heat_template_version: 2015-04-30 description: > OpenStack controller node configured by Puppet. parameters: AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminToken: default: unset description: The keystone auth secret and db password. type: string hidden: true CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. type: string CeilometerMeteringSecret: default: unset description: Secret shared by the ceilometer services. type: string hidden: true CeilometerPassword: default: unset description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder type: boolean CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder type: boolean CinderEnableRbdBackend: default: false description: Whether to enable or not the Rbd backend for Cinder type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number CinderNfsMountOptions: default: '' description: > Mount options for NFS mounts used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. type: string CinderNfsServers: default: '' description: > NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. type: comma_delimited_list CinderPassword: default: unset description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CinderBackendConfig: default: {} description: Contains parameters to configure Cinder backends. Typically set via parameter_defaults in the resource registry. type: json CloudName: default: '' description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string ControllerExtraConfig: default: {} description: | Controller specific hiera configuration data to inject into the cluster. type: json ControlVirtualInterface: default: 'br-ex' description: Interface where virtual ip will be assigned. type: string Debug: default: '' description: Set to True to enable debugging on all services. type: string EnableFencing: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean EnableGalera: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean EnableCephStorage: default: false description: Whether to deploy Ceph Storage (OSD) on the Controller type: boolean EnableSwiftStorage: default: true description: Whether to enable Swift Storage on the Controller type: boolean ExtraConfig: default: {} description: | Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json FencingConfig: default: {} description: | Pacemaker fencing configuration. The JSON should have the following structure: { "devices": [ { "agent": "AGENT_NAME", "host_mac": "HOST_MAC_ADDRESS", "params": {"PARAM_NAME": "PARAM_VALUE"} } ] } For instance: { "devices": [ { "agent": "fence_xvm", "host_mac": "52:54:00:aa:bb:cc", "params": { "multicast_address": "225.0.0.12", "port": "baremetal_0", "manage_fw": true, "manage_key_file": true, "key_file": "/etc/fence_xvm.key", "key_file_password": "abcdef" } } ] } type: json Flavor: description: Flavor for control nodes to request when deploying. type: string constraints: - custom_constraint: nova.flavor GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string default: noop GlanceLogFile: description: The filepath of the file to use for logging messages from Glance. type: string default: '' GlancePassword: default: unset description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: default: "9292" description: Glance port. type: string GlanceProtocol: default: http description: Protocol to use when connecting to glance, set to https for SSL. type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one of swift, rbd, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: default: unset description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: description: Password for heat_domain_admin user. type: string default: '' hidden: true HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string HorizonSecret: description: Secret key for Django type: string Image: type: string default: overcloud-control constraints: - custom_constraint: glance.image ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances type: string constraints: - custom_constraint: nova.keypair KeystoneCACertificate: default: '' description: Keystone self-signed certificate authority certificate. type: string KeystoneSigningCertificate: default: '' description: Keystone certificate for verifying token validity. type: string KeystoneSigningKey: default: '' description: Keystone key for signing tokens. type: string hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. type: string KeystoneSSLCertificateKey: default: '' description: Keystone key for signing tokens. type: string hidden: true KeystoneNotificationDriver: description: Comma-separated list of Oslo notification drivers used by Keystone default: ['messaging'] type: comma_delimited_list KeystoneNotificationFormat: description: The Keystone notification format default: 'basic' type: string constraints: - allowed_values: [ 'basic', 'cadf' ] MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string default: 'unset' # Has to be here because of the ignored empty value bug # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 # constraints: # - length: {min: 4, max: 10} MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to zero should be interpreted as "no value" and will defer to the lower level default. type: number default: 0 MysqlMaxConnections: description: Configures MySQL max_connections config setting type: number default: 4096 MysqlRootPassword: type: string hidden: true default: '' # Has to be here because of the ignored empty value bug NeutronExternalNetworkBridge: description: Name of bridge used for external network traffic. type: string default: 'br-ex' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron documentation for details. Defaults to mapping br-ex - the external bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network scripts or be sure to keep 'datacentre' as a mapping network name. type: string de
#!/usr/bin/env python

