qa/tasks/keystone: use "keystone-manage bootstrap"

* qa/tasks/keystone.py:
  instead of prefilling keystone manually, use "keystone-manage bootstrap"
  instead. it helps to setup the admin user, a "Default" domain with
  "default" id, and wire them up with the expected role and a "admin" project,
  etc. as id of the admin domain is known to be "default", we can just use it
  in our tests without querying openstack for the id of "Default"
  domain. this is very handy.
* qa/suites/rgw/tempest/tasks/rgw_tempest.yaml:
  use "Default" for domain name. as "Default" is the name of the domain
  created by bootstrap, while "default" is its id.
* qa/suites/rgw/crypt/2-kms/barbican.yaml:
  remove settings to bootstrap keystone

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml
index 0e0cda6204f78e701d416b61265009bbdb9265ea..c4a22a6cdb3ca8a3668b365172de5751313c870c 100644 (file)
--- a/qa/suites/rgw/crypt/2-kms/barbican.yaml
+++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml
@@ -17,13 +17,7 @@ tasks:
     client.0:
       sha1: 17.0.0.0rc2
       force-branch: master
-      domains:
-        - name: default
-          description: Default Domain
       projects:
-        - name: admin
-          description:  Admin Tenant
-          domain: default
         - name: rgwcrypt
           description: Encryption Tenant
           domain: default
@@ -34,10 +28,6 @@ tasks:
           description: S3 project
           domain: default
       users:
-        - name: admin
-          password: ADMIN
-          project: admin
-          domain: default
         - name: rgwcrypt-user
           password: rgwcrypt-pass
           project: rgwcrypt
@@ -50,11 +40,8 @@ tasks:
           password: s3-pass
           project: s3
           domain: default
-      roles: [ name: admin, name: Member, name: creator ]
+      roles: [ name: Member, name: creator ]
       role-mappings:
-        - name: admin
-          user: admin
-          project: admin
         - name: Member
           user: rgwcrypt-user
           project: rgwcrypt
@@ -65,9 +52,6 @@ tasks:
           user: s3-user
           project: s3
       services:
-        - name: keystone
-          type: identity
-          description: Keystone Identity Service
         - name: swift
           type: object-store
           description: Swift Service

diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
index e6a96c0ba7d89b81c25531e8d71a8f67623af388..cc15a08546ec06f384d8e0d2fe488498f172234a 100644 (file)
--- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
+++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml
@@ -10,27 +10,7 @@ tasks:
     client.0:
       sha1: 17.0.0.0rc2
       force-branch: master
-      domains:
-        - name: default
-          description: Default Domain
-      projects:
-        - name: admin
-          description:  Admin Tenant
-          domain: default
-      users:
-        - name: admin
-          password: ADMIN
-          project: admin
-          domain: default
-      roles: [ name: admin, name: Member ]
-      role-mappings:
-        - name: admin
-          user: admin
-          project: admin
       services:
-        - name: keystone
-          type: identity
-          description: Keystone Identity Service
         - name: swift
           type: object-store
           description: Swift Service
@@ -53,7 +33,7 @@ tasks:
         uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/
         auth_version: v3
         admin_role: admin
-        default_domain_name: default
+        default_domain_name: Default
       object-storage:
         reseller_admin_role: admin
       object-storage-feature-enabled:

diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py
index 71f3a7346e39970bb2a82457714be06c30b08a82..65e223e126349ff92366d42310fa48d2936edb07 100644 (file)
--- a/qa/tasks/barbican.py
+++ b/qa/tasks/barbican.py
@@ -396,12 +396,7 @@ def task(ctx, config):
           client.0:
             sha1: 17.0.0.0rc2
             force-branch: master
-            domains:
-              - name: default
-                description: Default Domain
             projects:
-              - name: admin
-                description:  Admin Tenant
               - name: rgwcrypt
                 description: Encryption Tenant
               - name: barbican
@@ -409,9 +404,6 @@ def task(ctx, config):
               - name: s3
                 description: S3 project
             users:
-              - name: admin
-                password: ADMIN
-                project: admin
               - name: rgwcrypt-user
                 password: rgwcrypt-pass
                 project: rgwcrypt
@@ -421,11 +413,8 @@ def task(ctx, config):
               - name: s3-user
                 password: s3-pass
                 project: s3
-            roles: [ name: admin, name: Member, name: creator ]
+            roles: [ name: Member, name: creator ]
             role-mappings:
-              - name: admin
-                user: admin
-                project: admin
               - name: Member
                 user: rgwcrypt-user
                 project: rgwcrypt

diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py
index 058804fe6b15d937588c547032e2b083c79ff55c..f3f46365210c28231b8a1fbbf08d788d432c861b 100644 (file)
--- a/qa/tasks/keystone.py
+++ b/qa/tasks/keystone.py
@@ -7,6 +7,7 @@ import logging
 
 # still need this for python3.6
 from collections import OrderedDict
+from itertools import chain
 
 from teuthology import misc as teuthology
 from teuthology import contextutil
@@ -322,27 +323,40 @@ def fill_keystone(ctx, config):
     assert isinstance(config, dict)
 
     for (cclient, cconfig) in config.items():
+        public_host, public_port = ctx.keystone.public_endpoints[cclient]
+        url = 'http://{host}:{port}/v3'.format(host=public_host,
+                                               port=public_port)
+        admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
+        admin_url = 'http://{host}:{port}/v3'.format(host=admin_host,
+                                                     port=admin_port)
+        opts = {'password': 'ADMIN',
+                'username': 'admin',
+                'project-name': 'admin',
+                'role-name': 'admin',
+                'service-name': 'keystone',
+                'region-id': 'RegionOne',
+                'admin-url': admin_url,
+                'public-url': url}
+        bootstrap_args = chain.from_iterable(('--bootstrap-{}'.format(k), v)
+                                             for k, v in opts.items())
+        run_in_keystone_venv(ctx, cclient,
+                             ['keystone-manage', 'bootstrap'] +
+                             list(bootstrap_args))
+
         # configure tenants/projects
         run_section_cmds(ctx, cclient, 'domain create', 'name',
-                         cconfig['domains'])
+                         cconfig.get('domains', []))
         run_section_cmds(ctx, cclient, 'project create', 'name',
-                         cconfig['projects'])
+                         cconfig.get('projects', []))
         run_section_cmds(ctx, cclient, 'user create', 'name',
-                         cconfig['users'])
+                         cconfig.get('users', []))
         run_section_cmds(ctx, cclient, 'role create', 'name',
-                         cconfig['roles'])
+                         cconfig.get('roles', []))
         run_section_cmds(ctx, cclient, 'role add', 'name',
-                         cconfig['role-mappings'])
+                         cconfig.get('role-mappings', []))
         run_section_cmds(ctx, cclient, 'service create', 'type',
-                         cconfig['services'])
+                         cconfig.get('services', []))
 
-        public_host, public_port = ctx.keystone.public_endpoints[cclient]
-        url = 'http://{host}:{port}/v3'.format(host=public_host,
-                                                 port=public_port)
-        admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
-        admin_url = 'http://{host}:{port}/v3'.format(host=admin_host,
-                                                       port=admin_port)
-        create_endpoint(ctx, cclient, 'keystone', url, admin_url)
         # for the deferred endpoint creation; currently it's used in rgw.py
         ctx.keystone.create_endpoint = create_endpoint