From 96a443f39d10f0620852a7b3a43a97fb4f5badec Mon Sep 17 00:00:00 2001 From: Matt Thompson Date: Wed, 20 Apr 2016 14:49:27 +0100 Subject: [PATCH] Use tempest for testing This commit updates os_nova to use tempest for functional testing of nova. For this to work on openstack-infra instances we have to drop all existing iptables rules using iptables-clear.sh. This commit also updates the netmask used across containers as we currently have a mix of /22 and /24. Note that I couldn't get the vxlan traffic to work over 10.100.100.0/22, so I created br-vxlan and wired separate container interfaces into that. Change-Id: I33378e6275b70152d45357ac1ceb200ea4d5daf0 --- tests/ansible-role-requirements.yml | 4 ++ tests/group_vars/all_containers.yml | 13 +++- tests/host_vars/localhost.yml | 19 ++++++ tests/host_vars/openstack1.yml | 19 ++++++ tests/inventory | 6 +- tests/iptables-clear.sh | 26 ++++++++ tests/test-install-neutron.yml | 30 +++++++++ tests/test-install-tempest.yml | 23 +++++++ tests/test-nova-functional.yml | 100 ++-------------------------- tests/test-prepare-host.yml | 14 ++++ tests/test-vars.yml | 18 ++++- tests/test.yml | 3 + tox.ini | 5 +- 13 files changed, 176 insertions(+), 104 deletions(-) create mode 100644 tests/host_vars/localhost.yml create mode 100644 tests/host_vars/openstack1.yml create mode 100755 tests/iptables-clear.sh create mode 100644 tests/test-install-tempest.yml diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml index bb515790..26a6a670 100644 --- a/tests/ansible-role-requirements.yml +++ b/tests/ansible-role-requirements.yml @@ -54,6 +54,10 @@ src: https://git.openstack.org/openstack/openstack-ansible-os_neutron scm: git version: master +- name: os_tempest + src: https://git.openstack.org/openstack/openstack-ansible-os_tempest + scm: git + version: master - name: openstack_openrc src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc scm: git diff --git a/tests/group_vars/all_containers.yml b/tests/group_vars/all_containers.yml index 4cc97942..a9f80f0b 100644 --- a/tests/group_vars/all_containers.yml +++ b/tests/group_vars/all_containers.yml @@ -20,7 +20,18 @@ container_networks: address: "{{ ansible_host }}" bridge: "lxcbr0" interface: "eth1" - netmask: "255.255.252.0" + netmask: "255.255.255.0" + type: "veth" + tunnel_address: + address: "{{ tunnel_address }}" + bridge: "br-vxlan" + interface: "eth2" + netmask: "255.255.255.0" + type: "veth" + vlan_address: + bridge: "br-vlan" + interface: "eth3" + netmask: null type: "veth" physical_host: localhost properties: diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml new file mode 100644 index 00000000..ee6f899b --- /dev/null +++ b/tests/host_vars/localhost.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:br-vlan" + network_vxlan_ranges: "1:1000" diff --git a/tests/host_vars/openstack1.yml b/tests/host_vars/openstack1.yml new file mode 100644 index 00000000..c90918f0 --- /dev/null +++ b/tests/host_vars/openstack1.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +neutron_provider_networks: + network_types: "vxlan,flat" + network_mappings: "flat:eth3" + network_vxlan_ranges: "1:1000" diff --git a/tests/inventory b/tests/inventory index 59625844..f0822f45 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,7 +1,7 @@ [all] -localhost ansible_connection=local ansible_become=True -infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root -openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root +localhost ansible_connection=local ansible_become=True neutron_local_ip=10.100.101.1 +infra1 ansible_host=10.100.100.101 ansible_become=True ansible_user=root tunnel_address=10.100.101.101 +openstack1 ansible_host=10.100.100.102 ansible_become=True ansible_user=root tunnel_address=10.100.101.102 neutron_local_ip=10.100.101.102 [all_containers] infra1 diff --git a/tests/iptables-clear.sh b/tests/iptables-clear.sh new file mode 100755 index 00000000..eb782c52 --- /dev/null +++ b/tests/iptables-clear.