Check rendering congif fields
Related-Prod: PROD-27532
Change-Id: I5ac19dfba921b5a7ae5d1dadbeef8b65f6dd5aa5
diff --git a/.kitchen.yml b/.kitchen.yml
index d20ebee..eee6cdf 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -39,10 +39,6 @@
- linux
- keystone
pillars:
- release.sls:
- keystone:
- server:
- version: <%= ENV['OS_VERSION'] || 'pike' %>
ssl.sls:
keystone:
server:
@@ -116,57 +112,31 @@
pillars-from-files:
keystone.sls: tests/pillar/single.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
+ state_top:
+ base:
+ "*":
+ - linux
+ - mysql
+ - apache
+ - keystone
pillars:
mysql_platform_specific.sls:
mysql:
server:
version: "<%=mysql_version%>"
+ release.sls:
+ keystone:
+ server:
+ version: <%=os_version%>
+ verifier:
+ inspec_tests:
+ - tests/integration/<%=os_version%>/single
- name: single_ssl_<%=mysql_version%>_<%=os_version%>
provisioner:
pillars-from-files:
keystone.sls: tests/pillar/single.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
- pillars:
- mysql_platform_specific.sls:
- mysql:
- server:
- version: "<%=mysql_version%>"
- top.sls:
- base:
- "*":
- - linux_repo_openstack
- - keystone
- - release
- - ssl
-
- - name: single_domain_<%=mysql_version%>_<%=os_version%>
- provisioner:
- pillars-from-files:
- keystone.sls: tests/pillar/single_domain.sls
- linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
- pillars:
- mysql_platform_specific.sls:
- mysql:
- server:
- version: "<%=mysql_version%>"
-
- - name: single_fernet_<%=mysql_version%>_<%=os_version%>
- provisioner:
- pillars-from-files:
- keystone.sls: tests/pillar/single_fernet.sls
- linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
- pillars:
- mysql_platform_specific.sls:
- mysql:
- server:
- version: "<%=mysql_version%>"
-
- - name: under-apache_<%=mysql_version%>_<%=os_version%>
- provisioner:
- pillars-from-files:
- keystone.sls: tests/pillar/apache_wsgi.sls
- linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
state_top:
base:
"*":
@@ -179,6 +149,22 @@
mysql:
server:
version: "<%=mysql_version%>"
+ top.sls:
+ base:
+ "*":
+ - linux_repo_openstack
+ - keystone
+ - release
+ - ssl
+ release.sls:
+ keystone:
+ server:
+ version: <%=os_version%>
+ verifier:
+ inspec_tests:
+ - tests/integration/<%=os_version%>/single
+ attributes:
+ ssl: true
<% end %>
<% end %>
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index a2c50eb..70047dd 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian
@@ -100,7 +100,7 @@
# in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration
# instead.
#secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
-secure_proxy_ssl_header = "HTTP_X_FORWARDED_PROTO"
+secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
# If set to true, then the server will return information in HTTP responses
# that may allow an unauthenticated or authenticated user to get more
diff --git a/keystone/files/pike/keystone.conf.Debian b/keystone/files/pike/keystone.conf.Debian
index 4f3ef6d..8693cdd 100644
--- a/keystone/files/pike/keystone.conf.Debian
+++ b/keystone/files/pike/keystone.conf.Debian
@@ -107,7 +107,7 @@
# in the P release. Use oslo.middleware.http_proxy_to_wsgi configuration
# instead.
#secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
-secure_proxy_ssl_header = "HTTP_X_FORWARDED_PROTO"
+secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
# If set to true, then the server will return information in HTTP responses
# that may allow an unauthenticated or authenticated user to get more
diff --git a/tests/integration/ocata/single/config_spec.rb b/tests/integration/ocata/single/config_spec.rb
new file mode 100644
index 0000000..3975487
--- /dev/null
+++ b/tests/integration/ocata/single/config_spec.rb
@@ -0,0 +1,230 @@
+ssl_enabled = attribute("ssl", default: false)
+
+keystone_default_ssl = {
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'debug' => 'false',
+ 'notification_format' => 'cadf',
+ 'admin_token' => 'RANDOMSTRINGTOKEN',
+ 'log_dir' => '/var/log/keystone',
+ 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
+ 'verbose' => 'true',
+}
+
+keystone_default = {
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'debug' => 'false',
+ 'notification_format' => 'cadf',
+ 'admin_token' => 'RANDOMSTRINGTOKEN',
+ 'log_dir' => '/var/log/keystone',
+ 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
+ 'verbose' => 'true',
+}
+
+keystone_assignment = {
+ 'driver' => 'sql'
+}
+
+keystone_auth = {
+ 'methods' => 'password,token',
+ 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
+ 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
+}
+
+keystone_catalog = {
+ 'template_file' => 'default_catalog.templates',
+ 'driver' => 'sql',
+}
+
+keystone_credential = {
+ 'key_repository' => '/var/lib/keystone/credential-keys'
+}
+
+keystone_fernet_tokens = {
+ 'key_repository' => '/etc/keystone/fernet-keys/',
+ 'max_active_keys' => '3',
+}
+
+keystone_identity = {
+ 'driver' => 'sql',
+}
+
+keystone_token = {
+ 'expiration' => '86400',
+ 'provider' => 'keystone.token.providers.fernet.Provider',
+ 'caching' => 'false',
+ 'hash_algorithm' => 'sha256',
+ 'driver' => 'keystone.token.persistence.backends.memcache_pool.Token',
+ 'revoke_by_id' => 'False',
+}
+
+keystone_cache = {
+ 'backend' => 'oslo_cache.memcache_pool',
