Change a way to check keystone was reconfigured to use LDAP
Change-Id: I4d306c71b6bc8bb0de27e19348281659c21382a3 Closes-Bug: 1561471
This commit is contained in:
parent
072adcf808
commit
50e348dece
|
@ -9,7 +9,7 @@ keystone_config:
|
||||||
ldap/suffix:
|
ldap/suffix:
|
||||||
value: DC=example,DC=com
|
value: DC=example,DC=com
|
||||||
ldap/use_dumb_member:
|
ldap/use_dumb_member:
|
||||||
value: True
|
value: "True"
|
||||||
ldap/dumb_member:
|
ldap/dumb_member:
|
||||||
value: CN=ldap,OU=Users,DC=example,DC=com
|
value: CN=ldap,OU=Users,DC=example,DC=com
|
||||||
ldap/user_tree_dn:
|
ldap/user_tree_dn:
|
||||||
|
@ -29,17 +29,17 @@ keystone_config:
|
||||||
ldap/user_enabled_attribute:
|
ldap/user_enabled_attribute:
|
||||||
value: userAccountControl
|
value: userAccountControl
|
||||||
ldap/user_enabled_mask:
|
ldap/user_enabled_mask:
|
||||||
value: 2
|
value: "2"
|
||||||
ldap/user_enabled_default:
|
ldap/user_enabled_default:
|
||||||
value: 512
|
value: "512"
|
||||||
ldap/user_attribute_ignore:
|
ldap/user_attribute_ignore:
|
||||||
value: password,tenant_id,tenants
|
value: password,tenant_id,tenants
|
||||||
ldap/user_allow_create:
|
ldap/user_allow_create:
|
||||||
value: False
|
value: "False"
|
||||||
ldap/user_allow_update:
|
ldap/user_allow_update:
|
||||||
value: False
|
value: "False"
|
||||||
ldap/user_allow_delete:
|
ldap/user_allow_delete:
|
||||||
value: False
|
value: "False"
|
||||||
ldap/role_tree_dn:
|
ldap/role_tree_dn:
|
||||||
value: OU=Roles,DC=example,DC=com
|
value: OU=Roles,DC=example,DC=com
|
||||||
ldap/role_filter:
|
ldap/role_filter:
|
||||||
|
@ -55,10 +55,10 @@ keystone_config:
|
||||||
ldap/role_attribute_ignore:
|
ldap/role_attribute_ignore:
|
||||||
ensure: absent
|
ensure: absent
|
||||||
ldap/role_allow_create:
|
ldap/role_allow_create:
|
||||||
value: True
|
value: "True"
|
||||||
ldap/role_allow_create:
|
ldap/role_allow_create:
|
||||||
value: True
|
value: "True"
|
||||||
ldap/role_allow_create:
|
ldap/role_allow_create:
|
||||||
value: True
|
value: "True"
|
||||||
identity/driver:
|
identity/driver:
|
||||||
value: keystone.identity.backends.ldap.Identity
|
value: keystone.identity.backends.ldap.Identity
|
||||||
|
|
|
@ -63,6 +63,8 @@ def get_structured_config_dict(config):
|
||||||
helper(key, '/etc/neutron/api-paste.ini')
|
helper(key, '/etc/neutron/api-paste.ini')
|
||||||
if key == 'nova_config':
|
if key == 'nova_config':
|
||||||
helper(key, '/etc/nova/nova.conf')
|
helper(key, '/etc/nova/nova.conf')
|
||||||
|
if key == 'keystone_config':
|
||||||
|
helper(key, '/etc/keystone/keystone.conf')
|
||||||
return structured_conf
|
return structured_conf
|
||||||
|
|
||||||
|
|
||||||
|
@ -513,21 +515,23 @@ class ServicesReconfiguration(TestBasic):
|
||||||
2. Upload a new openstack configuration
|
2. Upload a new openstack configuration
|
||||||
3. Try to apply a new keystone configuration
|
3. Try to apply a new keystone configuration
|
||||||
4. Wait for failing of deployment task
|
4. Wait for failing of deployment task
|
||||||
5. Check that reason of failing is impossibility of
|
5. Verify configuration file on primary controller
|
||||||
the connection to LDAP server
|
|
||||||
|
|
||||||
Snapshot: reconfigure_keystone_to_use_ldap
|
Snapshot: reconfigure_keystone_to_use_ldap
|
||||||
|
|
||||||
"""
|
"""
|
||||||
self.show_step(1, initialize=True)
|
self.show_step(1, initialize=True)
|
||||||
self.env.revert_snapshot("basic_env_for_reconfiguration")
|
self.env.revert_snapshot("basic_env_for_reconfiguration")
|
||||||
|
|
||||||
cluster_id = self.fuel_web.get_last_created_cluster()
|
cluster_id = self.fuel_web.get_last_created_cluster()
|
||||||
controllers = self.fuel_web.get_nailgun_cluster_nodes_by_roles(
|
devops_pr_controller = self.fuel_web.get_nailgun_primary_node(
|
||||||
cluster_id, ['controller'])
|
self.env.d_env.nodes().slaves[0])
|
||||||
|
|
||||||
|
pr_controller = self.fuel_web.get_nailgun_node_by_devops_node(
|
||||||
|
devops_pr_controller)
|
||||||
|
|
||||||
self.show_step(2)
|
self.show_step(2)
|
||||||
config = utils.get_config_template('keystone_ldap')
|
config = utils.get_config_template('keystone_ldap')
|
||||||
|
structured_config = get_structured_config_dict(config)
|
||||||
self.fuel_web.client.upload_configuration(
|
self.fuel_web.client.upload_configuration(
|
||||||
config,
|
config,
|
||||||
cluster_id)
|
cluster_id)
|
||||||
|
@ -546,17 +550,8 @@ class ServicesReconfiguration(TestBasic):
|
||||||
raise Exception("New configuration was not applied")
|
raise Exception("New configuration was not applied")
|
||||||
|
|
||||||
self.show_step(5)
|
self.show_step(5)
|
||||||
flag = False
|
self.check_config_on_remote([pr_controller], structured_config)
|
||||||
for cntrllr in controllers:
|
logger.info("New configuration was applied")
|
||||||
with self.env.d_env.get_ssh_to_remote(cntrllr['ip']) as remote:
|
|
||||||
log_path = '/var/log/puppet.log'
|
|
||||||
cmd = "grep \"Can't contact LDAP server\" {0}".format(log_path)
|
|
||||||
result = remote.execute(cmd)
|
|
||||||
if result['exit_code'] == 0:
|
|
||||||
flag = True
|
|
||||||
break
|
|
||||||
|
|
||||||
asserts.assert_true(flag, 'A configuration was not applied')
|
|
||||||
|
|
||||||
self.env.make_snapshot("reconfigure_keystone_to_use_ldap")
|
self.env.make_snapshot("reconfigure_keystone_to_use_ldap")
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue