This container makes it easy to run integration tests against OpenStack Keystone and OpenStack Swift object storage. It is not suitable for production.
The container starts both a swift and a keystone service so that integration tests can run against a single Docker container.
This image was created as a combination of other existing approaches, none of which served our needs:
This container is based on python:3.9-slim
and installs tarballs from
OpenStack release Wallaby.
Furthermore, the image includes s6-overlay
to manage processes.
A python script is added to mock the feature in Pouta in which a token from AAI's userinfo can be exchanged for an unscoped token that works with Openstack Keystone. The python server is running in port 5001 and also proxies all other requests to port 5000, meaning all Keystone endpoints work in port 5001 as well.
Build the image with
docker buildx build -t keystone-swift .
Start the container using the following command:
docker run -d --init -p 5000:5000 -p 8080:8080 --name keystone-swift keystone-swift
Or use the built images from ghrc.io
docker run -d --init -p 5000:5000 -p 8080:8080 --name keystone-swift ghcr.io/cscfi/docker-keystone-swift:latest
Stop it with
docker stop keystone-swift
By default, the image outputs no logs, but you can pass S6_LOGGING=0
when running the image so that it sends logs to stdout
docker run -d --init -p 5000:5000 -p 8080:8080 --env S6_LOGGING=0 --name keystone-swift keystone-swift
The following commands are available in the container:
- openstack
- keystone
- swift
- bash
Use the scripts to generate data into the object storage, and test the endpoints.
The container comes with 2 preconfigured accounts:
- admin / superuser
- swift / veryfast
The container comes with 2 preconfigured projects:
- service (Service test project) | swift admin user
- swift-project (Swift test project) | swift admin user
Default endpoint http://127.0.0.1:5000/v3
export OS_USERNAME=admin
export OS_PASSWORD=superuser
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://127.0.0.1:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_USERNAME=swift
export OS_PASSWORD=veryfast
export OS_PROJECT_NAME=service
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://127.0.0.1:5000/v3
export OS_IDENTITY_API_VERSION=3
Default endpoint http://127.0.0.1:8080/auth/v1.0
USERNAME=admin
PASSWORD=admin
TENANT_NAME=admin
USERNAME=tester
PASSWORD=testing
TENANT_NAME=test
Keystone Identity v3
echo '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"swift","domain":{"name":"Default"},"password":"veryfast"}}},"scope":{"project":{"domain":{"id":"default"},"name":"test"}}}}' | http POST :5000/v3/auth/tokens
TempAuth
http http://127.0.0.1:8080/auth/v1.0 X-Storage-User:test:tester X-Storage-Pass:testing
Keystone Identity v3
curl -X POST -H 'Content-Type: application/json' -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"swift","domain":{"name":"Default"},"password":"veryfast"}}},"scope":{"project":{"domain":{"id":"default"},"name":"test"}}}}' http://127.0.0.1:5000/v3/auth/tokens
TempAuth
curl -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' http://127.0.0.1:8080/auth/v1.0
This image also comes with S3 API enabled. To use it, generate credentials and use them to authenticate against the S3 API.
Below is an example using the credentials with s3cmd
.
The swift <-> S3 compatibility has its limitations described here.
- Create credentials
$ docker exec -it <image-id> bash
$ openstack ec2 credentials create
+------------+---------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------------------------------+
| access | 0a09f306baa04358aa88e50c4853329f |
| links | {'self': 'http://localhost:5000/v3/users/2855fdd6794e4d38b4e14b036094524f/credentials/OS-EC2/0a09f306baa04358aa88e50c4853329f'} |
| project_id | 3ec1214fab494db0b8e2fb4e8f16b42a |
| secret | b15fdf7a8ed947f7afe6fa3b01a376cc |
| trust_id | None |
| user_id | 2855fdd6794e4d38b4e14b036094524f |
+------------+---------------------------------------------------------------------------------------------------------------------------------+
- Create s3 config file
cat > s3.cfg << EOF
[default]
access_key = 0a09f306baa04358aa88e50c4853329f
secret_key = b15fdf7a8ed947f7afe6fa3b01a376cc
host_base = 127.0.0.1:8080
host_bucket = 127.0.0.1:8080
use_https = false
EOF
- Use s3cmd
# create a bucket
$ s3cmd -c s3.cfg mb s3://config
Bucket 's3://config/' created
# upload the config file
$ s3cmd -c s3.cfg put s3.cfg s3://config/s3.cfg
upload: 's3.cfg' -> 's3://config/s3.cfg' [1 of 1]
176 of 176 100% in 0s 3.33 KB/s done
# list all objects
$ s3cmd -c s3.cfg la
2023-12-11 18:23 176 s3://config/s3.cfg
docker-keystone-swift
and all it sources are released under MIT License.