+ 'enabled' => 'True',
+ 'memcache_servers' => '127.0.0.1:11211',
+}
+
+keystone_oslo_messaging_rabbit = {
+ 'heartbeat_timeout_threshold' => '0',
+ 'heartbeat_rate' => '2',
+}
+
+keystone_oslo_messaging_rabbit_ssl = {
+ 'rabbit_use_ssl' => 'true',
+ 'kombu_ssl_version' => 'TLSv1_2',
+ 'kombu_ssl_ca_certs' => '/etc/keystone/ssl/mysql/ca-cert.pem',
+}
+
+keystone_database = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+ 'max_overflow' => '30',
+ 'idle_timeout' => '3600',
+}
+
+keystone_database_ssl = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+ 'max_overflow' => '30',
+ 'idle_timeout' => '3600',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+ 'enable_proxy_headers_parsing' => 'True',
+}
+
+keystone_cors = {
+ 'allowed_origin' => 'https://horizon.example.com',
+ 'allow_credentials' => 'True',
+ 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
+ 'max_age' => '3600',
+ 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
+ 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
+}
+
+keystone_profiler = {
+ 'enabled' => 'True',
+}
+
+keystone_oidc = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_saml2 = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_federation = {
+ 'cache_group_membership_in_db' => 'True',
+}
+
+keystone_resource = {
+ 'admin_project_domain_name' => 'project',
+ 'admin_project_name' => 'projectname',
+}
+
+keystone_extra_headers = {
+ 'Distribution' => 'Ubuntu',
+}
+
+control 'Keystone' do
+
+ describe parse_config_file('/etc/keystone/keystone.conf') do
+
+ describe 'Keystone messaging' do
+
+ if ssl_enabled
+ keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
+ keystone_default.merge!(keystone_default_ssl)
+ describe 'SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone database' do
+
+ if ssl_enabled
+ keystone_database.merge!(keystone_database_ssl)
+ describe 'SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone config' do
+
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('assignment') {
+ should include(keystone_assignment)
+ }
+ its('auth') {
+ should include(keystone_auth)
+ }
+ its('catalog') {
+ should include(keystone_catalog)
+ }
+ its('credential') {
+ should include(keystone_credential)
+ }
+ its('fernet_tokens') {
+ should include(keystone_fernet_tokens)
+ }
+ its('identity') {
+ should include(keystone_identity)
+ }
+ its('token') {
+ should include(keystone_token)
+ }
+ its('cors') {
+ should include(keystone_cors)
+ }
+ its('oidc') {
+ should include(keystone_oidc)
+ }
+ its('saml2') {
+ should include(keystone_saml2)
+ }
+ its('federation') {
+ should include(keystone_federation)
+ }
+ its('resource') {
+ should include(keystone_resource)
+ }
+ its('extra_headers') {
+ should include(keystone_extra_headers)
+ }
+
+ end
+ end
+end
diff --git a/tests/integration/pike/single/config_spec.rb b/tests/integration/pike/single/config_spec.rb
new file mode 100644
index 0000000..5937921
--- /dev/null
+++ b/tests/integration/pike/single/config_spec.rb
@@ -0,0 +1,230 @@
+ssl_enabled = attribute("ssl", default: false)
+
+keystone_default_ssl = {
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'debug' => 'false',
+ 'notification_format' => 'cadf',
+ 'admin_token' => 'RANDOMSTRINGTOKEN',
+ 'log_dir' => '/var/log/keystone',
+ 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
+ 'verbose' => 'true',
+}
+
+keystone_default = {
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'debug' => 'false',
+ 'notification_format' => 'cadf',
+ 'admin_token' => 'RANDOMSTRINGTOKEN',
+ 'log_dir' => '/var/log/keystone',
+ 'secure_proxy_ssl_header' => 'HTTP_X_FORWARDED_PROTO',
+ 'verbose' => 'true',
+}
+
+keystone_assignment = {
+ 'driver' => 'sql'
+}
+
+keystone_auth = {
+ 'methods' => 'password,token',
+ 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
+ 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
+}
+
+keystone_catalog = {
+ 'template_file' => 'default_catalog.templates',
+ 'driver' => 'sql',
+}
+
+keystone_credential = {
+ 'key_repository' => '/var/lib/keystone/credential-keys'
+}
+
+keystone_fernet_tokens = {
+ 'key_repository' => '/etc/keystone/fernet-keys/',
+ 'max_active_keys' => '3',
+}
+
+keystone_identity = {
+ 'driver' => 'sql',
+}
+
+keystone_token = {
+ 'expiration' => '86400',
+ 'provider' => 'fernet',
+ 'caching' => 'false',
+ 'hash_algorithm' => 'sha256',
+ 'driver' => 'keystone.token.persistence.backends.memcache_pool.Token',
+ 'revoke_by_id' => 'False',
+}
+
+keystone_cache = {
+ 'backend' => 'oslo_cache.memcache_pool',
+ 'enabled' => 'True',
+ 'memcache_servers' => '127.0.0.1:11211',
+}
+
+keystone_oslo_messaging_rabbit = {
+ 'heartbeat_timeout_threshold' => '0',
+ 'heartbeat_rate' => '2',
+}
+
+keystone_oslo_messaging_rabbit_ssl = {
+ 'rabbit_use_ssl' => 'true',
+ 'kombu_ssl_version' => 'TLSv1_2',
+ 'kombu_ssl_ca_certs' => '/etc/keystone/ssl/mysql/ca-cert.pem',
+}
+
+keystone_database = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+ 'max_overflow' => '30',
+ 'idle_timeout' => '3600',
+}
+
+keystone_database_ssl = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+ 'max_overflow' => '30',
+ 'idle_timeout' => '3600',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+ 'enable_proxy_headers_parsing' => 'True',
+}
+
+keystone_cors = {
