[openstack-dev] [qa] Tempest pre-provisioned credentials in the gate

Jordan Pittier jordan.pittier at scality.com
Wed Jun 15 08:54:31 UTC 2016


On Wed, Jun 15, 2016 at 2:00 AM, Andrea Frittoli <andrea.frittoli at gmail.com>
wrote:

> Dear all,
>
> TL;DR: I'd like to propose to start running some of the existing dsvm
> check/gate jobs using Tempest pre-provisioned credentials.
>
> Full Text:
> Tempest provides tests with two mechanisms to acquire test credentials
> [0]: dynamic credentials and pre-provisioned ones.
>
> The current check and gate jobs only use the dynamic credentials provider.
>
> The pre-provisioned credentials provider has been introduced to support
> running test in parallel without the need of having access to admin
> credentials in tempest configuration file - which is a valid use case
> especially when testing public clouds or in general a deployment that is
> not own by who runs the test.
>
> As a small extra, since pre-provisioned credentials are re-used to run
> many tests during a CI test run, they give an opportunity to discover
> issues related to cleanup of test resources.
>
> Pre-provisioned credentials is currently used in periodic jobs [1][2] - as
> well as an experimental job defined for tempest changes. This means that
> even if we are careful, there is a good chance for it to be inadvertently
> broken by a change.
>
> Until recently the periodic job suffered a racy failure on object-storage
> tests. A recent refactor [3] of the tool that pre-proprovisioned the
> accounts has fixed the issue: the past 8 runs of the periodic jobs have not
> encountered that race anymore [4][5].
>
> Specifically I'd like to propose changing to start changing of the neutron
> jobs [6].
>
> Andrea Frittoli
>
> [0]
> http://docs.openstack.org/developer/tempest/configuration.html#credential-provider-mechanisms
> [1]
> http://git.openstack.org/cgit/openstack-infra/project-config/tree/jenkins/jobs/devstack-gate.yaml#n220
> [2]
> http://git.openstack.org/cgit/openstack-infra/project-config/tree/jenkins/jobs/devstack-gate.yaml#n253
> [3] https://review.openstack.org/#/c/317105/
> [4]
> http://status.openstack.org/openstack-health/#/job/periodic-tempest-dsvm-full-test-accounts-master
> [5]
> http://status.openstack.org/openstack-health/#/job/periodic-tempest-dsvm-neutron-full-test-accounts-master
> [6] https://review.openstack.org/329723
>
>
I like the idea. If the jobs with the preprov credentials are as stable as
the ones running dynamic credentials, that's fine. Also I like that we
don"t introduce new jobs but instead changing the configuration of existing
jobs: we already have a lot of jobs in Tempest.

In my previous job, we also used Tempest to validate our cloud deployment
and we didn"t have the admin credentials, so yeah, preprov credentials are
useful.

-- 
 <http://bit.ly/1VRgEAb>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160615/fb9c6606/attachment-0001.html>


More information about the OpenStack-dev mailing list