| #!/usr/bin/env python |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. You may obtain |
| # a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations |
| # under the License. |
| |
| """Javelin is a tool for creating, verifying, and deleting a small set of |
| resources in a declarative way. |
| |
| Javelin is meant to be used as a way to validate quickly that resources can |
| survive an upgrade process. |
| |
| Authentication |
| -------------- |
| |
| Javelin will be creating (and removing) users and tenants so it needs the admin |
| credentials of your cloud to operate properly. The corresponding info can be |
| given the usual way, either through CLI options or environment variables. |
| |
| You're probably familiar with these, but just in case:: |
| |
| +----------+------------------+----------------------+ |
| | Param | CLI | Environment Variable | |
| +----------+------------------+----------------------+ |
| | Username | --os-username | OS_USERNAME | |
| | Password | --os-password | OS_PASSWORD | |
| | Tenant | --os-tenant-name | OS_TENANT_NAME | |
| +----------+------------------+----------------------+ |
| |
| |
| Runtime Arguments |
| ----------------- |
| |
| **-m/--mode**: (Required) Has to be one of 'check', 'create' or 'destroy'. It |
| indicates which actions javelin is going to perform. |
| |
| **-r/--resources**: (Required) The path to a YAML file describing the resources |
| used by Javelin. |
| |
| **-d/--devstack-base**: (Required) The path to the devstack repo used to |
| retrieve artefacts (like images) that will be referenced in the resource files. |
| |
| **-c/--config-file**: (Optional) The path to a valid Tempest config file |
| describing your cloud. Javelin may use this to determine if certain services |
| are enabled and modify its behavior accordingly. |
| |
| |
| Resource file |
| ------------- |
| |
| The resource file is a valid YAML file describing the resources that will be |
| created, checked and destroyed by javelin. Here's a canonical example of a |
| resource file:: |
| |
| tenants: |
| - javelin |
| - discuss |
| |
| users: |
| - name: javelin |
| pass: gungnir |
| tenant: javelin |
| - name: javelin2 |
| pass: gungnir2 |
| tenant: discuss |
| |
| # resources that we want to create |
| images: |
| - name: javelin_cirros |
| owner: javelin |
| file: cirros-0.3.2-x86_64-blank.img |
| disk_format: ami |
| container_format: ami |
| aki: cirros-0.3.2-x86_64-vmlinuz |
| ari: cirros-0.3.2-x86_64-initrd |
| |
| servers: |
| - name: peltast |
| owner: javelin |
| flavor: m1.small |
| image: javelin_cirros |
| floating_ip_pool: public |
| - name: hoplite |
| owner: javelin |
| flavor: m1.medium |
| image: javelin_cirros |
| |
| |
| An important piece of the resource definition is the *owner* field, which is |
| the user (that we've created) that is the owner of that resource. All |
| operations on that resource will happen as that regular user to ensure that |
| admin level access does not mask issues. |
| |
| The check phase will act like a unit test, using well known assert methods to |
| verify that the correct resources exist. |
| |
| """ |
| |
| import argparse |
| import collections |
| import datetime |
| import os |
| import sys |
| import unittest |
| |
| import netaddr |
| from oslo_log import log as logging |
| from oslo_utils import timeutils |
| import six |
| from tempest_lib import auth |
| from tempest_lib import exceptions as lib_exc |
| from tempest_lib.services.compute import flavors_client |
| from tempest_lib.services.compute import floating_ips_client |
| from tempest_lib.services.compute import security_group_rules_client |
| from tempest_lib.services.compute import security_groups_client |
| from tempest_lib.services.compute import servers_client |
| import yaml |
| |
| from tempest.common import identity |
| from tempest.common import waiters |
| from tempest import config |
| from tempest.services.identity.v2.json import identity_client |
| from tempest.services.identity.v2.json import roles_client |
| from tempest.services.identity.v2.json import tenants_client |
| from tempest.services.image.v2.json import images_client |
| from tempest.services.network.json import network_client |
| from tempest.services.network.json import subnets_client |
| from tempest.services.object_storage import container_client |
| from tempest.services.object_storage import object_client |
| from tempest.services.telemetry.json import alarming_client |
| from tempest.services.telemetry.json import telemetry_client |
| from tempest.services.volume.v1.json import volumes_client |
| |
| CONF = config.CONF |
| OPTS = {} |