+ 'allowed_origin' => 'https://horizon.example.com',
+ 'allow_credentials' => 'True',
+ 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
+ 'max_age' => '3600',
+ 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
+ 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
+}
+
+keystone_profiler = {
+ 'enabled' => 'True',
+}
+
+keystone_oidc = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_saml2 = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_federation = {
+ 'cache_group_membership_in_db' => 'True',
+}
+
+keystone_resource = {
+ 'admin_project_domain_name' => 'project',
+ 'admin_project_name' => 'projectname',
+}
+
+keystone_extra_headers = {
+ 'Distribution' => 'Ubuntu',
+}
+
+control 'Keystone' do
+
+ describe parse_config_file('/etc/keystone/keystone.conf') do
+
+ describe 'Keystone messaging' do
+
+ if ssl_enabled
+ keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
+ keystone_default.merge!(keystone_default_ssl)
+ describe 'SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone database' do
+
+ if ssl_enabled
+ keystone_database.merge!(keystone_database_ssl)
+ describe 'SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone config' do
+
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('assignment') {
+ should include(keystone_assignment)
+ }
+ its('auth') {
+ should include(keystone_auth)
+ }
+ its('catalog') {
+ should include(keystone_catalog)
+ }
+ its('credential') {
+ should include(keystone_credential)
+ }
+ its('fernet_tokens') {
+ should include(keystone_fernet_tokens)
+ }
+ its('identity') {
+ should include(keystone_identity)
+ }
+ its('token') {
+ should include(keystone_token)
+ }
+ its('cors') {
+ should include(keystone_cors)
+ }
+ its('oidc') {
+ should include(keystone_oidc)
+ }
+ its('saml2') {
+ should include(keystone_saml2)
+ }
+ its('federation') {
+ should include(keystone_federation)
+ }
+ its('resource') {
+ should include(keystone_resource)
+ }
+ its('extra_headers') {
+ should include(keystone_extra_headers)
+ }
+
+ end
+ end
+end
diff --git a/tests/integration/queens/single/config_spec.rb b/tests/integration/queens/single/config_spec.rb
new file mode 100644
index 0000000..d47ef22
--- /dev/null
+++ b/tests/integration/queens/single/config_spec.rb
@@ -0,0 +1,285 @@
+ssl_enabled = attribute('ssl', default: false)
+
+keystone_default_ssl = {
+ 'conn_pool_min_size' => '2',
+ 'conn_pool_ttl' => '1200',
+ 'control_exchange' => 'openstack',
+ 'debug' => 'True',
+ 'executor_thread_pool_size' => '64',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'log_dir' => 'logdir',
+ 'log_file' => 'logfile.log',
+ 'notification_format' => 'cadf',
+ 'rpc_ack_timeout_base' => '15',
+ 'rpc_ack_timeout_multiplier' => '2',
+ 'rpc_conn_pool_size' => '30',
+ 'rpc_message_ttl' => '300',
+ 'rpc_poll_timeout' => '1',
+ 'rpc_response_timeout' => '60',
+ 'rpc_retry_attempts' => '3',
+ 'rpc_thread_pool_size' => '100',
+ 'rpc_use_acks' => 'False',
+ 'syslog_log_facility' => 'LOG_USER',
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
+ 'use_syslog' => 'True',
+}
+
+keystone_default = {
+ 'conn_pool_min_size' => '2',
+ 'conn_pool_ttl' => '1200',
+ 'control_exchange' => 'openstack',
+ 'debug' => 'True',
+ 'executor_thread_pool_size' => '64',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'log_dir' => 'logdir',
+ 'log_file' => 'logfile.log',
+ 'notification_format' => 'cadf',
+ 'rpc_ack_timeout_base' => '15',
+ 'rpc_ack_timeout_multiplier' => '2',
+ 'rpc_conn_pool_size' => '30',
+ 'rpc_message_ttl' => '300',
+ 'rpc_poll_timeout' => '1',
+ 'rpc_response_timeout' => '60',
+ 'rpc_retry_attempts' => '3',
+ 'rpc_thread_pool_size' => '100',
+ 'rpc_use_acks' => 'False',
+ 'syslog_log_facility' => 'LOG_USER',
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
+ 'use_syslog' => 'True',
+}
+
+keystone_assignment = {
+ 'driver' => 'sql'
+}
+
+keystone_auth = {
+ 'methods' => 'password,token',
+ 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
+ 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
+}
+
+keystone_catalog = {
+ 'template_file' => 'default_catalog.templates',
+ 'driver' => 'sql',
+}
+
+keystone_credential = {
+ 'key_repository' => '/var/lib/keystone/credential-keys'
+}
+
+keystone_fernet_tokens = {
+ 'key_repository' => '/etc/keystone/fernet-keys/',
+ 'max_active_keys' => '3',
+}
+
+keystone_identity = {
+ 'driver' => 'sql',
+}
+
+keystone_token = {
+ 'expiration' => '86400',
+ 'provider' => 'fernet',
+ 'caching' => 'false',
+ 'hash_algorithm' => 'sha256',
+}
+
+keystone_cache = {
+ 'backend' => 'oslo_cache.memcache_pool',
+ 'enabled' => 'True',
+}
+
+keystone_oslo_messaging_rabbit = {
+ 'heartbeat_rate' => '2',
+}
+
+keystone_oslo_messaging_rabbit_ssl = {
+ 'channel_max' => '2',
+ 'connection_factory' => 'single',
+ 'default_notification_exchange' => 'exchange',
+ 'default_notification_retry_attempts' => '1',
+ 'default_rpc_exchange' => 'rpc_exchange',
+ 'default_rpc_retry_attempts' => '10',
+ 'default_serializer_type' => 'json',
+ 'frame_max' => '2',
+ 'heartbeat_interval' => '3',
+ 'heartbeat_rate' => '2',
+ 'heartbeat_timeout_threshold' => '60',
+ 'host_connection_reconnect_delay' => '10',
+ 'notification_listener_prefetch_count' => '100',
+ 'notification_persistence' => 'False',
+ 'notification_retry_delay' => '10',
+ 'pool_max_overflow' => '0',
+ 'pool_max_size' => '30',
+ 'pool_recycle' => '600',
+ 'pool_stale' => '60',
+ 'pool_timeout' => '30',
+ 'rabbit_ha_queues' => 'True',
+ 'rabbit_interval_max' => '30',
+ 'rabbit_qos_prefetch_count' => '64',
+ 'rabbit_retry_backoff' => '2',
+ 'rabbit_retry_interval' => '1',
+ 'rabbit_transient_queues_ttl' => '1800',
+ 'rpc_listener_prefetch_count' => '100',
+ 'rpc_queue_expiration' => '60',
+ 'rpc_reply_exchange' => 'rpc_reply_exchange',
+ 'rpc_reply_listener_prefetch_count' => '100',
+ 'rpc_reply_retry_attempts' => '10',
+ 'rpc_reply_retry_delay' => '10',
+ 'rpc_retry_delay' => '10',
+ 'socket_timeout' => '10',
+ 'ssl' => 'true',
+ 'ssl_ca_file' => '/etc/keystone/ssl/mysql/ca-cert.pem',
+ 'ssl_version' => 'TLSv1_2',
+ 'tcp_user_timeout' => '10',
+}
+
+keystone_database = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8',
+ 'max_overflow' => '30',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+}
+
+keystone_database_ssl = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
+ 'max_overflow' => '30',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+ 'connection_recycle_time' => '280',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+ 'enable_proxy_headers_parsing' => 'True',
+}
+
+keystone_cors = {
+ 'allowed_origin' => 'https://horizon.example.com',
+ 'allow_credentials' => 'True',
+ 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
+ 'max_age' => '3600',
+ 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
+ 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
+}
+
+keystone_oidc = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_saml2 = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_federation = {
+ 'cache_group_membership_in_db' => 'True',
+}
+
+keystone_resource = {
+ 'admin_project_domain_name' => 'project',
+ 'admin_project_name' => 'projectname',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+}
+
+control 'Keystone' do
+
+ describe parse_config_file('/etc/keystone/keystone.conf') do
+
+ describe 'Keystone messaging' do
+
+ if ssl_enabled
+ keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
+ keystone_default.merge!(keystone_default_ssl)
+ describe 'SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone database' do
+
+ if ssl_enabled
+ keystone_database.merge!(keystone_database_ssl)
+ describe 'SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone config' do
+
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('assignment') {
+ should include(keystone_assignment)
+ }
+ its('auth') {
+ should include(keystone_auth)
+ }
+ its('catalog') {
+ should include(keystone_catalog)
+ }
+ its('credential') {
+ should include(keystone_credential)
+ }
+ its('fernet_tokens') {
+ should include(keystone_fernet_tokens)
+ }
+ its('identity') {
+ should include(keystone_identity)
+ }
+ its('token') {
+ should include(keystone_token)
+ }
+ its('cors') {
+ should include(keystone_cors)
+ }
+ its('oidc') {
+ should include(keystone_oidc)
+ }
+ its('saml2') {
+ should include(keystone_saml2)
+ }
+ its('federation') {
+ should include(keystone_federation)
+ }
+ its('resource') {
+ should include(keystone_resource)
+ }
+ its('oslo_middleware') {
+ should include(keystone_oslo_middleware)
+ }
+ its('cache') {
+ should include(keystone_cache)
+ }
+
+ end
+ end
+end
diff --git a/tests/integration/rocky/single/config_spec.rb b/tests/integration/rocky/single/config_spec.rb
new file mode 100644
index 0000000..bbff67d
--- /dev/null
+++ b/tests/integration/rocky/single/config_spec.rb
@@ -0,0 +1,257 @@
+ssl_enabled = attribute('ssl', default: false)
+
+keystone_default_ssl = {
+ 'conn_pool_min_size' => '2',
+ 'conn_pool_ttl' => '1200',
+ 'control_exchange' => 'openstack',
+ 'debug' => 'True',
+ 'executor_thread_pool_size' => '64',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'log_dir' => 'logdir',
+ 'log_file' => 'logfile.log',
+ 'notification_format' => 'cadf',
+ 'rpc_ack_timeout_base' => '15',
+ 'rpc_ack_timeout_multiplier'=> '2',
+ 'rpc_conn_pool_size' => '30',
+ 'rpc_message_ttl' => '300',
+ 'rpc_poll_timeout' => '1',
+ 'rpc_response_timeout' => '60',
+ 'rpc_retry_attempts' => '3',
+ 'rpc_thread_pool_size' => '100',
+ 'rpc_use_acks' => 'False',
+ 'syslog_log_facility' => 'LOG_USER',
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5671//openstack',
+ 'use_syslog' => 'True'
+}
+
+keystone_default = {
+ 'conn_pool_min_size' => '2',
+ 'conn_pool_ttl' => '1200',
+ 'control_exchange' => 'openstack',
+ 'debug' => 'True',
+ 'executor_thread_pool_size' => '64',
+ 'log_config_append' => '/etc/keystone/logging.conf',
+ 'log_dir' => 'logdir',
+ 'log_file' => 'logfile.log',
+ 'notification_format' => 'cadf',
+ 'rpc_ack_timeout_base' => '15',
+ 'rpc_ack_timeout_multiplier' => '2',
+ 'rpc_conn_pool_size' => '30',
+ 'rpc_message_ttl' => '300',
+ 'rpc_poll_timeout' => '1',
+ 'rpc_response_timeout' => '60',
+ 'rpc_retry_attempts' => '3',
+ 'rpc_thread_pool_size' => '100',
+ 'rpc_use_acks' => 'False',
+ 'syslog_log_facility' => 'LOG_USER',
+ 'transport_url' => 'rabbit://openstack:password@127.0.0.1:5672//openstack',
+ 'use_syslog' => 'True'
+}
+
+keystone_assignment = {
+ 'driver' => 'sql'
+}
+
+keystone_auth = {
+ 'methods' => 'password,token',
+ 'oidc' => 'keystone.auth.plugins.mapped.Mapped',
