Rebase

.bzrignore

@@ -1,2 +1,3 @@
+revision
 bin
 .coverage

README.md

@@ -2,7 +2,7 @@ This charm provides Keystone, the Openstack identity service.  It's target
 platform is Ubuntu Precise + Openstack Essex.  This has not been tested
 using Oneiric + Diablo.
 
-It provides two interfaces.
+It provides three interfaces.
  
     - identity-service:  Openstack API endpoints request an entry in the 
       Keystone service catalog + endpoint template catalog.  When a relation
@@ -21,6 +21,11 @@ It provides two interfaces.
       Keystone responds with a token and the auth + admin ports on which
       Keystone is listening.
 
+    - identity-admin:  Charms use this relation to obtain the credentials
+      for the admin user.  This is intended for charms that automatically
+      provision users, tenants, etc. or that otherwise automate using the
+      Openstack cluster deployment.
+
 Keystone requires a database.  By default, a local sqlite database is used.
 The charm supports relations to a shared-db via mysql-shared interface.  When
 a new data store is configured, the charm ensures the minimum administrator

hooks/identity-admin-relation-changed

@@ -0,0 +1 @@
+keystone_hooks.py

hooks/keystone_hooks.py

@@ -51,6 +51,7 @@ from keystone_utils import (
     CLUSTER_RES,
     KEYSTONE_CONF,
     SSH_USER,
+    STORED_PASSWD,
 )
 
 from charmhelpers.contrib.hahelpers.cluster import (
@@ -166,12 +167,6 @@ def pgsql_db_changed():
                     identity_changed(relation_id=rid, remote_unit=unit)
 
 
-@hooks.hook('identity-service-relation-joined')
-def identity_joined():
-    """ Do nothing until we get information about requested service """
-    pass
-
-
 @hooks.hook('identity-service-relation-changed')
 def identity_changed(relation_id=None, remote_unit=None):
     if eligible_leader(CLUSTER_RES):
@@ -261,6 +256,21 @@ def ha_changed():
                          service_host=config('vip'))
 
 
+@hooks.hook('identity-admin-relation-changed')
+def admin_relation_changed():
+    relation_data = {
+        'service_hostname': unit_get('private-address'),
+        'service_port': config('service-port'),
+        'service_username': config('admin-user'),
+        'service_tenant_name': config('admin-role'),
+        'service_region': config('region'),
+    }
+    if os.path.isfile(STORED_PASSWD):
+        with open(STORED_PASSWD) as f:
+            relation_data['service_password'] = f.readline().strip('\n')
+    relation_set(**relation_data)
+
+
 def configure_https():
     '''
     Enables SSL API Apache config if appropriate and kicks identity-service

metadata.yaml

@@ -9,6 +9,8 @@ categories: ["misc"]
 provides:
   identity-service:
     interface: keystone
+  identity-admin:
+    interface: keystone-admin
 requires:
   shared-db:
     interface: mysql-shared

revision

@@ -1 +0,0 @@
-230

tests/11-basic-precise-folsom

@@ -6,5 +6,6 @@ from basic_deployment import KeystoneBasicDeployment
 
 if __name__ == '__main__':
     deployment = KeystoneBasicDeployment(series='precise',
-                                         openstack='cloud:precise-folsom')
+                                         openstack='cloud:precise-folsom',
+                                         source='cloud:precise-updates/folsom')
     deployment.run_tests()

tests/12-basic-precise-grizzly

@@ -6,5 +6,6 @@ from basic_deployment import KeystoneBasicDeployment
 
 if __name__ == '__main__':
     deployment = KeystoneBasicDeployment(series='precise',
-                                         openstack='cloud:precise-grizzly')
+                                         openstack='cloud:precise-grizzly',
+                                         source='cloud:precise-updates/grizzly')
     deployment.run_tests()

tests/13-basic-precise-havana

@@ -6,5 +6,6 @@ from basic_deployment import KeystoneBasicDeployment
 
 if __name__ == '__main__':
     deployment = KeystoneBasicDeployment(series='precise',
-                                         openstack='cloud:precise-havana')
+                                         openstack='cloud:precise-havana',
+                                         source='cloud:precise-updates/havana')
     deployment.run_tests()

tests/14-basic-precise-icehouse

@@ -6,5 +6,6 @@ from basic_deployment import KeystoneBasicDeployment
 
 if __name__ == '__main__':
     deployment = KeystoneBasicDeployment(series='precise',
-                                         openstack='cloud:precise-icehouse')
+                                         openstack='cloud:precise-icehouse',
+                                         source='cloud:precise-updates/icehouse')
     deployment.run_tests()

tests/README

@@ -29,3 +29,19 @@ For debugging and test development purposes, all code should be idempotent.
 In other words, the code should have the ability to be re-run without changing
 the results beyond the initial run.  This enables editing and re-running of a
 test module against an already deployed environment, as described above.
+
+Manual debugging tips:
+
+  * Set the following env vars before using the OpenStack CLI as admin:
+      export OS_AUTH_URL=http://`juju-deployer -f keystone 2>&1 | tail -n 1`:5000/v2.0
+      export OS_TENANT_NAME=admin
+      export OS_USERNAME=admin
+      export OS_PASSWORD=openstack
+      export OS_REGION_NAME=RegionOne
+
+  * Set the following env vars before using the OpenStack CLI as demoUser:
+      export OS_AUTH_URL=http://`juju-deployer -f keystone 2>&1 | tail -n 1`:5000/v2.0
+      export OS_TENANT_NAME=demoTenant
+      export OS_USERNAME=demoUser
+      export OS_PASSWORD=password
+      export OS_REGION_NAME=RegionOne

tests/basic_deployment.py

@@ -19,9 +19,9 @@ u = OpenStackAmuletUtils(ERROR)
 class KeystoneBasicDeployment(OpenStackAmuletDeployment):
     """Amulet tests on a basic keystone deployment."""
 
-    def __init__(self, series=None, openstack=None):
+    def __init__(self, series=None, openstack=None, source=None):
         """Deploy the entire test environment."""
-        super(KeystoneBasicDeployment, self).__init__(series, openstack)
+        super(KeystoneBasicDeployment, self).__init__(series, openstack, source)
         self._add_services()
         self._add_relations()
         self._configure_services()
@@ -90,11 +90,10 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
         """Verify the expected services are running on the corresponding
            service units."""
         commands = {
-            self.mysql_sentry: 'status mysql',
-            self.keystone_sentry: 'status keystone',
-            self.cinder_sentry: 'status cinder-api',
-            self.cinder_sentry: 'status cinder-scheduler',
-            self.cinder_sentry: 'status cinder-volume'
+            self.mysql_sentry: ['status mysql'],
+            self.keystone_sentry: ['status keystone'],
+            self.cinder_sentry: ['status cinder-api', 'status cinder-scheduler',
+                                 'status cinder-volume']
         }
         ret = u.validate_services(commands)
         if ret:
@@ -285,7 +284,7 @@ class KeystoneBasicDeployment(OpenStackAmuletDeployment):
         """Verify that keystone is restarted when the config is changed."""
         self.d.configure('keystone', {'verbose': 'True'})
         if not u.service_restarted(self.keystone_sentry, 'keystone-all',
-                                   '/etc/keystone/keystone.conf'):
+                                  '/etc/keystone/keystone.conf', sleep_time=10):
             message = "keystone service didn't restart after config change"
             amulet.raise_status(amulet.FAIL, msg=message)
         self.d.configure('keystone', {'verbose': 'False'})