Fuel for OpenStack

[OSTF] Test 'Check Keystone SSL certificate' always pass

Bug #1530117 reported by Artem Panchenko
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
High
Fuel QA Team
Fuel for OpenStack 9.0
8.0.x
Fix Released
High
Fuel QA Team
Fuel for OpenStack 8.0

Bug Description

Health check 'Check Keystone SSL certificate' always passes, because it tries to parse non-existing log file on controllers:

https://github.com/openstack/fuel-ostf/commit/6aeb20eeb40706879fe9f8d19ba21340d2c6dbb2#diff-1abd10de8b3ababb9ac92743a800e157R21

I added debug logging to the '_run_ssh_cmd' method, here is result:

2015-12-30 12:50:54 INFO (test_mixins) STEP:1, verify action: 'check ssl certificate on host'
2015-12-30 12:50:54 DEBUG (cloudvalidation) Executing "grep -E "Signing error: Error opening signer certificate (.+)signing_cert.pem" "/var/log/keystone/keystone-all.log"" command on 172.16.162.59 ...
2015-12-30 12:50:54 DEBUG (cloudvalidation) Done: ('', 'grep: /var/log/keystone/keystone-all.log: No such file or directory\n')
2015-12-30 12:50:54 INFO (test_mixins) STEP:1, verify action: 'check ssl certificate on host'
2015-12-30 12:50:54 DEBUG (cloudvalidation) Executing "grep -E "Signing error: Error opening signer certificate (.+)signing_cert.pem" "/var/log/keystone/keystone-all.log"" command on 172.16.162.61 ...
2015-12-30 12:50:54 DEBUG (cloudvalidation) Done: ('', 'grep: /var/log/keystone/keystone-all.log: No such file or directory\n')
2015-12-30 12:50:54 INFO (test_mixins) STEP:1, verify action: 'check ssl certificate on host'
2015-12-30 12:50:54 DEBUG (cloudvalidation) Executing "grep -E "Signing error: Error opening signer certificate (.+)signing_cert.pem" "/var/log/keystone/keystone-all.log"" command on 172.16.162.55 ...
2015-12-30 12:50:55 DEBUG (cloudvalidation) Done: ('', 'grep: /var/log/keystone/keystone-all.log: No such file or directory\n')
2015-12-30 12:50:55 INFO (test_mixins) STEP:1, verify action: 'check ssl certificate on host'
2015-12-30 12:50:55 DEBUG (cloudvalidation) Executing "grep -E "Signing error: Error opening signer certificate (.+)signing_cert.pem" "/var/log/keystone/keystone-all.log"" command on 172.16.162.38 ...
2015-12-30 12:50:55 DEBUG (cloudvalidation) Done: ('', 'grep: /var/log/keystone/keystone-all.log: No such file or directory\n')
...
2015-12-30 12:50:55 SUCCESS Check Keystone SSL certificate (fuel_health.tests.cloudvalidation.test_keystone.KeystoneTest.test_keystone_ssl_certificate)

Also 'Check Keystone SSL certificate' must be at least renamed to something like 'Check there are no error in Keystone logs related SSL' or removed/disabled at all, because in current state it's totally useless and will make customers to think that Keystone is under SSL even when SSL is disabled (no certificate related errors in logs).

Tags: area-ostf
Artem Panchenko (apanchenko-8)
Changed in fuel:
milestone: none → 9.0
assignee: nobody → Fuel QA Team (fuel-qa)
Tatyanka (tatyana-leontovich)
Changed in fuel:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-ostf (master)

Fix proposed to branch: master
Review: https://review.openstack.org/262506

Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-ostf (stable/8.0)

Fix proposed to branch: stable/8.0
Review: https://review.openstack.org/262508

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-ostf (master)

Reviewed: https://review.openstack.org/262506
Committed: https://git.openstack.org/cgit/openstack/fuel-ostf/commit/?id=c0528ab0ea9246cd5c39b8539e0ccc760fbf1c10
Submitter: Jenkins
Branch: master

commit c0528ab0ea9246cd5c39b8539e0ccc760fbf1c10
Author: Tatyana Leontovich <email address hidden>
Date: Wed Dec 30 15:41:09 2015 +0200

    Disable test for grep ssl error in keystone

    Test provides false positive results, so there is no sence to run it.
    Scenario should-be re-worked(in scope of separate issue)

    Change-Id: Iad8ca119750442c95b781d15bb9f566cef56643f
    Closes-Bug: #1530117

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-ostf (stable/8.0)

Reviewed: https://review.openstack.org/262508
Committed: https://git.openstack.org/cgit/openstack/fuel-ostf/commit/?id=f7d8875de4f2821b1f776f3d5f7b772b7d8c42cf
Submitter: Jenkins
Branch: stable/8.0

commit f7d8875de4f2821b1f776f3d5f7b772b7d8c42cf
Author: Tatyana Leontovich <email address hidden>
Date: Wed Dec 30 15:41:09 2015 +0200

    Disable test for grep ssl error in keystone

    Test provides false positive results, so there is no sence to run it.
    Scenario should-be re-worked(in scope of separate issue)

    Change-Id: Iad8ca119750442c95b781d15bb9f566cef56643f
    Closes-Bug: #1530117

Revision history for this message
Dmitry Pyzhov (dpyzhov) wrote :

Marking as 'Fix Committed' for 8.0 because fix is merged

Tatyanka (tatyana-leontovich)
Changed in fuel:
status: Fix Committed → Fix Released
Nastya Urlapova (aurlapova)
tags: added: area-ostf
removed: module-ostf ostf
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.