summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--xci/infra/bifrost/playbooks/opnfv-virtual.yml6
-rw-r--r--xci/installer/kubespray/playbooks/configure-opnfvhost.yml3
-rw-r--r--xci/installer/kubespray/playbooks/configure-targethosts.yml2
-rw-r--r--xci/installer/osa/files/ansible-role-requirements.yml4
-rw-r--r--xci/installer/osa/files/ha/user_variables.yml2
-rw-r--r--xci/installer/osa/files/mini/user_variables.yml2
-rw-r--r--xci/installer/osa/files/noha/user_variables.yml2
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml5
-rw-r--r--xci/playbooks/manage-ssl-certs.yml32
-rw-r--r--xci/playbooks/roles/prepare-tests/tasks/main.yml6
-rw-r--r--xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j247
11 files changed, 105 insertions, 6 deletions
diff --git a/xci/infra/bifrost/playbooks/opnfv-virtual.yml b/xci/infra/bifrost/playbooks/opnfv-virtual.yml
index 68d76cfc..abac7ba2 100644
--- a/xci/infra/bifrost/playbooks/opnfv-virtual.yml
+++ b/xci/infra/bifrost/playbooks/opnfv-virtual.yml
@@ -128,10 +128,6 @@
setup:
delegate_to: opnfv
delegate_facts: False
- - name: "Override default bifrost DNS if we are behind a proxy"
- set_fact:
- ipv4_nameserver: "192.168.122.1"
- when: lookup('env','http_proxy') != ''
- name: Find network interface in the OPNFV node
set_fact:
network_interface: "{{ ansible_default_ipv4.interface }}"
@@ -147,6 +143,8 @@
- import_role:
name: bifrost-configdrives-dynamic
private: True
+ vars:
+ ipv4_namesever: "{{ ipv4_nameserver | ((lookup('env','http_proxy') != '') | ternary('192.168.122.1', '8.8.8.8')) }}"
delegate_to: opnfv
- import_role:
name: bifrost-deploy-nodes-dynamic
diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
index 82ece961..11866bd3 100644
--- a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
@@ -100,6 +100,9 @@
- { name: 'netaddr' }
- { name: 'ansible-modules-hashivault' }
+ - name: Configure SSL certificates
+ include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
+
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml
index 859460c6..7989bfb6 100644
--- a/xci/installer/kubespray/playbooks/configure-targethosts.yml
+++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml
@@ -37,4 +37,6 @@
when: xci_flavor == 'ha'
- role: "haproxy_server"
haproxy_service_configs: "{{ haproxy_default_services}}"
+ haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+ haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
when: xci_flavor == 'ha'
diff --git a/xci/installer/osa/files/ansible-role-requirements.yml b/xci/installer/osa/files/ansible-role-requirements.yml
index c958a2fc..50be6a00 100644
--- a/xci/installer/osa/files/ansible-role-requirements.yml
+++ b/xci/installer/osa/files/ansible-role-requirements.yml
@@ -64,8 +64,8 @@
- name: openstack_openrc
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-openstack_openrc
- version: 3b31242d4ecde28ac747dff83568f202112c79bf
- refspec: refs/changes/78/598978/2
+ version: 82730e54cf4dfc7c2f507e067dff53d10ffb36d0
+ refspec: refs/changes/05/600005/1
- name: os_aodh
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-os_aodh
diff --git a/xci/installer/osa/files/ha/user_variables.yml b/xci/installer/osa/files/ha/user_variables.yml
index 8c2e9f0c..abbe688e 100644
--- a/xci/installer/osa/files/ha/user_variables.yml
+++ b/xci/installer/osa/files/ha/user_variables.yml
@@ -164,5 +164,7 @@ openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/files/mini/user_variables.yml b/xci/installer/osa/files/mini/user_variables.yml
index b4d847bc..db956e38 100644
--- a/xci/installer/osa/files/mini/user_variables.yml
+++ b/xci/installer/osa/files/mini/user_variables.yml
@@ -164,5 +164,7 @@ openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/files/noha/user_variables.yml b/xci/installer/osa/files/noha/user_variables.yml
index 5e7ed83c..b9fd2e89 100644
--- a/xci/installer/osa/files/noha/user_variables.yml
+++ b/xci/installer/osa/files/noha/user_variables.yml
@@ -164,5 +164,7 @@ openrc_os_endpoint_type: "publicURL"
openrc_clouds_yml_interface: "public"
openrc_region_name: RegionOne
openrc_insecure: true
+haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt"
+haproxy_user_ssl_key: "/etc/ssl/private/xci.key"
keystone_service_adminuri_insecure: true
keystone_service_internaluri_insecure: true
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 4fc966a3..994a2607 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -175,6 +175,11 @@
chdir: "{{openstack_osa_path}}/scripts"
changed_when: True
+ - name: Configure SSL certificates
+ include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
+ vars:
+ extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"
+
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml
new file mode 100644
index 00000000..d0c5c518
--- /dev/null
+++ b/xci/playbooks/manage-ssl-certs.yml
@@ -0,0 +1,32 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE Linux GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: Install required pip packages for SSL
+ pip:
+ name: pyOpenSSL
+ state: present
+ extra_args: "{{ extra_args | default(omit) }}"
+
+- name: Generate XCI private key
+ openssl_privatekey:
+ path: /etc/ssl/private/xci.key
+ size: 2048
+
+- name: Generate XCI certificate request
+ openssl_csr:
+ privatekey_path: /etc/ssl/private/xci.key
+ path: /etc/ssl/private/xci.csr
+ common_name: "{{ xci_ssl_subject }}"
+
+- name: Generate XCI self signed certificate
+ openssl_certificate:
+ path: /etc/ssl/certs/xci.crt
+ privatekey_path: /etc/ssl/private/xci.key
+ csr_path: /etc/ssl/private/xci.csr
+ provider: selfsigned
+ selfsigned_not_after: 20800101000000Z
diff --git a/xci/playbooks/roles/prepare-tests/tasks/main.yml b/xci/playbooks/roles/prepare-tests/tasks/main.yml
index b75965df..1512bbab 100644
--- a/xci/playbooks/roles/prepare-tests/tasks/main.yml
+++ b/xci/playbooks/roles/prepare-tests/tasks/main.yml
@@ -57,3 +57,9 @@
src: run-functest.sh.j2
dest: /root/run-functest.sh
mode: 0755
+
+- name: create the script to run yardstick
+ template:
+ src: run-yardstick.sh.j2
+ dest: /root/run-yardstick.sh
+ mode: 0755
diff --git a/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2 b/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2
new file mode 100644
index 00000000..1cb43be2
--- /dev/null
+++ b/xci/playbooks/roles/prepare-tests/templates/run-yardstick.sh.j2
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Create directory to store yardstick logs
+mkdir -p /root/yardstick-results/
+
+# Dump the env file
+echo "------------------------------------------------------"
+echo "------------- yardstick environment file --------------"
+cat /root/env
+echo "------------------------------------------------------"
+
+# we need to ensure the necessary environment variables are sourced
+source /root/env
+
+{% if 'os-' in deploy_scenario %}
+{# stuff needed for OpenStack based scenarios #}
+rc_file_vol="-v /root/openrc:/etc/yardstick/openstack.creds"
+{% else %}
+{# k8 scenario name is hardcoded for the timebeing until we clarify #}
+{# which suite name we should use for the scenarios without yardstick suites #}
+DEPLOY_SCENARIO="k8-nosdn-nofeature-noha"
+rc_file_vol="-v /root/admin.conf:/etc/yardstick/admin.conf"
+{% endif %}
+
+OS_CACERT="/etc/ssl/certs/xci.crt"
+DOCKER_IMAGE_NAME="opnfv/yardstick"
+YARDSTICK_SCENARIO_SUITE_NAME="opnfv_${DEPLOY_SCENARIO}_daily.yaml"
+
+# add OS_CACERT to openrc
+echo "export OS_CACERT=/etc/yardstick/os_cacert" >> ~/openrc
+
+opts="--privileged=true --rm"
+envs="-e INSTALLER_TYPE=$INSTALLER_TYPE -e INSTALLER_IP=$INSTALLER_IP \
+ -e NODE_NAME=$NODE_NAME -e EXTERNAL_NETWORK=$EXTERNAL_NETWORK \
+ -e YARDSTICK_BRANCH=master -e BRANCH=master \
+ -e DEPLOY_SCENARIO=$DEPLOY_SCENARIO -e CI_DEBUG=true"
+cacert_file_vol="-v $OS_CACERT:/etc/yardstick/os_cacert"
+map_log_dir="-v /root/yardstick-results:/tmp/yardstick"
+sshkey="-v /root/.ssh/id_rsa:/root/.ssh/id_rsa"
+cmd="sudo docker run ${opts} ${envs} ${rc_file_vol} ${cacert_file_vol} \
+ ${map_log_dir} ${sshkey} ${DOCKER_IMAGE_NAME} \
+ exec_tests.sh ${YARDSTICK_SCENARIO_SUITE_NAME}"
+echo "Running yardstick with the command"
+echo "------------------------------------------------------"
+echo $cmd
+echo "------------------------------------------------------"
+$cmd