From: Kefu Chai Date: Mon, 25 May 2020 07:52:04 +0000 (+0800) Subject: qa/suites/rgw/tempest: bump up keystone to 17.0.0 X-Git-Tag: v15.2.4~42^2~15 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=00c9164ec2277d4bf58730d2cbdfd80e6aff9867;p=ceph.git qa/suites/rgw/tempest: bump up keystone to 17.0.0 * also generate a sample conf file following the document at https://github.com/openstack/keystone/tree/17.0.0.0rc2/etc * use "projects" instead of "tenants" to match the terminology used by openstack identify API 3.0. * test API 3.0 instead of API 2.0, by changing `rgw_keystone_api_version` from "2" to "3" * explicitly specify a domain "default" for project to be created, otherwise a POST request will fail with: ``` {"error":{"code":400,"message":"You have tried to create a resource using the admin token. As this token is not within a domain you must explicitly include a domain for this resource to belong to.","title":"Bad Request"}} ```` * create "default" domain, and use it, othewise a GET request fails like: ``` 2020-05-28T11:17:28.751 INFO:teuthology.orchestra.run.smithi092.stderr:http://smithi092.front.sepia.ceph.com:35357 "GET /v3/domains/default HTTP/1.1" 404 87 2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP: [404] Content-Length: 87 Content-Type: application/json Date: Thu, 28 May 2020 11:17:28 GMT Server: WSGIServer/0.2 CPython/3.6.9 Vary: X-Auth-Token x-openstack-request-id: req-bc33796f-2bc3-411c-a7fb-1208918e0dbd 2020-05-28T11:17:28.752 INFO:teuthology.orchestra.run.smithi092.stderr:RESP BODY: {"error":{"code":404,"message":"Could not find domain: default.","title":"Not Found"}} ``` * add user to "default" domain when creating it. * use "type" as the positional argument, per https://docs.openstack.org/keystone/pike/admin/cli-keystone-manage-services.html otherwise we will have failures like: ``` 2020-05-28T13:38:24.867 INFO:teuthology.orchestra.run.smithi198.stderr:openstack service create: error: unrecognized arguments: --type keystone ``` * update `create_endpoint()` to use the V3 API, see https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/endpoint.html Fixes: https://tracker.ceph.com/issues/45692 Signed-off-by: Kefu Chai (cherry picked from commit 9bd3e0ff4027cfbef0c62931b669f20c989e8bb2) --- diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml index a84a1627bfb9..0e0cda6204f7 100644 --- a/qa/suites/rgw/crypt/2-kms/barbican.yaml +++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml @@ -15,30 +15,41 @@ tasks: - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant + domain: default - name: rgwcrypt description: Encryption Tenant + domain: default - name: barbican description: Barbican + domain: default - name: s3 description: S3 project + domain: default users: - name: admin password: ADMIN project: admin + domain: default - name: rgwcrypt-user password: rgwcrypt-pass project: rgwcrypt + domain: default - name: barbican-user password: barbican-pass project: barbican + domain: default - name: s3-user password: s3-pass project: s3 + domain: default roles: [ name: admin, name: Member, name: creator ] role-mappings: - name: admin diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml index ad2de4858b56..3f94dce94aa3 100644 --- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml +++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml @@ -8,15 +8,20 @@ tasks: - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant + domain: default users: - name: admin password: ADMIN project: admin + domain: default roles: [ name: admin, name: Member ] role-mappings: - name: admin @@ -46,7 +51,9 @@ tasks: identity: uri: http://{keystone_public_host}:{keystone_public_port}/v2.0/ uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/ + auth_version: v3 