[tests] Add avocado tests for openstack plugins

[arif-ali]

Inititally doing for the most common openstack services

---

Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines

• Is the commit message split over multiple lines and hard-wrapped at 72 characters?
• Is the subject and message clear and concise?
• Does the subject start with [plugin_name] if submitting a plugin patch or a [section_name] if part of the core sosreport code?
• Does the commit contain a Signed-off-by: First Lastname email@example.com?
• Are any related Issues or existing PRs properly referenced via a Closes (Issue) or Resolved (PR) line?
• Are all passwords or private data gathered by this PR obfuscated?

[packit-as-a-service]

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

• sudo yum install -y dnf-plugins-core on RHEL 8
• sudo dnf install -y dnf-plugins-core on Fedora
• dnf copr enable packit/sosreport-sos-3622
• And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

[arif-ali]

mock teardown is potentially removing /etc/keystone/domains, and hence causing the issue 🤷🏽, I'll continue to debug

[arif-ali]

mock teardown is potentially removing /etc/keystone/domains, and hence causing the issue 🤷🏽, I'll continue to debug

ordering of the files. if /etc/keystone is deleted, and then it tries to delete /etc/keystone/domains, hence the complain. Reordering the list solves this

[TurboTurtle]

Would it be better to mark this as a StageTwo test and have it temporarily install a set of openstack packages? When I was first looking at OSP testing at RH, I was looking at doing a base install like we do for Foreman (i.e. the openstack tests would become their own entity under product_tests and report a new CI job) but there were some hurdles to that on single node that I'm not fully recallling at the moment.

In lieu of that, can we temporarily install some openstack packages to get some more confidence in the test? As it is, won't all of these tests pass simply due to them being missing on the test VMs?

[arif-ali]

I hear you, and was thinking the same, at one point.

One of the main purposes to add these as is, is to automate some the testing we at Canonical were doing at deb release time, so that we can assert them and ensure we are collecting them all automatically and spend less time collecting the data.

Happy to amend them to StageTwo, if it helps to do it here for RH OSP and Canonical OS

[arif-ali]

I this kind of points out the discussion point from #3611

If we are doing this in stagetwo, the file will exist, hence we should have a hard assert function. This way we know 100% that we are collecting it, wdyt?

[TurboTurtle]

Yeah, that's why I said I'd be onboard with a hard assert for assertFileCollected() and a renaming of the current method so that we have both "we absolutely 100% have this file" and "we are validating the behavior of add_copy_spec()".

I'd say let's add the temporary package install for these openstack packages (I'm assuming here that the initial files get laid down by the packages, and not by some user-executed configuration script) and mark this as StageTwo.

[arif-ali]

Cool, no worries, I'll get this re factored and tested

[arif-ali]

@TurboTurtle the ubuntu bits was actually quite easy, but centos was a real pain, as you have to install extra package for the openstack repo, and then enable crb repo for glance

I've put my ideas (it has issues), but wanted to see if everyone is on-board with the way the stagetwo is being done here

[arif-ali]

we should teardown the files before packages. If we tear down package before files, then the file will not exist, and fail.

Also ensure we collect /etc/keystone/keystone.policy.yaml

This should now work for ubuntu distros, will need extra expertise for the RH bits

[arif-ali]

While testing on centos9, I was able to overcome the issues represented here, and the package dnf-plugins-core was getting installed. Below is the output from my local env that I created today to try and test this, and seems to work. Could it be that dnf-plugins-core is not available in the GCE image, and somehow we have to enable it. Or, alternatively enable the CRB repo via a different mechanism

