OpenStack
kitchen-openstack is a Test Kitchen driver for OpenStack.
Minimum Configuration
driver:
name: openstack
openstack_username: [YOUR OPENSTACK USERNAME]
openstack_api_key: [YOUR OPENSTACK API KEY] # AKA your OpenStack Password
openstack_auth_url: [YOUR OPENSTACK AUTH URL] # if you are using v3, API_URL/v3/auth/tokens
openstack_domain_id: [default is 'default'; otherwise YOUR OPENSTACK DOMAIN ID]
image_ref: [SERVER IMAGE ID]
flavor_ref: [SERVER FLAVOR ID]
transport:
username: ubuntu # For a Ubuntu Box
The image_ref
and flavor_ref
options can be specified as an exact id,
an exact name, or as a regular expression matching the name of the image or flavor.
All of Fog’s openstack
options (openstack_domain_name
, openstack_project_name
,
…) are supported. This includes support for the OpenStack Identity v3 API.
General Configuration
name
Required Tell test-kitchen what driver to use. ;)
openstack_username
Required Your OpenStack username.
openstack_api_key
Required Your OpenStack API Key, aka your OpenStack password.
openstack_auth_url
Required Your OpenStack auth url. If you are using ID v3, you’ll need to use API_URL/v3/auth/tokens
.
require_chef_omnibus
Required Set to true
otherwise the specific version of Chef omnibus you want installed.
image_ref
image_ref or image_id required Server Image Name or ID.
image_id
image_ref or image_id required Server Image ID. Specifying the ID instead of reference results in a faster create time.
Note If the image UUID changes this value will need to be updated.
flavor_ref
flavor_ref or flavor_id required Server Flavor Name or ID.
flavor_id
flavor_ref or flavor_id required Specifying the ID instead of reference results in a faster create time.
Note If the flavor UUID changes this value will need to be updated.
server_name
If a server_name_prefix
is specified then this prefix will be used when
generating random names of the form <NAME PREFIX>-<RANDOM STRING>
e.g.
myproject-asdfghjk
. If both server_name_prefix
and server_name
are
specified then the server_name
takes precedence.
server_name_prefix
If you want to have a static prefix for a random server name.
port
Set the SSH port for the remote access.
openstack_tenant
Your OpenStack tenant id.
openstack_region
Your OpenStack region id.
availability_zone
Your OpenStack availability zone.
openstack_service_name
Your OpenStack compute service name.
openstack_network_name
Your OpenStack network name used to connect to, if you have only private network connections you want declare this.
glance_cache_wait_timeout
When OpenStack downloads the image into cache, it takes extra time to provision. Timeout controls maximum amount of time to wait for machine to move from the Build/Spawn phase to Active.
connect_timeout
Connect timeout controls maximum amount of time to wait for machine to respond to ssh login request.
read_timeout
write_timeout
Expose read/write timeout parameters passed down to HTTP connection created via excon. Default timeouts (from excon) are 60 seconds.
server_wait
server_wait
is a workaround to deal with how some VMs with cloud-init
.
Some clouds need this some, most OpenStack instances don’t. This is a stop gap
wait makes sure that the machine is in a good state to work with. Ideally the
transport layer in Test-Kitchen will have a more intelligent way to deal with this.
There will be a dot that appears every 10 seconds as the timer counts down.
You may want to add this for WinRM instances due to the multiple restarts that
happen on creation and boot. A good default is 300
seconds to make sure it’s
in a good state.
The default is 0
.
security_groups
A list of security_groups
to join:
security_groups:
- [A LIST OF...]
- [...SECURITY GROUPS TO JOIN]
user_data
If your VMs have cloud-init
enabled you can use the user_data
in your
kitchen.yml to inject commands at boot time.
driver_config:
user_data: userdata.txt
Then create a userdata.txt
in the same directory as your .kitchen.yml,
for example:
#!/bin/sh
echo "do whatever you want to pre-configure your machine"
cloud_config
If your VMs have cloud-init
enabled you can use cloud_config
to generate userdata for use by cloud-init in the cloud-config format. This provides a convenient way to specify cloud-init config inline. As the cloud-config format uses YAML the resulting userdata is essentially a copy+paste of cloud_config
with the header line ‘#cloud-config’
driver_config:
cloud_config:
hostname: my-hostname
This will pass the following user data to OpenStack:
#cloud-config
hostname: my-hostname
The cloud_config
and user_data
options are mutually exclusive.
config_drive
If your VMs require config drive.
config_drive: true
network_ref
Deprecated A list of network names to create instances with.
network_ref:
- [OPENSTACK NETWORK NAMES]
- [CREATE INSTANCE WITH]
network_id
A list of network ids to create instances with. Specifying the id instead of reference results in a faster create time.
Note If the network UUID changes this value will need to be updated.
network_ref:
- [OPENSTACK NETWORK UUIDs]
- [TO CREATE INSTANCE WITH]
no_ssh_tcp_check
Deprecated You should be using transport now. This will skip the ssh check to automatically connect.
