diff --git a/tests/test-keystone-functional.yml b/tests/test-keystone-functional.yml index 92a21112..845eebf2 100644 --- a/tests/test-keystone-functional.yml +++ b/tests/test-keystone-functional.yml @@ -13,63 +13,63 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Test that users/projects etc are consistent on both keystone hosts -- name: Playbook for functional testing keystone - hosts: keystone_all - user: root - gather_facts: false +- name: Test for expected user/project consistency + hosts: localhost + connection: local + vars: + ansible_python_interpreter: "{{ ansible_playbook_python }}" tasks: - - name: Check the keystone api - uri: - url: "http://localhost:{{ item }}" - status_code: 300 - register: result - until: result.status == 300 - retries: 5 - delay: 10 - with_items: - - 5000 - - 35357 - name: Check for expected users - keystone: - command: get_user - user_name: "{{ item }}" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - no_log: true + os_user_facts: + cloud: default + name: "{{ item }}" + domain: default + endpoint_type: admin with_items: - "admin" - "keystone" + register: _user_check + until: _user_check is success + retries: 5 + delay: 10 + - name: Check for expected projects - keystone: - command: get_project - project_name: "{{ item }}" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - no_log: true + os_project_facts: + cloud: default + name: "{{ item }}" + domain: default + endpoint_type: admin with_items: - "admin" - "service" + register: _project_check + until: _project_check is success + retries: 5 + delay: 10 + +- name: Test for SSL key/cert consistency + hosts: keystone_all + user: root + gather_facts: false + vars_files: + - common/test-vars.yml + tasks: - name: Get SSL cert location and permissions stat: path: "/etc/ssl/certs/keystone.pem" register: keystone_ssl_cert_stats + - name: Check SSL cert location and permissions fail: msg: "Keystone SSL cert permissions don't match 0640" when: keystone_ssl_cert_stats.stat.mode != "0640" + - name: Get SSL key location and permissions stat: path: "/etc/ssl/private/keystone.key" register: keystone_ssl_key_stats + - name: Check SSL key location and permissions fail: msg: "Keystone SSL key permissions don't match 0640" when: keystone_ssl_key_stats.stat.mode != "0640" - - vars_files: - - common/test-vars.yml diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index b6f736d7..874fb261 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -18,7 +18,6 @@ keystone_distro_packages: - cronie - cronie-anacron - git - - python-keystoneclient # Keystoneclient needed to OSA keystone lib - rsync keystone_devel_distro_packages: diff --git a/vars/suse-42.yml b/vars/suse-42.yml index 80b3f1e4..eb8b3a10 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -18,7 +18,6 @@ keystone_distro_packages: - ca-certificates - cronie - git-core - - python-keystoneclient # Keystoneclient needed to OSA keystone lib - rsync keystone_devel_distro_packages: diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml index c4220721..ad1787b5 100644 --- a/vars/ubuntu.yml +++ b/vars/ubuntu.yml @@ -15,7 +15,6 @@ keystone_distro_packages: - git - - python-keystoneclient # Keystoneclient needed to OSA keystone lib - rsync keystone_devel_distro_packages: