openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
Files
fbd9535221cbcae2dff59a8c2e970e51e69e7656
openstack-ansible-os_keystone/tests/test-keystone-functional.yml
Andy McCrae fbd9535221 Add credential_setup for keystone 
We need to setup the appropriate directory for credential_setup and run
the keystone-manage credential_setup command.

We created the directory and the '[credential]' stanza in the
keystone.conf, which will ensure we can add additional settings using
config_template if any further are required.

We need to setup the autorotation cron job and distribution for
credential keys.

Additionally, we include all tempest tests now that we are
supporting this feature.

Change-Id: Ifd85ed1a64538ed037e4426cc50238d2b16d51e5
2016-09-08 12:06:48 +01:00

90 lines
2.9 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Test that users/projects etc are consistent on both keystone hosts
- name: Playbook for functional testing keystone
hosts: keystone_all
user: root
gather_facts: false
tasks:
- name: Check the keystone api
uri:
url: "http://localhost:{{ item }}"
status_code: 300
register: result
until: result.status == 300
retries: 5
delay: 10
with_items:
- 5000
- 35357
- name: Check for expected users
keystone:
command: get_user
user_name: "{{ item }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
with_items:
- "admin"
- "keystone"
- name: Check for expected projects
keystone:
command: get_project
project_name: "{{ item }}"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
with_items:
- "admin"
- "service"
- name: Get SSL cert location and permissions
stat:
path: "/etc/ssl/certs/keystone.pem"
register: keystone_ssl_cert_stats
- name: Check SSL cert location and permissions
fail:
msg: "Keystone SSL cert permissions don't match 0640"
when: keystone_ssl_cert_stats.stat.mode != "0640"
- name: Get SSL key location and permissions
stat:
path: "/etc/ssl/private/keystone.key"
register: keystone_ssl_key_stats
- name: Check SSL key location and permissions
fail:
msg: "Keystone SSL key permissions don't match 0640"
when: keystone_ssl_key_stats.stat.mode != "0640"
vars_files:
- playbooks/test-vars.yml
# Run tempest identity tests on one keystone host.
- name: Playbook for functional testing keystone
hosts: keystone_all[0]
user: root
gather_facts: false
tasks:
- name: Run tempest
shell: |
. {{ tempest_venv_bin }}/activate
{{ tempest_venv_bin | dirname }}/run_tempest.sh --no-virtual-env ${RUN_TEMPEST_OPTS} '^tempest.api.identity.*'
environment:
RUN_TEMPEST_OPTS: "--serial"
vars_files:
- playbooks/test-vars.yml
View Git Blame Copy Permalink