LGTM On Tue, Sep 29, 2015 at 5:21 PM, 'Hrvoje Ribicic' via ganeti-devel < [email protected]> wrote:
> In some situations, we want to make sure the QA runs with a certain set > of certificates, secrets, users, and the like. This patch allows the QA > to look for a directory on the master node where all of these can be > found, and transplant them into the right place. This allow cluster > creation, renew-crypto, or any other cert-affecting operation to be > tested while preserving RAPI access. > > Signed-off-by: Hrvoje Ribicic <[email protected]> > --- > lib/pathutils.py | 3 ++- > qa/qa_rapi.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- > 2 files changed, 49 insertions(+), 5 deletions(-) > > diff --git a/lib/pathutils.py b/lib/pathutils.py > index be6c432..6796da7 100644 > --- a/lib/pathutils.py > +++ b/lib/pathutils.py > @@ -110,7 +110,8 @@ SPICE_CERT_FILE = DATA_DIR + "/spice.pem" > SPICE_CACERT_FILE = DATA_DIR + "/spice-ca.pem" > CLUSTER_DOMAIN_SECRET_FILE = DATA_DIR + "/cluster-domain-secret" > SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts" > -RAPI_USERS_FILE = DATA_DIR + "/rapi/users" > +RAPI_DATA_DIR = DATA_DIR + "/rapi" > +RAPI_USERS_FILE = RAPI_DATA_DIR + "/users" > QUEUE_DIR = DATA_DIR + "/queue" > INTENT_TO_UPGRADE = DATA_DIR + "/intent-to-upgrade" > CONF_DIR = SYSCONFDIR + "/ganeti" > diff --git a/qa/qa_rapi.py b/qa/qa_rapi.py > index 955d62a..1c43e7a 100644 > --- a/qa/qa_rapi.py > +++ b/qa/qa_rapi.py > @@ -75,11 +75,51 @@ _rapi_client = None > _rapi_username = None > _rapi_password = None > > +# The files to copy if the RAPI files QA config value is set > +_FILES_TO_COPY = [ > + pathutils.CLUSTER_DOMAIN_SECRET_FILE, > + pathutils.RAPI_CERT_FILE, > + pathutils.RAPI_USERS_FILE, > +] > > -def ReloadCertificates(): > + > +def _EnsureRapiFilesPresence(): > + """Ensures that the specified RAPI files are present on the cluster, if > any. > + > + """ > + rapi_files_location = qa_config.get("rapi-files-location", None) > + if rapi_files_location is None: > + # No files to be had > + return > + > + print qa_logging.FormatWarning("Replacing the certificate and users > file on" > + " the node with the ones provided in %s" > + % rapi_files_location) > + > + # The RAPI files > + AssertCommand(["mkdir", "-p", pathutils.RAPI_DATA_DIR]) > + > + for filename in _FILES_TO_COPY: > + basename = os.path.split(filename)[-1] > + AssertCommand(["cp", os.path.join(rapi_files_location, basename), > + filename]) > + AssertCommand(["gnt-cluster", "copyfile", filename]) > + > + # The certificates have to be reloaded now > + AssertCommand(["service", "ganeti", "restart"]) > + > + > +def ReloadCertificates(ensure_presence=True): > """Reloads the client RAPI certificate with the one present on the node. > > + If the QA is set up to use a specific certificate using the > + "rapi-files-location" parameter, it will be put in place prior to > retrieving > + it. > + > """ > + if ensure_presence: > + _EnsureRapiFilesPresence() > + > if _rapi_username is None or _rapi_password is None: > raise qa_error.Error("RAPI username and password have to be set > before" > " attempting to reload a certificate.") > @@ -233,15 +273,18 @@ def SetupRapi(): > > _rapi_username = qa_config.get("rapi-user", "ganeti-qa") > > - if qa_config.TestEnabled("create-cluster"): > - # For a new cluster, we have to invent a secret and a user > + if qa_config.TestEnabled("create-cluster") and \ > + qa_config.get("rapi-files-location") is None: > + # For a new cluster, we have to invent a secret and a user, unless it > has > + # been provided separately > _rapi_password = _CreateRapiUser(_rapi_username) > else: > + _EnsureRapiFilesPresence() > _rapi_password = _GetRapiSecret(_rapi_username) > > # Once a username and password have been set, we can fetch the certs and > # get all we need for a working RAPI client. > - ReloadCertificates() > + ReloadCertificates(ensure_presence=False) > > > INSTANCE_FIELDS = ("name", "os", "pnode", "snodes", > -- > 2.6.0.rc2.230.g3dd15c0 > > -- Lisa Velden Software Engineer [email protected] Google Germany GmbH Dienerstraße 12 80331 München Geschäftsführer: Graham Law, Christine Elizabeth Flores Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
