standards icon indicating copy to clipboard operation
standards copied to clipboard
verified publisher icon SovereignCloudStack

Modify OpenStack Powered Compute to make it work

Open mbuechse opened this issue 4 months ago • 6 comments

Apparently, some test cases are not suitable in their present state. This issue is meant as a place for collecting the findings.

  • test_default_domain_exists seems to need admin access (either that or the test must be configured in another way?)
  • test_rebuild_server has issues with a changed SSH cert (which is to be expected, however)

Big thanks to @fzakfeld for finding these things!

Details:

test_default_domain_exists

  • required since June 2022
  • "the test is wrong from any possible perspective. It claims to test "default" domain existence which is in public cloud a) not guaranteed to exist b) no user is going to be able to list other domains. I really believe it was a mistake to add it and very soon the whole interop died so nobody noticed"
  • you can, however, change the domain_id that you test through config (identity.default_domain_id) to "show" details of the domain you use for testing

Maybe the latter item is a solution?

test_rebuild_server

  • "[this test] will rebuild the server and then complain that the SSH host key is not the same as before. This is to be expected with pretty much any cloud image, as they generate the keys on first boot. I think this is due to paramiko adding the key at the first time - see https://opendev.org/openstack/tempest/src/commit/d12ddc31cb403ba1c7534e43bfa5650b6c131f4b/tempest/lib/common/ssh.py#L119"
  • patching tempest to use paramiko.WarningPolicy() instead will make the test work

mbuechse avatar Sep 17 '25 09:09 mbuechse

Some thoughts from my side are documented here: https://github.com/scaleup-technologies/scs-refstack-tempest-fixes

fzakfeld avatar Sep 17 '25 10:09 fzakfeld

@fzakfeld Wow, that is great work! I suppose other CSPs are now highly indebted to Scaleup!

mbuechse avatar Sep 17 '25 12:09 mbuechse

On 2024.1, there is a problem with image uploads from volumes. This will also make some test case fail.

See:

https://bugs.launchpad.net/glance/+bug/2065143 https://bugs.launchpad.net/glance/+bug/1595335

A quick workaround would be setting this in the glance-api config:

[DEFAULT]
show_multiple_locations = True
show_image_direct_url = True

Please evaluate carefully if this is secure in your environments (e. g. if the backend location can be exposed to the end user)

fzakfeld avatar Sep 18 '25 13:09 fzakfeld

What are we to do about this bug? The Launchpad entries seem a bit underdeveloped, even though the latter one is rather old and definitely predates the OpenStack-powered Compute JSON file. What exactly are the security ramifications of this (deprecated!!) option? Or do we want to say that converting a volume into an image is not super important (which feels true to me, but I wouldn't know)?

mbuechse avatar Sep 19 '25 19:09 mbuechse

Also, I'd still like to know if test_default_domain_exists can be healed by setting the config the way @gtema described.

mbuechse avatar Sep 19 '25 19:09 mbuechse

For the Glance "Bug" I saw some other providers in the SCS field do the same. The image upload is something that should definitely work regardless of the tests.

For the domain test, I'll see if that can be configured or if we need to patch that into tempest as well. Will try that next or the following week

fzakfeld avatar Sep 19 '25 21:09 fzakfeld