Take 2: Add functional test for key-name and glean

Validate that glean will properly use the key-name from nodepool, and
allow a root user to ssh into the node.

It seems when we merge feature/zuulv3 back into master, we lost this
logic. It is still helpful to actually SSH into a node to validate
glean and diskimage-builder worked as expected.

See: https://review.openstack.org/455770/

Change-Id: I03f7f04be6c7889f94abed2d9e0a56d7e05ad90f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

devstack/plugin.sh

@@ -14,6 +14,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+NODEPOOL_KEY=$HOME/.ssh/id_nodepool
+NODEPOOL_KEY_NAME=root
 NODEPOOL_PUBKEY=$HOME/.ssh/id_nodepool.pub
 NODEPOOL_INSTALL=$HOME/nodepool-venv
 NODEPOOL_CACHE_GET_PIP=/opt/stack/cache/files/get-pip.py
@@ -75,6 +77,19 @@ function install_nodepool {
 # requires some globals from devstack, which *might* not be stable api
 # points. If things break, investigate changes in those globals first.
 
+function nodepool_create_keypairs {
+    if [[ ! -f $NODEPOOL_KEY ]]; then
+        ssh-keygen -f $NODEPOOL_KEY -P ""
+    fi
+
+    cat > /tmp/ssh_wrapper <<EOF
+#!/bin/bash -ex
+sudo -H -u stack ssh -o StrictHostKeyChecking=no -i $NODEPOOL_KEY root@\$@
+
+EOF
+    sudo chmod 0755 /tmp/ssh_wrapper
+}
+
 function nodepool_write_elements {
     sudo mkdir -p $(dirname $NODEPOOL_CONFIG)/elements/nodepool-setup/install.d
     sudo mkdir -p $(dirname $NODEPOOL_CONFIG)/elements/nodepool-setup/root.d
@@ -278,32 +293,37 @@ providers:
             min-ram: 1024
             flavor-name: 'nodepool'
             console-log: True
+            key-name: root
           - name: debian-jessie
             diskimage: debian-jessie
             min-ram: 512
             flavor-name: 'nodepool'
             console-log: True
+            key-name: root
           - name: fedora-27
             diskimage: fedora-27
             min-ram: 1024
             flavor-name: 'nodepool'
             console-log: True
+            key-name: root
           - name: ubuntu-trusty
             diskimage: ubuntu-trusty
             min-ram: 512
             flavor-name: 'nodepool'
             console-log: True
+            key-name: root
           - name: ubuntu-xenial
             diskimage: ubuntu-xenial
             min-ram: 512
             flavor-name: 'nodepool'
             console-log: True
+            key-name: root
           - name: opensuse-423
             diskimage: opensuse-423
             min-ram: 512
             flavor-name: 'nodepool'
             console-log: True
-
+            key-name: root
 
 diskimages:
   - name: centos-7
@@ -466,6 +486,9 @@ EOF
 # Create configs
 # Setup custom flavor
 function configure_nodepool {
+    # build a dedicated keypair for nodepool to use with guests
+    nodepool_create_keypairs
+
     # write the nodepool config
     nodepool_write_config
 
@@ -491,6 +514,10 @@ function start_nodepool {
         openstack --os-project-name demo --os-username demo security group rule create --ingress --protocol udp --dst-port 1:65535 --remote-ip 0.0.0.0/0 default
     fi
 
+    # create root keypair to use with glean for devstack cloud.
+    nova --os-project-name demo --os-username demo \
+        keypair-add --pub-key $NODEPOOL_PUBKEY $NODEPOOL_KEY_NAME
+
     export PATH=$NODEPOOL_INSTALL/bin:$PATH
 
     # run a fake statsd so we test stats sending paths

tools/check_devstack_plugin.sh

@@ -29,6 +29,14 @@ NODEPOOL_PAUSE_UBUNTU_TRUSTY_DIB=${NODEPOOL_PAUSE_UBUNTU_TRUSTY_DIB:-True}
 NODEPOOL_PAUSE_UBUNTU_XENIAL_DIB=${NODEPOOL_PAUSE_UBUNTU_XENIAL_DIB:-True}
 NODEPOOL_PAUSE_OPENSUSE_423_DIB=${NODEPOOL_PAUSE_OPENSUSE_423_DIB:-True}
 
+function sshintonode {
+    name=$1
+    state='ready'
+
+    node=`$NODEPOOL list | grep $name | grep $state | cut -d '|' -f6 | tr -d ' '`
+    /tmp/ssh_wrapper $node ls /
+}
+
 function waitforimage {
     name=$1
     state='ready'
@@ -56,6 +64,8 @@ if [ ${NODEPOOL_PAUSE_CENTOS_7_DIB,,} = 'false' ]; then
     waitforimage centos-7
     # check image was bootable
     waitfornode centos-7
+    # check ssh for root user
+    sshintonode centos-7
 fi
 
 if [ ${NODEPOOL_PAUSE_DEBIAN_JESSIE_DIB,,} = 'false' ]; then
@@ -63,6 +73,8 @@ if [ ${NODEPOOL_PAUSE_DEBIAN_JESSIE_DIB,,} = 'false' ]; then
     waitforimage debian-jessie
     # check image was bootable
     waitfornode debian-jessie
+    # check ssh for root user
+    sshintonode debian-jessie
 fi
 
 if [ ${NODEPOOL_PAUSE_FEDORA_27_DIB,,} = 'false' ]; then
@@ -70,6 +82,8 @@ if [ ${NODEPOOL_PAUSE_FEDORA_27_DIB,,} = 'false' ]; then
     waitforimage fedora-27
     # check image was bootable
     waitfornode fedora-27
+    # check ssh for root user
+    sshintonode fedora-27
 fi
 
 if [ ${NODEPOOL_PAUSE_UBUNTU_TRUSTY_DIB,,} = 'false' ]; then
@@ -77,6 +91,8 @@ if [ ${NODEPOOL_PAUSE_UBUNTU_TRUSTY_DIB,,} = 'false' ]; then
     waitforimage ubuntu-trusty
     # check image was bootable
     waitfornode ubuntu-trusty
+    # check ssh for root user
+    sshintonode ubuntu-trusty
 fi
 
 if [ ${NODEPOOL_PAUSE_UBUNTU_XENIAL_DIB,,} = 'false' ]; then
@@ -84,6 +100,8 @@ if [ ${NODEPOOL_PAUSE_UBUNTU_XENIAL_DIB,,} = 'false' ]; then
     waitforimage ubuntu-xenial
     # check image was bootable
     waitfornode ubuntu-xenial
+    # check ssh for root user
+    sshintonode ubuntu-xenial
 fi
 
 if [ ${NODEPOOL_PAUSE_OPENSUSE_423_DIB,,} = 'false' ]; then
@@ -91,6 +109,8 @@ if [ ${NODEPOOL_PAUSE_OPENSUSE_423_DIB,,} = 'false' ]; then
     waitforimage opensuse-423
     # check image was bootable
     waitfornode opensuse-423
+    # check ssh for root user
+    sshintonode opensuse-423
 fi
 
 set -o errexit