Revert "Use devstack functions for deploying barbican-svc"
Castellan unintentionally can't handle a barbican URL that has a path in
addition to the hostname, such as http://ip-address/key-manager, unless
it is followed by a forward slash (http://ip-address/key-manager/ ). We
should either revert this change before rc1 or merge
https://review.openstack.org/#/c/491942/, make a new release of
Castellan, and beg for a change in upper-constraints for castellan to
handle the new release.
This reverts commit 508a34e23c
.
Change-Id: Iceb3a5fa890d64468cd6e7f5dec297d11a274d20
This commit is contained in:
parent
508a34e23c
commit
3c6df48cbc
@ -144,7 +144,7 @@ function configure_barbican {
|
|||||||
else
|
else
|
||||||
echo_summary "Barbican requires that the RabbitMQ service is enabled"
|
echo_summary "Barbican requires that the RabbitMQ service is enabled"
|
||||||
fi
|
fi
|
||||||
write_uwsgi_config "$BARBICAN_UWSGI_CONF" "$BARBICAN_WSGI" "/key-manager"
|
|
||||||
## Set up keystone
|
## Set up keystone
|
||||||
|
|
||||||
# Turn on the middleware
|
# Turn on the middleware
|
||||||
@ -186,7 +186,7 @@ function install_barbicanclient {
|
|||||||
# start_barbican - Start running processes, including screen
|
# start_barbican - Start running processes, including screen
|
||||||
function start_barbican {
|
function start_barbican {
|
||||||
# Start the Barbican service up.
|
# Start the Barbican service up.
|
||||||
run_process barbican-svc "$BARBICAN_BIN_DIR/uwsgi --ini $BARBICAN_UWSGI_CONF"
|
run_process barbican-svc "$BARBICAN_BIN_DIR/uwsgi --master --emperor $BARBICAN_CONF_DIR/vassals"
|
||||||
|
|
||||||
# Pause while the barbican-svc populates the database, otherwise the retry
|
# Pause while the barbican-svc populates the database, otherwise the retry
|
||||||
# service below might try to do this at the same time, leading to race
|
# service below might try to do this at the same time, leading to race
|
||||||
@ -363,12 +363,12 @@ function create_barbican_accounts {
|
|||||||
--os-identity-api-version 3 \
|
--os-identity-api-version 3 \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
$BARBICAN_SERVICE \
|
$BARBICAN_SERVICE \
|
||||||
public "http://$SERVICE_HOST/key-manager"
|
public "http://$SERVICE_HOST:9311"
|
||||||
openstack endpoint create \
|
openstack endpoint create \
|
||||||
--os-identity-api-version 3 \
|
--os-identity-api-version 3 \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
$BARBICAN_SERVICE \
|
$BARBICAN_SERVICE \
|
||||||
internal "http://$SERVICE_HOST/key-manager"
|
internal "http://$SERVICE_HOST:9311"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -17,10 +17,6 @@ PYKMIP_LOG_DIR=${PYKMIP_LOG_DIR:-/var/log/pykmip}
|
|||||||
# Support potential entry-points console scripts
|
# Support potential entry-points console scripts
|
||||||
BARBICAN_BIN_DIR=$(get_python_exec_prefix)
|
BARBICAN_BIN_DIR=$(get_python_exec_prefix)
|
||||||
|
|
||||||
# WSGI variables
|
|
||||||
BARBICAN_WSGI=$BARBICAN_BIN_DIR/barbican-wsgi-api
|
|
||||||
BARBICAN_UWSGI_CONF=$BARBICAN_CONF_DIR/barbican-uwsgi.ini
|
|
||||||
|
|
||||||
# Set Barbican repository
|
# Set Barbican repository
|
||||||
BARBICAN_REPO=${BARBICAN_REPO:-${GIT_BASE}/openstack/barbican.git}
|
BARBICAN_REPO=${BARBICAN_REPO:-${GIT_BASE}/openstack/barbican.git}
|
||||||
BARBICAN_BRANCH=${BARBICAN_BRANCH:-master}
|
BARBICAN_BRANCH=${BARBICAN_BRANCH:-master}
|
||||||
@ -30,7 +26,7 @@ BARBICANCLIENT_REPO=${BARBICANCLIENT_REPO:-${GIT_BASE}/openstack/python-barbican
|
|||||||
BARBICANCLIENT_BRANCH=${BARBICANCLIENT_BRANCH:-master}
|
BARBICANCLIENT_BRANCH=${BARBICANCLIENT_BRANCH:-master}
|
||||||
|
|
||||||
# Set host href
|
# Set host href
|
||||||
BARBICAN_HOST_HREF=${BARBICAN_HOST_HREF:-http://${SERVICE_HOST}/key-manager}
|
BARBICAN_HOST_HREF=${BARBICAN_HOST_HREF:-http://${SERVICE_HOST}:9311}
|
||||||
|
|
||||||
# Tell Tempest this project is present
|
# Tell Tempest this project is present
|
||||||
TEMPEST_SERVICES+=,barbican
|
TEMPEST_SERVICES+=,barbican
|
||||||
|
@ -82,7 +82,7 @@ class SecretMetadataTestCase(base.TestCase):
|
|||||||
|
|
||||||
@testcase.attr('negative')
|
@testcase.attr('negative')
|
||||||
def test_secret_metadata_create_no_secret(self):
|
def test_secret_metadata_create_no_secret(self):
|
||||||
secret_ref = ('http://localhost/key-manager/secrets/%s' %
|
secret_ref = ('http://localhost:9311/secrets/%s' %
|
||||||
uuidutils.generate_uuid(dashed=False))
|
uuidutils.generate_uuid(dashed=False))
|
||||||
|
|
||||||
meta_resp, metadata_ref = self.behaviors.create_or_update_metadata(
|
meta_resp, metadata_ref = self.behaviors.create_or_update_metadata(
|
||||||
@ -111,7 +111,7 @@ class SecretMetadataTestCase(base.TestCase):
|
|||||||
|
|
||||||
@testcase.attr('negative')
|
@testcase.attr('negative')
|
||||||
def test_secret_metadata_get_no_secret(self):
|
def test_secret_metadata_get_no_secret(self):
|
||||||
secret_ref = ('http://localhost/key-manager/secrets/%s' %
|
secret_ref = ('http://localhost:9311/secrets/%s' %
|
||||||
uuidutils.generate_uuid(dashed=False))
|
uuidutils.generate_uuid(dashed=False))
|
||||||
|
|
||||||
get_resp = self.behaviors.get_metadata(secret_ref)
|
get_resp = self.behaviors.get_metadata(secret_ref)
|
||||||
|
@ -199,8 +199,6 @@ class BarbicanClient(object):
|
|||||||
base_url = endpoint['key-manager'][0].get('publicURL')
|
base_url = endpoint['key-manager'][0].get('publicURL')
|
||||||
else:
|
else:
|
||||||
base_url = endpoint['key-manager'][0].get('url')
|
base_url = endpoint['key-manager'][0].get('url')
|
||||||
# Handle urls that aren't just an address
|
|
||||||
base_url = self._get_url_w_trailing_slash(base_url)
|
|
||||||
|
|
||||||
# Make sure we handle the edge cases around Keystone providing
|
# Make sure we handle the edge cases around Keystone providing
|
||||||
# endpoints with or without versions
|
# endpoints with or without versions
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
# How many seconds to wait for the API to be responding before giving up
|
# How many seconds to wait for the API to be responding before giving up
|
||||||
API_RESPONDING_TIMEOUT=20
|
API_RESPONDING_TIMEOUT=20
|
||||||
|
|
||||||
if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1/key-manager 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then
|
if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1:9311/ 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then
|
||||||
echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds"
|
echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
# How many seconds to wait for the API to be responding before giving up
|
# How many seconds to wait for the API to be responding before giving up
|
||||||
API_RESPONDING_TIMEOUT=20
|
API_RESPONDING_TIMEOUT=20
|
||||||
|
|
||||||
if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1/key-manager 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then
|
if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1:9311/ 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then
|
||||||
echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds"
|
echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user