The default is false
.
no_ssh_tcp_check_sleep
Deprecated You should be using transport now. This will sleep for so many seconds. no_ssh_tcp_check
needs
to be set to true
.
private_key_path
Deprecated You should be using transport now. The guest image should use cloud-init
or some other method to fetch key from meta-data service.
public_key_path
Deprecated You should be using transport now. The guest image should use cloud-init
or some other method to fetch key from meta-data service.
Disk Configuration
block_device_mapping
make_volume
Makes a new volume when set to true
.
The default is false
.
snapshot_id
When set, will make a volume from that snapshot id.
volume_id
When set, will attach the volume id.
device_name
Set this to vda
unless you really know what you are doing.
availability_zone
The block storage availability zone.
The default is nova
.
volume_type
The volume type, this is optional.
delete_on_termination
This will delete the volume on the instance when destroy
happens, if set to true.
Otherwise set this to false
.
creation_timeout
Timeout to wait for volume to become available. If a large volume is provisioned, it might take time to provision it on the backend. Maximum amount of time to wait for volume to be created and be available.
attach_timeout
If using a customized version of Openstack such a VMWare Integrated OPenstack (VIO), it may mark a volume active even though it is still performing some actions which may cause test kitchen to attach the volume to early which results in errors. Specify in seconds the amount of time to delay attaching the volume after its been marked active. Default timeout is 0.
Example
block_device_mapping:
make_volume: true
snapshot_id: 00000-111111-0000222-000
device_name: vda
availability_zone: nova
delete_on_termination: false
creation_timeout: 120
attach_timeout: 240
Network and Communication Configuration
floating_ip
A specific floating_ip
can be provided to bind a floating IP to the node.
Any floating IP will be the IP used for Test Kitchen’s Remote calls to the node.
floating_ip_pool
A floating_ip_pool
can be provided to allocate a floating IP from
the pool to the instance. If allocate_floating_ip
is true, the IP will be allocated,
otherwise the first free floating IP will be used. It will be the IP used for
Test Kitchen’s Remote calls to the node. If allocated, the floating IP will be
released once the instance is destroyed.
allocate_floating_ip
If true, allocate a new IP from the specified floating_ip_pool
and release is afterwards.
Otherwise, if false (the default), an existing allocated IP.
[public|private]_ip_order
In some complex network scenarios you can have several IP addresses designated
as public or private. Use public_ip_order
or private_ip_order
to control
which one to use for further SSH connection. Default is 0 (first one)
For example if you have openstack istance that has network with several IPs assigned like
+--------------------------------------+------------+--------+------------+-------------+----------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------------+--------+------------+-------------+----------------------------------+
| 31c98de4-026f-4d12-b03f-a8a35c6e730b | kitchen | ACTIVE | None | Running | test=10.0.0.1, 10.0.1.1 |
to use second 10.0.1.1
IP address you need to specify
private_ip_order: 1
assuming that test network is configured as private.
use_ipv6
If true use IPv6 addresses to for SSH connections. If false, the default, use IPv4 addresses for SSH connections.
network_ref
The network_ref
option can be specified as an exact id, an exact name,
or as a regular expression matching the name of the network. You can pass one
network_ref: MYNET1
or many networks
network_ref:
- MYNET1
- MYNET2
The openstack_network_name
is used to select IP address for SSH connection.
It’s recommended to specify this option in case of multiple networks used for
instance to provide more control over network connectivity.
Please note that network_ref
relies on Network Services (Fog::Network
) and
it can be unavailable in your OpenStack installation.
disable_ssl_validation
disable_ssl_validation: true
Only disable SSL cert validation if you absolutely know what you are doing, but are stuck with an OpenStack deployment without valid SSL certs.
Example kitchen.yml
---
driver:
name: openstack
openstack_username: [YOUR OPENSTACK USERNAME]
openstack_api_key: [YOUR OPENSTACK API KEY] # AKA your OPENSTACK PASSWORD
openstack_auth_url: [YOUR OPENSTACK AUTH URL]
openstack_domain_id: [default is 'default'; otherwise YOUR OPENSTACK DOMAIN ID]
require_chef_omnibus: [e.g. 'true' or a version number if you need Chef]
image_ref: [SERVER IMAGE ID]
flavor_ref: [SERVER FLAVOR ID]
key_name: [KEY NAME]
read_timeout: 180
write_timeout: 180
connect_timeout: 180
provisioner:
name: chef_infra
verifier:
name: inspec
transport:
ssh_key: /path/to/id_rsa #Path to private key that matches the above openstack key_name
connection_timeout: 10
connection_retries: 5
username: ubuntu
password: mysecreatpassword
platforms:
- name: ubuntu-18.04
- name: ubuntu-20.04
- name: centos-8
transport:
username: centos
- name: windows-2022
transport:
password: myadministratorpassword
suites:
- name: default
run_list:
- recipe[my_cookbook::default]
attributes: