Add support to all Scenarios to work with Fedora and RedHat > 7

Code Issues Proposed changes

Disable SSL as currently there are known issues in services
to work with python3 + SSL on Fedora.
Also fixed following:-
- watcher to work without SSL
- Handle source /etc/bashrc for users don't have .bashrc created
- Install python3-rbd in Fedora and RedHat > 7
Change-Id: I5b67f40ec3c687f5282c65e10b4a1ee1fe5528f3

This commit is contained in:

yatin

2018年12月17日 20:06:39 +05:30

parent 22a04c2a10

commit 0c938590d2

8 changed files with 131 additions and 19 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

29
fixtures/scenario001.pp

View File

@@ -15,14 +15,35 @@

#

if($::os_package_type=='debian'){

$wsgi_mod_package = 'libapache2-mod-wsgi-py3'

$wsgi_mod_lib = 'mod_wsgi.so'

}

elsif($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

$wsgi_mod_package = 'python3-mod_wsgi'

$wsgi_mod_lib = 'mod_wsgi_python3.so'

}

if($::os_package_type=='debian')or($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

include ::apache::params

class { '::apache':

mod_packages => merge($::apache::params::mod_packages, {

'wsgi' => 'libapache2-mod-wsgi-py3',

'wsgi' => $wsgi_mod_package,

}),

mod_libs=>merge($::apache::params::mod_libs,{

'wsgi' => $wsgi_mod_lib,

})

}

if($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3

$ssl = false

}else{

$ssl = true

}

case$::osfamily{

'Debian': {

$ipv6 = false

@@ -46,12 +67,14 @@ case $::osfamily {

include::openstack_integration

class{ '::openstack_integration::config':

ssl => true,

ssl => $ssl,

ipv6 => $ipv6,

rpc_backend => $om_rpc,

notify_backend => $om_notify,

}

include::openstack_integration::cacert

if$ssl{

include ::openstack_integration::cacert

}

include::openstack_integration::memcached

include::openstack_integration::rabbitmq

if($om_rpc=='amqp'){

29
fixtures/scenario002.pp

View File

@@ -15,14 +15,35 @@

#

if($::os_package_type=='debian'){

$wsgi_mod_package = 'libapache2-mod-wsgi-py3'

$wsgi_mod_lib = 'mod_wsgi.so'

}

elsif($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

$wsgi_mod_package = 'python3-mod_wsgi'

$wsgi_mod_lib = 'mod_wsgi_python3.so'

}

if($::os_package_type=='debian')or($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

include ::apache::params

class { '::apache':

mod_packages => merge($::apache::params::mod_packages, {

'wsgi' => 'libapache2-mod-wsgi-py3',

'wsgi' => $wsgi_mod_package,

}),

mod_libs=>merge($::apache::params::mod_libs,{

'wsgi' => $wsgi_mod_lib,

})

}

if($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3

$ssl = false

}else{

$ssl = true

}

case$::osfamily{

'Debian': {

$ipv6 = false

@@ -40,10 +61,12 @@ case $::osfamily {

include::openstack_integration

class{ '::openstack_integration::config':

ssl => true,

ssl => $ssl,

ipv6 => $ipv6,

}

include::openstack_integration::cacert

if$ssl{

include ::openstack_integration::cacert

}

include::openstack_integration::memcached

include::openstack_integration::rabbitmq

include::openstack_integration::mysql

29
fixtures/scenario003.pp

View File

@@ -15,14 +15,35 @@

#

if($::os_package_type=='debian'){

$wsgi_mod_package = 'libapache2-mod-wsgi-py3'

$wsgi_mod_lib = 'mod_wsgi.so'

}

elsif($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

$wsgi_mod_package = 'python3-mod_wsgi'

$wsgi_mod_lib = 'mod_wsgi_python3.so'

}

if($::os_package_type=='debian')or($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

include ::apache::params

class { '::apache':

mod_packages => merge($::apache::params::mod_packages, {

'wsgi' => 'libapache2-mod-wsgi-py3',

'wsgi' => $wsgi_mod_package,

}),

mod_libs=>merge($::apache::params::mod_libs,{

'wsgi' => $wsgi_mod_lib,

})

}

if($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3

$ssl = false

}else{

$ssl = true

}

case$::osfamily{

'Debian': {

$ipv6 = false

@@ -56,10 +77,12 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease

include::openstack_integration

class{ '::openstack_integration::config':

ssl => true,

ssl => $ssl,

ipv6 => $ipv6,

}

include::openstack_integration::cacert

if$ssl{

include ::openstack_integration::cacert

}

include::openstack_integration::memcached

include::openstack_integration::rabbitmq

include::openstack_integration::mysql

29
fixtures/scenario004.pp

View File

@@ -15,14 +15,35 @@

#

if($::os_package_type=='debian'){

$wsgi_mod_package = 'libapache2-mod-wsgi-py3'

$wsgi_mod_lib = 'mod_wsgi.so'

}

elsif($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

$wsgi_mod_package = 'python3-mod_wsgi'

$wsgi_mod_lib = 'mod_wsgi_python3.so'

}

if($::os_package_type=='debian')or($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

include ::apache::params

class { '::apache':

mod_packages => merge($::apache::params::mod_packages, {

'wsgi' => 'libapache2-mod-wsgi-py3',

'wsgi' => $wsgi_mod_package,

}),

mod_libs=>merge($::apache::params::mod_libs,{

'wsgi' => $wsgi_mod_lib,

})

}

if($::os['name']=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3

$ssl = false

}else{

$ssl = true

}

if$::operatingsystem=='Ubuntu'{

$ipv6 = false

# Watcher packages are not available in Ubuntu repository.

@@ -43,11 +64,13 @@ if $::operatingsystem == 'Ubuntu' {

include::openstack_integration

class{ '::openstack_integration::config':

ssl => true,

ssl => $ssl,

ipv6 => $ipv6,

}

include::openstack_integration::cacert

if$ssl{

include ::openstack_integration::cacert

}

include::openstack_integration::memcached

include::openstack_integration::rabbitmq

include::openstack_integration::mysql

11
functions

View File

@@ -224,10 +224,13 @@ function catch_selinux_alerts() {

if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then

echo "non-critical RabbitMQ AVC, ignoring it now."

# FIXME(ykarel) catch_selinux_alerts not work with non ssl scenarios(no rabbitmq alert),

# currently running scenario-py3 without ssl because glance py3 has issues when

# running with eventlet + ssl: https://bugs.launchpad.net/glance/+bug/1769006

elif [[ "$SCENARIO" = "scenario-py3" ]]; then

echo "non ssl scenario-py3, ignoring it now."

# currently running all scenarios without ssl in Fedora, and scenario-py3 in CentOS/Fedora,

# because glance,nova,mistral py3 has issues when running with eventlet + ssl:

# glance https://bugs.launchpad.net/glance/+bug/1769006

# nova https://bugs.launchpad.net/nova/+bug/1808975

# mistral https://bugs.launchpad.net/mistral/+bug/1808953

elif [ -f /etc/fedora-release -o "$SCENARIO" = "scenario-py3" ]; then

echo "non ssl scenario, ignoring it now."

else

 echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."

exit 1

11
manifests/ceph.pp

View File

@@ -23,6 +23,17 @@ class openstack_integration::ceph (

$ms_bind_ipv6 = undef

}

#FIXME(ykarel)python2-rbdisinstalledasaindirectdependencyfor'ceph'package,

#butweneedtoinstallpython3-rbdinFedorauntil'ceph'packageisfixed.

if($::os_package_type=='debian')or($::operatingsystem=='Fedora')or

($::os['family']=='RedHat'andInteger.new($::os['release']['major'])>7){

ensure_resource('package', 'python3-rbd', {

name => 'python3-rbd',

ensure => 'present',

})

}

class{ '::ceph::profile::params':

fsid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c',

manage_repo => false, # repo already managed in openstack_integration::repo

6
manifests/watcher.pp

View File

@@ -24,9 +24,9 @@ class openstack_integration::watcher {

#TODO:SupportSSL

class{ '::watcher::keystone::auth':

password => 'a_big_secret',

public_url => "https://${::openstack_integration::config::ip_for_url}:9322",

admin_url=>"https://${::openstack_integration::config::ip_for_url}:9322",

internal_url=>"https://${::openstack_integration::config::ip_for_url}:9322",

public_url => "${::openstack_integration::config::base_url}:9322",

admin_url=>"${::openstack_integration::config::base_url}:9322",

internal_url=>"${::openstack_integration::config::base_url}:9322",

}

class{'::watcher::keystone::authtoken':

password => 'a_big_secret',

6
run_tests.sh

View File

@@ -85,6 +85,12 @@ if [ -f ~/.gemrc ]; then

cat ~/.gemrc | $SUDO tee /root/.gemrc

fi

# handle umask issue after "pam" new release, this is needed when run_tests.sh

# is run remotely via ansible using a user which doesn't have .bashrc file

if [ -f /etc/fedora-release -a -f /etc/bashrc ]; then

source /etc/bashrc

fi

print_header 'Clone Tempest, plugins & pre-cache CirrOS'

# TODO(pabelanger): Move this into tools/install_tempest.sh and add logic so we

# can clone tempest outside of the gate. Also, tempest should be sandboxed into