Existing code uses the python libjuju unit.run in order to execute
a wait check for ca readiness across the units. The behavior of libjuju
changed between 2.x and 3.x and causes this functionality to break. This
is abstracted and handled in the zaza library, so use that code instead
as it properly handles the differences.
Signed-off-by: Billy Olsen <billy.olsen@canonical.com>
The nova service may not be quite ready after vault initialisation for
the basic network configuration, so add a retrier wrapper around the
client for every test to make sure that it retries.
Updates charm upgrades to use channels, tracks, and risks instead
of URLs.
Currently these tests only upgrade OpenStack charms and packages.
The OVN, ceph, and misc charms and payloads are not upgraded.
Remove instance creation since tempest can be used to verify the
cloud.
The stop_status parameter allows callers to ask stop retrying based on a
list of statuses that are known to be final (and error) states, this
saves time failing earlier.
Usage example for fail early when an instance reaches to ERROR status:
openstack_utils.resource_reaches_status(self.nova_client.servers,
instance_uuid,
resource_attribute='state',
expected_status='ACTIVE',
stop_status='ERROR')
This allows callers to pass None and let get_nova_session_client() to
use a sane default API, specifically this allows intermediate users
(e.g. launch_guest() ) to proxy values passed by the caller.
Add get_watcher_session_client() helper function to build a
watcherclient.v1.Client instance authenticated with a keystone session
that uses admin credentials by default.
Convert images to raw if ceph image backend
We are currently uploading qcow2 images, and
Nova is converting them to raw when running
the tests, sometimes timing out the tests.
With this change we are pre-converting the
images and uploading them as raw, so Nova
does not have to convert them.
A separate service subnet for FIPs is useful in making sure that
connectivity based on the advertised routes really works as opposed to
relying on directly connected routes to FIPs in the undercloud network
subnet used as an external network.
On failures there is no information of the state of the objects that
couldn't be removed, maybe there are on their way to be removed and this
is a failure visible on slow clouds and not an actual issue, this will
help with troubleshooting.
A charm that uses FRR instead of Quagga is now published under:
https://charmhub.io/osci-frr
For our purposes FRR is a drop-in replacement of Quagga but the point
of a change is to remove Quagga references for clarity.
Issue seen at the gate:
glanceclient.exc.CommunicationError: [...] ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
* Add keystone-openidc setup code.
The keystone-openidc charm requires 2 configuration steps:
1) Configure the oidc-client-id, oidc-client-secret and
oidc-provider-metadata-url, this information is tightly related to
the Identity Provider configured, which for testing purposes this is
the openidc-test-fixture charm, the setup function
zaza.openstack.charm_tests.openidc.setup.configure_keystone_openidc
takes care of setting these values once the fixture charm is ready
for service.
2) Create the OpenStack objects to correctly configure the federation,
this is made by the setup function
zaza.openstack.charm_tests.openidc.setup.keystone_federation_setup_site1
which will create and configure the following resources:
- Create a domain named 'federated_domain'.
- Create a group named 'federated_users'.
- Grant the 'Member' role to users in the 'federated_users' group.
- Create an identity provider named 'openid'.
- Create a mapping named 'openid_mapping'.
- Create a federation protocol named 'openid' that relates the mapping
and the identity provider.
* Add support for v3oidcpassword auth plugin.
get_keystone_session() uses the v3.OidcPassword class when the
OS_AUTH_TYPE is set to v3oidcpassword, this class expects the following
extra configuration options:
- OS_IDENTITY_PROVIDER
- OS_PROTOCOL
- OS_CLIENT_ID
- OS_CLIENT_SECRET
- OS_ACCESS_TOKEN_ENDPOINT (optional)
- OS_DISCOVERY_ENDPOINT (optional)
* Add test for keystone-openidc
This patch introduces a new testing class named CharmKeystoneOpenIDCTest
which interacts with keystone using users provided by
openidc-test-fixture via OpenID Connect.
* Add keystone_session argument to launch instances.
Adding the option to pass a keystone session allows callers to use
credentials different from the ones provided by
get_overcloud_keystone_session(), this is helpful when testing non
default keystone configurations (e.g. Federation).
* Add zaza.openstack.charm_tests.openidc.tests.TestLaunchInstance
This testing class configures a private network in the user's project defined by the mapping
rules during the setUpClass stage. Specifically this test performs the following steps:
- Create keypair named 'zaza' in the user's project
- Create a router for the project
- Attach the router to the external network
- Create a network
- Create a subnet attached to the previously create network
- Connect the subnet to the project's router
The testing method launches an instance using a keystone session
associated with a user backed by OpenID Connect.
Change 0af4c93d causes the target model to be ignored when a
model_name was specified. This in turn is causing the swift
cmr tests to fail as an ip of None is being recorded for
units in a different model.
One of the pep8 target dependencies must have updated,
causing a bunch of new lint errors in these categories:
- line length > 79 chars
- no whitespace after keyword
- Add Heat domain-setup action as a setup configuration option which can be used in other charms
- test_100_domain_setup is being deprecated if the new configuration option is being used
- Add Magnum tests
- test create magnum cluster template
- test create magnum cluster
- test config changes
- test pause and resume
- TEST_MAGNUM_QCOW2_IMAGE_URL environment variable is required in the CI
- The value of this variable should be a link to a fedora-coreos QCOW2 image
With the upcoming transition to an operator-framework charm, the
Ceph tests need to be idempotent, since we'll be testing the upgrade
path from classical to operator. The tests that need fixing are the
ones that call out to add/remove disks, since they create loopback
devices to back the OSD's but never remove them.
There are some Ceph charms that do not install the
openstack-release package, so fall through to the
dict to identify which release they are on, and can
fail with a KeyError when not finding a matching
entry for Pacific and Quincy.
* Stop retrying if LB provisioning status reached ERROR
The method `wait_for_lb_resource()` retries for 15m while the load
balancer could have reached to ERROR during the provisioning in the
first few minutes, this approach makes the testing take longer for no
reason.
This change makes the ERROR state in provisioning_status final and
abort raising a ValueError() exception.
More details of the provisioning_status possible states can be found at:
https://docs.openstack.org/api-ref/load-balancer/v2/#provisioning-status-codes
* Use LoadBalancerUnexpectedState and LoadBalancerUnrecoverableError.
Drop the (re-)use of AssertionError and ValueError to identify when a
load balancer status is in a state where the test needs to retry or
break and fail respectively.
This change introduces 2 new exceptions to be explicit of what the code
is trying to do.
- LoadBalancerUnexpectedState is raised when the status of the load
balancer is in a state different from the one requested by the caller,
but said state can be considered as transitory.
- LoadBalancerUnrecoverableError is raised when the status of the load
balancer is in ERROR state and said state is final for the
proviniong_status property, hence retrying only delays the failure.