| USERS = {} |
| RES = collections.defaultdict(list) |
| |
| LOG = None |
| |
| JAVELIN_START = datetime.datetime.utcnow() |
| |
| |
| class OSClient(object): |
| _creds = None |
| identity = None |
| servers = None |
| |
| def __init__(self, user, pw, tenant): |
| default_params = { |
| 'disable_ssl_certificate_validation': |
| CONF.identity.disable_ssl_certificate_validation, |
| 'ca_certs': CONF.identity.ca_certificates_file, |
| 'trace_requests': CONF.debug.trace_requests |
| } |
| default_params_with_timeout_values = { |
| 'build_interval': CONF.compute.build_interval, |
| 'build_timeout': CONF.compute.build_timeout |
| } |
| default_params_with_timeout_values.update(default_params) |
| |
| compute_params = { |
| 'service': CONF.compute.catalog_type, |
| 'region': CONF.compute.region or CONF.identity.region, |
| 'endpoint_type': CONF.compute.endpoint_type, |
| 'build_interval': CONF.compute.build_interval, |
| 'build_timeout': CONF.compute.build_timeout |
| } |
| compute_params.update(default_params) |
| |
| object_storage_params = { |
| 'service': CONF.object_storage.catalog_type, |
| 'region': CONF.object_storage.region or CONF.identity.region, |
| 'endpoint_type': CONF.object_storage.endpoint_type |
| } |
| object_storage_params.update(default_params) |
| |
| _creds = auth.KeystoneV2Credentials( |
| username=user, |
| password=pw, |
| tenant_name=tenant) |
| auth_provider_params = { |
| 'disable_ssl_certificate_validation': |
| CONF.identity.disable_ssl_certificate_validation, |
| 'ca_certs': CONF.identity.ca_certificates_file, |
| 'trace_requests': CONF.debug.trace_requests |
| } |
| _auth = auth.KeystoneV2AuthProvider( |
| _creds, CONF.identity.uri, **auth_provider_params) |
| self.identity = identity_client.IdentityClient( |
| _auth, |
| CONF.identity.catalog_type, |
| CONF.identity.region, |
| endpoint_type='adminURL', |
| **default_params_with_timeout_values) |
| self.tenants = tenants_client.TenantsClient( |
| _auth, |
| CONF.identity.catalog_type, |
| CONF.identity.region, |
| endpoint_type='adminURL', |
| **default_params_with_timeout_values) |
| self.roles = roles_client.RolesClient( |
| _auth, |
| CONF.identity.catalog_type, |
| CONF.identity.region, |
| endpoint_type='adminURL', |
| **default_params_with_timeout_values) |
| self.servers = servers_client.ServersClient(_auth, |
| **compute_params) |
| self.flavors = flavors_client.FlavorsClient(_auth, |
| **compute_params) |
| self.floating_ips = floating_ips_client.FloatingIPsClient( |
| _auth, **compute_params) |
| self.secgroups = security_groups_client.SecurityGroupsClient( |
| _auth, **compute_params) |
| self.secrules = security_group_rules_client.SecurityGroupRulesClient( |
| _auth, **compute_params) |
| self.objects = object_client.ObjectClient(_auth, |
| **object_storage_params) |
| self.containers = container_client.ContainerClient( |
| _auth, **object_storage_params) |
| self.images = images_client.ImagesClientV2( |
| _auth, |
| CONF.image.catalog_type, |
| CONF.image.region or CONF.identity.region, |
| endpoint_type=CONF.image.endpoint_type, |
| build_interval=CONF.image.build_interval, |
| build_timeout=CONF.image.build_timeout, |
| **default_params) |
| self.telemetry = telemetry_client.TelemetryClient( |
| _auth, |
| CONF.telemetry.catalog_type, |
| CONF.identity.region, |
| endpoint_type=CONF.telemetry.endpoint_type, |
| **default_params_with_timeout_values) |
| self.alarming = alarming_client.AlarmingClient( |
| _auth, |
| CONF.alarm.catalog_type, |
| CONF.identity.region, |
| endpoint_type=CONF.alarm.endpoint_type, |
| **default_params_with_timeout_values) |
| self.volumes = volumes_client.VolumesClient( |
| _auth, |
| CONF.volume.catalog_type, |
| CONF.volume.region or CONF.identity.region, |
| endpoint_type=CONF.volume.endpoint_type, |
| build_interval=CONF.volume.build_interval, |
| build_timeout=CONF.volume.build_timeout, |
| **default_params) |
| self.networks = network_client.NetworkClient( |
| _auth, |
| CONF.network.catalog_type, |
| CONF.network.region or CONF.identity.region, |
| endpoint_type=CONF.network.endpoint_type, |
| build_interval=CONF.network.build_interval, |
| build_timeout=CONF.network.build_timeout, |
| **default_params) |
| self.subnets = subnets_client.SubnetsClient( |
| _auth, |
| CONF.network.catalog_type, |
| CONF.network.region or CONF.identity.region, |
| endpoint_type=CONF.network.endpoint_type, |
| build_interval=CONF.network.build_interval, |
| build_timeout=CONF.network.build_timeout, |
| **default_params) |
| |
| |
| def load_resources(fname): |
| """Load the expected resources from a yaml file.""" |
| return yaml.load(open(fname, 'r')) |
| |
