61ba93a2b0
A recent update to urllib tightened some checks around SSL [1].
This prompted an update to Devstack in order to work properly [2].
Jobs running into this problem without having a SubjectAltName
provided will see an error that looks like:
SSLError: hostname '127.0.0.1' doesn't match either of
'127.0.0.1', 'localhost'
Let's also update the certificates to provide the SubjectAltName
and provide a way to easily update the certificates if required
in the future.
[1]: df9d503a8e/CHANGES.rst (118-2016-09-26)
[2]: https://git.openstack.org/cgit/openstack-dev/devstack/commit/?id=69e3c0aac99981f17c76c22111e5c397824b8428
Change-Id: I94a586b333ba6a99ef831c853a19ab127b502d6f
puppet-openstack-integration
Table of Contents
- Overview - What is Puppet OpenStack Integration?
- Description - What does the project do?
- Development - Guide for contributing
- All-in-one - How to deploy a cloud with Puppet
- Contributors - Those with commits
Overview
Puppet OpenStack Integration makes sure we can continuously test and validate OpenStack setups deployed with Puppet modules. The repository itself contains some scripts and Puppet manifests that help to deploy OpenStack in OpenStack Infrastructure environment.
Description
OpenStack Infrastructure is deploying three jobs per supported Operating System (Ubuntu and CentOS): scenario001, scenario002 and scenario003.
OpenStack services are balanced between three scenarios because OpenStack Infastructure Jenkins slaves can not afford the load of running everything on the same node. One manifest (scenario-aio) is used for people who want to run a simple All-In-One scenario.
| - | scenario001 | scenario002 | scenario003 | scenario-aio |
|---|---|---|---|---|
| ssl | yes | yes | yes | no |
| ipv6 | centos7 | centos7 | centos7 | no |
| keystone | X | X | X | X |
| tokens | uuid | uuid | fernet | uuid |
| glance | rbd | swift | file | file |
| nova | rbd | X | X | X |
| neutron | ovs | ovs | linuxbridge | ovs |
| lbaas | v2 | v2 | v2 | v2 |
| cinder | rbd | iscsi | iscsi | |
| ceilometer | X | |||
| aodh | X | |||
| designate | bind | |||
| gnocchi | rbd | |||
| heat | X | |||
| swift | X | |||
| sahara | X | |||
| trove | X | |||
| horizon | X | X | ||
| ironic | X | |||
| zaqar | X | |||
| barbican | X | |||
| ceph | X | |||
| mongodb | X |
When the Jenkins slave is created, the run_tests.sh script will executed. This script will execute install_modules.sh that prepare /etc/puppet/modules with all Puppet modules dependencies.
Then, it will execute Puppet a first time by applying a scenario manifest. If the first run executes without error, a second Puppet run will be executed to verify there is no change in the catalog and make sure the Puppet run is idempotent.
If Puppet runs are successful, the script will run Tempest Smoke tests, that will execute some scenarios & API tests. It covers what we want to validate, and does not take too much time.
Development
Developer documentation for the entire Puppet OpenStack project:
Note: SSL Certificates
puppet-openstack-integration ships it's own SSL keys and certificates in order to be able to test implementations secured over SSL/TLS.
It doesn't re-generate new ones every time for the sake of simplicity: we're not testing that we can generate certificates properly, we're testing services.
The configuration as well as the commands used to generate these keys and certificates are stored in the contrib directory.
All-In-One
If you're new in Puppet OpenStack and you want to deploy an All-In-One setup of an OpenStack Cloud with the Puppet modules, please follow the steps:
git clone git://git.openstack.org/openstack/puppet-openstack-integration
cd puppet-openstack-integration
./all-in-one.sh
or
curl -sL http://git.openstack.org/cgit/openstack/puppet-openstack-integration/plain/all-in-one.sh | bash
Look at Description to see which services it will install (scenario-aio).