In some situations, we want to make sure the QA runs with a certain set of certificates, secrets, users, and the like. This patch allows the QA to look for a directory on the master node where all of these can be found, and transplant them into the right place. This allow cluster creation, renew-crypto, or any other cert-affecting operation to be tested while preserving RAPI access.
Signed-off-by: Hrvoje Ribicic <[email protected]> --- lib/pathutils.py | 3 ++- qa/qa_rapi.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 49 insertions(+), 5 deletions(-) diff --git a/lib/pathutils.py b/lib/pathutils.py index be6c432..6796da7 100644 --- a/lib/pathutils.py +++ b/lib/pathutils.py @@ -110,7 +110,8 @@ SPICE_CERT_FILE = DATA_DIR + "/spice.pem" SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem" CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret" SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts" -RAPI_USERS_FILE = DATA_DIR + "/rapi/users" +RAPI_DATA_DIR = DATA_DIR + "/rapi" +RAPI_USERS_FILE = RAPI_DATA_DIR + "/users" QUEUE_DIR = DATA_DIR + "/queue" INTENT_TO_UPGRADE = DATA_DIR + "/intent-to-upgrade" CONF_DIR = SYSCONFDIR + "/ganeti" diff --git a/qa/qa_rapi.py b/qa/qa_rapi.py index 955d62a..1c43e7a 100644 --- a/qa/qa_rapi.py +++ b/qa/qa_rapi.py @@ -75,11 +75,51 @@ _rapi_client = None _rapi_username = None _rapi_password = None +# The files to copy if the RAPI files QA config value is set +_FILES_TO_COPY = [ + pathutils.CLUSTER_DOMAIN_SECRET_FILE, + pathutils.RAPI_CERT_FILE, + pathutils.RAPI_USERS_FILE, +] -def ReloadCertificates(): + +def _EnsureRapiFilesPresence(): + """Ensures that the specified RAPI files are present on the cluster, if any. + + """ + rapi_files_location = qa_config.get("rapi-files-location", None) + if rapi_files_location is None: + # No files to be had + return + + print qa_logging.FormatWarning("Replacing the certificate and users file on" + " the node with the ones provided in %s" + % rapi_files_location) + + # The RAPI files + AssertCommand(["mkdir", "-p", pathutils.RAPI_DATA_DIR]) + + for filename in _FILES_TO_COPY: + basename = os.path.split(filename)[-1] + AssertCommand(["cp", os.path.join(rapi_files_location, basename), + filename]) + AssertCommand(["gnt-cluster", "copyfile", filename]) + + # The certificates have to be reloaded now + AssertCommand(["service", "ganeti", "restart"]) + + +def ReloadCertificates(ensure_presence=True): """Reloads the client RAPI certificate with the one present on the node. + If the QA is set up to use a specific certificate using the + "rapi-files-location" parameter, it will be put in place prior to retrieving + it. + """ + if ensure_presence: + _EnsureRapiFilesPresence() + if _rapi_username is None or _rapi_password is None: raise qa_error.Error("RAPI username and password have to be set before" " attempting to reload a certificate.") @@ -233,15 +273,18 @@ def SetupRapi(): _rapi_username = qa_config.get("rapi-user", "ganeti-qa") - if qa_config.TestEnabled("create-cluster"): - # For a new cluster, we have to invent a secret and a user + if qa_config.TestEnabled("create-cluster") and \ + qa_config.get("rapi-files-location") is None: + # For a new cluster, we have to invent a secret and a user, unless it has + # been provided separately _rapi_password = _CreateRapiUser(_rapi_username) else: + _EnsureRapiFilesPresence() _rapi_password = _GetRapiSecret(_rapi_username) # Once a username and password have been set, we can fetch the certs and # get all we need for a working RAPI client. - ReloadCertificates() + ReloadCertificates(ensure_presence=False) INSTANCE_FIELDS = ("name", "os", "pnode", "snodes", -- 2.6.0.rc2.230.g3dd15c0
