From a53c69943ca363c6e7b377f5c538553e037d9bf5 Mon Sep 17 00:00:00 2001 From: Kefu Chai Date: Sun, 31 May 2020 08:38:00 +0800 Subject: [PATCH] qa/tasks/keystone: use "keystone-manage bootstrap" * qa/tasks/keystone.py: instead of prefilling keystone manually, use "keystone-manage bootstrap" instead. it helps to setup the admin user, a "Default" domain with "default" id, and wire them up with the expected role and a "admin" project, etc. as id of the admin domain is known to be "default", we can just use it in our tests without querying openstack for the id of "Default" domain. this is very handy. * qa/suites/rgw/tempest/tasks/rgw_tempest.yaml: use "Default" for domain name. as "Default" is the name of the domain created by bootstrap, while "default" is its id. * qa/suites/rgw/crypt/2-kms/barbican.yaml: remove settings to bootstrap keystone Signed-off-by: Kefu Chai --- qa/suites/rgw/crypt/2-kms/barbican.yaml | 18 +-------- qa/suites/rgw/tempest/tasks/rgw_tempest.yaml | 22 +---------- qa/tasks/barbican.py | 13 +------ qa/tasks/keystone.py | 40 +++++++++++++------- 4 files changed, 30 insertions(+), 63 deletions(-) diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml index 0e0cda6204f78..c4a22a6cdb3ca 100644 --- a/qa/suites/rgw/crypt/2-kms/barbican.yaml +++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml @@ -17,13 +17,7 @@ tasks: client.0: sha1: 17.0.0.0rc2 force-branch: master - domains: - - name: default - description: Default Domain projects: - - name: admin - description: Admin Tenant - domain: default - name: rgwcrypt description: Encryption Tenant domain: default @@ -34,10 +28,6 @@ tasks: description: S3 project domain: default users: - - name: admin - password: ADMIN - project: admin - domain: default - name: rgwcrypt-user password: rgwcrypt-pass project: rgwcrypt @@ -50,11 +40,8 @@ tasks: password: s3-pass project: s3 domain: default - roles: [ name: admin, name: Member, name: creator ] + roles: [ name: Member, name: creator ] role-mappings: - - name: admin - user: admin - project: admin - name: Member user: rgwcrypt-user project: rgwcrypt @@ -65,9 +52,6 @@ tasks: user: s3-user project: s3 services: - - name: keystone - type: identity - description: Keystone Identity Service - name: swift type: object-store description: Swift Service diff --git a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml index e6a96c0ba7d89..cc15a08546ec0 100644 --- a/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml +++ b/qa/suites/rgw/tempest/tasks/rgw_tempest.yaml @@ -10,27 +10,7 @@ tasks: client.0: sha1: 17.0.0.0rc2 force-branch: master - domains: - - name: default - description: Default Domain - projects: - - name: admin - description: Admin Tenant - domain: default - users: - - name: admin - password: ADMIN - project: admin - domain: default - roles: [ name: admin, name: Member ] - role-mappings: - - name: admin - user: admin - project: admin services: - - name: keystone - type: identity - description: Keystone Identity Service - name: swift type: object-store description: Swift Service @@ -53,7 +33,7 @@ tasks: uri_v3: http://{keystone_public_host}:{keystone_public_port}/v3/ auth_version: v3 admin_role: admin - default_domain_name: default + default_domain_name: Default object-storage: reseller_admin_role: admin object-storage-feature-enabled: diff --git a/qa/tasks/barbican.py b/qa/tasks/barbican.py index 71f3a7346e399..65e223e126349 100644 --- a/qa/tasks/barbican.py +++ b/qa/tasks/barbican.py @@ -396,12 +396,7 @@ def task(ctx, config): client.0: sha1: 17.0.0.0rc2 force-branch: master - domains: - - name: default - description: Default Domain projects: - - name: admin - description: Admin Tenant - name: rgwcrypt description: Encryption Tenant - name: barbican @@ -409,9 +404,6 @@ def task(ctx, config): - name: s3 description: S3 project users: - - name: admin - password: ADMIN - project: admin - name: rgwcrypt-user password: rgwcrypt-pass project: rgwcrypt @@ -421,11 +413,8 @@ def task(ctx, config): - name: s3-user password: s3-pass project: s3 - roles: [ name: admin, name: Member, name: creator ] + roles: [ name: Member, name: creator ] role-mappings: - - name: admin - user: admin - project: admin - name: Member user: rgwcrypt-user project: rgwcrypt diff --git a/qa/tasks/keystone.py b/qa/tasks/keystone.py index 058804fe6b15d..f3f46365210c2 100644 --- a/qa/tasks/keystone.py +++ b/qa/tasks/keystone.py @@ -7,6 +7,7 @@ import logging # still need this for python3.6 from collections import OrderedDict +from itertools import chain from teuthology import misc as teuthology from teuthology import contextutil @@ -322,27 +323,40 @@ def fill_keystone(ctx, config): assert isinstance(config, dict) for (cclient, cconfig) in config.items(): + public_host, public_port = ctx.keystone.public_endpoints[cclient] + url = 'http://{host}:{port}/v3'.format(host=public_host, + port=public_port) + admin_host, admin_port = ctx.keystone.admin_endpoints[cclient] + admin_url = 'http://{host}:{port}/v3'.format(host=admin_host, + port=admin_port) + opts = {'password': 'ADMIN', + 'username': 'admin', + 'project-name': 'admin', + 'role-name': 'admin', + 'service-name': 'keystone', + 'region-id': 'RegionOne', + 'admin-url': admin_url, + 'public-url': url} + bootstrap_args = chain.from_iterable(('--bootstrap-{}'.format(k), v) + for k, v in opts.items()) + run_in_keystone_venv(ctx, cclient, + ['keystone-manage', 'bootstrap'] + + list(bootstrap_args)) + # configure tenants/projects run_section_cmds(ctx, cclient, 'domain create', 'name', - cconfig['domains']) + cconfig.get('domains', [])) run_section_cmds(ctx, cclient, 'project create', 'name', - cconfig['projects']) + cconfig.get('projects', [])) run_section_cmds(ctx, cclient, 'user create', 'name', - cconfig['users']) + cconfig.get('users', [])) run_section_cmds(ctx, cclient, 'role create', 'name', - cconfig['roles']) + cconfig.get('roles', [])) run_section_cmds(ctx, cclient, 'role add', 'name', - cconfig['role-mappings']) + cconfig.get('role-mappings', [])) run_section_cmds(ctx, cclient, 'service create', 'type', - cconfig['services']) + cconfig.get('services', [])) - public_host, public_port = ctx.keystone.public_endpoints[cclient] - url = 'http://{host}:{port}/v3'.format(host=public_host, - port=public_port) - admin_host, admin_port = ctx.keystone.admin_endpoints[cclient] - admin_url = 'http://{host}:{port}/v3'.format(host=admin_host, - port=admin_port) - create_endpoint(ctx, cclient, 'keystone', url, admin_url) # for the deferred endpoint creation; currently it's used in rgw.py ctx.keystone.create_endpoint = create_endpoint -- 2.39.5