❱❱❱ ./do_sos_avocado_rh.sh 
Error: Failed creating project "sos-testing-rh": Failed adding database record: This "projects" entry already exists
Creating sos-avocado01-centos9
Starting sos-avocado01-centos9              
/home/arif/gitRepos/sos_testing
Checking VM status of sos-avocado01-centos9 .........done
Checking cloud-init status of sos-avocado01-centos9 .................done    
Cleaning up any old .tox environments ...
Running Unit Tests ...
Running Stage One Tests ...
Running Stage Two Tests ...
GLOB sdist-make: /root/sos/setup.py
stagetwo_tests create: /root/sos/.tox/stagetwo_tests
stagetwo_tests installdeps: -r/root/sos/requirements.txt, -r/root/sos/test-requirements.txt, python_magic
stagetwo_tests inst: /root/sos/.tox/dist/sos-4.7.1.zip
stagetwo_tests installed: alabaster==0.7.16,attrs==20.3.0,avocado-framework==103.0,Babel==2.9.1,chardet==4.0.0,cloud-init==23.4,configobj==5.0.6,coverage==7.5.1,distlib==0.3.8,distro==1.5.0,docutils==0.21.2,filelock==3.14.0,gpg==1.15.1,idna==2.10,imagesize==1.4.1,importlib_metadata==7.1.0,Jinja2==3.1.3,jsonpatch==1.21,jsonpointer==2.0,jsonschema==3.2.0,libcomps==0.1.18,MarkupSafe==2.1.5,netifaces==0.10.6,oauthlib==3.1.1,packaging==24.0,pexpect==4.9.0,platformdirs==4.2.1,pluggy==0.13.1,prettytable==0.7.2,ptyprocess==0.7.0,py==1.11.0,pycodestyle==2.11.1,Pygments==2.18.0,pyrsistent==0.17.3,pyserial==3.4,PySocks==1.7.1,python-magic==0.4.27,pytz==2021.1,PyYAML==5.4.1,requests==2.25.1,rpm==4.16.1.3,selinux==3.6,sepolicy==3.6,setools==4.4.4,six==1.15.0,snowballstemmer==2.2.0,sos @ file:///root/sos/.tox/dist/sos-4.7.1.zip#sha256=687c773075bc51146876c960903afdf7477183ea026227bb5b761a374df4615a,Sphinx==7.3.7,sphinxcontrib-applehelp==1.0.8,sphinxcontrib-devhelp==1.0.6,sphinxcontrib-htmlhelp==2.0.5,sphinxcontrib-jsmath==1.0.1,sphinxcontrib-qthelp==1.0.7,sphinxcontrib-serializinghtml==1.1.10,tomli==2.0.1,tox==2.5.0,urllib3==1.26.5,virtualenv==20.26.1,zipp==3.18.1
stagetwo_tests runtests: PYTHONHASHSEED='938793694'
stagetwo_tests runtests: commands[0] | avocado run -p TESTLOCAL=true --max-parallel-tasks=1 -t stagetwo tests/report_tests/plugin_tests/openstack
JOB ID     : da0119fdb0b3c6e8d15aec153f0200911368c807
JOB LOG    : /root/avocado/job-results/job-2024-05-05T19.08-da0119f/job.log
 (1/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_cinder_conf_collected_and_scrubbed: STARTED
 (1/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_cinder_conf_collected_and_scrubbed:  PASS (451.55 s)
 (2/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_glance_conf_collected_and_scrubbed: STARTED
 (2/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_glance_conf_collected_and_scrubbed:  PASS (0.08 s)
 (3/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_heat_conf_collected: STARTED
 (3/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_heat_conf_collected:  PASS (0.11 s)
 (4/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_keystone_conf_collected_and_scrubbed: STARTED
 (4/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_keystone_conf_collected_and_scrubbed:  PASS (0.10 s)
 (5/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_keystone_ldap_conf_scrubbed: STARTED
 (5/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_keystone_ldap_conf_scrubbed:  PASS (0.10 s)
 (6/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_neutron_ml2_certs_not_collected: STARTED
 (6/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_neutron_ml2_certs_not_collected:  SKIP: Not running on a Ubuntu or Debian distro
 (7/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_neutron_conf_collected_and_scrubbed: STARTED
 (7/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_neutron_conf_collected_and_scrubbed:  PASS (0.10 s)
 (8/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_nova_conf_collected_and_scrubbed: STARTED
 (8/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_nova_conf_collected_and_scrubbed:  PASS (0.09 s)
 (9/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_archive_created: STARTED
 (9/9) tests/report_tests/plugin_tests/openstack/openstack.py:OpenstackConfScrubbedTest.test_archive_created:  PASS (131.63 s)
RESULTS    : PASS 8 | ERROR 0 | FAIL 0 | SKIP 1 | WARN 0 | INTERRUPT 0 | CANCEL 0
JOB TIME   : 596.12 s
___________________________________________________________________________________________________________________________________ summary ____________________________________________________________________________________________________________________________________
  stagetwo_tests: commands succeeded
  congratulations :)

