Skip to content

Commit

Permalink
qa/suites/rgw/tempest: bump up keystone to 17.0.0
Browse files Browse the repository at this point in the history
* also generate a sample conf file following the document at
  https://github.com/openstack/keystone/tree/17.0.0.0rc2/etc
* use "projects" instead of "tenants" to match the terminology used by
  openstack identify API 3.0.
* test API 3.0 instead of API 2.0, by changing
  `rgw_keystone_api_version` from "2" to "3"
* explicitly specify a domain "default" for project to be created,
  otherwise a POST request will fail with:
```
{"error":{"code":400,"message":"You have tried to create a resource using the admin token. As this token is not within a domain you must explicitly include a domain for this resource to belong
to.","title":"Bad Request"}}
````
* create "default" domain, and use it, othewise a GET request fails
  like:
```
2020-05-28T11:17:28.751 INFO:teuthology.orchestra.run.smithi092.stderr:http://smithi092.front.sepia.ceph.com:35357 "GET /v3/domains/default HTTP/1.1" 404 87
2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP: [404] Content-Length: 87 Content-Type: application/json Date: Thu, 28 May 2020 11:17:28 GMT Server: WSGIServer/0.2
CPython/3.6.9 Vary: X-Auth-Token x-openstack-request-id: req-bc33796f-2bc3-411c-a7fb-1208918e0dbd
2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP BODY: {"error":{"code":404,"message":"Could not find domain: default.","title":"Not Found"}}
```
* add user to "default" domain when creating it.
* use "type" as the positional argument, per
  https://docs.openstack.org/keystone/pike/admin/cli-keystone-manage-services.html
  otherwise we will have failures like:
```
2020-05-28T13:38:24.867 INFO:teuthology.orchestra.run.smithi198.stderr:openstack service create: error: unrecognized arguments: --type keystone
```
* update `create_endpoint()` to use the V3 API,
  see
  https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/endpoint.html

Fixes: https://tracker.ceph.com/issues/45692
Signed-off-by: Kefu Chai <[email protected]>
  • Loading branch information
tchaikov authored and Deepika Upadhyay committed Sep 3, 2020
1 parent eac418d commit 0aca710
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 22 deletions.
15 changes: 13 additions & 2 deletions qa/suites/rgw/crypt/2-kms/barbican.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,30 +15,41 @@ tasks:
- tox: [ client.0 ]
- keystone:
client.0:
sha1: 12.0.0.0b2
sha1: 17.0.0.0rc2
force-branch: master
tenants:
domains:
- name: default
description: Default Domain
projects:
- name: admin
description: Admin Tenant
domain: default
- name: rgwcrypt
description: Encryption Tenant
domain: default
- name: barbican
description: Barbican
domain: default
- name: s3
description: S3 project
domain: default
users:
- name: admin
password: ADMIN
project: admin
domain: default
- name: rgwcrypt-user
password: rgwcrypt-pass
project: rgwcrypt
domain: default
- name: barbican-user
password: barbican-pass
project: barbican
domain: default
- name: s3-user
password: s3-pass
project: s3
domain: default
roles: [ name: admin, name: Member, name: creator ]
role-mappings:
- name: admin
Expand Down
12 changes: 10 additions & 2 deletions qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,20 @@ tasks:
- tox: [ client.0 ]
- keystone:
client.0:
sha1: 12.0.0.0b2
sha1: 17.0.0.0rc2
force-branch: master
tenants:
domains:
- name: default
description: Default Domain
projects:
- name: admin
description: Admin Tenant
domain: default
users:
- name: admin
password: ADMIN
project: admin
domain: default
roles: [ name: admin, name: Member ]
role-mappings:
- name: admin
Expand Down Expand Up @@ -46,7 +51,9 @@ tasks:
identity:
uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/
uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/
auth_version: v3
admin_role: admin
default_domain_name: default
object-storage:
reseller_admin_role: admin
object-storage-feature-enabled:
Expand All @@ -69,6 +76,7 @@ overrides:
osd_min_pg_log_entries: 10
osd_max_pg_log_entries: 10
client:
rgw keystone api version: 3
rgw keystone admin token: ADMIN
rgw keystone accepted roles: admin,Member
rgw keystone implicit tenants: true
Expand Down
7 changes: 5 additions & 2 deletions qa/tasks/barbican.py
Original file line number Diff line number Diff line change
Expand Up @@ -394,9 +394,12 @@ def task(ctx, config):
- tox: [ client.0 ]
- keystone:
client.0:
sha1: 12.0.0.0b2
sha1: 17.0.0.0rc2
force-branch: master
tenants:
domains:
- name: default
description: Default Domain
projects:
- name: admin
description: Admin Tenant
- name: rgwcrypt
Expand Down
44 changes: 28 additions & 16 deletions qa/tasks/keystone.py
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,13 @@ def configure_instance(ctx, config):
keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=get_keystone_dir(ctx))
for (client, _) in config.items():
# prepare the config file
run_in_keystone_dir(ctx, client,
[
'source',
f'{get_toxvenv_dir(ctx)}/bin/activate',
run.Raw('&&'),
'tox', '-e', 'genconfig'
])
run_in_keystone_dir(ctx, client,
[
'cp', '-f',
Expand Down Expand Up @@ -287,8 +294,8 @@ def run_section_cmds(ctx, cclient, section_cmd, specials,

