conf:
client:
rgw crypt s3 kms backend: barbican
- rgw keystone barbican tenant: rgwcrypt
+ rgw keystone barbican project: rgwcrypt
rgw keystone barbican user: rgwcrypt-user
rgw keystone barbican password: rgwcrypt-pass
+ rgw keystone barbican domain: Default
+ rgw keystone api version: 3
+ rgw keystone accepted roles: admin,Member,creator
+ rgw keystone implicit tenants: true
+ rgw keystone accepted admin roles: admin
+ rgw swift enforce content length: true
+ rgw swift account in url: true
+ rgw swift versioning enabled: true
+ rgw keystone admin project: admin
+ rgw keystone admin user: admin
+ rgw keystone admin password: ADMIN
+ rgw keystone admin domain: Default
rgw:
client.0:
use-keystone-role: client.0
admin_project_name: admin
admin_password: ADMIN
admin_domain_name: Default
+ tempest_roles: admin
identity:
uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/
uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/
osd_max_pg_log_entries: 10
client:
rgw keystone api version: 3
- rgw keystone admin token: ADMIN
rgw keystone accepted roles: admin,Member
rgw keystone implicit tenants: true
rgw keystone accepted admin roles: admin
rgw swift enforce content length: true
rgw swift account in url: true
rgw swift versioning enabled: true
+ rgw keystone admin domain: Default
+ rgw keystone admin user: admin
+ rgw keystone admin password: ADMIN
+ rgw keystone admin project: admin
token_req = http_client.HTTPConnection(keystone_host, keystone_port, timeout=30)
token_req.request(
'POST',
- '/v2.0/tokens',
+ '/v3/auth/tokens',
headers={'Content-Type':'application/json'},
- body=json.dumps(
- {"auth":
- {"passwordCredentials":
- {"username": rgw_user["username"],
- "password": rgw_user["password"]
- },
- "tenantName": rgw_user["tenantName"]
- }
+ body=json.dumps({
+ "auth": {
+ "identity": {
+ "methods": ["password"],
+ "password": {
+ "user": {
+ "domain": {"id": "default"},
+ "name": rgw_user["username"],
+ "password": rgw_user["password"]
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "domain": {"id": "default"},
+ "name": rgw_user["tenantName"]
+ }
+ }
}
- )
- )
+ }))
rgw_access_user_resp = token_req.getresponse()
if not (rgw_access_user_resp.status >= 200 and
rgw_access_user_resp.status < 300):
raise Exception("Cannot authenticate user "+rgw_user["username"]+" for secret creation")
# baru_resp = json.loads(baru_req.data)
- rgw_access_user_data = json.loads(rgw_access_user_resp.read())
- rgw_user_id = rgw_access_user_data['access']['user']['id']
-
+ rgw_access_user_data = json.loads(six.ensure_str(rgw_access_user_resp.read()))
+ rgw_user_id = rgw_access_user_data['token']['user']['id']
if 'secrets' in cconfig:
for secret in cconfig['secrets']:
if 'name' not in secret:
token_req = http_client.HTTPConnection(keystone_host, keystone_port, timeout=30)
token_req.request(
'POST',
- '/v2.0/tokens',
+ '/v3/auth/tokens',
headers={'Content-Type':'application/json'},
- body=json.dumps(
- {
- "auth": {
- "passwordCredentials": {
- "username": secret["username"],
- "password": secret["password"]
- },
- "tenantName":secret["tenantName"]
+ body=json.dumps({
+ "auth": {
+ "identity": {
+ "methods": ["password"],
+ "password": {
+ "user": {
+ "domain": {"id": "default"},
+ "name": secret["username"],
+ "password": secret["password"]
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "domain": {"id": "default"},
+ "name": secret["tenantName"]
+ }
}
}
- )
- )
+ }))
token_resp = token_req.getresponse()
if not (token_resp.status >= 200 and
token_resp.status < 300):
raise Exception("Cannot authenticate user "+secret["username"]+" for secret creation")
- token_data = json.loads(token_resp.read())
- token_id = token_data['access']['token']['id']
+ token_id = token_resp.getheader('x-subject-token')
key1_json = json.dumps(
{
'etc/keystone.conf.sample',
'etc/keystone.conf'
])
- run_in_keystone_dir(ctx, client,
- [
- 'sed',
- '-e', 's/#admin_token =.*/admin_token = ADMIN/',
- '-i', 'etc/keystone.conf'
- ])
run_in_keystone_dir(ctx, client,
[
'sed',
admin_host, admin_port = ctx.keystone.admin_endpoints[cclient]
auth_section = [
- ( 'os-token', 'ADMIN' ),
+ ( 'os-username', 'admin' ),
+ ( 'os-password', 'ADMIN' ),
+ ( 'os-user-domain-id', 'default' ),
+ ( 'os-project-name', 'admin' ),
+ ( 'os-project-domain-id', 'default' ),
( 'os-identity-api-version', '3' ),
- ( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host,
- port=admin_port) ),
+ ( 'os-auth-url', 'http://{host}:{port}/v3'.format(host=admin_host,
+ port=admin_port) ),
]
for section_item in section_config_list:
ceph:
conf:
client:
- rgw keystone admin token: ADMIN
+ rgw keystone api version: 3
rgw keystone accepted roles: admin,Member
rgw keystone implicit tenants: true
rgw keystone accepted admin roles: admin
rgw swift enforce content length: true
rgw swift account in url: true
rgw swift versioning enabled: true
+ rgw keystone admin domain: Default
+ rgw keystone admin user: admin
+ rgw keystone admin password: ADMIN
+ rgw keystone admin project: admin
tasks:
# typically, the task should be preceded with install, ceph, tox,
# keystone and rgw. Tox and Keystone are specific requirements
projects / ceph.git / commitdiff