A separate service subnet for FIPs is useful in making sure that
connectivity based on the advertised routes really works as opposed to
relying on directly connected routes to FIPs in the undercloud network
subnet used as an external network.
On failures there is no information of the state of the objects that
couldn't be removed, maybe there are on their way to be removed and this
is a failure visible on slow clouds and not an actual issue, this will
help with troubleshooting.
A charm that uses FRR instead of Quagga is now published under:
https://charmhub.io/osci-frr
For our purposes FRR is a drop-in replacement of Quagga but the point
of a change is to remove Quagga references for clarity.
Issue seen at the gate:
glanceclient.exc.CommunicationError: [...] ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
* Add keystone-openidc setup code.
The keystone-openidc charm requires 2 configuration steps:
1) Configure the oidc-client-id, oidc-client-secret and
oidc-provider-metadata-url, this information is tightly related to
the Identity Provider configured, which for testing purposes this is
the openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc
takes care of setting these values once the fixture charm is ready
for service.
2) Create the OpenStack objects to correctly configure the federation,
this is made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
- Create a domain named 'federated_domain'.
- Create a group named 'federated_users'.
- Grant the 'Member' role to users in the 'federated_users' group.
- Create an identity provider named 'openid'.
- Create a mapping named 'openid_mapping'.
- Create a federation protocol named 'openid' that relates the mapping
and the identity provider.
* Add support for v3oidcpassword auth plugin.
get_keystone_session() uses the v3.OidcPassword class when the
OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following
extra configuration options:
- OS_IDENTITY_PROVIDER
- OS_PROTOCOL
- OS_CLIENT_ID
- OS_CLIENT_SECRET
- OS_ACCESS_TOKEN_ENDPOINT (optional)
- OS_DISCOVERY_ENDPOINT (optional)
* Add test for keystone-openidc
This patch introduces a new testing class named CharmKeystoneOpenIDCTest
which interacts with keystone using users provided by
openidc-test-fixture via OpenID Connect.
* Add keystone_session argument to launch instances.
Adding the option to pass a keystone session allows callers to use
credentials different from the ones provided by
get_overcloud_keystone_session(), this is helpful when testing non
default keystone configurations (e.g. Federation).
* Add zaza.openstack.charm_tests.openidc.tests.TestLaunchInstance
This testing class configures a private network in the user's project defined by the mapping
rules during the setUpClass stage. Specifically this test performs the following steps:
- Create keypair named 'zaza' in the user's project
- Create a router for the project
- Attach the router to the external network
- Create a network
- Create a subnet attached to the previously create network
- Connect the subnet to the project's router
The testing method launches an instance using a keystone session
associated with a user backed by OpenID Connect.
Change 0af4c93d causes the target model to be ignored when a
model_name was specified. This in turn is causing the swift
cmr tests to fail as an ip of None is being recorded for
units in a different model.
One of the pep8 target dependencies must have updated,
causing a bunch of new lint errors in these categories:
- line length > 79 chars
- no whitespace after keyword
- Add Heat domain-setup action as a setup configuration option which can be used in other charms
- test_100_domain_setup is being deprecated if the new configuration option is being used
- Add Magnum tests
- test create magnum cluster template
- test create magnum cluster
- test config changes
- test pause and resume
- TEST_MAGNUM_QCOW2_IMAGE_URL environment variable is required in the CI
- The value of this variable should be a link to a fedora-coreos QCOW2 image
With the upcoming transition to an operator-framework charm, the
Ceph tests need to be idempotent, since we'll be testing the upgrade
path from classical to operator. The tests that need fixing are the
ones that call out to add/remove disks, since they create loopback
devices to back the OSD's but never remove them.
There are some Ceph charms that do not install the
openstack-release package, so fall through to the
dict to identify which release they are on, and can
fail with a KeyError when not finding a matching
entry for Pacific and Quincy.
* Stop retrying if LB provisioning status reached ERROR
The method `wait_for_lb_resource()` retries for 15m while the load
balancer could have reached to ERROR during the provisioning in the
first few minutes, this approach makes the testing take longer for no
reason.
This change makes the ERROR state in provisioning_status final and
abort raising a ValueError() exception.
More details of the provisioning_status possible states can be found at:
https://docs.openstack.org/api-ref/load-balancer/v2/#provisioning-status-codes
* Use LoadBalancerUnexpectedState and LoadBalancerUnrecoverableError.
Drop the (re-)use of AssertionError and ValueError to identify when a
load balancer status is in a state where the test needs to retry or
break and fail respectively.
This change introduces 2 new exceptions to be explicit of what the code
is trying to do.
- LoadBalancerUnexpectedState is raised when the status of the load
balancer is in a state different from the one requested by the caller,
but said state can be considered as transitory.
- LoadBalancerUnrecoverableError is raised when the status of the load
balancer is in ERROR state and said state is final for the
proviniong_status property, hence retrying only delays the failure.
There are situations where the DNS infrastructure hasn't been stable and
many CI jobs have failed with the error:
urllib.error.URLError: <urlopen error [Errno -3] Temporary failure in name resolution>
This change decorates the function find_cirros_image() to retry and give
the job more chances of recovering from the DNS failures.
The keystone charm allows multiple VIP addresses to be configured via
the 'vip' config parameter. Unfortunately, get_keystone_ip() didn't
support this. This patch adds that support, plus the missing tests.
Closes: #689
Add zaza tests for charm glance when cinder is configured
as storage backend.
Related-Bug: LP#1905042
Co-authored-by: Hemanth Nakkina <hemanth.nakkina@canonical.com>
When doing a series upgrade from bionic to focal, the percona-cluster
charm needs to be avoided. This filters the applications for percona if
the target is focal. Note if percona is placed on the same unit as
something else that needs to be upgraded (bad idea) then it may still
get 'upgraded' and the operation will fail.
The v3 endpoint has been supported by the charms since Pike,
and the V2 endpoint was removed in Xena, therefore it makes
to use the v3 endpoint by default at this point.
* Support OVN charms in automated OpenStack upgrade
* Add ovn-dedicated-chassis to the list of control plane principal charms
Change-Id: I857513f130091e218a60eaf54eaf63527c00f5e5
This dict is used in the OpenStack upgrade tests in
order to automatically determine the next release and
set the openstack-origin accordingly.
Also taking the opportunity to extend neighboring
lists.
Dmitrii Shcherbakov
Felipe Reyes
Corey Bryant
Bas de Bruijne
Bas de Bruijne
James Page
Liam Young
Samuel Walladge
Alex Kavanagh
Oprin Marius
Samuel Walladge
Luciano Lo Giudice
Frode Nordahl
Chris MacNaughton
Aurelien Lourot
Luciano Lo Giudice
Alex Kavanagh
hemanthnakkina
Zhang Hua