Existing code uses the python libjuju unit.run in order to execute
a wait check for ca readiness across the units. The behavior of libjuju
changed between 2.x and 3.x and causes this functionality to break. This
is abstracted and handled in the zaza library, so use that code instead
as it properly handles the differences.
Signed-off-by: Billy Olsen <billy.olsen@canonical.com>
The nova service may not be quite ready after vault initialisation for
the basic network configuration, so add a retrier wrapper around the
client for every test to make sure that it retries.
The stop_status parameter allows callers to ask stop retrying based on a
list of statuses that are known to be final (and error) states, this
saves time failing earlier.
Usage example for fail early when an instance reaches to ERROR status:
openstack_utils.resource_reaches_status(self.nova_client.servers,
instance_uuid,
resource_attribute='state',
expected_status='ACTIVE',
stop_status='ERROR')
This allows callers to pass None and let get_nova_session_client() to
use a sane default API, specifically this allows intermediate users
(e.g. launch_guest() ) to proxy values passed by the caller.
Add get_watcher_session_client() helper function to build a
watcherclient.v1.Client instance authenticated with a keystone session
that uses admin credentials by default.
Convert images to raw if ceph image backend
We are currently uploading qcow2 images, and
Nova is converting them to raw when running
the tests, sometimes timing out the tests.
With this change we are pre-converting the
images and uploading them as raw, so Nova
does not have to convert them.
A separate service subnet for FIPs is useful in making sure that
connectivity based on the advertised routes really works as opposed to
relying on directly connected routes to FIPs in the undercloud network
subnet used as an external network.
On failures there is no information of the state of the objects that
couldn't be removed, maybe there are on their way to be removed and this
is a failure visible on slow clouds and not an actual issue, this will
help with troubleshooting.
A charm that uses FRR instead of Quagga is now published under:
https://charmhub.io/osci-frr
For our purposes FRR is a drop-in replacement of Quagga but the point
of a change is to remove Quagga references for clarity.
Issue seen at the gate:
glanceclient.exc.CommunicationError: [...] ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
* Add keystone-openidc setup code.
The keystone-openidc charm requires 2 configuration steps:
1) Configure the oidc-client-id, oidc-client-secret and
oidc-provider-metadata-url, this information is tightly related to
the Identity Provider configured, which for testing purposes this is
the openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc
takes care of setting these values once the fixture charm is ready
for service.
2) Create the OpenStack objects to correctly configure the federation,
this is made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
- Create a domain named 'federated_domain'.
- Create a group named 'federated_users'.
- Grant the 'Member' role to users in the 'federated_users' group.
- Create an identity provider named 'openid'.
- Create a mapping named 'openid_mapping'.
- Create a federation protocol named 'openid' that relates the mapping
and the identity provider.
* Add support for v3oidcpassword auth plugin.
get_keystone_session() uses the v3.OidcPassword class when the
OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following
extra configuration options:
- OS_IDENTITY_PROVIDER
- OS_PROTOCOL
- OS_CLIENT_ID
- OS_CLIENT_SECRET
- OS_ACCESS_TOKEN_ENDPOINT (optional)
- OS_DISCOVERY_ENDPOINT (optional)
* Add test for keystone-openidc
This patch introduces a new testing class named CharmKeystoneOpenIDCTest
which interacts with keystone using users provided by
openidc-test-fixture via OpenID Connect.
* Add keystone_session argument to launch instances.
Adding the option to pass a keystone session allows callers to use
credentials different from the ones provided by
get_overcloud_keystone_session(), this is helpful when testing non
default keystone configurations (e.g. Federation).
* Add zaza.openstack.charm_tests.openidc.tests.TestLaunchInstance
This testing class configures a private network in the user's project defined by the mapping
rules during the setUpClass stage. Specifically this test performs the following steps:
- Create keypair named 'zaza' in the user's project
- Create a router for the project
- Attach the router to the external network
- Create a network
- Create a subnet attached to the previously create network
- Connect the subnet to the project's router
The testing method launches an instance using a keystone session
associated with a user backed by OpenID Connect.
One of the pep8 target dependencies must have updated,
causing a bunch of new lint errors in these categories:
- line length > 79 chars
- no whitespace after keyword
- Add Heat domain-setup action as a setup configuration option which can be used in other charms
- test_100_domain_setup is being deprecated if the new configuration option is being used
- Add Magnum tests
- test create magnum cluster template
- test create magnum cluster
- test config changes
- test pause and resume
- TEST_MAGNUM_QCOW2_IMAGE_URL environment variable is required in the CI
- The value of this variable should be a link to a fedora-coreos QCOW2 image
There are situations where the DNS infrastructure hasn't been stable and
many CI jobs have failed with the error:
urllib.error.URLError: <urlopen error [Errno -3] Temporary failure in name resolution>
This change decorates the function find_cirros_image() to retry and give
the job more chances of recovering from the DNS failures.
The keystone charm allows multiple VIP addresses to be configured via
the 'vip' config parameter. Unfortunately, get_keystone_ip() didn't
support this. This patch adds that support, plus the missing tests.
Closes: #689
Add zaza tests for charm glance when cinder is configured
as storage backend.
Related-Bug: LP#1905042
Co-authored-by: Hemanth Nakkina <hemanth.nakkina@canonical.com>
The v3 endpoint has been supported by the charms since Pike,
and the V2 endpoint was removed in Xena, therefore it makes
to use the v3 endpoint by default at this point.
This adds a new setup function that will setup a VLAN provider network.
It can be called by tests.yaml after basic_overcloud_network:
- zaza.openstack.charm_tests.neutron.setup.basic_overcloud_network
- zaza.openstack.charm_tests.neutron.setup.vlan_provider_overcloud_network
* Set timeout on juju_wait()
* Remove leftover traces
Traces should be made with logging.debug(). These traces
are probably leftovers from the development phase.
The Zaza MAAS code selects interfaces that are attached to the
provided CIDR, set up as unconfigured and has link.
In the event a machine has multiple unconfigured interfaces
attached to the same physical network, adding them all to the
configuration might lead to undesired side effects such as network
loops.
In newer versions of Ubuntu and the Cloud Archive (currently Hirsute,
Wallaby, and above), there is an openstack-release package that, if
installed, specifies the current OpenStack release in
/etc/openstack-release.
Also adds wallaby definitions to non-version definitions in
os_versions.py.
Fixes#560
