Add a method which will init vault if its present and skip if it
is not. This allows much simpler tests.yaml if all test and
config steps are the same for TLS and non-TLS test cases apart
from initialising vault.
This patch modifies the existing openstack upgrade tests so that they
work with focal (by explicitly supporting mysql-innodb-cluster), and are
also interruptable and resumable (at a charm level). It also makes them
work with the udpated 'get_upgrade_groups()' that ultimately gets a List
of Tuples rather than a dictionary.
* Updates to concurrent series upgrade
Updates to make it run more in parallel and spend less time waiting on
the whole model when updating machines.
* Make the concurrent series upgrade tests work
This is a number of changes to get the concurrent (here called
'parallel' historically) series upgrade tests to work. A number of
changes were required which included limiting the number of concurrent
async co-routines (futures) that could be run as with large models it
hits the limits of the Py3 runtime.
* Fix the tests and change pause order in maybe_pause_things
Due to an additional model helper call, an additional model AsyncMock is
required. Also the pause order had changed, and this is restored to
ensure the original design is retained (for pause order).
Clean up some commented out code and sort out a few PEP8 errors.
* Update comment to reflect code (3 -> 4)
* Fix tests that fail on bionic but pass on focal
Essentially, asyncio.gather has different behaviour on bionic that
focal. Although this doesn't affect testing, it does affect the unit
tests. These changes are simply to normalise the behaviour of unit
tests on focal and bionic.
When vault is in its own model with no clients then vault needs
to be initialised without waiting for clients to start executing
and without validating a client has recieved the cert. To achieve
this, this PR adds auto_initialize_no_validation_no_wait.
If the ssl-{key,chain,ca} charm config option have been set than
retrieve the ssl-ca from the vault charm and use it when making
called to the vault api.
* Add an unseal function for mojo to use.
* Switch mojo to use new function after series upgrade reboot.
* Add fallback if vip client is unavailable (the case if all
hacluster units are paused for series upgrade).
Make it possible for consumers of the ``auto_initialize_no_validation``
function to execute subsequent setup and test code that require vault
and the consumers of the ``certificates`` relation to be ready.
With the current order of execution, it is not possible to use the
configure function in models where ``keystone`` application is not
present.
This is a temporary fix to work around a bug in nova-compute.
The bug causes nova-compute to cache the placement api endpoint
which causes placement api calls to fail when the endpoint switches
from http to https
Currently when vault auto_inititialize [sic] is called a validation
step is run at the end to check that clients connected to vault
have the correct setup. However in sometimes there are no clients
to run validation with (as with cross model relation testing). To
facilitate this expose a new method 'auto_initialize_no_validation'
which skip the client validation.
Also correct the spelling of auto_inititialize but add a partial
to support tests that are already using the old spelling.
Liam Young
Aurelien Lourot
Alex Kavanagh
Chris MacNaughton
Frode Nordahl