }} | grep ACTIVE
register:instance_status
until:instance_status|success
retries:5
delay:5
- name:Run tempest
command:/opt/openstack_tempest_gate.sh scenario
environment:
RUN_TEMPEST_OPTS:"--serial"
vars_files:
- test-vars.yml

View File

@@ -16,6 +16,8 @@
- name:Playbook for configuring the LXC host
hosts:localhost
pre_tasks:
- name:Clear iptables rules
shell:./iptables-clear.sh
# Make sure OS does not have a stale package cache.
- name:Update apt cache
apt:
@@ -46,9 +48,21 @@
set_fact:
lxc_container_template_main_apt_repo:"{{ ubuntu_repo.stdout }}"
lxc_container_template_security_apt_rep:"{{ ubuntu_repo.stdout }}"
post_tasks:
- name:Create br-vxlan bridge
command:/sbin/brctl addbr br-vxlan
- name:IP br-vxlan
command:/sbin/ifconfig br-vxlan 10.100.101.1 netmask 255.255.255.0
- name:Create br-vlan bridge
command:/sbin/brctl addbr br-vlan
- name:IP br-vlan
command:/sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0
- name:Add iptables rule to ensure ssh checksum is correct
command:/sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
roles:
- role:"lxc_hosts"
lxc_net_address:10.100.100.1
lxc_net_netmask:255.255.255.0
lxc_net_dhcp_range:10.100.100.2,10.100.100.99
lxc_net_bridge:lxcbr0
lxc_kernel_options:

View File

@@ -67,9 +67,6 @@ neutron_galera_database: neutron
neutron_git_install_branch:master
neutron_ha_vrrp_auth_password:secrete
neutron_management_address:"{{ internal_lb_vip_address }}"
neutron_provider_networks:
network_types:"vxlan"
network_vxlan_ranges:"1:1000"
neutron_rabbitmq_password:secrete
neutron_rabbitmq_userid:neutron
neutron_rabbitmq_vhost:/neutron
@@ -113,4 +110,19 @@ openrc_os_password: "{{ keystone_auth_admin_password }}"
rabbitmq_port:5671
rabbitmq_servers:10.100.100.101
rabbitmq_use_ssl:true
tempest_developer_mode:True
tempest_git_repo:https://git.openstack.org/openstack/tempest
tempest_git_install_branch:534a8dc60dfef116156b8f9ee60071a9bf4e4f90
tempest_git_dest:"/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}"
tempest_log_dir:"/var/log/"
tempest_main_group:glance_all
tempest_service_available_aodh:False
tempest_service_available_ceilometer:False
tempest_service_available_cinder:False
tempest_service_available_glance:True
tempest_service_available_heat:False
tempest_service_available_horizon:False
tempest_service_available_neutron:True
tempest_service_available_nova:True
tempest_service_available_swift:False
verbose:true

View File

@@ -37,5 +37,8 @@
# Install Nova
- include:test-install-nova.yml
# Install Tempest
- include:test-install-tempest.yml
# Test Nova
- include:test-nova-functional.yml

View File

@@ -108,13 +108,16 @@ commands =
rm -rf {homedir}/.ansible
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
# This plugin makes the ansible-playbook output easier to read
wget -O {homedir}/.ansible/plugins/callback/human_log.py \
https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py
ansible-galaxy install \
--role-file={toxinidir}/tests/ansible-role-requirements.yml \
--ignore-errors \
--force
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-vv \
-vvvv \
{toxinidir}/tests/test.yml
Reference in New Issue
openstack/openstack-ansible-os_nova
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.

The note is not visible to the blocked user.