yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #47207
[Bug 1441379] Re: Need Rally deployment create support on domain_id or domain_name in order to support keystone v3 test (which needs domain scoped token). The current project scoped token only works in service API but not keystone v3 API (DTUG domain, user, group...).
sounds like this is a rally issue, marking keystone as invalid
** Changed in: keystone
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1441379
Title:
Need Rally deployment create support on domain_id or domain_name in
order to support keystone v3 test (which needs domain scoped token).
The current project scoped token only works in service API but not
keystone v3 API (DTUG domain, user, group...).
Status in OpenStack Identity (keystone):
Invalid
Status in Rally:
Triaged
Bug description:
For keystone v3 testing, most test should based on domain scoped token but not project scoped token. And either domain_name/domain_id is required for keystone v3 domain scoped token. Rally need to pick up either domain_id or domain_name in its v3 config, in order to work with keystone v3:
Failed validating 'anyOf' in schema:
{'anyOf': [{'properties': {'admin': {'$ref': '#/definitions/user'}},
'required': ['type', 'auth_url', 'admin']},
{'required': ['type', 'auth_url', 'users'],
'users': {'items': {'$ref': '#/definitions/user'},
'type': 'array'}}],
'definitions': {'user': {'oneOf': [{'properties': {'tenant_name': {'type': 'string'}},
'required': ['username',
'password',
'tenant_name']},
{'properties': {'project_domain_name': {'type': 'string'},
'project_name': {'type': 'string'},
'user_domain_name': {'type': 'string'}},
'required': ['username',
'password',
'project_name']}],
'properties': {'password': {'type': 'string'},
'username': {'type': 'string'}},
'type': 'object'}},
'properties': {'auth_url': {'type': 'string'},
'endpoint_type': {'enum': ['admin',
'internal',
'public'],
'type': 'string'},
'region_name': {'type': 'string'},
'type': {'type': 'string'}},
'type': 'object'}
Here's a test:
Project scoped token deployment looks fine, but domain scoped token deployment failed. Check the following test:
1. Project scoped token deploy:
$ cat m.json
{
"admin": {
"project_name": "admin",
"password": "admin",
"project_domain_name": "Default",
"user_domain_name": "Default",
"username": "admin"
},
"auth_url": "https://localhost:5000/v3/";,
"endpoint_type": "public",
"https_cacert": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt",
"https_insecure": False,
"region_name": "regionOne",
"type": "ExistingCloud",
}
$ rally deployment create --filename=m.json --name=apaltestHAKVMv3
+--------------------------------------+----------------------------+-----------------+------------------+--------+
| uuid | created_at | name | status | active |
+--------------------------------------+----------------------------+-----------------+------------------+--------+
| 01ca22c6-9ad0-422b-ae77-7e9d863234b0 | 2015-04-07 22:33:55.921296 | apaltestHAKVMv3 | deploy->finished | |
+--------------------------------------+----------------------------+-----------------+------------------+--------+
Using deployment: 01ca22c6-9ad0-422b-ae77-7e9d863234b0
~/.rally/openrc was updated
HINTS:
* To get your cloud resources, run:
rally show [flavors|images|keypairs|networks|secgroups]
* To use standard OpenStack clients, set up your env by running:
source ~/.rally/openrc
OpenStack clients are now configured, e.g run:
glance image-list
$ rally deployment check
keystone endpoints are valid and following services are available:
+------------+---------------+-----------+
| services | type | status |
+------------+---------------+-----------+
| ceilometer | metering | Available |
| cinder | volume | Available |
| cinderv2 | volumev2 | Available |
| ec2 | ec2 | Available |
| glance | image | Available |
| heat | orchestration | Available |
| keystone | identity | Available |
| neutron | network | Available |
| nova | compute | Available |
| sherpa | hp-catalog | Available |
| swift | object-store | Available |
+------------+---------------+-----------+
$ rally task start ../keystonecase/apaldebug-create-1-user.json
--------------------------------------------------------------------------------
Preparing input task
--------------------------------------------------------------------------------
Input task is:
{
"KeystoneBasic.create_user": [
{
"args": {
"name_length": 10
},
"runner": {
"type": "constant",
"times": 1,
"concurrency": 1
}
}
]
}
--------------------------------------------------------------------------------
Task 76a1c52c-b085-4243-ae47-4f5cfaab8091: started
--------------------------------------------------------------------------------
Benchmarking... This can take a while...
To track task status use:
rally task status
or
rally task detailed
2015-04-07 22:34:40.916 20445 WARNING rally.common.broker [-] Failed
to consume a task from the queue: You are not authorized to perform
the requested action: identity:get_domain (HTTP 403)
--------------------------------------------------------------------------------
Task 76a1c52c-b085-4243-ae47-4f5cfaab8091: failed
--------------------------------------------------------------------------------
<class 'rally.exceptions.ContextSetupFailure'>
Unable to setup context 'users': 'Failed to create the requested number of tenants.'
For more details run:
rally -vd task detailed 76a1c52c-b085-4243-ae47-4f5cfaab8091
Using task: 76a1c52c-b085-4243-ae47-4f5cfaab8091
2. Project scoped token deploy failed: - I just updated one line in this config -> from ""project_name": "admin"," to ""domain_name": "Default",":
$ cat u.json
{
"admin": {
"domain_name": "Default",
"password": "admin",
"project_domain_name": "Default",
"user_domain_name": "Default",
"username": "admin"
},
"auth_url": "https://localhost:5000/v3/";,
"endpoint_type": "public",
"https_cacert": "/usr/local/share/ca-certificates/ephemeralca-cacert.crt",
"https_insecure": False,
"region_name": "regionOne",
"type": "ExistingCloud",
}
$ rally deployment create --filename=u.json --name=apaltestHAKVMv3
2015-04-07 22:36:18.996 20739 ERROR rally.api [-] Deployment 44f819e6-deb9-4109-a52b-f751825e7f9c: Schema validation error.
Config schema validation error: {'endpoint_type': 'public', 'auth_url': 'https://localhost:5000/v3/', 'region_name': 'regionOne', 'https_insecure': False, 'admin': {'username': 'admin', 'user_domain_name': 'Default', 'password': 'admin', 'domain_name': 'Default', 'project_domain_name': 'Default'}, 'https_cacert': '/usr/local/share/ca-certificates/ephemeralca-cacert.crt', 'type': 'ExistingCloud'} is not valid under any of the given schemas
Failed validating 'anyOf' in schema:
{'anyOf': [{'properties': {'admin': {'$ref': '#/definitions/user'}},
'required': ['type', 'auth_url', 'admin']},
{'required': ['type', 'auth_url', 'users'],
'users': {'items': {'$ref': '#/definitions/user'},
'type': 'array'}}],
'definitions': {'user': {'oneOf': [{'properties': {'tenant_name': {'type': 'string'}},
'required': ['username',
'password',
'tenant_name']},
{'properties': {'project_domain_name': {'type': 'string'},
'project_name': {'type': 'string'},
'user_domain_name': {'type': 'string'}},
'required': ['username',
'password',
'project_name']}],
'properties': {'password': {'type': 'string'},
'username': {'type': 'string'}},
'type': 'object'}},
'properties': {'auth_url': {'type': 'string'},
'endpoint_type': {'enum': ['admin',
'internal',
'public'],
'type': 'string'},
'region_name': {'type': 'string'},
'type': {'type': 'string'}},
'type': 'object'}
On instance:
{'admin': {'domain_name': 'Default',
'password': 'admin',
'project_domain_name': 'Default',
'user_domain_name': 'Default',
'username': 'admin'},
'auth_url': 'https://localhost:5000/v3/',
'endpoint_type': 'public',
'https_cacert': '/usr/local/share/ca-certificates/ephemeralca-cacert.crt',
'https_insecure': False,
'region_name': 'regionOne',
'type': 'ExistingCloud'}.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1441379/+subscriptions