[arif-ali]

Using the same image in Cirrus, did a quick deploy in my GCE account, and I don't have the same issue as the CI

❱❱❱ gcloud compute ssh --zone "us-central1-a" --project "x-alcove-359617" instance-20240505-192203                                                                                                  
Warning: Permanently added 'compute.3568923530342589063' (ED25519) to the list of known hosts.
X11 forwarding request failed
[arif@instance-20240505-192203 ~]$ sudo -i 
[root@instance-20240505-192203 ~]# dnf install dnf-plugins-core
CentOS Stream 9 - BaseOS                                                                                                                                                                                                                        7.4 MB/s | 8.0 MB     00:01    
CentOS Stream 9 - AppStream                                                                                                                                                                                                                      12 MB/s |  19 MB     00:01    
CentOS Stream 9 - Extras packages                                                                                                                                                                                                                39 kB/s |  16 kB     00:00    
Google Compute Engine                                                                                                                                                                                                                            24 kB/s | 7.1 kB     00:00    
Google Cloud SDK                                                                                                                                                                                                                                 45 MB/s | 125 MB     00:02    
Package dnf-plugins-core-4.3.0-9.el9.noarch is already installed.
Dependencies resolved.
================================================================================================================================================================================================================================================================================
 Package                                                                       Architecture                                                Version                                                            Repository                                                   Size
================================================================================================================================================================================================================================================================================
Upgrading:
 dnf-plugins-core                                                              noarch                                                      4.3.0-13.el9                                                       baseos                                                       37 k
 python3-dnf-plugins-core                                                      noarch                                                      4.3.0-13.el9                                                       baseos                                                      264 k

Transaction Summary
================================================================================================================================================================================================================================================================================
Upgrade  2 Packages

Total download size: 301 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): dnf-plugins-core-4.3.0-13.el9.noarch.rpm                                                                                                                                                                                                 106 kB/s |  37 kB     00:00    
(2/2): python3-dnf-plugins-core-4.3.0-13.el9.noarch.rpm                                                                                                                                                                                         523 kB/s | 264 kB     00:00    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                           391 kB/s | 301 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                                        1/1 
  Upgrading        : python3-dnf-plugins-core-4.3.0-13.el9.noarch                                                                                                                                                                                                           1/4 
  Upgrading        : dnf-plugins-core-4.3.0-13.el9.noarch                                                                                                                                                                                                                   2/4 
  Cleanup          : dnf-plugins-core-4.3.0-9.el9.noarch                                                                                                                                                                                                                    3/4 
  Cleanup          : python3-dnf-plugins-core-4.3.0-9.el9.noarch                                                                                                                                                                                                            4/4 
  Running scriptlet: python3-dnf-plugins-core-4.3.0-9.el9.noarch                                                                                                                                                                                                            4/4 
  Verifying        : dnf-plugins-core-4.3.0-13.el9.noarch                                                                                                                                                                                                                   1/4 
  Verifying        : dnf-plugins-core-4.3.0-9.el9.noarch                                                                                                                                                                                                                    2/4 
  Verifying        : python3-dnf-plugins-core-4.3.0-13.el9.noarch                                                                                                                                                                                                           3/4 
  Verifying        : python3-dnf-plugins-core-4.3.0-9.el9.noarch                                                                                                                                                                                                            4/4 

Upgraded:
  dnf-plugins-core-4.3.0-13.el9.noarch                                                                                               python3-dnf-plugins-core-4.3.0-13.el9.noarch                                                                                              

Complete!
[root@instance-20240505-192203 ~]#

[arif-ali]

After some debugging last night, I was able to get centos stream 9 to work.