admin_role: admin + default_domain_name: default object-storage: reseller_admin_role: admin object-storage-feature-enabled: @@ -69,6 +76,7 @@ overrides: osd_min_pg_log_entries: 10 osd_max_pg_log_entries: 10 client: + rgw keystone api version: 3 rgw keystone admin token: ADMIN rgw keystone accepted roles: admin,Member rgw keystone implicit tenants: true diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py index 51a9af1f9ebb..a4f619d33948 100644 --- a/qa/tasks/barbican.py +++ b/qa/tasks/barbican.py @@ -393,9 +393,12 @@ def task(ctx, config): - tox: [ client.0 ] - keystone: client.0: - sha1: 12.0.0.0b2 + sha1: 17.0.0.0rc2 force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant - name: rgwcrypt diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py index 88abd7b97801..5690082eef2a 100644 --- a/qa/tasks/keystone.py +++ b/qa/tasks/keystone.py @@ -152,6 +152,13 @@ def configure_instance(ctx, config): keyrepo_dir = '{kdir}/etc/fernet-keys'.format(kdir=get_keystone_dir(ctx)) for (client, _) in config.items(): # prepare the config file + run_in_keystone_dir(ctx, client, + [ + 'source', + f'{get_toxvenv_dir(ctx)}/bin/activate', + run.Raw('&&'), + 'tox', '-e', 'genconfig' + ]) run_in_keystone_dir(ctx, client, [ 'cp', '-f', @@ -284,8 +291,8 @@ def run_section_cmds(ctx, cclient, section_cmd, special, auth_section = [ ( 'os-token', 'ADMIN' ), - ( 'os-identity-api-version', '2.0' ), - ( 'os-url', 'http://{host}:{port}/v2.0'.format(host=admin_host, + ( 'os-identity-api-version', '3' ), + ( 'os-url', 'http://{host}:{port}/v3'.format(host=admin_host, port=admin_port) ), ] @@ -296,16 +303,16 @@ def run_section_cmds(ctx, cclient, section_cmd, special, [ '--debug' ]) def create_endpoint(ctx, cclient, service, url, adminurl=None): - endpoint_section = { - 'service': service, - 'publicurl': url, - } + endpoint_sections = [ + {'service': service, 'interface': 'public', 'url': url}, + ] if adminurl: - endpoint_section.update( { - 'adminurl': adminurl, - } ) - return run_section_cmds(ctx, cclient, 'endpoint create', 'service', - [ endpoint_section ]) + endpoint_sections.append( + {'service': service, 'interface': 'admin', 'url': adminurl} + ) + run_section_cmds(ctx, cclient, 'endpoint create', + 'service,interface,url', + endpoint_sections) @contextlib.contextmanager def fill_keystone(ctx, config): @@ -313,22 +320,24 @@ def fill_keystone(ctx, config): for (cclient, cconfig) in config.items(): # configure tenants/projects + run_section_cmds(ctx, cclient, 'domain create', 'name', + cconfig['domains']) run_section_cmds(ctx, cclient, 'project create', 'name', - cconfig['tenants']) + cconfig['projects']) run_section_cmds(ctx, cclient, 'user create', 'name', cconfig['users']) run_section_cmds(ctx, cclient, 'role create', 'name', cconfig['roles']) run_section_cmds(ctx, cclient, 'role add', 'name', cconfig['role-mappings']) - run_section_cmds(ctx, cclient, 'service create', 'name', + run_section_cmds(ctx, cclient, 'service create', 'type', cconfig['services']) public_host, public_port = ctx.keystone.public_endpoints[cclient] - url = 'http://{host}:{port}/v2.0'.format(host=public_host, + url = 'http://{host}:{port}/v3'.format(host=public_host, port=public_port) admin_host, admin_port = ctx.keystone.admin_endpoints[cclient] - admin_url = 'http://{host}:{port}/v2.0'.format(host=admin_host, + admin_url = 'http://{host}:{port}/v3'.format(host=admin_host, port=admin_port) create_endpoint(ctx, cclient, 'keystone', url, admin_url) # for the deferred endpoint creation; currently it's used in rgw.py @@ -368,7 +377,10 @@ def task(ctx, config): - keystone: client.0: force-branch: master - tenants: + domains: + - name: default + description: Default Domain + projects: - name: admin description: Admin Tenant users: