From 9f1974bfa8102f06629f0636a69b0bbb5d919786 Mon Sep 17 00:00:00 2001 From: Gayane Osipyan Date: Mon, 23 Sep 2019 15:58:26 +0200 Subject: [PATCH] update qa-scenario-2a Deploy cluster on 3 node Use mysql for database Add scenario with CA certs --- .../cloud-mkphyscloud-qa-scenario-2a.yaml | 17 +- .../cloud8/qa/no-ssl/qa-scenario-2a.yaml | 85 ++--- .../qa/ssl-insecure/qa-scenario-2a.yaml | 58 +--- .../cloud8/qa/ssl/qa-scenario-2a.yaml | 291 ++++++++++++++++++ 4 files changed, 354 insertions(+), 97 deletions(-) create mode 100644 scripts/scenarios/cloud8/qa/ssl/qa-scenario-2a.yaml diff --git a/jenkins/ci.suse.de/cloud-mkphyscloud-qa-scenario-2a.yaml b/jenkins/ci.suse.de/cloud-mkphyscloud-qa-scenario-2a.yaml index 09b517b1fe..409e6acd64 100644 --- a/jenkins/ci.suse.de/cloud-mkphyscloud-qa-scenario-2a.yaml +++ b/jenkins/ci.suse.de/cloud-mkphyscloud-qa-scenario-2a.yaml @@ -152,7 +152,10 @@ - string: name: commands default: addupdaterepo prepareinstallcrowbar runupdate bootstrapcrowbar installcrowbar allocate waitcloud setup_aliases - description: All the steps that needs to be completed to have cloud installed + description: All the steps that needs to be completed to have cloud installed:When deploying with SSL add "install_ca_certificates" after "setup_aliases" command + choices: + - addupdaterepo prepareinstallcrowbar runupdate bootstrapcrowbar installcrowbar allocate waitcloud setup_aliases + - addupdaterepo prepareinstallcrowbar runupdate bootstrapcrowbar installcrowbar allocate waitcloud setup_aliases install_ca_certificates - string: name: want_test_updates @@ -220,7 +223,19 @@ ret=0 + # copy CA files + if [[ $ssl_type = "ssl" ]]; then + ssh root@crowbar$hw_number "mkdir ssl-certs" + scp -r /home/jenkins/ssl-certs/qa$hw_number root@crowbar$hw_number:/root/ssl-certs/ + fi + ssh root@$admin " + # update certificate file paths + if [[ $ssl_type = "ssl" ]]; then + sed -i -e "s,##certfile##,/etc/cloud/ssl/qa$hw_number/qa$hw_number.cloud.suse.de.crt," scenario.yml + sed -i -e "s,##keyfile##,/etc/cloud/ssl/qa$hw_number/qa$hw_number.cloud.suse.de.pem," scenario.yml + sed -i -e "s,##cafile##,/etc/cloud/ssl/qa$hw_number/SUSE_CA_suse.de.chain.crt," scenario.yml + fi export cloud=$cloud ; export hw_number=$hw_number ; export sbd_ip=$sbd_ip ; diff --git a/scripts/scenarios/cloud8/qa/no-ssl/qa-scenario-2a.yaml b/scripts/scenarios/cloud8/qa/no-ssl/qa-scenario-2a.yaml index 1a8b02cf20..e5561e6fa4 100644 --- a/scripts/scenarios/cloud8/qa/no-ssl/qa-scenario-2a.yaml +++ b/scripts/scenarios/cloud8/qa/no-ssl/qa-scenario-2a.yaml @@ -1,5 +1,5 @@ --- -# 2a - 8 nodes, HA (SBD 3x2), KVM x 1 +# 2a - 7 nodes, HA (SBD 3x2), KVM x 1 proposals: - barclamp: pacemaker name: services @@ -14,20 +14,27 @@ proposals: "@@controller2@@": devices: - "@@sbd_device_services@@" + "@@controller3@@": + devices: + - "@@sbd_device_services@@" per_node: nodes: "@@controller1@@": params: '' "@@controller2@@": params: '' + "@@controller3@@": + params: '' deployment: elements: pacemaker-cluster-member: - "@@controller1@@" - "@@controller2@@" + - "@@controller3@@" hawk-server: - "@@controller1@@" - "@@controller2@@" + - "@@controller3@@" - barclamp: pacemaker name: data @@ -42,57 +49,30 @@ proposals: "@@data2@@": devices: - "@@sbd_device_data@@" + "@@data3@@": + devices: + - "@@sbd_device_data@@" per_node: nodes: "@@data1@@": params: '' "@@data2@@": params: '' + "@@data3@@": + params: '' deployment: elements: pacemaker-cluster-member: - "@@data1@@" - "@@data2@@" + - "@@data3@@" hawk-server: - "@@data1@@" - "@@data2@@" - -- barclamp: pacemaker - name: network - attributes: - stonith: - mode: sbd - sbd: - nodes: - "@@network1@@": - devices: - - "@@sbd_device_network@@" - "@@network2@@": - devices: - - "@@sbd_device_network@@" - per_node: - nodes: - "@@network1@@": - params: '' - "@@network2@@": - params: '' - deployment: - elements: - pacemaker-cluster-member: - - "@@network1@@" - - "@@network2@@" - hawk-server: - - "@@network1@@" - - "@@network2@@" + - "@@data3@@" - barclamp: database attributes: - sql_engine: postgresql - ha: - storage: - shared: - device: ##shared_nfs_for_database## - fstype: nfs deployment: elements: database-server: @@ -151,11 +131,21 @@ proposals: - barclamp: cinder attributes: volumes: - - backend_driver: nfs - backend_name: nfs - nfs: - nfs_shares: ##cinder-storage-shares## - nfs_snapshot: true + - backend_driver: netapp + backend_name: netapp + netapp: + nfs_shares: '' + netapp_vfiler: '' + netapp_volume_list: '' + storage_family: ontap_cluster + storage_protocol: iscsi + vserver: 'cloud-openstack-svm ' + netapp_server_hostname: ##netapp_server## + netapp_server_port: 80 + netapp_login: admin + netapp_password: ##netapp_password## + netapp_transport_type: http + max_over_subscription_ratio: 20 deployment: elements: cinder-controller: @@ -178,7 +168,7 @@ proposals: neutron-server: - cluster:services neutron-network: - - cluster:network + - cluster:services - barclamp: nova attributes: @@ -222,19 +212,6 @@ proposals: heat-server: - cluster:services -- barclamp: ceilometer - attributes: - deployment: - elements: - ceilometer-agent: - - "@@compute-kvm@@" - ceilometer-agent-hyperv: [] - ceilometer-central: - - cluster:services - ceilometer-server: - - cluster:services - ceilometer-swift-proxy-middleware: [] - - barclamp: manila attributes: default_share_type: default diff --git a/scripts/scenarios/cloud8/qa/ssl-insecure/qa-scenario-2a.yaml b/scripts/scenarios/cloud8/qa/ssl-insecure/qa-scenario-2a.yaml index 2e248a026a..6048e3cff2 100644 --- a/scripts/scenarios/cloud8/qa/ssl-insecure/qa-scenario-2a.yaml +++ b/scripts/scenarios/cloud8/qa/ssl-insecure/qa-scenario-2a.yaml @@ -1,5 +1,5 @@ --- -# 2a - 8 nodes, HA (SBD 3x2), KVM x 1 +# 2a - 7 nodes, HA (SBD 3x2), KVM x 1 proposals: - barclamp: pacemaker name: services @@ -14,20 +14,27 @@ proposals: "@@controller2@@": devices: - "@@sbd_device_services@@" + "@@controller3@@": + devices: + - "@@sbd_device_services@@" per_node: nodes: "@@controller1@@": params: '' "@@controller2@@": params: '' + "@@controller3@@": + params: '' deployment: elements: pacemaker-cluster-member: - "@@controller1@@" - "@@controller2@@" + - "@@controller3@@" hawk-server: - "@@controller1@@" - "@@controller2@@" + - "@@controller3@@" - barclamp: pacemaker name: data @@ -42,57 +49,30 @@ proposals: "@@data2@@": devices: - "@@sbd_device_data@@" + "@@data3@@": + devices: + - "@@sbd_device_data@@" per_node: nodes: "@@data1@@": params: '' "@@data2@@": params: '' + "@@data3@@": + params: '' deployment: elements: pacemaker-cluster-member: - "@@data1@@" - "@@data2@@" + - "@@data3@@" hawk-server: - "@@data1@@" - "@@data2@@" - -- barclamp: pacemaker - name: network - attributes: - stonith: - mode: sbd - sbd: - nodes: - "@@network1@@": - devices: - - "@@sbd_device_network@@" - "@@network2@@": - devices: - - "@@sbd_device_network@@" - per_node: - nodes: - "@@network1@@": - params: '' - "@@network2@@": - params: '' - deployment: - elements: - pacemaker-cluster-member: - - "@@network1@@" - - "@@network2@@" - hawk-server: - - "@@network1@@" - - "@@network2@@" + - "@@data3@@" - barclamp: database attributes: - ha: - storage: - shared: - device: ##shared_nfs_for_database## - fstype: nfs - options: nfsvers=3 deployment: elements: database-server: @@ -100,12 +80,6 @@ proposals: - barclamp: rabbitmq attributes: - ha: - storage: - shared: - device: ##shared_nfs_for_rabbitmq## - fstype: nfs - options: nfsvers=3 client: enable_notifications: true deployment: @@ -208,7 +182,7 @@ proposals: neutron-server: - cluster:services neutron-network: - - cluster:network + - cluster:services - barclamp: nova attributes: diff --git a/scripts/scenarios/cloud8/qa/ssl/qa-scenario-2a.yaml b/scripts/scenarios/cloud8/qa/ssl/qa-scenario-2a.yaml new file mode 100644 index 0000000000..5e743156f3 --- /dev/null +++ b/scripts/scenarios/cloud8/qa/ssl/qa-scenario-2a.yaml @@ -0,0 +1,291 @@ +--- +# 2a - 7 nodes, HA (SBD 3x2), KVM x 1 +proposals: +- barclamp: pacemaker + name: services + attributes: + stonith: + mode: sbd + sbd: + nodes: + "@@controller1@@": + devices: + - "@@sbd_device_services@@" + "@@controller2@@": + devices: + - "@@sbd_device_services@@" + "@@controller3@@": + devices: + - "@@sbd_device_services@@" + per_node: + nodes: + "@@controller1@@": + params: '' + "@@controller2@@": + params: '' + "@@controller3@@": + params: '' + deployment: + elements: + pacemaker-cluster-member: + - "@@controller1@@" + - "@@controller2@@" + - "@@controller3@@" + hawk-server: + - "@@controller1@@" + - "@@controller2@@" + - "@@controller3@@" + +- barclamp: pacemaker + name: data + attributes: + stonith: + mode: sbd + sbd: + nodes: + "@@data1@@": + devices: + - "@@sbd_device_data@@" + "@@data2@@": + devices: + - "@@sbd_device_data@@" + "@@data3@@": + devices: + - "@@sbd_device_data@@" + per_node: + nodes: + "@@data1@@": + params: '' + "@@data2@@": + params: '' + "@@data3@@": + params: '' + deployment: + elements: + pacemaker-cluster-member: + - "@@data1@@" + - "@@data2@@" + - "@@data3@@" + hawk-server: + - "@@data1@@" + - "@@data2@@" + - "@@data3@@" + +- barclamp: database + attributes: + mysql: + ssl: + enabled: true + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + deployment: + elements: + database-server: + - cluster:services + +- barclamp: rabbitmq + attributes: + ssl: + enabled: true + certfile: ##certfile## + keyfile: ##keyfile## + client_ca_certs: ##cafile## + client: + enable_notifications: true + deployment: + elements: + rabbitmq-server: + - cluster:services + +- barclamp: keystone + attributes: + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + api: + protocol: https + deployment: + elements: + keystone-server: + - cluster:services + +- barclamp: swift + attributes: + replicas: 2 + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + keystone_delay_auth_decision: true + allow_versions: true + middlewares: + crossdomain: + enabled: true + formpost: + enabled: true + staticweb: + enabled: true + tempurl: + enabled: true + deployment: + elements: + swift-dispersion: + - "@@data1@@" + swift-proxy: + - cluster:data + swift-ring-compute: + - "@@data1@@" + swift-storage: + - "@@controller2@@" + - "@@compute-kvm@@" + +- barclamp: glance + attributes: + default_store: swift + api: + protocol: https + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + deployment: + elements: + glance-server: + - cluster:data + +- barclamp: cinder + attributes: + api: + protocol: https + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + volumes: + - backend_driver: netapp + backend_name: netapp + netapp: + nfs_shares: '' + netapp_vfiler: '' + netapp_volume_list: '' + storage_family: ontap_cluster + storage_protocol: iscsi + vserver: 'cloud-openstack-svm ' + netapp_server_hostname: ##netapp_server## + netapp_server_port: 80 + netapp_login: admin + netapp_password: ##netapp_password## + netapp_transport_type: http + max_over_subscription_ratio: 20 + deployment: + elements: + cinder-controller: + - cluster:data + cinder-volume: + - cluster:data + +- barclamp: neutron + attributes: + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + api: + protocol: https + ml2_mechanism_drivers: + - ##networkingplugin## + ml2_type_drivers: + - ##networkingmode## + ml2_type_drivers_default_provider_network: ##networkingmode## + ml2_type_drivers_default_tenant_network: ##networkingmode## + use_lbaas: false + num_vlans: 99 + deployment: + elements: + neutron-server: + - cluster:data + neutron-network: + - cluster:data + +- barclamp: nova + attributes: + itxt_instance: '' + use_migration: true + vnc_keymap: de + kvm: + ksm_enabled: true + ssl: + certfile: ##certfile## + keyfile: ##keyfile## + ca_certs: ##cafile## + enabled: true + metadata: + metadata: + vendordata: + json: '{"custom-key": "custom-value"}' + deployment: + elements: + ec2-api: + - cluster:data + nova-controller: + - cluster:data + nova-compute-hyperv: [] + nova-compute-kvm: + - "@@compute-kvm@@" + nova-compute-qemu: [] + nova-compute-xen: [] + +# Because neutron and nova are deployed on different clusters, we need +# to commit neutron proposal again after nova to pick up the nova authentication +- barclamp: neutron + attributes: + use_lbaas: true + +- barclamp: horizon + attributes: + apache: + ssl: true + ssl_crt_file: ##certfile## + ssl_key_file: ##keyfile## + ssl_crt_chain_file: ##cafile## + deployment: + elements: + horizon-server: + - cluster:data + +- barclamp: heat + attributes: + deployment: + elements: + heat-server: + - cluster:data + +- barclamp: manila + attributes: + default_share_type: default + shares: + - backend_driver: netapp + backend_name: netapp1 + netapp: + netapp_storage_family: ontap_cluster + netapp_server_hostname: ##netapp_server## + netapp_server_port: 80 + netapp_login: admin + netapp_password: ##netapp_password## + netapp_vserver: ##netapp_vserver## + netapp_transport_type: http + deployment: + elements: + manila-server: + - cluster:data + manila-share: + - "@@data1@@" + - "@@data2@@" + +- barclamp: tempest + attributes: + deployment: + elements: + tempest: + - "@@controller1@@"