Merge "Add devstack gate for vault"
This commit is contained in:
commit
4c057e35eb
@ -61,6 +61,14 @@
|
||||
services: barbican-dogtag,tempest,rabbit,mysql,key
|
||||
plugin: dogtag
|
||||
|
||||
- job:
|
||||
name: barbican-vault-devstack-functional
|
||||
parent: barbican-devstack-functional-base
|
||||
voting: false
|
||||
vars:
|
||||
services: barbican-vault,tempest,rabbit,mysql,key
|
||||
plugin: vault
|
||||
|
||||
- job:
|
||||
name: barbican-kmip-devstack-functional
|
||||
parent: barbican-devstack-functional-base
|
||||
@ -188,3 +196,4 @@
|
||||
experimental:
|
||||
jobs:
|
||||
- barbican-simple-crypto-devstack-tempest-py35
|
||||
- barbican-vault-devstack-functional
|
||||
|
@ -570,5 +570,49 @@ function install_dogtag_components {
|
||||
}
|
||||
|
||||
|
||||
# Vault functions
|
||||
# ----------------
|
||||
|
||||
function install_vault {
|
||||
wget https://releases.hashicorp.com/vault/0.10.1/vault_0.10.1_linux_amd64.zip
|
||||
unzip vault_0.10.1_linux_amd64.zip
|
||||
sudo mv vault /usr/bin
|
||||
install_package screen
|
||||
screen -d -m bash -c "vault server -dev -dev-listen-address=${HOST_IP}:8200 2>&1 >vault.log"
|
||||
|
||||
# get the root_token_id, use tempfile for counter
|
||||
TOKEN_ID_FILE="vault_root_token_id"
|
||||
touch $TOKEN_ID_FILE
|
||||
|
||||
COUNTER=0
|
||||
|
||||
while [ ! -s $TOKEN_ID_FILE ] && [ "$COUNTER" -lt "20" ]
|
||||
do
|
||||
sleep 2
|
||||
awk '/Root Token:/ {print $3}' vault.log > $TOKEN_ID_FILE
|
||||
COUNTER=$[COUNTER + 1]
|
||||
done
|
||||
|
||||
if [ ! -s $TOKEN_ID_FILE ]; then
|
||||
echo "Wah! Need to throw an error code here!"
|
||||
fi
|
||||
|
||||
#debug code follows:
|
||||
export VAULT_ADDR="http://${HOST_IP}:8200"
|
||||
vault status
|
||||
vault kv put secret/hello foo=world
|
||||
vault kv get secret/hello
|
||||
vault kv delete secret/hello
|
||||
|
||||
}
|
||||
|
||||
function configure_vault_plugin {
|
||||
root_token_id=`cat vault_root_token_id`
|
||||
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins vault_plugin
|
||||
iniset $BARBICAN_CONF vault_plugin root_token_id $root_token_id
|
||||
iniset $BARBICAN_CONF vault_plugin vault_url "http://${HOST_IP}:8200"
|
||||
iniset $BARBICAN_CONF vault_plugin use_ssl "false"
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
$XTRACE
|
||||
|
@ -23,6 +23,10 @@ if is_service_enabled barbican; then
|
||||
echo_summary "Installing Dogtag"
|
||||
install_dogtag_components
|
||||
fi
|
||||
if is_service_enabled barbican-vault; then
|
||||
echo_summary "Installing Vault"
|
||||
install_vault
|
||||
fi
|
||||
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
||||
echo_summary "Configuring Barbican"
|
||||
configure_barbican
|
||||
@ -34,6 +38,10 @@ if is_service_enabled barbican; then
|
||||
echo_summary "Configuring Dogtag plugin"
|
||||
configure_dogtag_plugin
|
||||
fi
|
||||
if is_service_enabled barbican-vault; then
|
||||
echo_summary "Configuring Vault plugin"
|
||||
configure_vault_plugin
|
||||
fi
|
||||
configure_barbicanclient
|
||||
|
||||
# Configure Cinder, Nova and Glance to use Barbican
|
||||
|
Loading…
Reference in New Issue
Block a user