# Copyright (c) 2020 Orange and others.
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0

"""
The CNF Conformance program enables interoperability of Cloud native Network
Functions (CNFs) from multiple vendors running on top of Kubernetes supplied by
different vendors [1].
[1] https://github.com/cncf/cnf-conformance
"""

from __future__ import division

import fnmatch
import logging
import os
import re
import shutil
import subprocess
import time
import yaml

import prettytable

from xtesting.core import testcase


class CNFConformance(testcase.TestCase):
    """ Implement CNF Conformance driver.

    https://hackmd.io/@vulk/SkY54QnsU
    """

    src_dir = '/src/cnf-conformance'
    bin_dir = '/usr/local/bin'
    default_tag = 'all'

    __logger = logging.getLogger(__name__)

    def __init__(self, **kwargs):
        super(CNFConformance, self).__init__(**kwargs)
        self.output_log_name = 'functest-kubernetes.log'
        self.output_debug_log_name = 'functest-kubernetes.debug.log'

    def check_requirements(self):
        """Check if cnf-conformance is in $PATH"""
        if not os.path.exists(os.path.join(self.bin_dir, 'cnf-conformance')):
            self.__logger.warning(
                "cnf-conformance is not compiled for arm and arm64 for the "
                "time being")
            self.is_skipped = True

    def setup(self):
        """Implement initialization and pre-reqs steps"""
        if os.path.exists(self.res_dir):
            shutil.rmtree(self.res_dir)
        os.makedirs(self.res_dir)
        shutil.copy2(os.path.join(self.src_dir, 'points.yml'), self.res_dir)
        shutil.copy2(
            os.path.join(self.src_dir, 'cnf-conformance.yml'), self.res_dir)
        os.chdir(self.res_dir)
        # cnf-conformance must be in the working dir
        # https://github.com/cncf/cnf-conformance/issues/388
        if not os.path.exists(os.path.join(self.res_dir, 'cnf-conformance')):
            os.symlink(
                os.path.join(self.bin_dir, 'cnf-conformance'),
                os.path.join(self.res_dir, 'cnf-conformance'))
        cmd = ['cnf-conformance', 'setup']
        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
        self.__logger.info("%s\n%s", " ".join(cmd), output.decode("utf-8"))
        cmd = ['cnf-conformance', 'cnf_setup',
               'cnf-config=cnf-conformance.yml']
        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
        self.__logger.info("%s\n%s", " ".join(cmd), output.decode("utf-8"))

    def run_conformance(self, **kwargs):
        """Run CNF Conformance"""
        # a previous results.yml leads to interactive mode
        if os.path.exists(os.path.join(self.res_dir, 'results.yml')):
            os.remove(os.path.join(self.res_dir, 'results.yml'))
        cmd = ['cnf-conformance', kwargs.get("tag", self.default_tag)]
        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
        self.__logger.info("%s\n%s", " ".join(cmd), output.decode("utf-8"))
        for lfile in os.listdir(self.res_dir):
            if fnmatch.fnmatch(lfile, 'cnf-conformance-results-*.yml'):
                with open(os.path.join(self.res_dir, lfile)) as yfile:
                    self.details = yaml.safe_load(yfile)
                    msg = prettytable.PrettyTable(
                        header_style='upper', padding_width=5,
                        field_names=['name', 'status'])
                    for item in self.details['items']:
                        msg.add_row([item['name'], item['status']])
                    self.__logger.info("\n\n%s\n", msg.get_string())
        grp = re.search(r'Final score: (\d+) of (\d+)', output.decode("utf-8"))
        if grp:
            self.result = int(grp.group(1)) / int(grp.group(2)) * 100

    def run(self, **kwargs):
        """"Running the test with example CNF"""
        self.start_time = time.time()
        try:
            self.setup()
            self.run_conformance(**kwargs)
        except Exception:  # pylint: disable=broad-except
            self.__logger.exception("Can not run CNF Conformance")
        self.stop_time = time.time()

