Merge lp:~cprov/core-image-tester/adt-nova-creds into lp:core-image-tester

Proposed by Celso Providelo
Status: Merged
Approved by: Celso Providelo
Approved revision: 34
Merged at revision: 34
Proposed branch: lp:~cprov/core-image-tester/adt-nova-creds
Merge into: lp:core-image-tester
Diff against target: 62 lines (+13/-5)
3 files modified
README.rst (+5/-1)
core-service.conf (+5/-1)
core_image_tester/worker.py (+3/-3)
To merge this branch: bzr merge lp:~cprov/core-image-tester/adt-nova-creds
Reviewer Review Type Date Requested Status
Para Siva (community) Approve
Francis Ginther Approve
Review via email: mp+258584@code.launchpad.net

Commit message

Using [adt] nova credentials (os_*) for spinning testbeds.

Description of the change

Using [adt] nova credentials (os_*) for spinning testbeds. This will allow us to deploy a service that spin testbeds in stg-ue-core-image-isolated tenant but continues to store objects (results tarballs) in stg-ue-ci-engineering tenant.

Security-wise, I don't see any specific problem in mixing adt & core testbeds in a single tenant, because they are protected by a security group that only allow ingress network traffic on tcp:22 (SSH) and testbeds are configured to only accept connections from a ephemeral ssh-key stored on its host worker. So, it's impossible to one testbed to exploit another, even if they are on the same network/tenant.

To post a comment you must log in.
Francis Ginther (fginther) wrote :

Looks right. Consistent with the changes made for adt-cloud-worker.

review: Approve
Para Siva (psivaa) wrote :

+1, No issue in combining. Approving.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README.rst'
2--- README.rst 2015-04-27 21:01:48 +0000
3+++ README.rst 2015-05-08 05:11:13 +0000
4@@ -87,11 +87,15 @@
5 os_password = <redacted>
6 os_tenant_name = foo_project
7 os_auth_url = http://172.20.161.138:5000/v2.0/
8- extra_args = --net-id=415a0839-eb05-4e7a-907c-413c657f4bf5
9
10 [adt]
11 image_flavor = m1.smaller
12 test_branch = lp:snappy/selftest
13+ os_username = bar
14+ os_password = <redacted>
15+ os_tenant_name = bar_project
16+ os_auth_url = http://172.20.161.138:5000/v2.0/
17+ extra_args = --net-id=415a0839-eb05-4e7a-907c-413c657f4bf5
18
19 ...optionally, add a logstash section, which will turn on the logstash handler::
20
21
22=== modified file 'core-service.conf'
23--- core-service.conf 2015-03-31 04:17:35 +0000
24+++ core-service.conf 2015-05-08 05:11:13 +0000
25@@ -6,8 +6,12 @@
26 os_password = <redacted>
27 os_tenant_name = foo_project
28 os_auth_url = http://172.20.161.138:5000/v2.0/
29-extra_args = --net-id=415a0839-eb05-4e7a-907c-413c657f4bf5
30
31 [adt]
32 image_flavor = m1.smaller
33 test_branch = lp:snappy/selftest
34+os_username = foo
35+os_password = <redacted>
36+os_tenant_name = foo_project
37+os_auth_url = http://172.20.161.138:5000/v2.0/
38+extra_args = --net-id=415a0839-eb05-4e7a-907c-413c657f4bf5
39
40=== modified file 'core_image_tester/worker.py'
41--- core_image_tester/worker.py 2015-04-27 21:01:48 +0000
42+++ core_image_tester/worker.py 2015-05-08 05:11:13 +0000
43@@ -197,7 +197,7 @@
44
45 """
46 adt_env = {
47- k.upper(): v for k, v in config['nova'].items() if k.startswith('os')
48+ k.upper(): v for k, v in config['adt'].items() if k.startswith('os')
49 }
50 adt_args = [
51 'adt-run',
52@@ -210,8 +210,8 @@
53 '--image', nova_image,
54 '--console', os.path.join(result_dir, 'nova-console.log'),
55 ]
56- if 'extra_args' in config['nova']:
57- adt_args.append(config['nova']['extra_args'])
58+ if 'extra_args' in config['adt']:
59+ adt_args.append(config['adt']['extra_args'])
60
61 try:
62 utils.check_call(adt_args, env=adt_env)

Subscribers

People subscribed via source and target branches