From 5f02e8f67ddc0598c05f669e10c8c9df12edfb33 Mon Sep 17 00:00:00 2001 From: Kefu Chai Date: Mon, 25 May 2020 15:52:04 +0800 Subject: [PATCH] qa/suites/rgw/tempest: bump up keystone to 17.0.0 * also generate a sample conf file following the document at https://github.com/openstack/keystone/tree/17.0.0.0rc2/etc * use "projects" instead of "tenants" to match the terminology used by openstack identify API 3.0. * test API 3.0 instead of API 2.0, by changing `rgw_keystone_api_version` from "2" to "3" * explicitly specify a domain "default" for project to be created, otherwise a POST request will fail with: ``` {"error":{"code":400,"message":"You have tried to create a resource using the admin token. As this token is not within a domain you must explicitly include a domain for this resource to belong to.","title":"Bad Request"}} ```` * create "default" domain, and use it, othewise a GET request fails like: ``` 2020-05-28T11:17:28.751 INFO:teuthology.orchestra.run.smithi092.stderr:http://smithi092.front.sepia.ceph.com:35357 "GET /v3/domains/default HTTP/1.1" 404 87 2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP: [404] Content-Length: 87 Content-Type: application/json Date: Thu, 28 May 2020 11:17:28 GMT Server: WSGIServer/0.2 CPython/3.6.9 Vary: X-Auth-Token x-openstack-request-id: req-bc33796f-2bc3-411c-a7fb-1208918e0dbd 2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP BODY: {"error":{"code":404,"message":"Could not find domain: default.","title":"Not Found"}} ``` * add user to "default" domain when creating it. * use "type" as the positional argument, per https://docs.openstack.org/keystone/pike/admin/cli-keystone-manage-services.html otherwise we will have failures like: ``` 2020-05-28T13:38:24.867 INFO:teuthology.orchestra.run.smithi198.stderr:openstack service create: error: unrecognized arguments: --type keystone ``` * update `create_endpoint()` to use the V3 API, see https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/endpoint.html Fixes: https://tracker.ceph.com/issues/45692 Signed-off-by: Kefu Chai --- qa/suites/rgw/crypt/2-kms/barbican.yaml | 15 ++++++- qa/suites/rgw/tempest/tasks/rgw_tempest.yaml | 12 +++++- qa/tasks/barbican.py | 7 +++- qa/tasks/keystone.py | 44 +++++++++++++------- 4 files changed, 56 insertions(+), 22 deletions(-) diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml index a84a1627bfb9..0e0cda6204f7 100644 --- a/qa/suites/rgw/crypt/2-kms/barbican.yaml +++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml @@ -15,30 +15,41 @@ tasks: - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant + domain: default - name: rgwcrypt description: Encryption Tenant + domain: default - name: barbican description: Barbican + domain: default - name: s3 description: S3 project + domain: default users: - name: admin password: ADMIN project: admin + domain: default - name: rgwcrypt-user password: rgwcrypt-pass project: rgwcrypt + domain: default - name: barbican-user password: barbican-pass project: barbican + domain: default - name: s3-user password: s3-pass project: s3 + domain: default roles: [ name: admin, name: Member, name: creator ] role-mappings: - name: admin diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml index ad2de4858b56..3f94dce94aa3 100644 --- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml +++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml @@ -8,15 +8,20 @@ tasks: - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant + domain: default users: - name: admin password: ADMIN project: admin + domain: default roles: [ name: admin, name: Member ] role-mappings: - name: admin @@ -46,7 +51,9 @@ tasks: identity: uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/ uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/ + auth_version: v3 admin_role: admin + default_domain_name: default object-storage: reseller_admin_role: admin object-storage-feature-enabled: @@ -69,6 +76,7 @@ overrides: osd_min_pg_log_entries: 10 osd_max_pg_log_entries: 10 client: + rgw keystone api version: 3 rgw keystone admin token: ADMIN rgw keystone accepted roles: admin,Member rgw keystone implicit tenants: true diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py index 6c7f97376ec4..71f3a7346e39 100644 --- a/qa/tasks/barbican.py +++ b/qa/tasks/barbican.py @@ -394,9 +394,12 @@ def task(ctx, config): - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant - name: rgwcrypt diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py index 21ff816e280c..058804fe6b15 100644 --- a/qa/tasks/keystone.py +++ b/qa/tasks/keystone.py @@ -155,6 +155,13 @@ def configure_instance(ctx, config): keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=get_keystone_dir(ctx)) for (client, _) in config.items(): # prepare the config file + run_in_keystone_dir(ctx, client, + [ + 'source', + f'{get_toxvenv_dir(ctx)}/bin/activate', + run.Raw('&&'), + 'tox', '-e', 'genconfig' + ]) run_in_keystone_dir(ctx, client, [ 'cp', '-f', @@ -287,8 +294,8 @@ def run_section_cmds(ctx, cclient, section_cmd, specials, auth_section = [ ( 'os-token', 'ADMIN' ), - ( 'os-identity-api-version', '2.0' ), - ( 'os-url', 'http://{host}:{port}/v2.0'.format(host=admin_host, + ( 'os-identity-api-version', '3' ), + ( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host, port=admin_port) ), ] @@ -299,16 +306,16 @@ def run_section_cmds(ctx, cclient, section_cmd, specials, [ '--debug' ]) def create_endpoint(ctx, cclient, service, url, adminurl=None): - endpoint_section = { - 'service': service, - 'publicurl': url, - } + endpoint_sections = [ + {'service': service, 'interface': 'public', 'url': url}, + ] if adminurl: - endpoint_section.update( { - 'adminurl': adminurl, - } ) - return run_section_cmds(ctx, cclient, 'endpoint create', 'service', - [ endpoint_section ]) + endpoint_sections.append( + {'service': service, 'interface': 'admin', 'url': adminurl} + ) + run_section_cmds(ctx, cclient, 'endpoint create', + 'service,interface,url', + endpoint_sections) @contextlib.contextmanager def fill_keystone(ctx, config): @@ -316,22 +323,24 @@ def fill_keystone(ctx, config): for (cclient, cconfig) in config.items(): # configure tenants/projects + run_section_cmds(ctx, cclient, 'domain create', 'name', + cconfig['domains']) run_section_cmds(ctx, cclient, 'project create', 'name', - cconfig['tenants']) + cconfig['projects']) run_section_cmds(ctx, cclient, 'user create', 'name', cconfig['users']) run_section_cmds(ctx, cclient, 'role create', 'name', cconfig['roles']) run_section_cmds(ctx, cclient, 'role add', 'name', cconfig['role-mappings']) - run_section_cmds(ctx, cclient, 'service create', 'name', + run_section_cmds(ctx, cclient, 'service create', 'type', cconfig['services']) public_host, public_port = ctx.keystone.public_endpoints[cclient] - url = 'http://{host}:{port}/v2.0'.format(host=public_host, + url = 'http://{host}:{port}/v3'.format(host=public_host, port=public_port) admin_host, admin_port = ctx.keystone.admin_endpoints[cclient] - admin_url = 'http://{host}:{port}/v2.0'.format(host=admin_host, + admin_url = 'http://{host}:{port}/v3'.format(host=admin_host, port=admin_port) create_endpoint(ctx, cclient, 'keystone', url, admin_url) # for the deferred endpoint creation; currently it's used in rgw.py @@ -371,7 +380,10 @@ def task(ctx, config): - keystone: client.0: force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant users: