From cc7ac908e36be0493e267a8d8d9039c987499419 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Thu, 1 May 2014 15:23:28 +1000 Subject: [PATCH] Perform PKI initialization for a Keystone host PKI initialization is required for a working Keystone installation, so as a first step, make use of keystone-manage pki_setup executed on the host. Change-Id: I4ecd7a698dbdf1d3400ced1ba0505c51a5e8599e --- os_cloud_config/keystone.py | 18 +++++++++++++++++- os_cloud_config/tests/test_keystone.py | 11 ++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/os_cloud_config/keystone.py b/os_cloud_config/keystone.py index fca2dc8..9cadb73 100644 --- a/os_cloud_config/keystone.py +++ b/os_cloud_config/keystone.py @@ -13,6 +13,7 @@ # under the License. import logging +import subprocess import keystoneclient.v2_0.client as ksclient @@ -20,7 +21,7 @@ LOG = logging.getLogger(__name__) def initialize(host, admin_token, admin_email, admin_password, - region='regionOne', ssl=None): + region='regionOne', ssl=None, user='root'): """Perform post-heat initialization of Keystone. :param host: ip/hostname of node where Keystone is running @@ -29,6 +30,7 @@ def initialize(host, admin_token, admin_email, admin_password, :param admin_password: admin user's password to be set :param region: region to create the endpoint in :param ssl: ip/hostname to use as the ssl endpoint, if required + :param user: user to use to connect to the node where Keystone is running """ keystone = _create_admin_client(host, admin_token) @@ -37,6 +39,7 @@ def initialize(host, admin_token, admin_email, admin_password, _create_tenants(keystone) _create_admin_user(keystone, admin_email, admin_password) _create_endpoint(keystone, host, region, ssl) + _perform_pki_initialization(host, user) def initialize_for_swift(host, admin_token): @@ -130,6 +133,19 @@ def _create_endpoint(keystone, host, region, ssl): 'http://%s:5000/v2.0' % host) +def _perform_pki_initialization(host, user): + """Perform PKI initialization on a host for Keystone. + + :param host: ip/hostname of node where Keystone is running + """ + subprocess.check_call(["ssh", "-o" "StrictHostKeyChecking=no", "-t", + "-l", user, host, "sudo", "keystone-manage", + "pki_setup", "--keystone-user", + "$(getent passwd | grep '^keystone' | cut -d: -f1)", + "--keystone-group", + "$(getent group | grep '^keystone' | cut -d: -f1)"]) + + def _create_admin_user(keystone, admin_email, admin_password): """Create admin user in Keystone. diff --git a/os_cloud_config/tests/test_keystone.py b/os_cloud_config/tests/test_keystone.py index beffb79..3159e12 100644 --- a/os_cloud_config/tests/test_keystone.py +++ b/os_cloud_config/tests/test_keystone.py @@ -30,7 +30,8 @@ class KeystoneTest(base.TestCase): public_endpoint, 'http://%s:35357/v2.0' % host, 'http://192.0.0.3:5000/v2.0') - def test_initialize(self): + @mock.patch('subprocess.check_call') + def test_initialize(self, check_call_mock): self._patch_client() keystone.initialize( @@ -56,6 +57,14 @@ class KeystoneTest(base.TestCase): self.assert_endpoint('192.0.0.3') + check_call_mock.assert_called_once_with( + ["ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root", + "192.0.0.3", "sudo", "keystone-manage", "pki_setup", + "--keystone-user", + "$(getent passwd | grep '^keystone' | cut -d: -f1)", + "--keystone-group", + "$(getent group | grep '^keystone' | cut -d: -f1)"]) + def test_initialize_for_swift(self): self._patch_client()