Skip to content

Commit

Permalink
Enable SSL support on manila client
Browse files Browse the repository at this point in the history
The python-manilaclient requires passing the cacert file for TLS
endpoints. This commit enables that on the `get_manila_session_client`
and also, for the manila tests, wraps the client in a retrier that
retries on connection failures (i.e. if the server is not running).
  • Loading branch information
ajkavanagh committed Jul 19, 2024
1 parent 80b42ce commit 42afc47
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 16 deletions.
20 changes: 10 additions & 10 deletions zaza/openstack/charm_tests/manila/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@
import logging
import tenacity

from manilaclient import client as manilaclient

import zaza.model
import zaza.openstack.configure.guest as guest
from zaza.openstack.utilities import retry_on_connect_failure
import zaza.openstack.utilities.generic as generic_utils
import zaza.openstack.utilities.openstack as openstack_utils
import zaza.openstack.charm_tests.test_utils as test_utils
Expand Down Expand Up @@ -67,8 +66,9 @@ class ManilaTests(test_utils.OpenStackBaseTest):
def setUpClass(cls):
"""Run class setup for running tests."""
super(ManilaTests, cls).setUpClass()
cls.manila_client = manilaclient.Client(
session=cls.keystone_session, client_version='2')
cls.manila_client = retry_on_connect_failure(
openstack_utils.get_manila_session_client(
session=cls.keystone_session))

def test_manila_api(self):
"""Test that the Manila API is working."""
Expand Down Expand Up @@ -132,8 +132,8 @@ def setUpClass(cls):
super(ManilaBaseTest, cls).setUpClass()
cls.nova_client = openstack_utils.get_nova_session_client(
session=cls.keystone_session)
cls.manila_client = manilaclient.Client(
session=cls.keystone_session, client_version='2')
cls.manila_client = openstack_utils.get_manila_session_client(
session=cls.keystone_session)
cls.share_name = 'test-manila-share'
cls.share_type_name = 'default_share_type'
cls.share_protocol = 'nfs'
Expand Down Expand Up @@ -221,7 +221,7 @@ def _mount_share_on_instance(self, instance_ip, ssh_user_name,

for attempt in tenacity.Retrying(
stop=tenacity.stop_after_attempt(5),
wait=tenacity.wait_exponential(multiplier=3, min=2, max=10)):
wait=tenacity.wait_exponential(multiplier=5, min=2, max=60)):
with attempt:
openstack_utils.ssh_command(
vm_name="instance-{}".format(instance_ip),
Expand Down Expand Up @@ -262,7 +262,7 @@ def _umount_share_on_instance(self, instance_ip, ssh_user_name,

@tenacity.retry(
stop=tenacity.stop_after_attempt(5),
wait=tenacity.wait_exponential(multiplier=3, min=2, max=10))
wait=tenacity.wait_exponential(multiplier=5, min=2, max=60))
def _write_testing_file_on_instance(self, instance_ip, ssh_user_name,
ssh_private_key):
"""Write a file on a Manila share mounted into a Nova instance.
Expand All @@ -289,7 +289,7 @@ def _write_testing_file_on_instance(self, instance_ip, ssh_user_name,

@tenacity.retry(
stop=tenacity.stop_after_attempt(5),
wait=tenacity.wait_exponential(multiplier=3, min=2, max=10))
wait=tenacity.wait_exponential(multiplier=5, min=2, max=60))
def _clear_testing_file_on_instance(self, instance_ip, ssh_user_name,
ssh_private_key):
"""Clear a file on a Manila share mounted into a Nova instance.
Expand All @@ -316,7 +316,7 @@ def _clear_testing_file_on_instance(self, instance_ip, ssh_user_name,

@tenacity.retry(
stop=tenacity.stop_after_attempt(5),
wait=tenacity.wait_exponential(multiplier=3, min=2, max=10))
wait=tenacity.wait_exponential(multiplier=5, min=2, max=60))
def _validate_testing_file_from_instance(self, instance_ip, ssh_user_name,
ssh_private_key):
"""Validate a file from the Manila share mounted into a Nova instance.
Expand Down
6 changes: 2 additions & 4 deletions zaza/openstack/charm_tests/manila_ganesha/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@

import zaza.openstack.utilities.openstack as openstack_utils

from manilaclient import client as manilaclient


MANILA_GANESHA_TYPE_NAME = "cephfsnfstype"

Expand All @@ -34,8 +32,8 @@ def setup_ganesha_share_type(manila_client=None):
"""
if manila_client is None:
keystone_session = openstack_utils.get_overcloud_keystone_session()
manila_client = manilaclient.Client(
session=keystone_session, client_version='2')
manila_client = openstack_utils.get_manila_session_client(
keystone_session)

manila_client.share_types.create(
name=MANILA_GANESHA_TYPE_NAME, spec_driver_handles_share_servers=False,
Expand Down
25 changes: 23 additions & 2 deletions zaza/openstack/utilities/openstack.py
Original file line number Diff line number Diff line change
Expand Up @@ -513,17 +513,34 @@ def get_aodh_session_client(session):
return aodh_client.Client(session=session)


def get_manila_session_client(session, version='2'):
def get_manila_session_client(session, version='2', model_name=None):
"""Return Manila client authenticated by keystone session.
:param session: Keystone session object
:type session: keystoneauth1.session.Session object
:param version: Manila API version
:type version: str
:param model_name: Optional model name to get the client for.
:type model_name: str
:returns: Authenticated manilaclient
:rtype: manilaclient.Client
"""
return manilaclient.Client(session=session, client_version=version)
tls_rid = model.get_relation_id('manila', 'vault',
model_name=model_name,
remote_interface_name='certificates')
ssl_config = get_application_config_option(
'manila',
'ssl_cert',
model_name=model_name)
extra_kwargs = {}
if tls_rid or ssl_config:
cacert = get_cacert()
if cacert:
extra_kwargs['cacert'] = cacert

return manilaclient.Client(session=session,
client_version=version,
**extra_kwargs)


def get_watcher_session_client(session):
Expand Down Expand Up @@ -2229,6 +2246,7 @@ def _get_overcloud_auth(address=None, model_name=None):
else:
transport = 'http'
port = 5000
print("transport =", transport, " port=", port)

if not address:
address = get_keystone_ip(model_name=model_name)
Expand Down Expand Up @@ -2268,6 +2286,7 @@ def _get_overcloud_auth(address=None, model_name=None):
if local_ca_cert:
auth_settings['OS_CACERT'] = local_ca_cert

print("auth_settings\n", auth_settings)
return auth_settings


Expand Down Expand Up @@ -2479,6 +2498,8 @@ def _resource_reaches_status(resource, resource_id,
raise exceptions.StatusError(resource_status, expected_status)

assert resource_status == expected_status
logging.info("{}: resource {} now in {} state".format(
msg, resource_id, resource_status))


def resource_reaches_status(resource,
Expand Down

0 comments on commit 42afc47

Please sign in to comment.