Thanks for the suggestion, Jeremy. I¹ll look into that. Two key pieces will be needed: 1. Know ahead of time what user tempest tests would be run from (should be determined by job setup?) 2. Have a way to specify in job/devstack to start congress using that user.
On 7/28/17, 6:30 AM, "Jeremy Stanley" <fu...@yuggoth.org> wrote: >On 2017-07-27 20:37:49 -0700 (-0700), Eric K wrote: >> A tempest test [1] launches additional instances of Congress using >> subprocess.popen and tests the coordination between them and the >>original >> instance launched by devstack. The problem is, the new instances are >> launched from the tempest test user rather than the user of the original >> congress instance devstack created. As a result, the new instances fail >> for being unable to access the encryption keys created by the original >> congress instance (600 permission).[2] >> >> Any suggestions for how to workaround this problem? Is it possible to >> somehow configure the gate job to run tempest tests as SU or as the >> stackuser that launches the original congress instance? >[...] > >Could you flip this around and create the original instances with >the tempest user? That seems less likely to violate base assumptions >about the test environment. >-- >Jeremy Stanley > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev