Bug 1564866 - Configure tempest for Octavia tests
Summary: Configure tempest for Octavia tests
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-tempestconf
Version: 14.0 (Rocky)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: Upstream M3
: 14.0 (Rocky)
Assignee: Nir Magnezi
QA Contact: Martin Kopec
URL:
Whiteboard:
: 1562085 (view as bug list)
Depends On: 1622011
Blocks: 1488126 1599753
TreeView+ depends on / blocked
 
Reported: 2018-04-08 11:33 UTC by Nir Magnezi
Modified: 2019-01-11 11:49 UTC (History)
5 users (show)

Fixed In Version: python-tempestconf-2.0.0-0.20180821043805.d7db90e.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1599753 (view as bug list)
Environment:
Last Closed: 2019-01-11 11:49:20 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenStack Storyboard 2001768 None None None 2018-04-08 11:33:04 UTC
OpenStack gerrit 571177 None None None 2018-06-07 15:37:17 UTC
Red Hat Product Errata RHEA-2019:0045 None None None 2019-01-11 11:49:45 UTC

Description Nir Magnezi 2018-04-08 11:33:05 UTC
Description of problem:
=======================
As part a part of Octavia API RBAC enforcement[1], in order to interact with Octavia API a user/project must be assigned with one of the roles mentioned here[2]. As a result, in devstack we both create demo/demo and assign [3] it with a load-balancer_member role.

In order to successfully run, tempest against Octavia python-tempestconf should assign the load-balancer_member role when it creates[4].

Otherwise (what currently happens), test_basic_ops fails to run

[1] https://review.openstack.org/#/c/472872/

[2] https://github.com/openstack/octavia/blob/02c7a1d496e6c473876e11bfd12ed14394c0e41c/devstack/plugin.sh#L507-L511

[3] https://github.com/openstack/octavia/blob/02c7a1d496e6c473876e11bfd12ed14394c0e41c/devstack/plugin.sh#L512

[4] https://github.com/openstack/python-tempestconf/blob/6a10dbb153e39e62c0ca748c46aedd28ff47861e/config_tempest/main.py#L336

[5] https://github.com/openstack/octavia-tempest-plugin/blob/master/octavia_tempest_plugin/tests/v2/scenario/test_basic_ops.py

Comment 1 Chandan Kumar 2018-04-09 06:53:17 UTC
Hello,

Arie added the same in Infrared in https://review.gerrithub.io/#/c/406734/

Thanks,

Chandan Kumar

Comment 2 Nir Magnezi 2018-04-09 10:54:32 UTC
(In reply to Chandan Kumar from comment #1)
> Hello,
> 
> Arie added the same in Infrared in https://review.gerrithub.io/#/c/406734/
> 
> Thanks,
> 
> Chandan Kumar

We need the fix in python-tempestconf since Infrared is not a component that we ship as a part of OSP.

Comment 7 Chandan Kumar 2018-04-27 14:41:05 UTC
Moving to RHOS-14, As it linked with refactoring python-tempestconf

Comment 8 Chandan Kumar 2018-06-04 16:12:28 UTC
*** Bug 1562085 has been marked as a duplicate of this bug. ***

Comment 9 Nir Magnezi 2018-06-11 09:41:57 UTC
Instead of creating and assigning custom roles, I submitted a patch[1] that configures tempest.conf to work with Octavia with legacy RBAC.
The above matches the way we configure Octavia, using policy.json[2]

[1] https://review.openstack.org/#/c/571177/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1577635

Comment 10 Martin Kopec 2018-06-27 07:54:43 UTC
The review has been merged to master.

Comment 16 Martin Kopec 2018-09-05 06:24:34 UTC
python-tempestconf-2.0.0-0.20180821043805.d7db90e.el7ost package has been released and it contains a feature which discovers octavia service and sets its configuration. The following values are set under load_balancer section in tempest.conf:

enable_security_groups
member_role
admin_role
RBAC_test_type

The package is available in the latest puddle (2018-09-05.1).

Comment 18 errata-xmlrpc 2019-01-11 11:49:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045


Note You need to log in before you can comment on or make changes to this bug.