Perform PKI initialization for a Keystone host

PKI initialization is required for a working Keystone installation, so as a first step, make use of keystone-manage pki_setup executed on the host. Change-Id: I4ecd7a698dbdf1d3400ced1ba0505c51a5e8599e
2014-05-01 15:23:28 +10:00 · 2014-05-01 15:23:28 +10:00 · cc7ac908e3
commit cc7ac908e3
parent 51a5311b65
2 changed files with 27 additions and 2 deletions
--- a/os_cloud_config/keystone.py
+++ b/os_cloud_config/keystone.py
@ -13,6 +13,7 @@
 # under the License.

 import logging
+import subprocess

 import keystoneclient.v2_0.client as ksclient

@ -20,7 +21,7 @@ LOG = logging.getLogger(__name__)


 def initialize(host, admin_token, admin_email, admin_password,
-               region='regionOne', ssl=None):
+               region='regionOne', ssl=None, user='root'):
    """Perform post-heat initialization of Keystone.

    :param host: ip/hostname of node where Keystone is running
@ -29,6 +30,7 @@ def initialize(host, admin_token, admin_email, admin_password,
    :param admin_password: admin user's password to be set
    :param region: region to create the endpoint in
    :param ssl: ip/hostname to use as the ssl endpoint, if required
+    :param user: user to use to connect to the node where Keystone is running
    """

    keystone = _create_admin_client(host, admin_token)
@ -37,6 +39,7 @@ def initialize(host, admin_token, admin_email, admin_password,
    _create_tenants(keystone)
    _create_admin_user(keystone, admin_email, admin_password)
    _create_endpoint(keystone, host, region, ssl)
+    _perform_pki_initialization(host, user)


 def initialize_for_swift(host, admin_token):
@ -130,6 +133,19 @@ def _create_endpoint(keystone, host, region, ssl):
                              'http://%s:5000/v2.0' % host)


+def _perform_pki_initialization(host, user):
+    """Perform PKI initialization on a host for Keystone.
+
+    :param host: ip/hostname of node where Keystone is running
+    """
+    subprocess.check_call(["ssh", "-o" "StrictHostKeyChecking=no", "-t",
+                           "-l", user, host, "sudo", "keystone-manage",
+                           "pki_setup", "--keystone-user",
+                           "$(getent passwd | grep '^keystone' | cut -d: -f1)",
+                           "--keystone-group",
+                           "$(getent group | grep '^keystone' | cut -d: -f1)"])
+
+
 def _create_admin_user(keystone, admin_email, admin_password):
    """Create admin user in Keystone.

--- a/os_cloud_config/tests/test_keystone.py
+++ b/os_cloud_config/tests/test_keystone.py
@ -30,7 +30,8 @@ class KeystoneTest(base.TestCase):
            public_endpoint, 'http://%s:35357/v2.0' % host,
            'http://192.0.0.3:5000/v2.0')

-    def test_initialize(self):
+    @mock.patch('subprocess.check_call')
+    def test_initialize(self, check_call_mock):
        self._patch_client()

        keystone.initialize(
@ -56,6 +57,14 @@ class KeystoneTest(base.TestCase):

        self.assert_endpoint('192.0.0.3')

+        check_call_mock.assert_called_once_with(
+            ["ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root",
+             "192.0.0.3", "sudo", "keystone-manage", "pki_setup",
+             "--keystone-user",
+             "$(getent passwd | grep '^keystone' | cut -d: -f1)",
+             "--keystone-group",
+             "$(getent group | grep '^keystone' | cut -d: -f1)"])
+
    def test_initialize_for_swift(self):
        self._patch_client()