+ 'saml2' => 'keystone.auth.plugins.mapped.Mapped',
+}
+
+keystone_catalog = {
+ 'template_file' => 'default_catalog.templates',
+ 'driver' => 'sql',
+}
+
+keystone_credential = {
+ 'key_repository' => '/var/lib/keystone/credential-keys'
+}
+
+keystone_fernet_tokens = {
+ 'key_repository' => '/etc/keystone/fernet-keys/',
+ 'max_active_keys' => '3',
+}
+
+keystone_identity = {
+ 'driver' => 'sql',
+}
+
+keystone_token = {
+ 'expiration' => '86400',
+ 'provider' => 'fernet',
+ 'caching' => 'false',
+ 'hash_algorithm' => 'sha256',
+}
+
+keystone_cache = {
+ 'backend' => 'oslo_cache.memcache_pool',
+ 'enabled' => 'True',
+}
+
+keystone_oslo_messaging_rabbit = {
+ 'heartbeat_rate' => '2',
+}
+
+keystone_oslo_messaging_rabbit_ssl = {
+ 'heartbeat_rate' => '2',
+ 'heartbeat_timeout_threshold' => '60',
+ 'rabbit_ha_queues' => 'True',
+ 'rabbit_interval_max' => '30',
+ 'rabbit_qos_prefetch_count' => '64',
+ 'rabbit_retry_backoff' => '2',
+ 'rabbit_retry_interval' => '1',
+ 'rabbit_transient_queues_ttl' => '1800',
+ 'ssl' => 'true',
+ 'ssl_ca_file' => '/etc/keystone/ssl/mysql/ca-cert.pem',
+ 'ssl_version' => 'TLSv1_2',
+}
+
+keystone_database = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8',
+ 'max_overflow' => '30',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+}
+
+keystone_database_ssl = {
+ 'connection' => 'mysql+pymysql://keystone:passw0rd@127.0.0.1/keystone?charset=utf8&ssl_ca=/etc/keystone/ssl/mysql/ca-cert.pem&ssl_cert=/etc/keystone/ssl/mysql/client-cert.pem&ssl_key=/etc/keystone/ssl/mysql/client-key.pem',
+ 'max_overflow' => '30',
+ 'max_pool_size' => '10',
+ 'max_retries' => '-1',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+ 'enable_proxy_headers_parsing' => 'True',
+}
+
+keystone_cors = {
+ 'allowed_origin' => 'https://horizon.example.com',
+ 'allow_credentials' => 'True',
+ 'expose_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token',
+ 'max_age' => '3600',
+ 'allow_methods' => 'GET,PUT,POST,DELETE,PATCH',
+ 'allow_headers' => 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name',
+}
+
+keystone_oidc = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_saml2 = {
+ 'remote_id_attribute' => 'HTTP_OIDC_ISS'
+}
+
+keystone_federation = {
+ 'cache_group_membership_in_db' => 'True',
+}
+
+keystone_resource = {
+ 'admin_project_domain_name' => 'project',
+ 'admin_project_name' => 'projectname',
+}
+
+keystone_oslo_middleware = {
+ 'max_request_body_size' => '114688',
+}
+
+control 'Keystone' do
+
+ describe parse_config_file('/etc/keystone/keystone.conf') do
+
+ describe 'Keystone messaging' do
+
+ if ssl_enabled
+ keystone_oslo_messaging_rabbit.merge!(keystone_oslo_messaging_rabbit_ssl)
+ keystone_default.merge!(keystone_default_ssl)
+ describe 'SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('oslo_messaging_rabbit') {
+ should include(keystone_oslo_messaging_rabbit)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone database' do
+
+ if ssl_enabled
+ keystone_database.merge!(keystone_database_ssl)
+ describe 'SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ else
+ describe 'non SSL' do
+ its('database') {
+ should include(keystone_database)
+ }
+ end
+ end
+
+ end
+
+ describe 'Keystone config' do
+
+ its('DEFAULT') {
+ should include(keystone_default)
+ }
+ its('assignment') {
+ should include(keystone_assignment)
+ }
+ its('auth') {
+ should include(keystone_auth)
+ }
+ its('catalog') {
+ should include(keystone_catalog)
+ }
+ its('credential') {
+ should include(keystone_credential)
+ }
+ its('fernet_tokens') {
+ should include(keystone_fernet_tokens)
+ }
+ its('identity') {
+ should include(keystone_identity)
+ }
+ its('token') {
+ should include(keystone_token)
+ }
+ its('cors') {
+ should include(keystone_cors)
+ }
+ its('oidc') {
+ should include(keystone_oidc)
+ }
+ its('saml2') {
+ should include(keystone_saml2)
+ }
+ its('federation') {
+ should include(keystone_federation)
+ }
+ its('resource') {
+ should include(keystone_resource)
+ }
+ its('oslo_middleware') {
+ should include(keystone_oslo_middleware)
+ }
+ its('cache') {
+ should include(keystone_cache)
+ }
+
+ end
+ end
+end
diff --git a/tests/pillar/apache_wsgi.sls b/tests/pillar/apache_wsgi.sls
deleted file mode 100644
index 880b53d..0000000
--- a/tests/pillar/apache_wsgi.sls
+++ /dev/null
@@ -1,192 +0,0 @@
-
-keystone:
-# Server state
- server:
- enabled: true
- version: liberty
- service_name: apache2
- service_token: RANDOMSTRINGTOKEN
- service_tenant: service
- admin_tenant: admin
- admin_name: admin
- admin_password: passw0rd
- admin_email: root@localhost
- enable_proxy_headers_parsing: True
- bind:
- address: 0.0.0.0
- private_address: 127.0.0.1
- private_port: 35357
- public_address: 127.0.0.1
- public_port: 5000
- region: RegionOne
- database:
- engine: mysql
- host: localhost
- name: keystone
- password: passw0rd
- user: keystone
- tokens:
- engine: cache
- expiration: 86400
- location: /etc/keystone/fernet-keys/
- notification: false
- notification_format: cadf
- logging:
- log_appender: false
- log_handlers:
- watchedfile:
- enabled: true
- fluentd:
- enabled: false
- ossyslog:
- enabled: false
- #message_queue:
- #engine: rabbitmq
- #host: 127.0.0.1
- #port: 5672
- #user: openstack
- #password: password
- #virtual_host: '/openstack'