| |
| def keystone_admin(): |
| return OSClient(OPTS.os_username, OPTS.os_password, OPTS.os_tenant_name) |
| |
| |
| def client_for_user(name): |
| LOG.debug("Entering client_for_user") |
| if name in USERS: |
| user = USERS[name] |
| LOG.debug("Created client for user %s" % user) |
| return OSClient(user['name'], user['pass'], user['tenant']) |
| else: |
| LOG.error("%s not found in USERS: %s" % (name, USERS)) |
| |
| |
| ################### |
| # |
| # TENANTS |
| # |
| ################### |
| |
| |
| def create_tenants(tenants): |
| """Create tenants from resource definition. |
| |
| Don't create the tenants if they already exist. |
| """ |
| admin = keystone_admin() |
| body = admin.tenants.list_tenants()['tenants'] |
| existing = [x['name'] for x in body] |
| for tenant in tenants: |
| if tenant not in existing: |
| admin.tenants.create_tenant(tenant)['tenant'] |
| else: |
| LOG.warn("Tenant '%s' already exists in this environment" % tenant) |
| |
| |
| def destroy_tenants(tenants): |
| admin = keystone_admin() |
| for tenant in tenants: |
| tenant_id = identity.get_tenant_by_name(admin.tenant, tenant)['id'] |
| admin.tenants.delete_tenant(tenant_id) |
| |
| ############## |
| # |
| # USERS |
| # |
| ############## |
| |
| |
| def _users_for_tenant(users, tenant): |
| u_for_t = [] |
| for user in users: |
| for n in user: |
| if user[n]['tenant'] == tenant: |
| u_for_t.append(user[n]) |
| return u_for_t |
| |
| |
| def _tenants_from_users(users): |
| tenants = set() |
| for user in users: |
| for n in user: |
| tenants.add(user[n]['tenant']) |
| return tenants |
| |
| |
| def _assign_swift_role(user, swift_role): |
| admin = keystone_admin() |
| roles = admin.roles.list_roles() |
| role = next(r for r in roles if r['name'] == swift_role) |
| LOG.debug(USERS[user]) |
| try: |
| admin.roles.assign_user_role( |
| USERS[user]['tenant_id'], |
| USERS[user]['id'], |
| role['id']) |
| except lib_exc.Conflict: |
| # don't care if it's already assigned |
| pass |
| |
| |
| def create_users(users): |
| """Create tenants from resource definition. |
| |
| Don't create the tenants if they already exist. |
| """ |
| global USERS |
| LOG.info("Creating users") |
| admin = keystone_admin() |
| for u in users: |
| try: |
| tenant = identity.get_tenant_by_name(admin.tenants, u['tenant']) |
| except lib_exc.NotFound: |
| LOG.error("Tenant: %s - not found" % u['tenant']) |
| continue |
| try: |
| identity.get_user_by_username(admin.identity, |
| tenant['id'], u['name']) |
| LOG.warn("User '%s' already exists in this environment" |
| % u['name']) |
| except lib_exc.NotFound: |
| admin.identity.create_user( |
| u['name'], u['pass'], tenant['id'], |
| "%s@%s" % (u['name'], tenant['id']), |
| enabled=True) |
| |
| |
| def destroy_users(users): |
| admin = keystone_admin() |
| for user in users: |
| tenant_id = identity.get_tenant_by_name(admin.tenants, |
| user['tenant'])['id'] |
| user_id = identity.get_user_by_username(admin.identity, |
| tenant_id, user['name'])['id'] |
| admin.identity.delete_user(user_id) |
| |
| |
| def collect_users(users): |
| global USERS |
| LOG.info("Collecting users") |
| admin = keystone_admin() |
| for u in users: |
| tenant = identity.get_tenant_by_name(admin.tenants, u['tenant']) |
| u['tenant_id'] = tenant['id'] |
| USERS[u['name']] = u |
| body = identity.get_user_by_username(admin.identity, |
| tenant['id'], u['name']) |
| USERS[u['name']]['id'] = body['id'] |
| |
| |
| class JavelinCheck(unittest.TestCase): |
| def __init__(self, users, resources): |
| super(JavelinCheck, self).__init__() |
| self.users = users |
| self.res = resources |
| |
| def runTest(self, *args): |
| pass |
| |
| def _ping_ip(self, ip_addr, count, namespace=None): |
| if namespace is None: |
| ping_cmd = "ping -c1 " + ip_addr |
| else: |
| ping_cmd = "sudo ip netns exec %s ping -c1 %s" % (namespace, |
| ip_addr) |
| for current in range(count): |
| return_code = os.system(ping_cmd) |
| if return_code is 0: |
| break |
| self.assertNotEqual(current, count - 1, |
| "Server is not pingable at %s" % ip_addr) |
| |
| def check(self): |
| self.check_users() |
| self.check_objects() |
| self.check_servers() |
| self.check_volumes() |
| self.check_telemetry() |
| self.check_secgroups() |
| |
| # validate neutron is enabled and ironic disabled: |
| # Tenant network isolation is not supported when using ironic. |
| # "admin" has set up a neutron flat network environment within a shared |
| # fixed network for all tenants to use. |
| # In this case, network/subnet/router creation can be skipped and the |
| # server booted the same as nova network. |
| if (CONF.service_available.neutron and |
| not CONF.baremetal.driver_enabled): |
| self.check_networking() |
| |
| def check_users(self): |
| """Check that the users we expect to exist, do. |
| |
| We don't use the resource list for this because we need to validate |
| that things like tenantId didn't drift across versions. |
| """ |
| LOG.info("checking users") |
| for name, user in six.iteritems(self.users): |
| client = keystone_admin() |
| found = client.identity.show_user(user['id'])['user'] |
| self.assertEqual(found['name'], user['name']) |
| self.assertEqual(found['tenantId'], user['tenant_id']) |
| |
| # also ensure we can auth with that user, and do something |
| # on the cloud. We don't care about the results except that it |
| # remains authorized. |
| client = client_for_user(user['name']) |
| client.servers.list_servers() |
| |
| def check_objects(self): |
| """Check that the objects created are still there.""" |
| if not self.res.get('objects'): |
| return |
| LOG.info("checking objects") |
| for obj in self.res['objects']: |
| client = client_for_user(obj['owner']) |
| r, contents = client.objects.get_object( |
| obj['container'], obj['name']) |
| source = _file_contents(obj['file']) |
| self.assertEqual(contents, source) |
| |
| def check_servers(self): |
| """Check that the servers are still up and running.""" |
| if not self.res.get('servers'): |
| return |
| LOG.info("checking servers") |
| for server in self.res['servers']: |
| client = client_for_user(server['owner']) |
| found = _get_server_by_name(client, server['name']) |
| self.assertIsNotNone( |
| found, |
| "Couldn't find expected server %s" % server['name']) |
| |
| found = client.servers.show_server(found['id'])['server'] |
| # validate neutron is enabled and ironic disabled: |
| if (CONF.service_available.neutron and |
| not CONF.baremetal.driver_enabled): |
| _floating_is_alive = False |
| for network_name, body in found['addresses'].items(): |
| for addr in body: |
| ip = addr['addr'] |
| # Use floating IP, fixed IP or other type to |
| # reach the server. |
| # This is useful in multi-node environment. |
| if CONF.validation.connect_method == 'floating': |
| if addr.get('OS-EXT-IPS:type', |
| 'floating') == 'floating': |
| self._ping_ip(ip, 60) |
| _floating_is_alive = True |
| elif CONF.validation.connect_method == 'fixed': |
| if addr.get('OS-EXT-IPS:type', |
| 'fixed') == 'fixed': |
| namespace = _get_router_namespace(client, |
| network_name) |
| self._ping_ip(ip, 60, namespace) |
| else: |
| self._ping_ip(ip, 60) |
| # If CONF.validation.connect_method is floating, validate |
| # that the floating IP is attached to the server and the |
| # the server is pingable. |
| if CONF.validation.connect_method == 'floating': |
| self.assertTrue(_floating_is_alive, |
| "Server %s has no floating IP." % |
| server['name']) |
| else: |
| addr = found['addresses']['private'][0]['addr'] |
| self._ping_ip(addr, 60) |
| |
| def check_secgroups(self): |
| """Check that the security groups still exist.""" |
| LOG.info("Checking security groups") |
| for secgroup in self.res['secgroups']: |
| client = client_for_user(secgroup['owner']) |
| found = _get_resource_by_name(client.secgroups, 'security_groups', |
| secgroup['name']) |
| self.assertIsNotNone( |
| found, |
| "Couldn't find expected secgroup %s" % secgroup['name']) |
| |
| def check_telemetry(self): |
| """Check that ceilometer provides a sane sample. |
| |
| Confirm that there is more than one sample and that they have the |
| expected metadata. |
| |
| If in check mode confirm that the oldest sample available is from |
| before the upgrade. |
| """ |
| if not self.res.get('telemetry'): |
| return |
| LOG.info("checking telemetry") |
| for server in self.res['servers']: |
| client = client_for_user(server['owner']) |
| body = client.telemetry.list_samples( |
| 'instance', |
| query=('metadata.display_name', 'eq', server['name']) |
| ) |
| self.assertTrue(len(body) >= 1, 'expecting at least one sample') |
| self._confirm_telemetry_sample(server, body[-1]) |
| |
| def check_volumes(self): |
| """Check that the volumes are still there and attached.""" |
| if not self.res.get('volumes'): |
| return |
| LOG.info("checking volumes") |
| for volume in self.res['volumes']: |
| client = client_for_user(volume['owner']) |
| vol_body = _get_volume_by_name(client, volume['name']) |
| self.assertIsNotNone( |
| vol_body, |
| "Couldn't find expected volume %s" % volume['name']) |
| |
| # Verify that a volume's attachment retrieved |
| server_id = _get_server_by_name(client, volume['server'])['id'] |
| attachment = client.volumes.get_attachment_from_volume(vol_body) |
