From d7097a36dc8a76efadec9c1f7b461b116533df9d Mon Sep 17 00:00:00 2001
From: Qin Wang <qin.wang@intel.com>
Date: Wed, 17 Aug 2016 22:19:28 +0000
Subject: [PATCH] Add SNI support via OS packages for lxc-host role

Some Linux distributions, such as CentOS 7 and Xenial, have trouble
validating SSL certificates when using get_url with servers
that use Server Name Indication (SNI).

This patch adds those packages to the list of required packages and
uses bindep to install them in developer test environments the same
way that the gate tests install them.

Change-Id: I53fd154fd97a6302a30eaab3903fb7a2132b3fe4
---
 bindep.txt   | 28 ++++++++++++++++++++--------
 run_tests.sh | 36 ++++++++++++++++++++++--------------
 2 files changed, 42 insertions(+), 22 deletions(-)

diff --git a/bindep.txt b/bindep.txt
index a145f8b4..931e963d 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -10,17 +10,29 @@
 # will fall back to installing its default packages which
 # will potentially be detrimental to the tests executed.
 
-# OpenStack-CI's Jenkins needs curl
-# TODO(odyssey4me) remove this once https://review.openstack.org/288634 has merged
-# and the disk images are rebuilt and redeployed.
-curl
-wget
-
-# Requirements for Paramiko 2.0
+# Base requirements for Ubuntu
+build-essential   [platform:dpkg]
+git-core          [platform:dpkg]
 libssl-dev        [platform:dpkg]
 libffi-dev        [platform:dpkg]
+python2.7         [platform:dpkg]
+python-dev        [platform:dpkg]
+
+# Base requirements for CentOS
+gcc               [platform:rpm]
+gcc-c++           [platform:rpm]
+git               [platform:rpm]
+python-devel      [platform:rpm]
 libffi-devel      [platform:rpm]
 openssl-devel     [platform:rpm]
 
-# For selinux
+# For SELinux
 libselinux-python [platform:rpm]
+
+# For SSL SNI support
+python-pyasn1               [platform:dpkg]
+python-openssl              [platform:dpkg]
+python-ndg-httpsclient      [platform:ubuntu !platform:ubuntu-trusty]
+python2-pyasn1              [platform:rpm]
+pyOpenSSL                   [platform:rpm]
+python-ndg_httpsclient      [platform:rpm]
diff --git a/run_tests.sh b/run_tests.sh
index bfe311e1..0a49aa3e 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -17,29 +17,37 @@ set -euov
 
 FUNCTIONAL_TEST=${FUNCTIONAL_TEST:-true}
 
-# prep the host
-if [ "$(which apt-get)" ]; then
-  apt-get update && apt-get install -y build-essential python2.7 python-dev git-core libffi-dev libssl-dev
-fi
-
-if [ "$(which yum)" ]; then
-  yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel
-fi
-
-# get pip, if necessary
+# Install pip
 if [ ! "$(which pip)" ]; then
   curl --silent --show-error --retry 5 \
     https://bootstrap.pypa.io/get-pip.py | sudo python2.7
 fi
 
-# install tox
-pip install tox
+# Install bindep and tox
+pip install bindep tox
+
+# CentOS 7 requires two additional packages:
+#   redhat-lsb-core - for bindep profile support
+#   epel-release    - required to install python-ndg_httpsclient/python2-pyasn1
+if [ "$(which yum)" ]; then
+    yum -y install redhat-lsb-core epel-release
+fi
+
+# Install OS packages using bindep
+if apt-get -v >/dev/null 2>&1 ; then
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive \
+      apt-get -q --option "Dpkg::Options::=--force-confold" \
+      --assume-yes install `bindep -b -f bindep.txt test`
+else
+    yum install -y `bindep -b -f bindep.txt test`
+fi
 
 # run through each tox env and execute the test
 for tox_env in $(awk -F= '/envlist/ {print $2}' tox.ini | sed 's/,/ /g'); do
-  if [ "${tox_env}" != "functional" ]; then
+  if [ "${tox_env}" != "ansible-functional" ]; then
     tox -e ${tox_env}
-  elif [ "${tox_env}" == "functional" ]; then
+  elif [ "${tox_env}" == "ansible-functional" ]; then
     if ${FUNCTIONAL_TEST}; then
       tox -e ${tox_env}
     fi