Centos Stream 8 has python 3.6 and avocado-framework 103.0 isn't supported and hence the distro.detect().version doesn't work. Using the < to install avocado may not have been the right choice. It installs 100.0 for both ubuntu 18.04 and centos stream 8.

Need to work out a different way to test centos stream 8 for this stagetwo test

[pmoravec]

Nitpick: redundant empty line?

[arif-ali]

Yup, there's probably a few of these, will clean up once I have a full set of tests passing

[pmoravec]

Knowing OSP a little only, but why do we test on unmaintained releases? (https://releases.openstack.org/)

EDIT, per https://docs.openstack.org/install-guide/environment-packages-rdo.html#operating-system , Ussuri to Yoga are compatible with CentOS8 and Xena and newer with CentOS9.

[arif-ali]

Thanks for the link, just made it consistent to be yoga, and enable the right repos for 8/9 and got it through, I think

[pmoravec]

After some debugging last night, I was able to get centos stream 9 to work.

Centos Stream 8 has python 3.6 and avocado-framework 103.0 isn't supported and hence the distro.detect().version doesn't work. Using the < to install avocado may not have been the right choice. It installs 100.0 for both ubuntu 18.04 and centos stream 8.

Need to work out a different way to test centos stream 8 for this stagetwo test

I wanted to comment out on this topic (why the centos-8 fails to install OSP packages) but I see you are ahead of me here :).

[MrStupnikov]

Added Stack perspective for RPM distros.

[MrStupnikov]

We have a list of protect_keys defined for openstack_cinder plugin. I don't get the idea of testing only subset of them.

[MrStupnikov]

Let's imaging a situation when one of specified keys will not be masked and error will be raised. How an engineer should troubleshoot this? Copy key from output, open test configuration file, fine hash, copy parameter and start looking why it is no longer masked? IMO this looks a bit suboptimal.

I also don't like the idea of using static list of parameters to mask in tests separately from list of parameters to mask in sosreport itself...

[MrStupnikov]

Same comment as for cinder: we only test subset if parameters and are not doing this optimally.

[MrStupnikov]

BTW, technically we are checking if values were masked, not keys.

[MrStupnikov]

Config file path looks odd to me. Why heat.conf is in /etc/glance folder?

[MrStupnikov]

Same as with cinder, there are many more protected keys in keystone.conf

[MrStupnikov]

Why we are not checking if data was sanitized for Heat?

[MrStupnikov]

Same comments as for cinder

[MrStupnikov]

Same here

[MrStupnikov]

The logic of sos is different here: we sanitize all collected configuration files, not only cinder.conf. This is not changing anything for this specific implementation, but fundamentally implemented tests are used to check specific file, while sos sanitize all collected config.

[arif-ali]

@MrStupnikov thanks for your constructive and detailed feedback, it's very much appreciative

• On the heat one, I made a typo, and was going to fix it, and get the scrub test in, hence I made this a draft just before you made the comments.
• This is a first stab at doing this, and surely there would be issues. I am taking your feedback on-board and will have another look at the best way of doing this; if not, I will abandon this PR totally.
• Not all keys are in all configuration files, we need to find where and when these are used, and update the relevant test configs. The plugins have evolved over time, and these keys have also been added over time, so to find every single one of these and which files they occur will take some time.
• A lot of the tests defined here, us at Canonical were doing manually to ensure that these files are being masked correctly, and also being collected as part of our downstream release process. The main thing was to get this automated so that we don't have to do these things manually.

Now that I have overcome the challenges of getting both centos and ubuntu in the same set of tests, I can start adding all the items that are brought forward to me, as well as some that I will be going through personally, and will get these through. Your feedback will be extremely valuable as I go through this process.