Issue seen at the gate:
glanceclient.exc.CommunicationError: [...] ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
* Add keystone-openidc setup code.
The keystone-openidc charm requires 2 configuration steps:
1) Configure the oidc-client-id, oidc-client-secret and
oidc-provider-metadata-url, this information is tightly related to
the Identity Provider configured, which for testing purposes this is
the openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc
takes care of setting these values once the fixture charm is ready
for service.
2) Create the OpenStack objects to correctly configure the federation,
this is made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
- Create a domain named 'federated_domain'.
- Create a group named 'federated_users'.
- Grant the 'Member' role to users in the 'federated_users' group.
- Create an identity provider named 'openid'.
- Create a mapping named 'openid_mapping'.
- Create a federation protocol named 'openid' that relates the mapping
and the identity provider.
* Add support for v3oidcpassword auth plugin.
get_keystone_session() uses the v3.OidcPassword class when the
OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following
extra configuration options:
- OS_IDENTITY_PROVIDER
- OS_PROTOCOL
- OS_CLIENT_ID
- OS_CLIENT_SECRET
- OS_ACCESS_TOKEN_ENDPOINT (optional)
- OS_DISCOVERY_ENDPOINT (optional)
* Add test for keystone-openidc
This patch introduces a new testing class named CharmKeystoneOpenIDCTest
which interacts with keystone using users provided by
openidc-test-fixture via OpenID Connect.
* Add keystone_session argument to launch instances.
Adding the option to pass a keystone session allows callers to use
credentials different from the ones provided by
get_overcloud_keystone_session(), this is helpful when testing non
default keystone configurations (e.g. Federation).
* Add zaza.openstack.charm_tests.openidc.tests.TestLaunchInstance
This testing class configures a private network in the user's project defined by the mapping
rules during the setUpClass stage. Specifically this test performs the following steps:
- Create keypair named 'zaza' in the user's project
- Create a router for the project
- Attach the router to the external network
- Create a network
- Create a subnet attached to the previously create network
- Connect the subnet to the project's router
The testing method launches an instance using a keystone session
associated with a user backed by OpenID Connect.
One of the pep8 target dependencies must have updated,
causing a bunch of new lint errors in these categories:
- line length > 79 chars
- no whitespace after keyword
- Add Heat domain-setup action as a setup configuration option which can be used in other charms
- test_100_domain_setup is being deprecated if the new configuration option is being used
- Add Magnum tests
- test create magnum cluster template
- test create magnum cluster
- test config changes
- test pause and resume
- TEST_MAGNUM_QCOW2_IMAGE_URL environment variable is required in the CI
- The value of this variable should be a link to a fedora-coreos QCOW2 image
There are situations where the DNS infrastructure hasn't been stable and
many CI jobs have failed with the error:
urllib.error.URLError: <urlopen error [Errno -3] Temporary failure in name resolution>
This change decorates the function find_cirros_image() to retry and give
the job more chances of recovering from the DNS failures.
The keystone charm allows multiple VIP addresses to be configured via
the 'vip' config parameter. Unfortunately, get_keystone_ip() didn't
support this. This patch adds that support, plus the missing tests.
Closes: #689
Add zaza tests for charm glance when cinder is configured
as storage backend.
Related-Bug: LP#1905042
Co-authored-by: Hemanth Nakkina <hemanth.nakkina@canonical.com>
The v3 endpoint has been supported by the charms since Pike,
and the V2 endpoint was removed in Xena, therefore it makes
to use the v3 endpoint by default at this point.
This adds a new setup function that will setup a VLAN provider network.
It can be called by tests.yaml after basic_overcloud_network:
- zaza.openstack.charm_tests.neutron.setup.basic_overcloud_network
- zaza.openstack.charm_tests.neutron.setup.vlan_provider_overcloud_network
* Set timeout on juju_wait()
* Remove leftover traces
Traces should be made with logging.debug(). These traces
are probably leftovers from the development phase.
The Zaza MAAS code selects interfaces that are attached to the
provided CIDR, set up as unconfigured and has link.
In the event a machine has multiple unconfigured interfaces
attached to the same physical network, adding them all to the
configuration might lead to undesired side effects such as network
loops.
In newer versions of Ubuntu and the Cloud Archive (currently Hirsute,
Wallaby, and above), there is an openstack-release package that, if
installed, specifies the current OpenStack release in
/etc/openstack-release.
Also adds wallaby definitions to non-version definitions in
os_versions.py.
Fixes#560
* Move general function out of the testing class. This will make them
easy to be reused.
* Properly organize the tests, and add tons of docstrings and comments
to have them as clear as possible.
* Add `failover_cinder_volume_host` to the Zaza `utilities/openstack.py`,
since this is a general purpose function.
The current approach of storing the deployment CA certificate in
the 'test/' relative path does not allow for executing tests for
multiple targets from the same environment.
We have previously moved (7a90110) the local copy of the SSH
private key for similar reasons.
Remove the global constants as we cannot build them without making
function calls, and we'd rather avoid doing that at module import
time. Code using the location of the local CA certificate has
already been changed to use helper functions.
When on MAAS support doing charm based configuration of OVS by
retrieving MAC address of ports attached to external network
from MAAS.
Note that we should extend the MAAS support to also work with
deployments where MAAS does the OVS configuration for us.
The function does three separate things today, and two of its
tasks are useful for other provider types such as MAAS.
Also fix create_additional_port_for_machines idempotency.
We previously added a run time assertion to fail early when
attempting to configure networking for an invalid bundle. The
check had the side effect of prohibiting subsequent runs on
already configured models.
This patch modifies the existing openstack upgrade tests so that they
work with focal (by explicitly supporting mysql-innodb-cluster), and are
also interruptable and resumable (at a charm level). It also makes them
work with the udpated 'get_upgrade_groups()' that ultimately gets a List
of Tuples rather than a dictionary.
Ceph deployments may not contain a keystone service which causes
calls to get_os_release to fail as it calls get_current_os_release_pair
without sepecifying an application (keystone is the default).
