--- # Copyright 2015, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Test that users/projects etc are consistent on both keystone hosts - name: Playbook for functional testing keystone hosts: keystone_all user: root gather_facts: false tasks: - name: Check the keystone api uri: url: "http://localhost:{{ item }}" status_code: 300 register: result until: result.status == 300 retries: 5 delay: 10 with_items: - 5000 - 35357 - name: Check for expected users keystone: command: get_user user_name: "{{ item }}" endpoint: "{{ keystone_service_adminurl }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}" with_items: - "admin" - "keystone" - name: Check for expected projects keystone: command: get_project project_name: "{{ item }}" endpoint: "{{ keystone_service_adminurl }}" login_user: "{{ keystone_admin_user_name }}" login_password: "{{ keystone_auth_admin_password }}" login_project_name: "{{ keystone_admin_tenant_name }}" with_items: - "admin" - "service" - name: Get SSL cert location and permissions stat: path: "/etc/ssl/certs/keystone.pem" register: keystone_ssl_cert_stats - name: Check SSL cert location and permissions fail: msg: "Keystone SSL cert permissions don't match 0640" when: keystone_ssl_cert_stats.stat.mode != "0640" - name: Get SSL key location and permissions stat: path: "/etc/ssl/private/keystone.key" register: keystone_ssl_key_stats - name: Check SSL key location and permissions fail: msg: "Keystone SSL key permissions don't match 0640" when: keystone_ssl_key_stats.stat.mode != "0640" vars_files: - playbooks/test-vars.yml # Run tempest identity tests on one keystone host. - name: Playbook for functional testing keystone hosts: keystone_all[0] user: root gather_facts: false tasks: # TODO(andymccr): add credentials functionality to keystone and remove the "credentials" exclusion. - name: Run tempest shell: | . {{ tempest_venv_bin }}/activate {{ tempest_venv_bin | dirname }}/run_tempest.sh --no-virtual-env ${RUN_TEMPEST_OPTS} '^tempest.api.identity((?!credentials).)*$' environment: RUN_TEMPEST_OPTS: "--serial" vars_files: - playbooks/test-vars.yml