From 25a10154f7115457bc0c1931230da1c8e82e257b Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Wed, 3 Apr 2024 17:30:21 +0200 Subject: [PATCH] Enable TLS everywhere for data plane adoption no-ceph standalone job This doesn't enable TLS everywhere testing for the Ceph job, since we don't need to test with Ceph. We also still want to test the case without TLS. Depends-On: https://github.com/openstack-k8s-operators/install_yamls/pull/756 Depends-On: https://github.com/openstack-k8s-operators/data-plane-adoption/pull/331 Change-Id: Id40199097d46ba19b12b79577ace599c97674441 --- .../ci_framework_deploy_standalone_vm.yaml | 2 ++ .../deploy_standalone_run_repo_tests.yaml | 20 +++++++++++++++++++ .../deploy_tripleo_run_repo_tests.yaml | 15 ++++++++++++-- playbooks/data_plane_adoption/secrets.yaml | 5 ++++- playbooks/data_plane_adoption/vars.yaml | 7 +++++++ zuul.d/_data_plane_adoption.yaml | 4 +++- 6 files changed, 49 insertions(+), 4 deletions(-) diff --git a/playbooks/data_plane_adoption/ci_framework_deploy_standalone_vm.yaml b/playbooks/data_plane_adoption/ci_framework_deploy_standalone_vm.yaml index 0e4001a19..b6016e6df 100644 --- a/playbooks/data_plane_adoption/ci_framework_deploy_standalone_vm.yaml +++ b/playbooks/data_plane_adoption/ci_framework_deploy_standalone_vm.yaml @@ -21,3 +21,5 @@ HOST_PRIMARY_RESOLV_CONF_ENTRY: "{{ standalone_gateway }}" EDPM_COMPUTE_CEPH_ENABLED: "{{ use_ceph | default('true') }}" EDPM_COMPUTE_CEPH_NOVA: "{{ use_ceph | default('true') }}" + DNS_DOMAIN: "{{ cloud_domain | default('localdomain') }}" + TLS_ENABLED: "{{ enable_tls | default('false') }}" diff --git a/playbooks/data_plane_adoption/deploy_standalone_run_repo_tests.yaml b/playbooks/data_plane_adoption/deploy_standalone_run_repo_tests.yaml index ca8a6f59f..da6112c0f 100644 --- a/playbooks/data_plane_adoption/deploy_standalone_run_repo_tests.yaml +++ b/playbooks/data_plane_adoption/deploy_standalone_run_repo_tests.yaml @@ -34,6 +34,8 @@ -e "standalone_ip={{ standalone_ip }}" -e "standalone_gateway={{ standalone_gateway }}" -e "standalone_dns={{ standalone_dns | default(standalone_gateway) }}" -e "use_ceph={{ use_ceph | default('true') }}" + -e "cloud_domain={{ cloud_domain | default('localdomain') }}" + -e "enable_tls={{ enable_tls | default('false') }}" args: chdir: "{{ framework_dir }}" @@ -69,6 +71,18 @@ - "source_mariadb_ip" - "source_ovndb_ip" + - name: Set EDPM node hostname in vars.yaml + ansible.builtin.lineinfile: + path: "{{ rdo_dir }}/vars.yaml" + regexp: "'^edpm_node_hostname:'" + value: "edpm_node_hostname: standalone.{{ cloud_domain | default('localdomain') }}" + + - name: Set TLS Everywhere in vars.yaml + ansible.builtin.lineinfile: + path: "{{ rdo_dir }}/vars.yaml" + regexp: "'^enable_tlse:'" + value: "enable_tlse: {{ enable_tls | default('false') }}" + - name: Insert vars for data plane operator and os-net-config with zuul native standalone node ansible.builtin.blockinfile: marker_begin: "BEGIN os-net-config vars" @@ -134,6 +148,12 @@ regexp: 'controller1_ssh:' value: "controller1_ssh: ssh -i {{ standalone_private_key | default('/home/zuul/src/github.com/openstack-k8s-operators/install_yamls/out/edpm/ansibleee-ssh-key-id_rsa') }} root@{{ standalone_ip }}" + - name: Set ipa_ssh var in secrets.yaml + ansible.builtin.lineinfile: + path: "{{ rdo_dir }}/secrets.yaml" + regexp: 'ipa_ssh:' + value: "ipa_ssh: ssh -i {{ standalone_private_key | default('/home/zuul/src/github.com/openstack-k8s-operators/install_yamls/out/edpm/ansibleee-ssh-key-id_rsa') }} root@{{ standalone_ip }} podman exec -ti freeipa-server-container" + - name: Install required packages become: true ansible.builtin.package: diff --git a/playbooks/data_plane_adoption/deploy_tripleo_run_repo_tests.yaml b/playbooks/data_plane_adoption/deploy_tripleo_run_repo_tests.yaml index c23dc1e18..ebdba54b6 100644 --- a/playbooks/data_plane_adoption/deploy_tripleo_run_repo_tests.yaml +++ b/playbooks/data_plane_adoption/deploy_tripleo_run_repo_tests.yaml @@ -130,6 +130,18 @@ path: /home/zuul/ansible_hostname register: compute_hostname + - name: Set EDPM node hostname in vars.yaml + ansible.builtin.lineinfile: + path: "{{ rdo_dir }}/vars.yaml" + regexp: "'^edpm_node_hostname:'" + value: "edpm_node_hostname: {{ compute_hostname['content'] | b64decode | trim }}.{{ cloud_domain | default('localdomain') }}" + + - name: Set TLS Everywhere in vars.yaml + ansible.builtin.lineinfile: + path: "{{ rdo_dir }}/vars.yaml" + regexp: "'^enable_tlse:'" + value: "enable_tlse: {{ enable_tls | default('false') }}" + - name: Insert vars for data plane operator and os-net-config with zuul native undercloud node ansible.builtin.blockinfile: marker_begin: "BEGIN os-net-config vars" @@ -140,13 +152,12 @@ dataplane_public_iface: eth1 dataplane_os_net_config_set_route: false os_cloud_name: overcloud - edpm_node_hostname: "{{ compute_hostname['content'] | b64decode | trim }}.localdomain" edpm_user: zuul standalone_ip: "{{ standalone_ip | default('192.168.122.100') }}" neutron_physical_bridge_name: br-ex edpm_nodes: {{ compute_hostname['content'] | b64decode | trim }}: - hostName: "{{ compute_hostname['content'] | b64decode | trim }}.localdomain" + hostName: "{{ compute_hostname['content'] | b64decode | trim }}.{{ cloud_domain | default('localdomain') }}" ansible: ansibleHost: {{ edpm_node_ip }} networks: diff --git a/playbooks/data_plane_adoption/secrets.yaml b/playbooks/data_plane_adoption/secrets.yaml index 3f49195ca..ee7b36170 100644 --- a/playbooks/data_plane_adoption/secrets.yaml +++ b/playbooks/data_plane_adoption/secrets.yaml @@ -25,9 +25,12 @@ heat_auth_encryption_key: CUSTOMIZE_THIS manila_password: CUSTOMIZE_THIS swift_password: CUSTOMIZE_THIS +# FreeIPA SSH connection strings for importing the CA certificate and key +ipa_ssh: "ssh -F ~/director_standalone/vagrant_ssh_config vagrant@standalone podman exec -ti freeipa-server-container" # CUSTOMIZE THIS + # Controller SSH connection strings for the MariaDB copy procedure. # Use ":" for controler 2 and 3 if you are testing with a single controller. -controller1_ssh: "ssh -F ~/director_stanalone/vagrant_ssh_config vagrant@standalone" # CUSTOMIZE THIS +controller1_ssh: "ssh -F ~/director_standalone/vagrant_ssh_config vagrant@standalone" # CUSTOMIZE THIS controller2_ssh: ":" controller3_ssh: ":" diff --git a/playbooks/data_plane_adoption/vars.yaml b/playbooks/data_plane_adoption/vars.yaml index 5585a7151..a80a19e0f 100644 --- a/playbooks/data_plane_adoption/vars.yaml +++ b/playbooks/data_plane_adoption/vars.yaml @@ -1,5 +1,12 @@ # Path to install_yamls repo install_yamls_path: /home/zuul/src/github.com/openstack-k8s-operators/install_yamls/ + +# This flag signifies if TLS Everywhere is enabled on the source cloud +enable_tlse: CUSTOMIZE_THIS + +# To enable TLS-E, the standalone hostname must be set to standalone.ooo.test +edpm_node_hostname: CUSTOMIZE_THIS + # Whether to remove all the persistent data (databases, dumbs, ansible logs) # before the test reset_crc_storage: true diff --git a/zuul.d/_data_plane_adoption.yaml b/zuul.d/_data_plane_adoption.yaml index 1784bae0d..6117649d3 100644 --- a/zuul.d/_data_plane_adoption.yaml +++ b/zuul.d/_data_plane_adoption.yaml @@ -46,6 +46,8 @@ name: data-plane-adoption-osp-17-to-extracted-crc-minimal-no-ceph parent: data-plane-adoption-osp-17-to-extracted-crc vars: + enable_tls: "true" + cloud_domain: "ooo.test" use_ceph: "false" dpa_test_suite: "test-minimal" @@ -91,4 +93,4 @@ name: data-plane-adoption-osp17-multinode-to-extracted-crc-with-ceph parent: data-plane-adoption-osp17-multinode-to-extracted-crc-no-ceph vars: - use_ceph: 'true' + use_ceph: "true"