auth_section = [
( 'os-token', 'ADMIN' ),
( 'os-identity-api-version', '2.0' ),
( 'os-url', 'http://{host}:{port}/v2.0'.format(host=admin_host,
( 'os-identity-api-version', '3' ),
( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host,
port=admin_port) ),
]

Expand All @@ -299,39 +306,41 @@ def run_section_cmds(ctx, cclient, section_cmd, specials,
[ '--debug' ])

def create_endpoint(ctx, cclient, service, url, adminurl=None):
endpoint_section = {
'service': service,
'publicurl': url,
}
endpoint_sections = [
{'service': service, 'interface': 'public', 'url': url},
]
if adminurl:
endpoint_section.update( {
'adminurl': adminurl,
} )
return run_section_cmds(ctx, cclient, 'endpoint create', 'service',
[ endpoint_section ])
endpoint_sections.append(
{'service': service, 'interface': 'admin', 'url': adminurl}
)
run_section_cmds(ctx, cclient, 'endpoint create',
'service,interface,url',
endpoint_sections)

@contextlib.contextmanager
def fill_keystone(ctx, config):
assert isinstance(config, dict)

for (cclient, cconfig) in config.items():
# configure tenants/projects
run_section_cmds(ctx, cclient, 'domain create', 'name',
cconfig['domains'])
run_section_cmds(ctx, cclient, 'project create', 'name',
cconfig['tenants'])
cconfig['projects'])
run_section_cmds(ctx, cclient, 'user create', 'name',
cconfig['users'])
run_section_cmds(ctx, cclient, 'role create', 'name',
cconfig['roles'])
run_section_cmds(ctx, cclient, 'role add', 'name',
cconfig['role-mappings'])
run_section_cmds(ctx, cclient, 'service create', 'name',
run_section_cmds(ctx, cclient, 'service create', 'type',
cconfig['services'])

public_host, public_port = ctx.keystone.public_endpoints[cclient]
url = 'http://{host}:{port}/v2.0'.format(host=public_host,
url = 'http://{host}:{port}/v3'.format(host=public_host,
port=public_port)
admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
admin_url = 'http://{host}:{port}/v2.0'.format(host=admin_host,
admin_url = 'http://{host}:{port}/v3'.format(host=admin_host,
port=admin_port)
create_endpoint(ctx, cclient, 'keystone', url, admin_url)
# for the deferred endpoint creation; currently it's used in rgw.py
Expand Down Expand Up @@ -371,7 +380,10 @@ def task(ctx, config):
- keystone:
client.0:
force-branch: master
tenants:
domains:
- name: default
description: Default Domain
projects:
- name: admin
description: Admin Tenant
users:
Expand Down

0 comments on commit 0aca710

Please sign in to comment.