Merge "CI: Add TLS tests"
This commit is contained in:
commit
ece2606aeb
@ -15,6 +15,8 @@ function check_config {
|
||||
# Ignore files generated by Zuul.
|
||||
for f in $(sudo find /etc/kolla \
|
||||
-not -regex /etc/kolla/config.* \
|
||||
-not -regex /etc/kolla/certificates.* \
|
||||
-not -regex ".*ca-certificates.*" \
|
||||
-not -path /etc/kolla \
|
||||
-not -name admin-openrc.sh \
|
||||
-not -name globals.yml \
|
||||
|
@ -15,6 +15,10 @@ function deploy {
|
||||
|
||||
#TODO(inc0): Post-deploy complains that /etc/kolla is not writable. Probably we need to include become there
|
||||
sudo chmod -R 777 /etc/kolla
|
||||
# generate self-signed certificates for the optional internal TLS tests
|
||||
if [[ "$TLS_ENABLED" = "True" ]]; then
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv certificates > /tmp/logs/ansible/certificates
|
||||
fi
|
||||
# Actually do the deployment
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks &> /tmp/logs/ansible/deploy-prechecks
|
||||
# TODO(jeffrey4l): add pull action when we have a local registry
|
||||
|
@ -333,7 +333,8 @@
|
||||
cmd: deploy.sh
|
||||
executable: /bin/bash
|
||||
chdir: "{{ kolla_ansible_src_dir }}"
|
||||
|
||||
environment:
|
||||
TLS_ENABLED: "{{ tls_enabled }}"
|
||||
# NOTE(yoctozepto): this is nice as the first step after the deployment
|
||||
# because it waits for the services to stabilize well enough so that
|
||||
# the dashboard is able to show the login prompt
|
||||
@ -342,6 +343,8 @@
|
||||
cmd: test-dashboard.sh
|
||||
executable: /bin/bash
|
||||
chdir: "{{ kolla_ansible_src_dir }}"
|
||||
environment:
|
||||
TLS_ENABLED: "{{ tls_enabled }}"
|
||||
when: dashboard_enabled
|
||||
|
||||
- name: Run init-core-openstack.sh script
|
||||
|
@ -128,3 +128,16 @@ cinder_backend_ceph: "yes"
|
||||
nova_backend_ceph: "yes"
|
||||
ceph_nova_user: "cinder"
|
||||
{% endif %}
|
||||
|
||||
{% if tls_enabled %}
|
||||
kolla_enable_tls_external: "yes"
|
||||
kolla_enable_tls_internal: "yes"
|
||||
kolla_verify_internal_ca_certs: "no"
|
||||
kolla_copy_ca_into_containers: "yes"
|
||||
{% if base_distro == "ubuntu" or base_distro == "debian" %}
|
||||
openstack_cacert: "/usr/local/share/ca-certificates/kolla-customca-haproxy-internal.crt"
|
||||
{% endif %}
|
||||
{% if base_distro == "centos" %}
|
||||
openstack_cacert: "/etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-internal.crt"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
@ -11,7 +11,15 @@ function check_dashboard {
|
||||
# page.
|
||||
DASHBOARD_URL=${OS_AUTH_URL%:*}
|
||||
output_path=$1
|
||||
if ! curl --include --location --fail $DASHBOARD_URL > $output_path; then
|
||||
args=(
|
||||
--include
|
||||
--location
|
||||
--fail
|
||||
)
|
||||
if [[ "$TLS_ENABLED" = "True" ]]; then
|
||||
args+=(--cacert $OS_CACERT)
|
||||
fi
|
||||
if ! curl "${args[@]}" $DASHBOARD_URL > $output_path; then
|
||||
return 1
|
||||
fi
|
||||
if ! grep Login $output_path >/dev/null; then
|
||||
|
@ -9,7 +9,10 @@ export PYTHONUNBUFFERED=1
|
||||
|
||||
function upgrade {
|
||||
RAW_INVENTORY=/etc/kolla/inventory
|
||||
|
||||
# generate self-signed certificates for the optional internal TLS tests
|
||||
if [[ $SCENARIO == "tls" ]]; then
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv certificates > /tmp/logs/ansible/certificates
|
||||
fi
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks &> /tmp/logs/ansible/upgrade-prechecks
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv pull &> /tmp/logs/ansible/pull-upgrade
|
||||
tools/kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade
|
||||
|
@ -31,6 +31,7 @@
|
||||
api_interface_name: vxlan0
|
||||
kolla_internal_vip_address: "192.0.2.10"
|
||||
address_family: 'ipv4'
|
||||
tls_enabled: false
|
||||
roles:
|
||||
- zuul: zuul/zuul-jobs
|
||||
|
||||
|
@ -32,6 +32,7 @@
|
||||
vars:
|
||||
base_distro: debian
|
||||
install_type: source
|
||||
tls_enabled: true
|
||||
|
||||
- job:
|
||||
name: kolla-ansible-ubuntu-source
|
||||
@ -40,6 +41,7 @@
|
||||
vars:
|
||||
base_distro: ubuntu
|
||||
install_type: source
|
||||
tls_enabled: true
|
||||
|
||||
- job:
|
||||
name: kolla-ansible-ubuntu-source-multinode-ipv6
|
||||
|
Loading…
Reference in New Issue
Block a user