- #ha_queues: true
-# Client state
- client:
- enabled: false
- server:
- identity:
- admin:
- host: localhost
- port: 35357
- token: RANDOMSTRINGTOKEN
- roles:
- - admin
- - Member
- project:
- service:
- description: "OpenStack Service tenant"
- admin:
- description: "OpenStack Admin tenant"
- user:
- admin:
- is_admin: true
- password: passw0rd
- email: admin@localhost
- service:
- keystone3:
- type: identity
- description: OpenStack Identity Service v3
- endpoints:
- - region: RegionOne
- public_address: keystone
- public_protocol: http
- public_port: 5000
- public_path: '/v3'
- internal_address: keystone
- internal_port: 5000
- internal_path: '/v3'
- admin_address: keystone
- admin_port: 35357
- admin_path: '/v3'
- keystone:
- type: identity
- description: OpenStack Identity Service
- endpoints:
- - region: RegionOne
- public_address: keystone
- public_protocol: http
- public_port: 5000
- public_path: '/v2.0'
- internal_address: keystone
- internal_port: 5000
- internal_path: '/v2.0'
- admin_address: keystone
- admin_port: 35357
- admin_path: '/v2.0'
- #keystone3:
- #name: keystone3
- #type: identity
- #description: OpenStack Identity Service v3
- #endpoints:
- #- region: RegionTwo
- #public_address: keystone
- #public_protocol: http
- #public_port: 5000
- #public_path: '/v3'
- #internal_address: keystone
- #internal_port: 5000
- #internal_path: '/v3'
- #admin_address: keystone
- #admin_port: 35357
- #admin_path: '/v3'
- #keystone:
- #name: keystone
- #type: identity
- #description: OpenStack Identity Service
- #endpoints:
- #- region: RegionTwo
- #public_address: keystone
- #public_protocol: http
- #public_port: 5000
- #public_path: '/v2.0'
- #internal_address: keystone
- #internal_port: 5000
- #internal_path: '/v2.0'
- #admin_address: keystone
- #admin_port: 35357
- #admin_path: '/v2.0'
-# CI related dependencies
-apache:
- server:
- enabled: true
- default_mpm: event
- mpm:
- prefork:
- enabled: true
- servers:
- start: 5
- spare:
- min: 2
- max: 10
- max_requests: 0
- max_clients: 20
- limit: 20
- site:
- keystone:
- enabled: true
- type: keystone
- name: wsgi
- host:
- name: localhost
- pkgs:
- - apache2
- modules:
- - wsgi
-mysql:
- client:
- enabled: true
- version: '5.7'
- admin:
- host: localhost
- port: 3306
- user: admin
- password: password
- encoding: utf8
- server:
- enabled: true
- version: "5.7"
- force_encoding: utf8
- bind:
- address: 0.0.0.0
- port: 3306
- protocol: tcp
- database:
- keystone:
- encoding: utf8
- users:
- - host: '%'
- name: keystone
- password: passw0rd
- rights: all
- - host: 127.0.0.1
- name: keystone
- password: passw0rd
- rights: all
diff --git a/tests/pillar/client_resources_v3.sls b/tests/pillar/client_resources_v3.sls
deleted file mode 100644
index f68ef70..0000000
--- a/tests/pillar/client_resources_v3.sls
+++ /dev/null
@@ -1,145 +0,0 @@
-include:
- - single
-
-keystone:
- client:
- resources:
- v3:
- enabled: true
- cloud_name: 'admin_identity'
- domains:
- 'Default':
- enabled: True
- status: present
- projects:
- service:
- status: present
- description: "OpenStack Service tenant"
- admin:
- status: absent
- description: "OpenStack Admin tenant"
- 'User_domain':
- enabled: True
- status: absent
- projects:
- user_domain_service:
- status: present
- description: "OpenStack Service tenant"
- user_domain_admin:
- status: absent
- description: "OpenStack Admin tenant"
- 'User_domain_0':
- enabled: True
- status: absent
- force_delete: True
- projects:
- user_domain_0_service:
- status: present
- description: "OpenStack Service tenant"
- user_domain_0_admin:
- status: absent
- description: "OpenStack Admin tenant"
- 'User_domain_1':
- enabled: False
- status: absent
- projects:
- user_domain_1_service:
- status: present
- description: "OpenStack Service tenant"
- user_domain_1_admin:
- status: absent
- description: "OpenStack Admin tenant"
- roles:
- service_admin:
- name: admin
- enabled: true
- status: present
- global_Member:
- name: Member
- enabled: true
- status: absent
- global_Member_0:
- name: Member
- enabled: False
- status: absent
- users:
- admin:
- enabled: true
- status: present
- password: passw0rd
- email: root@localhost
- roles:
- service_admin:
- status: assigned
- name: admin
- project_id: admin
- user:
- enabled: true
- status: absent
- password: passw0rd
- email: root@localhost
- roles:
- global_Member:
- status: unassigned
- name: user
- project_id: user
- user0:
- enabled: False
- status: absent
- password: passw0rd
- email: root@localhost
- roles:
- global_Member:
- status: unassigned
- name: user
- project_id: user
- services:
- keystone:
- enabled: True
- status: present
- type: 'identity'
- description: "OpenStack Identity Service"
- endpoints:
- keystone_public:
- status: present
- interface: 'public'
- url: https://127.0.0.1:5000/
- region: RegionOne
- keystone_internal:
- status: absent
- interface: 'internal'
- url: https://127.0.0.1:5000/
- region: RegionOne
- keystone_0:
- enabled: True
- status: absent
- type: 'identity'
- description: "OpenStack Identity Service"
- endpoints:
- keystone_0_public:
- status: present
- interface: 'public'
- url: https://127.0.0.1:5000/
- region: RegionOne
- keystone_0_internal:
- status: absent
- interface: 'internal'
- url: https://127.0.0.1:5000/
- region: RegionOne
- keystone_1:
- enabled: False
- status: absent
- type: 'identity'
- description: "OpenStack Identity Service"
- endpoints:
- keystone_1_public:
- status: present
- interface: 'public'
- url: https://127.0.0.1:5000/
- region: RegionOne
- keystone_1_internal:
- status: absent
- interface: 'internal'
- url: https://127.0.0.1:5000/
- region: RegionOne
-
diff --git a/tests/pillar/repo_mos9.sls b/tests/pillar/repo_mos9.sls
deleted file mode 100644
index 64d75b8..0000000
--- a/tests/pillar/repo_mos9.sls
+++ /dev/null
@@ -1,8 +0,0 @@
-linux:
- system:
- enabled: true
- repo:
- mirantis_openstack:
- source: "deb [arch=amd64] http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/ mos9.0 main restricted"
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/archive-mos9.0.key"
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 078551b..06c1722 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -3,12 +3,56 @@
server:
enabled: true
version: liberty
+ service_name: apache2
service_token: RANDOMSTRINGTOKEN
service_tenant: service
+ admin_project:
+ name: projectname
+ domain: project
admin_tenant: admin
admin_name: admin
admin_password: passw0rd
admin_email: root@localhost
+ enable_proxy_headers_parsing: True
+ cors:
+ allowed_origin: 'https://horizon.example.com'
+ allow_credentials: True
+ expose_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token'
+ allow_headers: 'X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-Domain-Id,X-Domain-Name'
+ max_age: 3600
+ allow_methods: 'GET,PUT,POST,DELETE,PATCH'
+ auth_methods:
+ - password
+ - token
+ federation:
+ oidc:
+ remote_id_attribute: HTTP_OIDC_ISS
+ remote_id_attribute_value: remote_id_attribute_value
+ oidc_claim_prefix: oidc_claim_prefix
+ oidc_client_id: oidc_client_id
+ oidc_client_secret: oidc_client_secret
+ oidc_crypto_passphrase: oidc_crypto_passphrase
+ oidc_redirect_uri: oidc_redirect_uri
+ oidc_provider_metadata_url: oidc_provider_metadata_url
+ oidc_response_type: oidc_response_type
+ oidc_scope: oidc_scope
+ oidc_ssl_validate_server: oidc_ssl_validate_server
+ oidc_oauth_ssl_validate_server: oidc_oauth_ssl_validate_server
+ oidc_oauth_introspection_endpoint: oidc_oauth_introspection_endpoint
+ oidc_oauth_introspection_token_param_name: oidc_oauth_introspection_token_param_name
+ oidc_oauth_remote_user_claim: oidc_oauth_remote_user_claim
+ oidc_oauth_verify_jwks_uri: oidc_oauth_verify_jwks_uri
+ odic_token_iat_slack: odic_token_iat_slack
+ oidc_provider_issuer: oidc_provider_issuer
+ oidc_provider_authorization_endpoint: oidc_provider_authorization_endpoint
+ oidc_provider_token_endpoint: oidc_provider_token_endpoint
+ oidc_provider_token_endpoint_auth: oidc_provider_token_endpoint_auth
+ oidc_provider_user_info_endpoint: oidc_provider_user_info_endpoint
+ oidc_provider_jwks_uri: oidc_provider_jwks_uri
+ protocol: oidc
+ saml2:
+ remote_id_attribute: HTTP_OIDC_ISS
+ protocol: saml2
bind:
address: 0.0.0.0
private_address: 127.0.0.1
@@ -18,20 +62,23 @@
region: RegionOne
database:
engine: mysql
- host: localhost
+ host: 127.0.0.1
name: keystone
password: passw0rd
user: keystone
tokens:
- engine: cache
+ engine: fernet
expiration: 86400
location: /etc/keystone/fernet-keys/
- message_queue:
- engine: rabbitmq
- notification: false
+ notification: true
notification_format: cadf
logging:
- log_appender: false
+ debug: true
+ log_file: 'logfile.log'
+ log_dir: logdir
+ use_syslog: true
+ syslog_log_facility: LOG_USER
+ log_appender: true
log_handlers:
watchedfile:
enabled: true
@@ -42,18 +89,125 @@
extra_config:
federation:
cache_group_membership_in_db: true
- #message_queue:
- #engine: rabbitmq
- #host: 127.0.0.1
- #port: 5672
- #user: openstack
- #password: password
- #virtual_host: '/openstack'
- #ha_queues: true
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: password
+ virtual_host: '/openstack'
+ ha_queues: true
+ rabbit_ha_queues: true
+ rpc_conn_pool_size: 30
+ conn_pool_min_size: 2
+ conn_pool_ttl: 1200
+ rpc_poll_timeout: 1
+ rpc_thread_pool_size: 100
+ rpc_message_ttl: 300
+ rpc_use_acks: false
+ rpc_ack_timeout_base: 15
+ rpc_ack_timeout_multiplier: 2
+ rpc_retry_attempts: 3
+ executor_thread_pool_size: 64
+ rpc_response_timeout: 60
+ control_exchange: openstack
+ ssl:
+ version: TLSv1_2
+ cacert_file: ssl_ca_certs
+ x509:
+ key_file: kombu_ssl_keyfile
+ cert_file: kombu_ssl_certfile
+ rabbit_retry_interval: 1
+ rabbit_retry_backoff: 2
+ rabbit_interval_max: 30
+ rabbit_transient_queues_ttl: 1800
+ heartbeat_timeout_threshold: 60
+ heartbeat_rate: 2
+ channel_max: 2
+ frame_max: 2
+ heartbeat_interval: 3
+ socket_timeout: 10
+ tcp_user_timeout: 10
+ host_connection_reconnect_delay: 10
+ connection_factory: single
+ pool_max_size: 30
+ pool_max_overflow: 0
+ pool_timeout: 30
+ pool_recycle: 600
+ pool_stale: 60
+ default_serializer_type: json
+ notification_persistence: false
+ default_notification_exchange: exchange
+ notification_listener_prefetch_count: 100
+ default_notification_retry_attempts: 1
+ notification_retry_delay: 10
+ rpc_queue_expiration: 60
+ default_rpc_exchange: rpc_exchange
+ rpc_reply_exchange: rpc_reply_exchange
+ rpc_listener_prefetch_count: 100
+ rpc_reply_listener_prefetch_count: 100
+ rpc_reply_retry_attempts: 10
+ rpc_reply_retry_delay: 10
+ default_rpc_retry_attempts: 10
+ rpc_retry_delay: 10
+ rabbit_qos_prefetch_count: 64
+ healthcheck:
+ path: '/healthcheck'
+ max_request_body_size: 114688
+ profiler:
+ enabled: True
+ cache:
+ enabled: True
+ host: 127.0.0.1
+ port: 11211
+ policy:
+ policy_file: 'policy.json'
+ domain:
+ testing:
+ description: "Test domain"
+ backend: ldap
+ identity:
+ backend: ldap
+ driver: ldap
+ assignment:
+ backend: sql
+ driver: keystone.assignment.backends.sql.Assignment
+ ldap:
+ url: "ldaps://idm.domain.com"
+ suffix: "dc=cloud,dc=domain,dc=com"
+ uid: keystone
+ password: password
# Client state
client:
enabled: false
+ os_client_config:
+ enabled: true
+ cfgs:
+ root:
+ content:
+ clouds:
+ admin_identity:
+ region_name: RegionOne
+ identity_api_version: '3'
+ interface: 'internal'
+ auth:
+ username: 'admin'
+ password: passw0rd
+ user_domain_name: 'Default'
+ project_name: 'admin'
+ project_domain_name: 'Default'
+ auth_url: 'http://127.0.0.1:5000'
server:
+ admin_identity:
+ admin:
+ user: admin
+ password: passw0rd
+ project: admin
+ host: localhost
+ port: 5000
+ region_name: RegionOne
+ use_keystoneauth: true
+ protocol: http
identity:
admin:
host: localhost
@@ -103,23 +257,32 @@
admin_address: keystone
admin_port: 35357
admin_path: '/v2.0'
- # TODO: enable once salt keystone module/states are fixed
- #keystoneR2:
- #service: keystone
- #type: identity
- #description: OpenStack Identity Service
- #endpoints:
- #- region: RegionTwo
- #public_address: keystone
- #public_protocol: http
- #public_port: 5000
- #public_path: '/v2.0'
- #internal_address: keystone
- #internal_port: 5000
- #internal_path: '/v2.0'
- #admin_address: keystone
- #admin_port: 35357
- #admin_path: '/v2.0'
+apache:
+ server:
+ enabled: true
+ default_mpm: event
+ mpm:
+ prefork:
+ enabled: true
+ servers:
+ start: 5
+ spare:
+ min: 2
+ max: 10
+ max_requests: 0
+ max_clients: 20
+ limit: 20
+ site:
+ keystone:
+ enabled: true
+ type: keystone
+ name: wsgi
+ host:
+ name: localhost
+ pkgs:
+ - apache2
+ modules:
+ - wsgi
# CI related dependencies
mysql:
client:
diff --git a/tests/pillar/single_domain.sls b/tests/pillar/single_domain.sls
deleted file mode 100644
index ec86a26..0000000
--- a/tests/pillar/single_domain.sls
+++ /dev/null
@@ -1,85 +0,0 @@
-keystone:
-# Server state
- server:
- enabled: true
- version: liberty
- service_token: RANDOMSTRINGTOKEN
- service_tenant: service
- admin_tenant: admin
- admin_name: admin
- admin_password: passw0rd
- admin_email: root@localhost
- bind:
- address: 0.0.0.0
- private_address: 127.0.0.1
- private_port: 35357
- public_address: 127.0.0.1
- public_port: 5000
- region: RegionOne
- database:
- engine: mysql
- host: localhost
- name: keystone
- password: passw0rd
- user: keystone
- tokens:
- engine: cache
- expiration: 86400
- location: /etc/keystone/fernet-keys/
- notification: false
- notification_format: cadf
- logging:
- log_appender: false
- log_handlers:
- watchedfile:
- enabled: true
- fluentd:
- enabled: false
- ossyslog:
- enabled: false
- domain:
- testing:
- description: "Test domain"
- backend: ldap
- identity:
- backend: ldap
- driver: ldap
- assignment:
- backend: sql
- driver: keystone.assignment.backends.sql.Assignment
- ldap:
- url: "ldaps://idm.domain.com"
- suffix: "dc=cloud,dc=domain,dc=com"
- uid: keystone
- password: password
-# CI related dependencies
-mysql:
- client:
- enabled: true
- version: '5.7'
- admin:
- host: localhost
- port: 3306
- user: admin
- password: password
- encoding: utf8
- server:
- enabled: true
- version: "5.7"
- force_encoding: utf8
- bind:
- address: 0.0.0.0
- port: 3306
- protocol: tcp
- database:
- keystone:
- encoding: utf8
- users:
- - host: '%'
- name: keystone
- password: passw0rd
- rights: all
- - host: 127.0.0.1
- name: keystone
- password: passw0rd
- rights: all
diff --git a/tests/pillar/single_fernet.sls b/tests/pillar/single_fernet.sls
deleted file mode 100644
index 5136cde..0000000
--- a/tests/pillar/single_fernet.sls
+++ /dev/null
@@ -1,73 +0,0 @@
-keystone:
- server:
- enabled: true
- version: liberty
- service_token: token
- service_tenant: service
- admin_tenant: admin
- admin_name: admin
- admin_password: passw0rd
- admin_email: root@localhost
- bind:
- address: 0.0.0.0
- private_address: 127.0.0.1
- private_port: 35357
- public_address: 127.0.0.1
- public_port: 5000
- region: RegionOne
- database:
- engine: mysql
- host: localhost
- name: keystone
- password: passw0rd
- user: keystone
- tokens:
- engine: fernet
- expiration: 86400
- location: /etc/keystone/fernet-keys/
- max_active_keys: 4
- message_queue:
- engine: rabbitmq
- notification: false
- notification_format: cadf
- logging:
- log_appender: false
- log_handlers:
- watchedfile:
- enabled: true
- fluentd:
- enabled: false
- ossyslog:
- enabled: false
-# CI related dependencies
-mysql:
- client:
- enabled: false
- version: '5.7'
- admin:
- host: localhost
- port: 3306
- user: admin
- password: password
- encoding: utf8
- server:
- enabled: true
- version: "5.7"
- force_encoding: utf8
- bind:
- address: 0.0.0.0
- port: 3306
- protocol: tcp
- database:
- keystone:
- encoding: utf8
- users:
- - host: '%'
- name: keystone
- password: passw0rd
- rights: all
- - host: 127.0.0.1
- name: keystone
- password: passw0rd
- rights: all
-