run.Raw('&&')
] + args)
-def get_keystone_venved_cmd(ctx, cmd, args):
+def get_keystone_venved_cmd(ctx, cmd, args, env=[]):
kbindir = get_keystone_dir(ctx) + '/.tox/venv/bin/'
- return [ kbindir + 'python', kbindir + cmd ] + args
+ return env + [ kbindir + 'python', kbindir + cmd ] + args
@contextlib.contextmanager
def download(ctx, config):
for dep in packages[client]:
remove_package(dep, remote)
+def run_mysql_query(ctx, remote, query):
+ query_arg = '--execute="{}"'.format(query)
+ args = ['sudo', 'mysql', run.Raw(query_arg)]
+ remote.run(args=args)
+
+@contextlib.contextmanager
+def setup_database(ctx, config):
+ """
+ Setup database for Keystone.
+ """
+ assert isinstance(config, dict)
+ log.info('Setting up database for keystone...')
+
+ for (client, cconf) in config.items():
+ (remote,) = ctx.cluster.only(client).remotes.keys()
+
+ # MariaDB on RHEL/CentOS needs service started after package install
+ # while Ubuntu starts service by default.
+ if remote.os.name == 'rhel' or remote.os.name == 'centos':
+ remote.run(args=['sudo', 'systemctl', 'restart', 'mariadb'])
+
+ run_mysql_query(ctx, remote, "CREATE USER 'keystone'@'localhost' IDENTIFIED BY 'SECRET';")
+ run_mysql_query(ctx, remote, "CREATE DATABASE keystone;")
+ run_mysql_query(ctx, remote, "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost';")
+ run_mysql_query(ctx, remote, "FLUSH PRIVILEGES;")
+
+ try:
+ yield
+ finally:
+ pass
+
@contextlib.contextmanager
def setup_venv(ctx, config):
"""
assert isinstance(config, dict)
log.info('Setting up virtualenv for keystone...')
for (client, _) in config.items():
+ run_in_keystone_dir(ctx, client,
+ ['sed', '-i', 's/usedevelop.*/usedevelop=false/g', 'tox.ini'])
+
run_in_keystone_dir(ctx, client,
[ 'source',
'{tvdir}/bin/activate'.format(tvdir=get_toxvenv_dir(ctx)),
assert isinstance(config, dict)
log.info('Configuring keystone...')
- keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=get_keystone_dir(ctx))
+ kdir = get_keystone_dir(ctx)
+ keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=kdir)
for (client, _) in config.items():
# prepare the config file
run_in_keystone_dir(ctx, client,
'-e', 's^#key_repository =.*^key_repository = {kr}^'.format(kr = keyrepo_dir),
'-i', 'etc/keystone.conf'
])
+ run_in_keystone_dir(ctx, client,
+ [
+ 'sed',
+ '-e', 's^#connection =.*^connection = mysql+pymysql://keystone:SECRET@localhost/keystone^',
+ '-i', 'etc/keystone.conf'
+ ])
# log to a file that gets archived
log_file = '{p}/archive/keystone.{c}.log'.format(p=teuthology.get_testdir(ctx), c=client)
run_in_keystone_dir(ctx, client,
'{}/archive/keystone.{}.conf'.format(teuthology.get_testdir(ctx), client)
])
+ conf_file = '{kdir}/etc/keystone.conf'.format(kdir=get_keystone_dir(ctx))
+
# prepare key repository for Fetnet token authenticator
run_in_keystone_dir(ctx, client, [ 'mkdir', '-p', keyrepo_dir ])
- run_in_keystone_venv(ctx, client, [ 'keystone-manage', 'fernet_setup' ])
+ run_in_keystone_venv(ctx, client, [ 'keystone-manage', '--config-file', conf_file, 'fernet_setup' ])
# sync database
- run_in_keystone_venv(ctx, client, [ 'keystone-manage', 'db_sync' ])
+ run_in_keystone_venv(ctx, client, [ 'keystone-manage', '--config-file', conf_file, 'db_sync' ])
yield
@contextlib.contextmanager
assert isinstance(config, dict)
log.info('Configuring keystone...')
+ conf_file = '{kdir}/etc/keystone.conf'.format(kdir=get_keystone_dir(ctx))
+
for (client, _) in config.items():
(remote,) = ctx.cluster.only(client).remotes.keys()
cluster_name, _, client_id = teuthology.split_role(client)
# our other daemons, doesn't quit on stdin.close().
# Teuthology relies on this behaviour.
run.Raw('& { read; kill %1; }')
- ]
+ ],
+ [
+ run.Raw('OS_KEYSTONE_CONFIG_FILES={}'.format(conf_file)),
+ ],
)
ctx.daemons.add_daemon(
remote, 'keystone', client_public_with_id,
args=run_cmd,
logger=log.getChild(client),
stdin=run.PIPE,
- cwd=get_keystone_dir(ctx),
- wait=False,
- check_status=False,
- )
-
- # start the admin endpoint
- client_admin_with_id = 'keystone.admin' + '.' + client_id
-
- admin_host, admin_port = ctx.keystone.admin_endpoints[client]
- run_cmd = get_keystone_venved_cmd(ctx, 'keystone-wsgi-admin',
- [ '--host', admin_host, '--port', str(admin_port),
- run.Raw('& { read; kill %1; }')
- ]
- )
- ctx.daemons.add_daemon(
- remote, 'keystone', client_admin_with_id,
- cluster=cluster_name,
- args=run_cmd,
- logger=log.getChild(client),
- stdin=run.PIPE,
- cwd=get_keystone_dir(ctx),
wait=False,
check_status=False,
)
try:
yield
finally:
- log.info('Stopping Keystone admin instance')
- ctx.daemons.get_daemon('keystone', client_admin_with_id,
- cluster_name).stop()
-
log.info('Stopping Keystone public instance')
ctx.daemons.get_daemon('keystone', client_public_with_id,
cluster_name).stop()
def run_section_cmds(ctx, cclient, section_cmd, specials,
section_config_list):
- admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
+ public_host, public_port = ctx.keystone.public_endpoints[cclient]
auth_section = [
( 'os-username', 'admin' ),
( 'os-project-name', 'admin' ),
( 'os-project-domain-id', 'default' ),
( 'os-identity-api-version', '3' ),
- ( 'os-auth-url', 'http://{host}:{port}/v3'.format(host=admin_host,
- port=admin_port) ),
+ ( 'os-auth-url', 'http://{host}:{port}/v3'.format(host=public_host,
+ port=public_port) ),
]
for section_item in section_config_list:
public_host, public_port = ctx.keystone.public_endpoints[cclient]
url = 'http://{host}:{port}/v3'.format(host=public_host,
port=public_port)
- admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
- admin_url = 'http://{host}:{port}/v3'.format(host=admin_host,
- port=admin_port)
opts = {'password': 'ADMIN',
'region-id': 'RegionOne',
'internal-url': url,
- 'admin-url': admin_url,
+ 'admin-url': url,
'public-url': url}
bootstrap_args = chain.from_iterable(('--bootstrap-{}'.format(k), v)
for k, v in opts.items())
+ conf_file = '{kdir}/etc/keystone.conf'.format(kdir=get_keystone_dir(ctx))
run_in_keystone_venv(ctx, cclient,
- ['keystone-manage', 'bootstrap'] +
+ ['keystone-manage', '--config-file', conf_file, 'bootstrap'] +
list(bootstrap_args))
# configure tenants/projects
- run_section_cmds(ctx, cclient, 'domain create', 'name',
+ run_section_cmds(ctx, cclient, 'domain create --or-show', 'name',
cconfig.get('domains', []))
- run_section_cmds(ctx, cclient, 'project create', 'name',
+ run_section_cmds(ctx, cclient, 'project create --or-show', 'name',
cconfig.get('projects', []))
- run_section_cmds(ctx, cclient, 'user create', 'name',
+ run_section_cmds(ctx, cclient, 'user create --or-show', 'name',
cconfig.get('users', []))
- run_section_cmds(ctx, cclient, 'role create', 'name',
+ run_section_cmds(ctx, cclient, 'role create --or-show', 'name',
cconfig.get('roles', []))
run_section_cmds(ctx, cclient, 'role add', 'name',
cconfig.get('role-mappings', []))
client.0:
force-branch: master
domains:
- - name: default
- description: Default Domain
+ - name: custom
+ description: Custom domain
projects:
- - name: admin
- description: Admin Tenant
+ - name: custom
+ description: Custom project
users:
- - name: admin
- password: ADMIN
- project: admin
- roles: [ name: admin, name: Member ]
+ - name: custom
+ password: SECRET
+ project: custom
+ roles: [ name: custom ]
role-mappings:
- - name: admin
- user: admin
- project: admin
+ - name: custom
+ user: custom
+ project: custom
services:
- - name: keystone
- type: identity
- description: Keystone Identity Service
- name: swift
type: object-store
description: Swift Service
ctx.keystone = argparse.Namespace()
ctx.keystone.public_endpoints = assign_ports(ctx, config, 5000)
- ctx.keystone.admin_endpoints = assign_ports(ctx, config, 35357)
with contextutil.nested(
lambda: download(ctx=ctx, config=config),
lambda: install_packages(ctx=ctx, config=config),
+ lambda: setup_database(ctx=ctx, config=config),
lambda: setup_venv(ctx=ctx, config=config),
lambda: configure_instance(ctx=ctx, config=config),
lambda: run_keystone(ctx=ctx, config=config),