diff options
| -rw-r--r-- | bindep.txt | 7 | ||||
| -rw-r--r-- | playbooks/enable-fips.yaml | 5 | ||||
| -rw-r--r-- | roles/configure_functional_tests/tasks/main.yaml | 14 | ||||
| -rw-r--r-- | roles/disable_selinux/tasks/main.yaml | 3 | ||||
| -rwxr-xr-x | tools/configure_for_func_testing.sh | 16 | ||||
| -rw-r--r-- | zuul.d/base.yaml | 26 | ||||
| -rw-r--r-- | zuul.d/project.yaml | 2 |
7 files changed, 62 insertions, 11 deletions
diff --git a/bindep.txt b/bindep.txt index f6d6933ed6..4aa31f2385 100644 --- a/bindep.txt +++ b/bindep.txt @@ -15,10 +15,11 @@ libffi-devel [platform:rpm] # periodic-neutron-py35-with-neutron-lib-master. haproxy libmysqlclient-dev [platform:dpkg test] -mysql [platform:rpm test] +mariadb [platform:rpm test] +mariadb-devel [platform:rpm test] +mariadb-server [platform:rpm test] mysql-client [platform:dpkg test] -mysql-devel [platform:rpm test] -mysql-server [test] +mysql-server [platform:dpkg test] postgresql [test] postgresql-client [platform:dpkg test] postgresql-devel [platform:rpm test] diff --git a/playbooks/enable-fips.yaml b/playbooks/enable-fips.yaml new file mode 100644 index 0000000000..3b3440c879 --- /dev/null +++ b/playbooks/enable-fips.yaml @@ -0,0 +1,5 @@ +- hosts: all + roles: + - persistent-firewall + - enable-fips + - disable_selinux diff --git a/roles/configure_functional_tests/tasks/main.yaml b/roles/configure_functional_tests/tasks/main.yaml index e38df32a2b..13887f5b90 100644 --- a/roles/configure_functional_tests/tasks/main.yaml +++ b/roles/configure_functional_tests/tasks/main.yaml @@ -15,10 +15,24 @@ STACK_USER=stack OVS_BRANCH={{ OVS_BRANCH }} OVN_BRANCH={{ OVN_BRANCH }} + # This is DB USER used in e.g. pgsql db + DATABASE_USER=openstack_citest source $DEVSTACK_PATH/functions source $DEVSTACK_PATH/lib/neutron_plugins/ovn_agent source $NEUTRON_DIR/tools/configure_for_func_testing.sh + if is_fedora; then + # NOTE(slqweq) Running functional job e.g. on Centos requires to + # have repo with rabbitmq-server and some other packages available + install_package centos-release-openstack-victoria + install_package iproute-tc haproxy keepalived + + # NOTE(slaweq) On Fedora/CentOS systems make sure that SELinux is + # not in enforcing mode + sudo setenforce 0 + fi + configure_host_for_func_testing + executable: /bin/bash diff --git a/roles/disable_selinux/tasks/main.yaml b/roles/disable_selinux/tasks/main.yaml new file mode 100644 index 0000000000..27c3e9ca63 --- /dev/null +++ b/roles/disable_selinux/tasks/main.yaml @@ -0,0 +1,3 @@ +- name: Ensure SELinux is in permissive mode + become: yes + command: "setenforce 0" diff --git a/tools/configure_for_func_testing.sh b/tools/configure_for_func_testing.sh index 3efa5e426a..99283f3aed 100755 --- a/tools/configure_for_func_testing.sh +++ b/tools/configure_for_func_testing.sh @@ -20,6 +20,8 @@ set -e # directly or allow the gate_hook to import. IS_GATE=${IS_GATE:-False} USE_CONSTRAINT_ENV=${USE_CONSTRAINT_ENV:-True} +MYSQL_USER=${MYSQL_USER:-root} +DATABASE_USER=${DATABASE_USER:-${MYSQL_USER}} if [[ "$IS_GATE" != "True" ]] && [[ "$#" -lt 1 ]]; then @@ -153,8 +155,8 @@ function _install_databases { return 0 fi - MYSQL_PASSWORD=${MYSQL_PASSWORD:-stackdb} - DATABASE_PASSWORD=${DATABASE_PASSWORD:-stackdb} + MYSQL_PASSWORD=${MYSQL_PASSWORD:-openstack_citest} + DATABASE_PASSWORD=${DATABASE_PASSWORD:-openstack_citest} source $DEVSTACK_PATH/lib/database @@ -176,18 +178,16 @@ function _install_databases { cat << EOF > $tmp_dir/mysql.sql CREATE DATABASE openstack_citest; -CREATE USER 'openstack_citest'@'localhost' IDENTIFIED BY 'openstack_citest'; -CREATE USER 'openstack_citest' IDENTIFIED BY 'openstack_citest'; -GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest'@'localhost'; -GRANT ALL PRIVILEGES ON *.* TO 'openstack_citest'; +CREATE USER '${DATABASE_USER}'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'; +GRANT ALL PRIVILEGES ON *.* TO '${DATABASE_USER}'@'localhost'; FLUSH PRIVILEGES; EOF /usr/bin/mysql -u root -p"$MYSQL_PASSWORD" < $tmp_dir/mysql.sql if [[ "$install_pg" == "True" ]]; then cat << EOF > $tmp_dir/postgresql.sql -CREATE USER openstack_citest WITH CREATEDB LOGIN PASSWORD 'openstack_citest'; -CREATE DATABASE openstack_citest WITH OWNER openstack_citest; +CREATE USER ${DATABASE_USER} WITH CREATEDB LOGIN PASSWORD ${DATABASE_PASSWORD}; +CREATE DATABASE ${DATABASE_USER} WITH OWNER ${DATABASE_USER}; EOF # User/group postgres needs to be given access to tmp_dir diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index b164e20350..16d5cdbd1c 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -105,6 +105,32 @@ - openstack/neutron-lib - job: + name: neutron-functional-with-uwsgi-fips + parent: neutron-functional-with-uwsgi + nodeset: devstack-single-node-centos-8-stream + description: | + Functional testing for a FIPS enabled Centos 8 system + pre-run: playbooks/enable-fips.yaml + vars: + configure_swap_size: 4096 + devstack_localrc: + ISCSI_CHAP_ALGORITHMS: SHA3-256,SHA256 + Q_BUILD_OVS_FROM_GIT: true + +- job: + name: neutron-fullstack-with-uwsgi-fips + parent: neutron-fullstack-with-uwsgi + nodeset: devstack-single-node-centos-8-stream + description: | + Functional testing for a FIPS enabled Centos 8 system + pre-run: playbooks/enable-fips.yaml + vars: + configure_swap_size: 4096 + devstack_localrc: + ISCSI_CHAP_ALGORITHMS: SHA3-256,SHA256 + Q_BUILD_OVS_FROM_GIT: true + +- job: name: neutron-linuxbridge-tempest-plugin-scenario-nftables parent: neutron-tempest-plugin-scenario-linuxbridge pre-run: playbooks/install_nftables.yaml diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 7f30db00a1..c920b1905c 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -85,6 +85,8 @@ experimental: jobs: + - neutron-functional-with-uwsgi-fips + - neutron-fullstack-with-uwsgi-fips - neutron-ovn-grenade-multinode - neutron-ovn-tempest-with-uwsgi-loki - neutron-ovn-tempest-full-multinode-ovs-master |