From 5c57f4c3e8360f04b9d24ac0664b589f6cb954e3 Mon Sep 17 00:00:00 2001 From: Adam King Date: Fri, 7 Jul 2023 11:03:56 -0400 Subject: [PATCH] qa/cephadm: add test for ca signed keys Test that bootstraps with a CA signed key using the use_ca_signed_key cephadm override. Then follows up by doing a check-host on each host which verifies the cephadm mgr module can reach and authenticate with the nodes using the new key setup. This probably should really be a workunit, but I didn't want to create a full new section for this test and I needed a section that didn't already run the cephadm task for every test. I could see this being moved into some sort of "test_special_deployment_scenarios" section in the future Signed-off-by: Adam King (cherry picked from commit 141af1c6b156da34418100629cd1407b74c681ad) --- .../workunits/task/test_ca_signed_key.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 qa/suites/orch/cephadm/workunits/task/test_ca_signed_key.yaml diff --git a/qa/suites/orch/cephadm/workunits/task/test_ca_signed_key.yaml b/qa/suites/orch/cephadm/workunits/task/test_ca_signed_key.yaml new file mode 100644 index 0000000000000..7bf51f719c1d3 --- /dev/null +++ b/qa/suites/orch/cephadm/workunits/task/test_ca_signed_key.yaml @@ -0,0 +1,31 @@ +roles: +- - host.a + - mon.a + - mgr.a + - osd.0 + - client.0 +- - host.b + - mon.b + - mgr.b + - osd.1 + - client.1 +overrides: + cephadm: + use-ca-signed-key: True +tasks: +- install: +- cephadm: +- cephadm.shell: + host.a: + - | + set -ex + HOSTNAMES=$(ceph orch host ls --format json | jq -r '.[] | .hostname') + for host in $HOSTNAMES; do + # do a check-host on each host to make sure it's reachable + ceph cephadm check-host ${host} 2> ${host}-ok.txt + HOST_OK=$(cat ${host}-ok.txt) + if ! grep -q "Host looks OK" <<< "$HOST_OK"; then + printf "Failed host check:\n\n$HOST_OK" + exit 1 + fi + done -- 2.39.5