| self.assertEqual(vol_body['id'], attachment['volume_id']) |
| self.assertEqual(server_id, attachment['server_id']) |
| |
| def _confirm_telemetry_sample(self, server, sample): |
| """Check this sample matches the expected resource metadata.""" |
| # Confirm display_name |
| self.assertEqual(server['name'], |
| sample['resource_metadata']['display_name']) |
| # Confirm instance_type of flavor |
| flavor = sample['resource_metadata'].get( |
| 'flavor.name', |
| sample['resource_metadata'].get('instance_type') |
| ) |
| self.assertEqual(server['flavor'], flavor) |
| # Confirm the oldest sample was created before upgrade. |
| if OPTS.mode == 'check': |
| oldest_timestamp = timeutils.normalize_time( |
| timeutils.parse_isotime(sample['timestamp'])) |
| self.assertTrue( |
| oldest_timestamp < JAVELIN_START, |
| 'timestamp should come before start of second javelin run' |
| ) |
| |
| def check_networking(self): |
| """Check that the networks are still there.""" |
| for res_type in ('networks', 'subnets', 'routers'): |
| for res in self.res[res_type]: |
| client = client_for_user(res['owner']) |
| found = _get_resource_by_name(client.networks, res_type, |
| res['name']) |
| self.assertIsNotNone( |
| found, |
| "Couldn't find expected resource %s" % res['name']) |
| |
| |
| ####################### |
| # |
| # OBJECTS |
| # |
| ####################### |
| |
| |
| def _file_contents(fname): |
| with open(fname, 'r') as f: |
| return f.read() |
| |
| |
| def create_objects(objects): |
| if not objects: |
| return |
| LOG.info("Creating objects") |
| for obj in objects: |
| LOG.debug("Object %s" % obj) |
| swift_role = obj.get('swift_role', 'Member') |
| _assign_swift_role(obj['owner'], swift_role) |
| client = client_for_user(obj['owner']) |
| client.containers.create_container(obj['container']) |
| client.objects.create_object( |
| obj['container'], obj['name'], |
| _file_contents(obj['file'])) |
| |
| |
| def destroy_objects(objects): |
| for obj in objects: |
| client = client_for_user(obj['owner']) |
| r, body = client.objects.delete_object(obj['container'], obj['name']) |
| if not (200 <= int(r['status']) < 299): |
| raise ValueError("unable to destroy object: [%s] %s" % (r, body)) |
| |
| |
| ####################### |
| # |
| # IMAGES |
| # |
| ####################### |
| |
| |
| def _resolve_image(image, imgtype): |
| name = image[imgtype] |
| fname = os.path.join(OPTS.devstack_base, image['imgdir'], name) |
| return name, fname |
| |
| |
| def _get_image_by_name(client, name): |
| body = client.images.list_images() |
| for image in body: |
| if name == image['name']: |
| return image |
| return None |
| |
| |
| def create_images(images): |
| if not images: |
| return |
| LOG.info("Creating images") |
| for image in images: |
| client = client_for_user(image['owner']) |
| |
| # DEPRECATED: 'format' was used for ami images |
| # Use 'disk_format' and 'container_format' instead |
| if 'format' in image: |
| LOG.warning("Deprecated: 'format' is deprecated for images " |
| "description. Please use 'disk_format' and 'container_" |
| "format' instead.") |
| image['disk_format'] = image['format'] |
| image['container_format'] = image['format'] |
| |
| # only upload a new image if the name isn't there |
| if _get_image_by_name(client, image['name']): |
| LOG.info("Image '%s' already exists" % image['name']) |
| continue |
| |
| # special handling for 3 part image |
| extras = {} |
| if image['disk_format'] == 'ami': |
| name, fname = _resolve_image(image, 'aki') |
| aki = client.images.create_image( |
| 'javelin_' + name, 'aki', 'aki') |
| client.images.store_image_file(aki.get('id'), open(fname, 'r')) |
| extras['kernel_id'] = aki.get('id') |
| |
| name, fname = _resolve_image(image, 'ari') |
| ari = client.images.create_image( |
| 'javelin_' + name, 'ari', 'ari') |
| client.images.store_image_file(ari.get('id'), open(fname, 'r')) |
| extras['ramdisk_id'] = ari.get('id') |
| |
| _, fname = _resolve_image(image, 'file') |
| body = client.images.create_image( |
| image['name'], image['container_format'], |
| image['disk_format'], **extras) |
| image_id = body.get('id') |
| client.images.store_image_file(image_id, open(fname, 'r')) |
| |
| |
| def destroy_images(images): |
| if not images: |
| return |
| LOG.info("Destroying images") |
| for image in images: |
| client = client_for_user(image['owner']) |
| |
| response = _get_image_by_name(client, image['name']) |
| if not response: |
| LOG.info("Image '%s' does not exist" % image['name']) |
| continue |
| client.images.delete_image(response['id']) |
| |
| |
| ####################### |
| # |
| # NETWORKS |
| # |
| ####################### |
| |
| def _get_router_namespace(client, network): |
| network_id = _get_resource_by_name(client.networks, |
| 'networks', network)['id'] |
| n_body = client.networks.list_routers() |
| for router in n_body['routers']: |
| router_id = router['id'] |
| r_body = client.networks.list_router_interfaces(router_id) |
| for port in r_body['ports']: |
| if port['network_id'] == network_id: |
| return "qrouter-%s" % router_id |
| |
| |
| def _get_resource_by_name(client, resource, name): |
| get_resources = getattr(client, 'list_%s' % resource) |
| if get_resources is None: |
| raise AttributeError("client doesn't have method list_%s" % resource) |
| # Until all tempest client methods are changed to return only one value, |
| # we cannot assume they all have the same signature so we need to discard |
| # the unused response first value it two values are being returned. |
| body = get_resources() |
| if type(body) == tuple: |
| body = body[1] |
| if isinstance(body, dict): |
| body = body[resource] |
| for res in body: |
| if name == res['name']: |
| return res |
| raise ValueError('%s not found in %s resources' % (name, resource)) |
| |
| |
| def create_networks(networks): |
| LOG.info("Creating networks") |
| for network in networks: |
| client = client_for_user(network['owner']) |
| |
| # only create a network if the name isn't here |
| body = client.networks.list_networks() |
| if any(item['name'] == network['name'] for item in body['networks']): |
| LOG.warning("Duplicated network name: %s" % network['name']) |
| continue |
| |
| client.networks.create_network(name=network['name']) |
| |
| |
| def destroy_networks(networks): |
| LOG.info("Destroying subnets") |
| for network in networks: |
| client = client_for_user(network['owner']) |
| network_id = _get_resource_by_name(client.networks, 'networks', |
| network['name'])['id'] |
| client.networks.delete_network(network_id) |
| |
| |
| def create_subnets(subnets): |
| LOG.info("Creating subnets") |
| for subnet in subnets: |
| client = client_for_user(subnet['owner']) |
| |
| network = _get_resource_by_name(client.networks, 'networks', |
| subnet['network']) |
| ip_version = netaddr.IPNetwork(subnet['range']).version |
| # ensure we don't overlap with another subnet in the network |
| try: |
| client.networks.create_subnet(network_id=network['id'], |
| cidr=subnet['range'], |
| name=subnet['name'], |
| ip_version=ip_version) |
| except lib_exc.BadRequest as e: |
| is_overlapping_cidr = 'overlaps with another subnet' in str(e) |
| if not is_overlapping_cidr: |
| raise |
| |
| |
| def destroy_subnets(subnets): |
| LOG.info("Destroying subnets") |
| for subnet in subnets: |
| client = client_for_user(subnet['owner']) |
| subnet_id = _get_resource_by_name(client.subnets, |
| 'subnets', subnet['name'])['id'] |
| client.subnets.delete_subnet(subnet_id) |
| |
| |
| def create_routers(routers): |
| LOG.info("Creating routers") |
| for router in routers: |
| client = client_for_user(router['owner']) |
| |
| # only create a router if the name isn't here |
| body = client.networks.list_routers() |
| if any(item['name'] == router['name'] for item in body['routers']): |
| LOG.warning("Duplicated router name: %s" % router['name']) |
| continue |
| |
| client.networks.create_router(router['name']) |
| |
| |
| def destroy_routers(routers): |
| LOG.info("Destroying routers") |
| for router in routers: |
| client = client_for_user(router['owner']) |
| router_id = _get_resource_by_name(client.networks, |
| 'routers', router['name'])['id'] |
| for subnet in router['subnet']: |
| subnet_id = _get_resource_by_name(client.networks, |
| 'subnets', subnet)['id'] |
| client.networks.remove_router_interface_with_subnet_id(router_id, |
| subnet_id) |
| client.networks.delete_router(router_id) |
| |
| |
| def add_router_interface(routers): |
| for router in routers: |
| client = client_for_user(router['owner']) |
| router_id = _get_resource_by_name(client.networks, |
| 'routers', router['name'])['id'] |
| |
| for subnet in router['subnet']: |
| subnet_id = _get_resource_by_name(client.networks, |
| 'subnets', subnet)['id'] |
| # connect routers to their subnets |
| client.networks.add_router_interface_with_subnet_id(router_id, |
| subnet_id) |
| # connect routers to external network if set to "gateway" |
| if router['gateway']: |
| if CONF.network.public_network_id: |
| ext_net = CONF.network.public_network_id |
| client.networks._update_router( |
| router_id, set_enable_snat=True, |
| external_gateway_info={"network_id": ext_net}) |
| else: |
| raise ValueError('public_network_id is not configured.') |
| |
| |
| ####################### |
| # |
| # SERVERS |
| # |
| ####################### |
| |
| def _get_server_by_name(client, name): |
| body = client.servers.list_servers() |
| for server in body['servers']: |
| if name == server['name']: |
| return server |
| return None |
| |
| |
| def _get_flavor_by_name(client, name): |
| body = client.flavors.list_flavors()['flavors'] |
| for flavor in body: |
| if name == flavor['name']: |
| return flavor |
| return None |
| |
| |
| def create_servers(servers): |
| if not servers: |
| return |
| LOG.info("Creating servers") |
| for server in servers: |
| client = client_for_user(server['owner']) |
| |
| if _get_server_by_name(client, server['name']): |
| LOG.info("Server '%s' already exists" % server['name']) |
| continue |
| |
| image_id = _get_image_by_name(client, server['image'])['id'] |
| flavor_id = _get_flavor_by_name(client, server['flavor'])['id'] |
| # validate neutron is enabled and ironic disabled |
| kwargs = dict() |
| if (CONF.service_available.neutron and |
| not CONF.baremetal.driver_enabled and server.get('networks')): |
| get_net_id = lambda x: (_get_resource_by_name( |
| client.networks, 'networks', x)['id']) |
| kwargs['networks'] = [{'uuid': get_net_id(network)} |
| for network in server['networks']] |
| body = client.servers.create_server( |
| name=server['name'], imageRef=image_id, flavorRef=flavor_id, |
| **kwargs)['server'] |
| server_id = body['id'] |
| client.servers.wait_for_server_status(server_id, 'ACTIVE') |
| # create security group(s) after server spawning |
| for secgroup in server['secgroups']: |
| client.servers.add_security_group(server_id, name=secgroup) |
| if CONF.validation.connect_method == 'floating': |
| floating_ip_pool = server.get('floating_ip_pool') |
| floating_ip = client.floating_ips.create_floating_ip( |
| pool_name=floating_ip_pool)['floating_ip'] |
| client.floating_ips.associate_floating_ip_to_server( |
| floating_ip['ip'], server_id) |
| |
| |
| def destroy_servers(servers): |
| if not servers: |
| return |
| LOG.info("Destroying servers") |
| for server in servers: |
| client = client_for_user(server['owner']) |
| |
| response = _get_server_by_name(client, server['name']) |
| if not response: |
| LOG.info("Server '%s' does not exist" % server['name']) |
| continue |
| |
| # TODO(EmilienM): disassociate floating IP from server and release it. |
| client.servers.delete_server(response['id']) |
| waiters.wait_for_server_termination(client.servers, response['id'], |
| ignore_error=True) |
| |
| |
| def create_secgroups(secgroups): |
| LOG.info("Creating security groups") |
| for secgroup in secgroups: |
| client = client_for_user(secgroup['owner']) |
| |
| # only create a security group if the name isn't here |
| # i.e. a security group may be used by another server |
| # only create a router if the name isn't here |
| body = client.secgroups.list_security_groups()['security_groups'] |
| if any(item['name'] == secgroup['name'] for item in body): |
| LOG.warning("Security group '%s' already exists" % |
| secgroup['name']) |
| continue |
| |
| body = client.secgroups.create_security_group( |
| name=secgroup['name'], |
| description=secgroup['description'])['security_group'] |
| secgroup_id = body['id'] |
| # for each security group, create the rules |
| for rule in secgroup['rules']: |
| ip_proto, from_port, to_port, cidr = rule.split() |
| client.secrules.create_security_group_rule( |
| parent_group_id=secgroup_id, ip_protocol=ip_proto, |
| from_port=from_port, to_port=to_port, cidr=cidr) |
| |
| |
| def destroy_secgroups(secgroups): |
| LOG.info("Destroying security groups") |
| for secgroup in secgroups: |
| client = client_for_user(secgroup['owner']) |
| sg_id = _get_resource_by_name(client.secgroups, |
| 'security_groups', |
| secgroup['name']) |
| # sg rules are deleted automatically |
| client.secgroups.delete_security_group(sg_id['id']) |
| |
| |
| ####################### |
| # |
| # VOLUMES |
| # |
| ####################### |
| |
| def _get_volume_by_name(client, name): |
| body = client.volumes.list_volumes()['volumes'] |
| for volume in body: |
| if name == volume['display_name']: |
| return volume |
| return None |
| |
| |
| def create_volumes(volumes): |
| if not volumes: |
| return |
| LOG.info("Creating volumes") |
| for volume in volumes: |
| client = client_for_user(volume['owner']) |
| |
| # only create a volume if the name isn't here |
| if _get_volume_by_name(client, volume['name']): |
| LOG.info("volume '%s' already exists" % volume['name']) |
| continue |
| |
| size = volume['gb'] |
| v_name = volume['name'] |
| body = client.volumes.create_volume(size=size, |
| display_name=v_name)['volume'] |
