openstack-caracal-ipv4/scripts/provider-bundle-check.py at 7c746f6dd60357766b988be15899b1ef5c08d255

Fork: 0
OpenStack / openstack-caracal-ipv4
Find file
Newer
Older
openstack-caracal-ipv4 / scripts / provider-bundle-check.py
JesseA123 13 hours ago 4 KB D-060: revert to Pattern A; supersede D-057/D-058
Raw Blame History
#!/usr/bin/env python3
"""
provider-bundle-check.py -- focused, fail-closed QA for the Pattern A provider revert (D-060).

Asserts ONLY the post-revert (D-052/D-053 + Pattern A) provider invariants on a
Charmed-OpenStack bundle:
  1. exactly 11 API charms bind public -> provider-public; none remain on provider-vip
  2. every clustered VIP is a triple: provider-public(10.12.4/22) admin(10.12.8/22)
     internal(10.12.12/22), all sharing one last octet in 50-60
  3. ovn-chassis bridge-interface-mappings carries ALL FOUR chassis MACs, INCLUDING
     openstack0's -- the Pattern A revert re-adds the openstack0 MAC that D-057 trimmed
     for the now-dead provider-vip plane.

This does NOT re-review the whole bundle. It is the deploy-gate that REPLACES the retired
scripts/d057-bundle-check.py (which asserted the now-superseded D-057 provider-vip end
state). FAIL -> exit 1. ASCII-only output.
"""
import sys, re, ipaddress
try:
    import yaml
except ImportError:
    sys.stderr.write("ERROR: PyYAML not installed (pip install pyyaml --break-system-packages)\n"); sys.exit(2)

PROVIDER = ipaddress.ip_network("10.12.4.0/22")   # public API VIPs + FIPs share this plane (Pattern A)
ADMIN    = ipaddress.ip_network("10.12.8.0/22")
INTERNAL = ipaddress.ip_network("10.12.12.0/22")
OCTET_LO, OCTET_HI = 50, 60
EXPECT_PUBLIC_VIP  = 11
EXPECT_CHASSIS_MACS = {
    "52:54:00:3d:fd:54",   # openstack0 -- re-added by the Pattern A revert (D-057 had trimmed it)
    "52:54:00:9d:63:77",   # openstack1
    "52:54:00:89:7f:ce",   # openstack2
    "52:54:00:99:fc:c2",   # openstack3
}
MAC_RE = re.compile(r"[0-9a-f]{2}(?::[0-9a-f]{2}){5}")

def main():
    path = sys.argv[1] if len(sys.argv) > 1 else "bundle.yaml"
    try:
        doc = yaml.safe_load(open(path, encoding="utf-8"))
    except Exception as e:
        sys.stderr.write("ERROR: cannot parse %s: %s\n" % (path, e)); return 2
    apps = (doc or {}).get("applications", {}) or {}
    fails, oks = [], []

    def pub(s): return ((s or {}).get("bindings", {}) or {}).get("public")
    on_vip    = sorted(n for n, s in apps.items() if pub(s) == "provider-vip")
    on_public = sorted(n for n, s in apps.items() if pub(s) == "provider-public")
    if on_vip:
        fails.append("public still on provider-vip (must be reverted to provider-public): %s" % ", ".join(on_vip))
    if len(on_public) != EXPECT_PUBLIC_VIP:
        fails.append("public->provider-public count=%d (expect %d): %s" % (len(on_public), EXPECT_PUBLIC_VIP, ", ".join(on_public)))
    else:
        oks.append("%d charms bind public->provider-public; none on provider-vip" % len(on_public))

    vip_ok = 0
    for n, s in apps.items():
        vip = ((s or {}).get("options", {}) or {}).get("vip")
        if not vip:
            continue
        parts = str(vip).split()
        if len(parts) != 3:
            fails.append("%s vip not a triple: %r" % (n, vip)); continue
        prov, adm, intr = parts
        try:
            okp = ipaddress.ip_address(prov) in PROVIDER
            oka = ipaddress.ip_address(adm) in ADMIN
            oki = ipaddress.ip_address(intr) in INTERNAL
        except ValueError as e:
            fails.append("%s bad vip ip: %s" % (n, e)); continue
        if not okp: fails.append("%s provider leg %s not in %s" % (n, prov, PROVIDER)); continue
        if not oka: fails.append("%s admin leg %s not in %s" % (n, adm, ADMIN)); continue
        if not oki: fails.append("%s internal leg %s not in %s" % (n, intr, INTERNAL)); continue
        octs = {p.split(".")[-1] for p in parts}
        if len(octs) != 1:
            fails.append("%s vip octets differ: %r" % (n, vip)); continue
        o = int(octs.pop())
        if not (OCTET_LO <= o <= OCTET_HI):
            fails.append("%s vip octet .%d outside %d-%d" % (n, o, OCTET_LO, OCTET_HI)); continue
        vip_ok += 1
    if vip_ok:
        oks.append("%d clustered VIP(s) are provider-public/admin/internal triples, octet 50-60" % vip_ok)

    for n, s in apps.items():
        if (s or {}).get("charm") != "ovn-chassis":
            continue
        bim = str(((s or {}).get("options", {}) or {}).get("bridge-interface-mappings", ""))
        if not bim:
            continue
        macs = set(MAC_RE.findall(bim.lower()))
        missing = EXPECT_CHASSIS_MACS - macs
        if missing:
            fails.append("%s missing chassis MAC(s): %s" % (n, ", ".join(sorted(missing))))
        else:
            oks.append("%s bridge-interface-mappings: all 4 chassis MACs present (incl openstack0)" % n)

    for o in oks:   print("  [ok]   %s" % o)
    for f in fails: print("  [FAIL] %s" % f)
    print("\n%s: Pattern A / D-052-D-053 bundle invariants (%s)" % ("PASS" if not fails else "FAIL", path))
    return 1 if fails else 0

if __name__ == "__main__":
    sys.exit(main())