From 0c938590d2bc7e56a04b196ee8cf835786b9a6d4 Mon Sep 17 00:00:00 2001 From: yatin Date: Mon, 17 Dec 2018 20:06:39 +0530 Subject: [PATCH] Add support to all Scenarios to work with Fedora and RedHat > 7 Disable SSL as currently there are known issues in services to work with python3 + SSL on Fedora. Also fixed following:- - watcher to work without SSL - Handle source /etc/bashrc for users don't have .bashrc created - Install python3-rbd in Fedora and RedHat > 7 Change-Id: I5b67f40ec3c687f5282c65e10b4a1ee1fe5528f3 --- fixtures/scenario001.pp | 29 ++++++++++++++++++++++++++--- fixtures/scenario002.pp | 29 ++++++++++++++++++++++++++--- fixtures/scenario003.pp | 29 ++++++++++++++++++++++++++--- fixtures/scenario004.pp | 29 ++++++++++++++++++++++++++--- functions | 11 +++++++---- manifests/ceph.pp | 11 +++++++++++ manifests/watcher.pp | 6 +++--- run_tests.sh | 6 ++++++ 8 files changed, 131 insertions(+), 19 deletions(-) diff --git a/fixtures/scenario001.pp b/fixtures/scenario001.pp index 6c3c0dc38..5b08c4256 100644 --- a/fixtures/scenario001.pp +++ b/fixtures/scenario001.pp @@ -15,14 +15,35 @@ # if ($::os_package_type == 'debian') { + $wsgi_mod_package = 'libapache2-mod-wsgi-py3' + $wsgi_mod_lib = 'mod_wsgi.so' +} +elsif ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + $wsgi_mod_package = 'python3-mod_wsgi' + $wsgi_mod_lib = 'mod_wsgi_python3.so' +} +if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { include ::apache::params class { '::apache': mod_packages => merge($::apache::params::mod_packages, { - 'wsgi' => 'libapache2-mod-wsgi-py3', + 'wsgi' => $wsgi_mod_package, + }), + mod_libs => merge($::apache::params::mod_libs, { + 'wsgi' => $wsgi_mod_lib, }) } } +if ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + # FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3 + $ssl = false +} else { + $ssl = true +} + case $::osfamily { 'Debian': { $ipv6 = false @@ -46,12 +67,14 @@ case $::osfamily { include ::openstack_integration class { '::openstack_integration::config': - ssl => true, + ssl => $ssl, ipv6 => $ipv6, rpc_backend => $om_rpc, notify_backend => $om_notify, } -include ::openstack_integration::cacert +if $ssl { + include ::openstack_integration::cacert +} include ::openstack_integration::memcached include ::openstack_integration::rabbitmq if ($om_rpc == 'amqp') { diff --git a/fixtures/scenario002.pp b/fixtures/scenario002.pp index 3c0bdb201..ed4cd052a 100644 --- a/fixtures/scenario002.pp +++ b/fixtures/scenario002.pp @@ -15,14 +15,35 @@ # if ($::os_package_type == 'debian') { + $wsgi_mod_package = 'libapache2-mod-wsgi-py3' + $wsgi_mod_lib = 'mod_wsgi.so' +} +elsif ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + $wsgi_mod_package = 'python3-mod_wsgi' + $wsgi_mod_lib = 'mod_wsgi_python3.so' +} +if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { include ::apache::params class { '::apache': mod_packages => merge($::apache::params::mod_packages, { - 'wsgi' => 'libapache2-mod-wsgi-py3', + 'wsgi' => $wsgi_mod_package, + }), + mod_libs => merge($::apache::params::mod_libs, { + 'wsgi' => $wsgi_mod_lib, }) } } +if ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + # FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3 + $ssl = false +} else { + $ssl = true +} + case $::osfamily { 'Debian': { $ipv6 = false @@ -40,10 +61,12 @@ case $::osfamily { include ::openstack_integration class { '::openstack_integration::config': - ssl => true, + ssl => $ssl, ipv6 => $ipv6, } -include ::openstack_integration::cacert +if $ssl { + include ::openstack_integration::cacert +} include ::openstack_integration::memcached include ::openstack_integration::rabbitmq include ::openstack_integration::mysql diff --git a/fixtures/scenario003.pp b/fixtures/scenario003.pp index fcfe0311c..52a26ff59 100644 --- a/fixtures/scenario003.pp +++ b/fixtures/scenario003.pp @@ -15,14 +15,35 @@ # if ($::os_package_type == 'debian') { + $wsgi_mod_package = 'libapache2-mod-wsgi-py3' + $wsgi_mod_lib = 'mod_wsgi.so' +} +elsif ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + $wsgi_mod_package = 'python3-mod_wsgi' + $wsgi_mod_lib = 'mod_wsgi_python3.so' +} +if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { include ::apache::params class { '::apache': mod_packages => merge($::apache::params::mod_packages, { - 'wsgi' => 'libapache2-mod-wsgi-py3', + 'wsgi' => $wsgi_mod_package, + }), + mod_libs => merge($::apache::params::mod_libs, { + 'wsgi' => $wsgi_mod_lib, }) } } +if ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + # FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3 + $ssl = false +} else { + $ssl = true +} + case $::osfamily { 'Debian': { $ipv6 = false @@ -56,10 +77,12 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease include ::openstack_integration class { '::openstack_integration::config': - ssl => true, + ssl => $ssl, ipv6 => $ipv6, } -include ::openstack_integration::cacert +if $ssl { + include ::openstack_integration::cacert +} include ::openstack_integration::memcached include ::openstack_integration::rabbitmq include ::openstack_integration::mysql diff --git a/fixtures/scenario004.pp b/fixtures/scenario004.pp index 999781100..20c3ac4d4 100644 --- a/fixtures/scenario004.pp +++ b/fixtures/scenario004.pp @@ -15,14 +15,35 @@ # if ($::os_package_type == 'debian') { + $wsgi_mod_package = 'libapache2-mod-wsgi-py3' + $wsgi_mod_lib = 'mod_wsgi.so' +} +elsif ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + $wsgi_mod_package = 'python3-mod_wsgi' + $wsgi_mod_lib = 'mod_wsgi_python3.so' +} +if ($::os_package_type == 'debian') or ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { include ::apache::params class { '::apache': mod_packages => merge($::apache::params::mod_packages, { - 'wsgi' => 'libapache2-mod-wsgi-py3', + 'wsgi' => $wsgi_mod_package, + }), + mod_libs => merge($::apache::params::mod_libs, { + 'wsgi' => $wsgi_mod_lib, }) } } +if ($::os['name'] == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + # FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3 + $ssl = false +} else { + $ssl = true +} + if $::operatingsystem == 'Ubuntu' { $ipv6 = false # Watcher packages are not available in Ubuntu repository. @@ -43,11 +64,13 @@ if $::operatingsystem == 'Ubuntu' { include ::openstack_integration class { '::openstack_integration::config': - ssl => true, + ssl => $ssl, ipv6 => $ipv6, } -include ::openstack_integration::cacert +if $ssl { + include ::openstack_integration::cacert +} include ::openstack_integration::memcached include ::openstack_integration::rabbitmq include ::openstack_integration::mysql diff --git a/functions b/functions index 96531a0cd..504fe463f 100644 --- a/functions +++ b/functions @@ -224,10 +224,13 @@ function catch_selinux_alerts() { if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then echo "non-critical RabbitMQ AVC, ignoring it now." # FIXME(ykarel) catch_selinux_alerts not work with non ssl scenarios(no rabbitmq alert), - # currently running scenario-py3 without ssl because glance py3 has issues when - # running with eventlet + ssl: https://bugs.launchpad.net/glance/+bug/1769006 - elif [[ "$SCENARIO" = "scenario-py3" ]]; then - echo "non ssl scenario-py3, ignoring it now." + # currently running all scenarios without ssl in Fedora, and scenario-py3 in CentOS/Fedora, + # because glance,nova,mistral py3 has issues when running with eventlet + ssl: + # glance https://bugs.launchpad.net/glance/+bug/1769006 + # nova https://bugs.launchpad.net/nova/+bug/1808975 + # mistral https://bugs.launchpad.net/mistral/+bug/1808953 + elif [ -f /etc/fedora-release -o "$SCENARIO" = "scenario-py3" ]; then + echo "non ssl scenario, ignoring it now." else echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output." exit 1 diff --git a/manifests/ceph.pp b/manifests/ceph.pp index 48790815a..f285c0e2a 100644 --- a/manifests/ceph.pp +++ b/manifests/ceph.pp @@ -23,6 +23,17 @@ class openstack_integration::ceph ( $ms_bind_ipv6 = undef } + # FIXME(ykarel) python2-rbd is installed as a indirect dependency for 'ceph' package, + # but we need to install python3-rbd in Fedora until 'ceph' package is fixed. + if ($::os_package_type == 'debian') or ($::operatingsystem == 'Fedora') or + ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) { + + ensure_resource('package', 'python3-rbd', { + name => 'python3-rbd', + ensure => 'present', + }) + } + class { '::ceph::profile::params': fsid => '7200aea0-2ddd-4a32-aa2a-d49f66ab554c', manage_repo => false, # repo already managed in openstack_integration::repo diff --git a/manifests/watcher.pp b/manifests/watcher.pp index 22e74b7c4..d4f99fff7 100644 --- a/manifests/watcher.pp +++ b/manifests/watcher.pp @@ -24,9 +24,9 @@ class openstack_integration::watcher { # TODO: Support SSL class { '::watcher::keystone::auth': password => 'a_big_secret', - public_url => "https://${::openstack_integration::config::ip_for_url}:9322", - admin_url => "https://${::openstack_integration::config::ip_for_url}:9322", - internal_url => "https://${::openstack_integration::config::ip_for_url}:9322", + public_url => "${::openstack_integration::config::base_url}:9322", + admin_url => "${::openstack_integration::config::base_url}:9322", + internal_url => "${::openstack_integration::config::base_url}:9322", } class {'::watcher::keystone::authtoken': password => 'a_big_secret', diff --git a/run_tests.sh b/run_tests.sh index c8d2483c9..d35c2eaed 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -85,6 +85,12 @@ if [ -f ~/.gemrc ]; then cat ~/.gemrc | $SUDO tee /root/.gemrc fi +# handle umask issue after "pam" new release, this is needed when run_tests.sh +# is run remotely via ansible using a user which doesn't have .bashrc file +if [ -f /etc/fedora-release -a -f /etc/bashrc ]; then + source /etc/bashrc +fi + print_header 'Clone Tempest, plugins & pre-cache CirrOS' # TODO(pabelanger): Move this into tools/install_tempest.sh and add logic so we # can clone tempest outside of the gate. Also, tempest should be sandboxed into