While Unit tests are essential to development, I often want to check the complete flow of a feature against a running keystone server as well. I recently upgraded to Fedora 25, and had to reset my environment. Here is how I set up for development.
Update: turns out there is more.
The Keystone server is unusual in that it requires no other OpenStack services in order to run. Most other services require a Keystone server, but Keystone itself only requires MySQL. As such, it is not worth the effort (and Python hassle) of running devstack. You can run the Keystone server right out of the source directory in a virtual environment.
The code I need for Keystone has been committed for a while. To start clean, I rebase my local git repository to master and to run tox -r to recreate the virtual environment.
I’m going to use that virtual environment along with the directions on the official Keystone development site.
First I need a Database.
sudo dnf -y install mariadb-server sudo systemctl enable mariadb.service sudo systemctl start mariadb.service
Check that The MySQL monitor works.
$ mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 10.1.19-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Now, configure the data base according to the official setup docs:
I want to end up with MySQL using SQLAlchemy via the following configuration:
connection = mysql+pymysql://keystone:keystone@127.0.0.1/keystone
This is what works on F25. It is a little different frm the older install guides. I am running as the no-root user `ayoung`
mysql -u root CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ -> IDENTIFIED BY 'keystone';
That is not sufficient to connect, as shown by this test:
mysql -h 127.0.0.1 keystone -u keystone –password=keystone
Ensure need MySQL listening on a newtork socket.
$ getent services mysql mysql 3306/tcp $ telnet 127.0.0.1 3306 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Y
Turns Out what I needed was:
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
This is not a production grade solution, but should work for development.
Enable the virtual environemnt:
. .tox/py27/bin/activate
Update /etc/keystone.conf as per the above doc and try the db sync:
keystone-manage db_sync ... keystone-manage db_version 109
You will need uwsgi to run as the webserver. Don’t try to use the system package. On F24, at least, the system one was out of date. Since this is a development setup, let’s match the upstream approach and use pip to install it in the venv.
pip install uwsgi
Now try to run the server:
uwsgi --http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)
And test:
curl localhost:35357 {"versions": {"values": [{"status": "stable", "updated": "2016-10-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.7", "links": [{"href": "http://localhost:35357/v3/", "rel": "self"}]}, {"status": "deprecated", "updated": "2016-08-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://localhost:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}
Now I want to run the bootstrap code to initialize the database tables:
keystone-manage bootstrap --bootstrap-password keystone
Remember to run the public port server in a separate console window (but also in the venv)
. .tox/py27/bin/activate uwsgi --http 127.0.0.1:5000 --wsgi-file $(which keystone-wsgi-public )
To run the sample data (again in another venv window)
pip install python-openstackclient ADMIN_PASSWORD=keystone tools/sample_data.sh
Here is my keystone.rc file for talking to this server. The OS_IDENTITY_API_VERSION bypasses discovery, which is probably not a long term solution.
unset `env | awk -F= '/OS_/ {print $1}' | xargs` export OS_USERNAME=admin export OS_PASSWORD=keystone export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_ID=default export OS_PROJECT_DOMAIN_ID=default export OS_IDENTITY_API_VERSION=3 export OS_AUTH_URL=http://127.0.0.1:5000/v3
Make sure token issue work:
. ~/devel/openstack/keystone.rc openstack token issue +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2016-12-06T01:09:23+0000 | | id | gAAAAABYRgGzX_ZixdkZBmS-Ut9uGphBhfSw8rdnTBBar6waqfrghdQWi3PLgjI | | | ah6HL9pxGvdmGm8pHCCos7yo4D28LRmROrSRf8Yy1dEE9bMQGcCrFuG4QCe_m2E | | | SdqNoB3LMhfCPyCbm3705_Blo_h6f5Cst-fLZuUFyItKkgo4BYZUDpGxk | | project_id | f84f16ef1f2f45cd80580329ab2c00b0 | | user_id | bc72530345094d0e9ba53a275d2df9e8 | +------------+-----------------------------------------------------------------+