openstack/grenade
Code Issues Proposed changes

cinder: Add encrypted volumes resources

Browse Source 
This change adds some basic coverage for attaching and detaching an
encrypted LUKS volume during an upgrade. To keep things readable a new
_wait_for_volume_update utility function is introduced and called
throughout the cinder tests when waiting for a volume to switch state or
to become bootable.

Change-Id: I894ef91a1e38775b1b56feb84612c7661046b4ba
This commit is contained in:
Lee Yarwood 2019-08-02 13:32:04 +01:00
parent d67a48d127
commit 1a08c4416d
1 changed files with 55 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
projects/70_cinder/resources.sh
View File

@ -31,6 +31,8 @@ CINDER_KEY=cinder_key
CINDER_KEY_FILE=$SAVE_DIR/cinder_key.pem CINDER_KEY_FILE=$SAVE_DIR/cinder_key.pem
CINDER_VOL=cinder_grenade_vol CINDER_VOL=cinder_grenade_vol
CINDER_VOL2=cinder_grenade_vol2 CINDER_VOL2=cinder_grenade_vol2
CINDER_VOL3=cinder_grenade_vol3
CINDER_VOL_ENCRYPTED_TYPE=cinder_grenade_encrypted_type
# don't put ' or " in this, it complicates things # don't put ' or " in this, it complicates things
CINDER_STATE="I am a teapot" CINDER_STATE="I am a teapot"
CINDER_STATE_FILE=verify.txt CINDER_STATE_FILE=verify.txt
@ -48,6 +50,29 @@ if ! is_service_enabled c-api; then
exit 0 exit 0
fi fi
function _wait_for_volume_update {
# TODO(mriedem): Replace with --wait once OSC story 2002158 is complete.
# https://storyboard.openstack.org/#!/story/2002158
local volume=$1
local field=$2
local desired_status=$3
local timeleft=30
local status=""
while [[ $timeleft -gt 0 ]]; do
status=$(openstack volume show $volume -f value -c $field)
if [[ "$status" != "$desired_status" ]]; then
echo "Volume ${volume} ${field} is ${status} and not yet ${desired_status}, waiting..."
sleep 1
timeleft=$((timeleft - 1))
if [[ $timeleft == 0 ]]; then
die $LINENO "Timed out waiting for volume ${volume} ${field} to be ${desired_status}"
fi
else
break
fi
done
}
function _cinder_set_user { function _cinder_set_user {
OS_TENANT_NAME=$CINDER_PROJECT OS_TENANT_NAME=$CINDER_PROJECT
OS_PROJECT_NAME=$CINDER_PROJECT OS_PROJECT_NAME=$CINDER_PROJECT
@ -75,6 +100,11 @@ function create {
resource_save cinder user_id $id resource_save cinder user_id $id
openstack role add member --user $id --project $project_id openstack role add member --user $id --project $project_id
# Create an encrypted volume type as admin
eval $(openstack volume type create --encryption-provider luks $CINDER_VOL_ENCRYPTED_TYPE -f shell)
resource_save cinder cinder_encrypted_volume_type_id $id
# set ourselves to the created cinder user # set ourselves to the created cinder user
_cinder_set_user _cinder_set_user
@ -92,23 +122,8 @@ function create {
eval $(openstack volume create --image $DEFAULT_IMAGE_NAME --size 1 $CINDER_VOL -f shell) eval $(openstack volume create --image $DEFAULT_IMAGE_NAME --size 1 $CINDER_VOL -f shell)
resource_save cinder cinder_volume_id $id resource_save cinder cinder_volume_id $id
# BUG: openstack client doesn't support --wait on volumes, so loop # Wait for the volume to be marked as bootable
# and wait until it's bootable. This typically only takes a second _wait_for_volume_update $CINDER_VOL "bootable" "true"
# or two.
local timeleft=30
while [[ $timeleft -gt 0 ]]; do
eval $(openstack volume show cinder_grenade_vol -f shell -c bootable)
if [[ "$bootable" != "true" ]]; then
echo "Volume is not yet bootable, waiting..."
sleep 1
timeleft=$((timeleft - 1))
if [[ $timeleft == 0 ]]; then
die $LINENO "Volume failed to become bootable"
fi
else
break
fi
done
# work around for neutron because there is no such thing as a default # work around for neutron because there is no such thing as a default
local net_id=$(resource_get network net_id) local net_id=$(resource_get network net_id)
@ -142,39 +157,20 @@ function create {
resource_save cinder cinder_volume2_id $id resource_save cinder cinder_volume2_id $id