    def clean(self):
        cmd = ['cnf-conformance', 'cnf_cleanup',
               'cnf-config=cnf-conformance.yml']
        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
        self.__logger.info("%s\n%s", " ".join(cmd), output.decode("utf-8"))
        shutil.rmtree(os.path.join(self.res_dir, 'tools'), ignore_errors=True)
        shutil.rmtree(os.path.join(self.res_dir, 'cnfs'), ignore_errors=True)
        for lfile in os.listdir(self.res_dir):
            if not fnmatch.fnmatch(lfile, 'cnf-conformance-results-*.yml'):
                os.remove(os.path.join(self.res_dir, lfile))
igning_key} keystone_signing_certificate: {get_input: keystone_signing_certificate} keystone_ssl_certificate: {get_input: keystone_ssl_certificate} keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} keystone::database_connection: {get_input: keystone_dsn} keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} keystone::db::mysql::password: {get_input: admin_token} keystone::rabbit_userid: {get_input: rabbit_username} keystone::rabbit_password: {get_input: rabbit_password} keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} keystone::rabbit_port: {get_input: rabbit_client_port} keystone::notification_driver: {get_input: keystone_notification_driver} keystone::notification_format: {get_input: keystone_notification_format} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} enable_ceph_storage: {get_input: enable_ceph_storage} enable_swift_storage: {get_input: enable_swift_storage} mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} mysql_cluster_name: {get_input: mysql_cluster_name} mysql_bind_host: {get_input: mysql_network} mysql_virtual_ip: {get_input: mysql_virtual_ip} # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_user} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron::debug: {get_input: debug} neutron::server::auth_uri: {get_input: keystone_auth_uri} neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron_flat_networks: {get_input: neutron_flat_networks} neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron::server::l3_ha: {get_input: neutron_l3_ha} neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} neutron_bridge_mappings: {get_input: neutron_bridge_mappings} neutron_public_interface: {get_input: neutron_public_interface} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} neutron_public_interface_tag: {get_input: neutron_public_interface_tag} neutron_tenant_network_type: {get_input: neutron_tenant_network_type} neutron_tunnel_types: {get_input: neutron_tunnel_types} neutron::server::auth_password: {get_input: neutron_password} neutron::agents::metadata::auth_password: {get_input: neutron_password} neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} ceilometer::metering_secret: {get_input: ceilometer_metering_secret} ceilometer::rabbit_userid: {get_input: rabbit_username} ceilometer::rabbit_password: {get_input: rabbit_password} ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} ceilometer::rabbit_port: {get_input: rabbit_client_port} ceilometer::debug: {get_input: debug} ceilometer::api::host: {get_input: ceilometer_api_network} ceilometer::api::keystone_password: {get_input: ceilometer_password} ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} nova::rabbit_port: {get_input: rabbit_client_port} nova::debug: {get_input: debug} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} nova::database_connection: {get_input: nova_dsn} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} # Horizon apache::ip: {get_input: horizon_network} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} # Misc memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre properties: server: {get_resource: Controller} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate UpdateDeployment: type: OS::Heat::SoftwareDeployment properties: config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: update_identifier: get_param: UpdateIdentifier outputs: ip_address: description: IP address of the server in the ctlplane network value: {get_attr: [Controller, networks, ctlplane, 0]} external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} internal_api_ip_address: description: IP address of the server in the internal_api network value: {get_attr: [InternalApiPort, ip_address]} storage_ip_address: description: IP address of the server in the storage network value: {get_attr: [StoragePort, ip_address]} storage_mgmt_ip_address: description: IP address of the server in the storage_mgmt network value: {get_attr: [StorageMgmtPort, ip_address]} tenant_ip_address: description: IP address of the server in the tenant network value: {get_attr: [TenantPort, ip_address]} hostname: description: Hostname of the server value: {get_attr: [Controller, name]} corosync_node: description: > Node object in the format {ip: ..., name: ...} format that the corosync element expects value: ip: {get_attr: [Controller, networks, ctlplane, 0]} name: {get_attr: [Controller, name]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format value: str_replace: template: IP HOST.localdomain HOST CLOUDNAME params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} HOST: {get_attr: [Controller, name]} CLOUDNAME: {get_param: CloudName} nova_server_resource: description: Heat resource handle for the Nova compute server value: {get_resource: Controller} swift_device: description: Swift device formatted for swift-ring-builder value: str_replace: template: 'r1z1-IP:%PORT%/d1' params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift_proxy_memcache: description: Swift proxy-memcache value value: str_replace: template: "IP:11211" params: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} config_identifier: description: identifier which changes if the controller configuration may need re-applying value: list_join: - ',' - - {get_attr: [ControllerDeployment, deploy_stdout]} - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - {get_param: UpdateIdentifier}