From 9a7ce4f83c051c485071d0b11fdc1508a63e99db Mon Sep 17 00:00:00 2001 From: Kim Bao Long Date: Fri, 14 Sep 2018 09:51:49 +0700 Subject: [PATCH] Update Keystone auth_url in vim_config.yaml Currently, keystone_authtoken.auth_url is working at `http://127.0.0.1/identity`, not `http://127.0.0.1:5000` as shown in sample vim_config.yaml. So this patch aims to update the outdated auth_url in vim_config.yaml file Change-Id: I9e66ab5cd365c7bc70c80974fa891fc2e6ddd96f --- devstack/vim_config.yaml | 2 +- doc/source/install/getting_started.rst | 13 ++++++++++--- doc/source/user/multisite_vim_usage_guide.rst | 17 ++++++++++++++--- samples/vim/vim_config.yaml | 2 +- tacker/tests/etc/samples/local-vim.yaml | 2 +- tacker/tests/unit/api/v1/test_vim.py | 6 +++--- tacker/tests/unit/db/utils.py | 5 +++-- .../nfvo/drivers/vim/test_kubernetes_driver.py | 2 +- .../nfvo/drivers/vim/test_openstack_driver.py | 12 ++++++------ tacker/tests/unit/nfvo/test_nfvo_plugin.py | 4 ++-- tacker/tests/unit/vnfm/test_plugin.py | 4 ++-- 11 files changed, 44 insertions(+), 25 deletions(-) diff --git a/devstack/vim_config.yaml b/devstack/vim_config.yaml index c2fbffcca..a681c5c89 100644 --- a/devstack/vim_config.yaml +++ b/devstack/vim_config.yaml @@ -1,4 +1,4 @@ -auth_url: 'http://localhost:5000' +auth_url: 'http://localhost/identity' username: 'nfv_user' password: 'devstack' project_name: 'nfv' diff --git a/doc/source/install/getting_started.rst b/doc/source/install/getting_started.rst index f77d4e97e..078d5717f 100644 --- a/doc/source/install/getting_started.rst +++ b/doc/source/install/getting_started.rst @@ -32,7 +32,7 @@ is the account information collected in file `vim_config.yaml` [1]_: .. code-block:: yaml - auth_url: 'https://10.1.0.5:5000' + auth_url: 'http://127.0.0.1/identity' username: 'nfv_user' password: 'mySecretPW' project_name: 'nfv' @@ -41,6 +41,12 @@ is the account information collected in file `vim_config.yaml` [1]_: cert_verify: 'True' .. +.. note:: + + In Keystone, port `5000` is enabled for authentication service [2]_, so the + end users can use `auth_url: 'http://127.0.0.1/5000/v3` instead of + `auth_url: 'http://127.0.0.1/identity'` as above mention. + By default, cert_verify is set as `True`. To disable verifying SSL certificate, user can set cert_verify parameter to `False`. @@ -107,7 +113,7 @@ Onboarding sample VNF .. note:: - You can find more sample tosca templates for VNFD at [2]_ + You can find more sample tosca templates for VNFD at [3]_ 2. Create a sample VNFD @@ -138,4 +144,5 @@ References ========== .. [1] https://github.com/longkb/tacker/blob/master/samples/vim/vim_config.yaml -.. [2] https://github.com/openstack/tacker/tree/master/samples/tosca-templates/vnfd +.. [2] https://docs.openstack.org/keystoneauth/latest/using-sessions.html#sessions-for-users +.. [3] https://github.com/openstack/tacker/tree/master/samples/tosca-templates/vnfd diff --git a/doc/source/user/multisite_vim_usage_guide.rst b/doc/source/user/multisite_vim_usage_guide.rst index a62417738..3811ad6eb 100644 --- a/doc/source/user/multisite_vim_usage_guide.rst +++ b/doc/source/user/multisite_vim_usage_guide.rst @@ -43,8 +43,8 @@ To register a new OpenStack VIM inside Tacker. | Field | Value | +----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+ | auth_cred | {"username": "nfv_user", "password": "***", "project_name": "nfv", "user_id": "", "user_domain_name": "default", "auth_url": | - | | "http://10.18.161.165:5000/v3", "project_id": "", "project_domain_name": "default"} | - | auth_url | http://10.18.161.165:5000/v3 | + | | "http://127.0.0.1/identity", "project_id": "", "project_domain_name": "default"} | + | auth_url | http://127.0.0.1/identity | | description | OpenStack Liberty | | id | 3f3c51c5-8bda-4bd3-adb3-5ae62eae65c3 | | name | Site1 | @@ -58,7 +58,7 @@ In the above command, config.yaml contains VIM specific parameters as below: :: - auth_url: 'http://localhost:5000' + auth_url: 'http://127.0.0.1/identity' username: 'nfv_user' password: 'devstack' project_name: 'nfv' @@ -66,6 +66,12 @@ In the above command, config.yaml contains VIM specific parameters as below: The parameter auth_url points to the keystone service authorization URL of the remote OpenStack site. +.. note:: + + In Keystone, port `5000` is enabled for authentication service [1]_, so the + end users can use `auth_url: 'http://127.0.0.1/5000/v3` instead of + `auth_url: 'http://127.0.0.1/identity'` as above mention. + Default VIM configuration ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -171,3 +177,8 @@ Limitations * Fernet keys for password encryption and decryption is stored on file systems. This is a limitation when multiple servers are serving behind a load balancer server and the keys need to be synced across tacker server systems. + +References +========== + +.. [1] https://docs.openstack.org/keystoneauth/latest/using-sessions.html#sessions-for-users diff --git a/samples/vim/vim_config.yaml b/samples/vim/vim_config.yaml index 1903d1aeb..d639dba42 100644 --- a/samples/vim/vim_config.yaml +++ b/samples/vim/vim_config.yaml @@ -1,4 +1,4 @@ -auth_url: 'http://10.18.112.10:5000' +auth_url: 'http://10.18.112.10/identity' username: 'nfv_user' password: 'mySecretPW' project_name: 'nfv' diff --git a/tacker/tests/etc/samples/local-vim.yaml b/tacker/tests/etc/samples/local-vim.yaml index 0c765f199..9f474fd22 100644 --- a/tacker/tests/etc/samples/local-vim.yaml +++ b/tacker/tests/etc/samples/local-vim.yaml @@ -1,4 +1,4 @@ -auth_url: http://127.0.0.1:5000 +auth_url: http://127.0.0.1/identity username: nfv_user password: devstack project_name: nfv diff --git a/tacker/tests/unit/api/v1/test_vim.py b/tacker/tests/unit/api/v1/test_vim.py index 97f598331..0dc8f2e92 100644 --- a/tacker/tests/unit/api/v1/test_vim.py +++ b/tacker/tests/unit/api/v1/test_vim.py @@ -30,7 +30,7 @@ def get_vim_config(): "vim": { "tenant_id": 'test-project', "type": "openstack", - "auth_url": 'http://localhost:5000', + "auth_url": 'http://localhost/identity', "auth_cred": { "username": "test_user", "user_domain_name": "Default", @@ -62,7 +62,7 @@ class VIMCreateTestCase(base.TestCase): def _vim_create_response(self): return { 'auth_cred': { - 'auth_url': 'http://localhost:5000', + 'auth_url': 'http://localhost/identity', 'cert_verify': 'False', 'key_type': 'barbican_key', 'password': '***', @@ -73,7 +73,7 @@ class VIMCreateTestCase(base.TestCase): 'user_domain_name': 'Default', 'username': 'test_user' }, - 'auth_url': 'http://localhost:5000', + 'auth_url': 'http://localhost/identity', 'created_at': None, 'description': 'Additional site', 'id': '73493efe-3616-414c-bf87-bf450d0b3650', diff --git a/tacker/tests/unit/db/utils.py b/tacker/tests/unit/db/utils.py index 7207932e8..b221a19be 100644 --- a/tacker/tests/unit/db/utils.py +++ b/tacker/tests/unit/db/utils.py @@ -155,7 +155,8 @@ def get_dummy_vnf_update_config(): def get_vim_obj(): - return {'vim': {'type': 'openstack', 'auth_url': 'http://localhost:5000', + return {'vim': {'type': 'openstack', + 'auth_url': 'http://localhost/identity', 'vim_project': {'name': 'test_project'}, 'auth_cred': {'username': 'test_user', 'password': 'test_password', @@ -170,7 +171,7 @@ def get_vim_auth_obj(): 'project_id': None, 'project_name': 'test_project', 'cert_verify': 'True', - 'auth_url': 'http://localhost:5000/v3', + 'auth_url': 'http://localhost/identity/v3', 'user_domain_name': 'default', 'project_domain_name': 'default'} diff --git a/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py b/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py index 1e26dc00e..d9f1562ce 100644 --- a/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py +++ b/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py @@ -43,7 +43,7 @@ OPTS = [cfg.StrOpt('user_domain_id', default='default', help='Project Domain Name'), cfg.StrOpt('auth_url', - default='http://localhost:5000/v3', + default='http://localhost/identity/v3', help='Keystone endpoint')] cfg.CONF.register_opts(OPTS, 'keystone_authtoken') diff --git a/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py b/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py index 313adf30f..7416bbef2 100644 --- a/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py +++ b/tacker/tests/unit/nfvo/drivers/vim/test_openstack_driver.py @@ -45,7 +45,7 @@ OPTS = [cfg.StrOpt('user_domain_id', default='default', help='Project Domain Name'), cfg.StrOpt('auth_url', - default='http://localhost:5000/v3', + default='http://localhost/identity/v3', help='Keystone endpoint')] cfg.CONF.register_opts(OPTS, 'keystone_authtoken') @@ -102,26 +102,26 @@ class TestOpenstack_Driver(base.TestCase): def get_vim_obj(self): return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type': - 'openstack', 'auth_url': 'http://localhost:5000', + 'openstack', 'auth_url': 'http://localhost/identity', 'auth_cred': {'username': 'test_user', 'password': 'test_password', 'user_domain_name': 'default', 'cert_verify': 'True', - 'auth_url': 'http://localhost:5000'}, + 'auth_url': 'http://localhost/identity'}, 'name': 'VIM0', 'vim_project': {'name': 'test_project', 'project_domain_name': 'default'}} def get_vim_obj_barbican(self): return {'id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'type': - 'openstack', 'auth_url': 'http://localhost:5000', + 'openstack', 'auth_url': 'http://localhost/identity', 'auth_cred': {'username': 'test_user', 'password': 'test_password', 'user_domain_name': 'default', 'key_type': 'barbican_key', 'secret_uuid': 'fake-secret-uuid', 'cert_verify': 'True', - 'auth_url': 'http://localhost:5000'}, + 'auth_url': 'http://localhost/identity'}, 'name': 'VIM0', 'vim_project': {'name': 'test_project', 'project_domain_name': 'default'}} @@ -150,7 +150,7 @@ class TestOpenstack_Driver(base.TestCase): self.keystone.get_version.return_value = keystone_version auth_obj = {'tenant_name': 'test_project', 'username': 'test_user', 'password': 'test_password', 'cert_verify': 'True', - 'auth_url': 'http://localhost:5000/v2.0', + 'auth_url': 'http://localhost/identity/v2.0', 'tenant_id': None} self._test_register_vim(self.vim_obj, mock_ks_client) self.keystone.initialize_client.assert_called_once_with( diff --git a/tacker/tests/unit/nfvo/test_nfvo_plugin.py b/tacker/tests/unit/nfvo/test_nfvo_plugin.py index 23ebde757..eeb47c951 100644 --- a/tacker/tests/unit/nfvo/test_nfvo_plugin.py +++ b/tacker/tests/unit/nfvo/test_nfvo_plugin.py @@ -249,7 +249,7 @@ class TestNfvoPlugin(db_base.SqlTestCase): vim_auth_db = nfvo_db.VimAuth( vim_id='6261579e-d6f3-49ad-8bc3-a9cb974778ff', password='encrypted_pw', - auth_url='http://localhost:5000', + auth_url='http://localhost/identity', vim_project={'name': 'test_project'}, auth_cred={'username': 'test_user', 'user_domain_id': 'default', 'project_domain_id': 'default', @@ -272,7 +272,7 @@ class TestNfvoPlugin(db_base.SqlTestCase): vim_auth_db = nfvo_db.VimAuth( vim_id='6261579e-d6f3-49ad-8bc3-a9cb974778ff', password='encrypted_pw', - auth_url='http://localhost:5000', + auth_url='http://localhost/identity', vim_project={'name': 'test_project'}, auth_cred={'username': 'test_user', 'user_domain_id': 'default', 'project_domain_id': 'default', diff --git a/tacker/tests/unit/vnfm/test_plugin.py b/tacker/tests/unit/vnfm/test_plugin.py index 523991fb4..3eedd5f00 100644 --- a/tacker/tests/unit/vnfm/test_plugin.py +++ b/tacker/tests/unit/vnfm/test_plugin.py @@ -94,7 +94,7 @@ class TestVNFMPlugin(db_base.SqlTestCase): def _stub_get_vim(self): vim_obj = {'vim_id': '6261579e-d6f3-49ad-8bc3-a9cb974778ff', 'vim_name': 'fake_vim', 'vim_auth': - {'auth_url': 'http://localhost:5000', 'password': + {'auth_url': 'http://localhost/identity', 'password': 'test_pw', 'username': 'test_user', 'project_name': 'test_project'}, 'vim_type': 'test_vim'} self.vim_client.get_vim.return_value = vim_obj @@ -212,7 +212,7 @@ class TestVNFMPlugin(db_base.SqlTestCase): vim_auth_db = nfvo_db.VimAuth( vim_id='6261579e-d6f3-49ad-8bc3-a9cb974778ff', password='encrypted_pw', - auth_url='http://localhost:5000', + auth_url='http://localhost/identity', vim_project={'name': 'test_project'}, auth_cred={'username': 'test_user', 'user_domain_id': 'default', 'project_domain_id': 'default'})