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT diff --git a/tests/test-install-neutron.yml b/tests/test-install-neutron.yml index 0d588ec7..3cb76d18 100644 --- a/tests/test-install-neutron.yml +++ b/tests/test-install-neutron.yml @@ -13,6 +13,36 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Make /lib/modules accessible on neutron_agent containers + hosts: neutron_agent + user: root + gather_facts: true + tasks: + - name: Use the unconfined aa profile + lxc_container: + name: "{{ container_name }}" + container_config: + - "lxc.aa_profile=unconfined" + delegate_to: "{{ physical_host }}" + - name: Neutron extra lxc config + lxc_container: + name: "{{ container_name }}" + container_command: | + [[ ! -d "/lib/modules" ]] && mkdir -p "/lib/modules" + container_config: + - "lxc.cgroup.devices.allow=a *:* rmw" + - "lxc.mount.entry=/lib/modules lib/modules none bind 0 0" + delegate_to: "{{ physical_host }}" + - name: Wait for ssh to be available + local_action: + module: wait_for + port: "{{ ansible_ssh_port | default('22') }}" + host: "{{ ansible_ssh_host | default(inventory_hostname) }}" + search_regex: OpenSSH + delay: 1 + - name: Add iptables rule for communication w/ metadata agent + command: /sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill + - name: Deploy neutron hosts: neutron_all user: root diff --git a/tests/test-install-tempest.yml b/tests/test-install-tempest.yml new file mode 100644 index 00000000..201755ee --- /dev/null +++ b/tests/test-install-tempest.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Playbook for deploying tempest + hosts: openstack1 + user: root + gather_facts: true + roles: + - role: "os_tempest" + vars_files: + - test-vars.yml diff --git a/tests/test-nova-functional.yml b/tests/test-nova-functional.yml index aab04dc4..ff4e247a 100644 --- a/tests/test-nova-functional.yml +++ b/tests/test-nova-functional.yml @@ -18,101 +18,9 @@ user: root gather_facts: false tasks: - - name: Check the nova-api-os-compute service - uri: - url: "http://localhost:8774" - status_code: 200 - register: nova_api_os_compute_status - until: nova_api_os_compute_status | success - retries: 5 - delay: 5 - - name: Check the nova-api-metadata service - uri: - url: "http://localhost:8775" - status_code: 200 - register: nova_api_metadata_status - until: nova_api_metadata_status | success - retries: 5 - delay: 5 - - name: Check the nova-spicehtml5proxy service - uri: - url: "http://localhost:6082/spice_auto.html" - status_code: 200 - register: nova_spice_status - until: nova_spice_status | success - retries: 5 - delay: 5 - - name: Install testing pip packages - pip: - name: "{{ item }}" - with_items: - - python-glanceclient - - python-neutronclient - - name: Set glance_image_name fact - set_fact: - glance_image_name: "functional-image-{{ 100|random }}" - - name: Set nova_instance_name fact - set_fact: - nova_instance_name: "functional-instance-{{ 100|random }}" - - name: Set neutron_net_name fact - set_fact: - neutron_net_name: "functional-net-{{ 100|random }}" - - name: Set neutron_subnet_name fact - set_fact: - neutron_subnet_name: "functional-subnet-{{ 100|random }}" - - name: Set nova_flavor_name fact - set_fact: - nova_flavor_name: "functional-flavor-{{ 100|random }}" - - name: Upload the Cirros image - glance: - command: 'image-create' - openrc_path: /root/openrc - image_name: "{{ glance_image_name }}" - image_url: "http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-uec.tar.gz" - image_container_format: bare - image_disk_format: qcow2 - image_is_public: True - register: cirros_image_create - until: cirros_image_create | success - retries: 5 - delay: 15 - # NOTE: We need to ensure the image goes active before we attempt to boot - # from it below - - name: Verify image goes active - shell: | - . /root/openrc - {{ nova_venv_bin }}/glance image-show {{ glance_images[glance_image_name]['id'] }} | grep active - register: image_status - until: image_status|success - retries: 5 - delay: 5 - - name: Create test network - neutron: - command: create_network - openrc_path: /root/openrc - net_name: "{{ neutron_net_name }}" - - name: Create test subnet - neutron: - command: create_subnet - openrc_path: /root/openrc - net_name: "{{ neutron_net_name }}" - subnet_name: "{{ neutron_subnet_name }}" - cidr: "192.168.74.0/24" - - name: Create test flavor - shell: | - . /root/openrc - {{ nova_venv_bin }}/nova flavor-create {{ nova_flavor_name }} 101 256 1 1 - - name: Create nova instance - shell: | - . /root/openrc - {{ nova_venv_bin }}/nova boot --image {{ glance_image_name }} --flavor 101 --nic net-id={{ neutron_networks[neutron_net_name]['id'] }} {{ nova_instance_name }} - - name: Verify nova instance goes active - shell: | - . /root/openrc - {{ nova_venv_bin }}/nova show {{ nova_instance_name }} | grep ACTIVE - register: instance_status - until: instance_status|success - retries: 5 - delay: 5 + - name: Run tempest + command: /opt/openstack_tempest_gate.sh scenario + environment: + RUN_TEMPEST_OPTS: "--serial" vars_files: - test-vars.yml diff --git a/tests/test-prepare-host.yml b/tests/test-prepare-host.yml index 3d4d073c..406c7ad9 100644 --- a/tests/test-prepare-host.yml +++ b/tests/test-prepare-host.yml @@ -16,6 +16,8 @@ - name: Playbook for configuring the LXC host hosts: localhost pre_tasks: + - name: Clear iptables rules + shell: ./iptables-clear.sh # Make sure OS does not have a stale package cache. - name: Update apt cache apt: @@ -46,9 +48,21 @@ set_fact: lxc_container_template_main_apt_repo: "{{ ubuntu_repo.stdout }}" lxc_container_template_security_apt_rep: "{{ ubuntu_repo.stdout }}" + post_tasks: + - name: Create br-vxlan bridge + command: /sbin/brctl addbr br-vxlan + - name: IP br-vxlan + command: /sbin/ifconfig br-vxlan 10.100.101.1 netmask 255.255.255.0 + - name: Create br-vlan bridge + command: /sbin/brctl addbr br-vlan + - name: IP br-vlan + command: /sbin/ifconfig br-vlan 10.1.13.1 netmask 255.255.255.0 + - name: Add iptables rule to ensure ssh checksum is correct + command: /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill roles: - role: "lxc_hosts" lxc_net_address: 10.100.100.1 + lxc_net_netmask: 255.255.255.0 lxc_net_dhcp_range: 10.100.100.2,10.100.100.99 lxc_net_bridge: lxcbr0 lxc_kernel_options: diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 7f379873..61079944 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -67,9 +67,6 @@ neutron_galera_database: neutron neutron_git_install_branch: master neutron_ha_vrrp_auth_password: secrete neutron_management_address: "{{ internal_lb_vip_address }}" -neutron_provider_networks: - network_types: "vxlan" - network_vxlan_ranges: "1:1000" neutron_rabbitmq_password: secrete neutron_rabbitmq_userid: neutron neutron_rabbitmq_vhost: /neutron @@ -113,4 +110,19 @@ openrc_os_password: "{{ keystone_auth_admin_password }}" rabbitmq_port: 5671 rabbitmq_servers: 10.100.100.101 rabbitmq_use_ssl: true +tempest_developer_mode: True +tempest_git_repo: https://git.openstack.org/openstack/tempest +tempest_git_install_branch: 534a8dc60dfef116156b8f9ee60071a9bf4e4f90 +tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}" +tempest_log_dir: "/var/log/" +tempest_main_group: glance_all +tempest_service_available_aodh: False +tempest_service_available_ceilometer: False +tempest_service_available_cinder: False +tempest_service_available_glance: True +tempest_service_available_heat: False +tempest_service_available_horizon: False +tempest_service_available_neutron: True +tempest_service_available_nova: True +tempest_service_available_swift: False verbose: true diff --git a/tests/test.yml b/tests/test.yml index 5e909c56..65422bc5 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -37,5 +37,8 @@ # Install Nova - include: test-install-nova.yml +# Install Tempest +- include: test-install-tempest.yml + # Test Nova - include: test-nova-functional.yml diff --git a/tox.ini b/tox.ini index 21c52cd0..21ce2f93 100644 --- a/tox.ini +++ b/tox.ini @@ -108,13 +108,16 @@ commands = rm -rf {homedir}/.ansible git clone https://git.openstack.org/openstack/openstack-ansible-plugins \ {homedir}/.ansible/plugins + # This plugin makes the ansible-playbook output easier to read + wget -O {homedir}/.ansible/plugins/callback/human_log.py \ + https://gist.githubusercontent.com/cliffano/9868180/raw/f360f306b3c6d689734a6aa8773a00edf16a0054/human_log.py ansible-galaxy install \ --role-file={toxinidir}/tests/ansible-role-requirements.yml \ --ignore-errors \ --force ansible-playbook -i {toxinidir}/tests/inventory \ -e "rolename={toxinidir}" \ - -vv \ + -vvvv \ {toxinidir}/tests/test.yml