# Wait for the volume to be available before attaching it to the server. # Wait for the volume to be available before attaching it to the server.
# TODO(mriedem): Replace this (and the wait loop above) with --wait once _wait_for_volume_update $CINDER_VOL2 "status" "available"
# OSC story 2002158 is complete.
timeleft=30
while [[ $timeleft -gt 0 ]]; do
local status=$(openstack volume show $CINDER_VOL2 -f value -c status)
if [[ "$status" != "available" ]]; then
echo "Volume is not yet available, waiting..."
sleep 1
timeleft=$((timeleft - 1))
if [[ $timeleft == 0 ]]; then
die $LINENO "Timed out waiting for volume $CINDER_VOL2 to be available"
fi
else
break
fi
done
# Attach second volume and ensure it becomes in-use # Attach second volume and ensure it becomes in-use
openstack server add volume $CINDER_SERVER $CINDER_VOL2 openstack server add volume $CINDER_SERVER $CINDER_VOL2
local timeleft=30 _wait_for_volume_update $CINDER_VOL2 "status" "in-use"
while [[ $timeleft -gt 0 ]]; do
eval $(openstack volume show $CINDER_VOL2 -f shell -c status) # Create an encrypted (non-bootable) volume to attach and detach
if [[ "$status" != "in-use" ]]; then eval $(openstack volume create --size 1 $CINDER_VOL3 --type $CINDER_VOL_ENCRYPTED_TYPE -f shell)
echo "Volume is not yet attached (status $status), waiting..." resource_save cinder cinder_volume3_id $id
sleep 1 _wait_for_volume_update $CINDER_VOL3 "status" "available"
timeleft=$((timeleft - 1))
if [[ $timeleft == 0 ]]; then # Attach the encrypted volume and ensure it becomes in-use
die $LINENO "Volume failed to become in-use" openstack server add volume $CINDER_SERVER $CINDER_VOL3
fi _wait_for_volume_update $CINDER_VOL3 "status" "in-use"
else
break
fi
done
# ping check on the way up so we can add ssh content # ping check on the way up so we can add ssh content
ping_check_public $ip 30 ping_check_public $ip 30
@ -220,26 +216,20 @@ function verify {
if [[ "$side" = "post-upgrade" ]]; then if [[ "$side" = "post-upgrade" ]]; then
eval $(openstack volume show $CINDER_VOL2 -f shell -c status) eval $(openstack volume show $CINDER_VOL2 -f shell -c status)
if [[ "$status" != "in-use" ]]; then if [[ "$status" != "in-use" ]]; then
die $LINENO "Unexpected status of volume $CINDER_VOL_2 (expected in-use, but was $status)" die $LINENO "Unexpected status of volume $CINDER_VOL2 (expected in-use, but was $status)"
fi
eval $(openstack volume show $CINDER_VOL3 -f shell -c status)
if [[ "$status" != "in-use" ]]; then
die $LINENO "Unexpected status of volume $CINDER_VOL3 (expected in-use, but was $status)"
fi fi
# Verify detach # Verify detach
openstack server remove volume $CINDER_SERVER $CINDER_VOL2 openstack server remove volume $CINDER_SERVER $CINDER_VOL2
_wait_for_volume_update $CINDER_VOL2 "status" "available"
openstack server remove volume $CINDER_SERVER $CINDER_VOL3
_wait_for_volume_update $CINDER_VOL3 "status" "available"
local timeleft=30
while [[ $timeleft -gt 0 ]]; do
eval $(openstack volume show $CINDER_VOL2 -f shell -c status)
if [[ "$status" != "available" ]]; then
echo "Volume is not yet detached (status $status), waiting..."
sleep 1
timeleft=$((timeleft - 1))
if [[ $timeleft == 0 ]]; then
die $LINENO "Volume failed to become available"
fi
else
break
fi
done
echo "Cinder verify post-upgrade successfully detached volume" echo "Cinder verify post-upgrade successfully detached volume"
fi fi
} }
@ -269,11 +259,13 @@ function destroy {
openstack volume delete $CINDER_VOL openstack volume delete $CINDER_VOL
openstack volume delete $CINDER_VOL2 openstack volume delete $CINDER_VOL2
openstack volume delete $CINDER_VOL3
openstack security group delete $CINDER_USER openstack security group delete $CINDER_USER
# lastly, get rid of our user - done as admin # lastly, get rid of our volume type and user - done as admin
source_quiet $TOP_DIR/openrc admin admin source_quiet $TOP_DIR/openrc admin admin
openstack volume type delete $CINDER_VOL_ENCRYPTED_TYPE
local user_id=$(resource_get cinder user_id) local user_id=$(resource_get cinder user_id)
local project_id=$(resource_get cinder project_id) local project_id=$(resource_get cinder project_id)
openstack user delete $user_id openstack user delete $user_id