| client.volumes.wait_for_volume_status(body['id'], 'available') |
| |
| |
| def destroy_volumes(volumes): |
| for volume in volumes: |
| client = client_for_user(volume['owner']) |
| volume_id = _get_volume_by_name(client, volume['name'])['id'] |
| client.volumes.detach_volume(volume_id) |
| client.volumes.delete_volume(volume_id) |
| |
| |
| def attach_volumes(volumes): |
| for volume in volumes: |
| client = client_for_user(volume['owner']) |
| server_id = _get_server_by_name(client, volume['server'])['id'] |
| volume_id = _get_volume_by_name(client, volume['name'])['id'] |
| device = volume['device'] |
| client.volumes.attach_volume(volume_id, server_id, device) |
| |
| |
| ####################### |
| # |
| # MAIN LOGIC |
| # |
| ####################### |
| |
| def create_resources(): |
| LOG.info("Creating Resources") |
| # first create keystone level resources, and we need to be admin |
| # for this. |
| create_tenants(RES['tenants']) |
| create_users(RES['users']) |
| collect_users(RES['users']) |
| |
| # next create resources in a well known order |
| create_objects(RES['objects']) |
| create_images(RES['images']) |
| |
| # validate neutron is enabled and ironic is disabled |
| if CONF.service_available.neutron and not CONF.baremetal.driver_enabled: |
| create_networks(RES['networks']) |
| create_subnets(RES['subnets']) |
| create_routers(RES['routers']) |
| add_router_interface(RES['routers']) |
| |
| create_secgroups(RES['secgroups']) |
| create_volumes(RES['volumes']) |
| |
| # Only attempt attaching the volumes if servers are defined in the |
| # resource file |
| if 'servers' in RES: |
| create_servers(RES['servers']) |
| attach_volumes(RES['volumes']) |
| |
| |
| def destroy_resources(): |
| LOG.info("Destroying Resources") |
| # Destroy in inverse order of create |
| destroy_servers(RES['servers']) |
| destroy_images(RES['images']) |
| destroy_objects(RES['objects']) |
| destroy_volumes(RES['volumes']) |
| if CONF.service_available.neutron and not CONF.baremetal.driver_enabled: |
| destroy_routers(RES['routers']) |
| destroy_subnets(RES['subnets']) |
| destroy_networks(RES['networks']) |
| destroy_secgroups(RES['secgroups']) |
| destroy_users(RES['users']) |
| destroy_tenants(RES['tenants']) |
| LOG.warn("Destroy mode incomplete") |
| |
| |
| def get_options(): |
| global OPTS |
| parser = argparse.ArgumentParser( |
| description='Create and validate a fixed set of OpenStack resources') |
| parser.add_argument('-m', '--mode', |
| metavar='<create|check|destroy>', |
| required=True, |
| help=('One of (create, check, destroy)')) |
| parser.add_argument('-r', '--resources', |
| required=True, |
| metavar='resourcefile.yaml', |
| help='Resources definition yaml file') |
| |
| parser.add_argument( |
| '-d', '--devstack-base', |
| required=True, |
| metavar='/opt/stack/old', |
| help='Devstack base directory for retrieving artifacts') |
| parser.add_argument( |
| '-c', '--config-file', |
| metavar='/etc/tempest.conf', |
| help='path to javelin2(tempest) config file') |
| |
| # auth bits, letting us also just source the devstack openrc |
| parser.add_argument('--os-username', |
| metavar='<auth-user-name>', |
| default=os.environ.get('OS_USERNAME'), |
| help=('Defaults to env[OS_USERNAME].')) |
| parser.add_argument('--os-password', |
| metavar='<auth-password>', |
| default=os.environ.get('OS_PASSWORD'), |
| help=('Defaults to env[OS_PASSWORD].')) |
| parser.add_argument('--os-tenant-name', |
| metavar='<auth-tenant-name>', |
| default=os.environ.get('OS_TENANT_NAME'), |
| help=('Defaults to env[OS_TENANT_NAME].')) |
| |
| OPTS = parser.parse_args() |
| if OPTS.mode not in ('create', 'check', 'destroy'): |
| print("ERROR: Unknown mode -m %s\n" % OPTS.mode) |
| parser.print_help() |
| sys.exit(1) |
| if OPTS.config_file: |
| config.CONF.set_config_path(OPTS.config_file) |
| |
| |
| def setup_logging(): |
| global LOG |
| logging.setup(CONF, __name__) |
| LOG = logging.getLogger(__name__) |
| |
| |
| def main(): |
| global RES |
| get_options() |
| setup_logging() |
| RES.update(load_resources(OPTS.resources)) |
| |
| if OPTS.mode == 'create': |
| create_resources() |
| # Make sure the resources we just created actually work |
| checker = JavelinCheck(USERS, RES) |
| checker.check() |
| elif OPTS.mode == 'check': |
| collect_users(RES['users']) |
| checker = JavelinCheck(USERS, RES) |
| checker.check() |
| elif OPTS.mode == 'destroy': |
| collect_users(RES['users']) |
| destroy_resources() |
| else: |
| LOG.error('Unknown mode %s' % OPTS.mode) |
| return 1 |
| LOG.info('javelin2 successfully finished') |
| return 0 |
| |
| if __name__ == "__main__": |
| sys.exit(main()) |