Merge "Add devstack gate for vault"
This commit is contained in:
commit
4c057e35eb
@ -61,6 +61,14 @@
|
|||||||
services: barbican-dogtag,tempest,rabbit,mysql,key
|
services: barbican-dogtag,tempest,rabbit,mysql,key
|
||||||
plugin: dogtag
|
plugin: dogtag
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: barbican-vault-devstack-functional
|
||||||
|
parent: barbican-devstack-functional-base
|
||||||
|
voting: false
|
||||||
|
vars:
|
||||||
|
services: barbican-vault,tempest,rabbit,mysql,key
|
||||||
|
plugin: vault
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: barbican-kmip-devstack-functional
|
name: barbican-kmip-devstack-functional
|
||||||
parent: barbican-devstack-functional-base
|
parent: barbican-devstack-functional-base
|
||||||
@ -188,3 +196,4 @@
|
|||||||
experimental:
|
experimental:
|
||||||
jobs:
|
jobs:
|
||||||
- barbican-simple-crypto-devstack-tempest-py35
|
- barbican-simple-crypto-devstack-tempest-py35
|
||||||
|
- barbican-vault-devstack-functional
|
||||||
|
@ -570,5 +570,49 @@ function install_dogtag_components {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Vault functions
|
||||||
|
# ----------------
|
||||||
|
|
||||||
|
function install_vault {
|
||||||
|
wget https://releases.hashicorp.com/vault/0.10.1/vault_0.10.1_linux_amd64.zip
|
||||||
|
unzip vault_0.10.1_linux_amd64.zip
|
||||||
|
sudo mv vault /usr/bin
|
||||||
|
install_package screen
|
||||||
|
screen -d -m bash -c "vault server -dev -dev-listen-address=${HOST_IP}:8200 2>&1 >vault.log"
|
||||||
|
|
||||||
|
# get the root_token_id, use tempfile for counter
|
||||||
|
TOKEN_ID_FILE="vault_root_token_id"
|
||||||
|
touch $TOKEN_ID_FILE
|
||||||
|
|
||||||
|
COUNTER=0
|
||||||
|
|
||||||
|
while [ ! -s $TOKEN_ID_FILE ] && [ "$COUNTER" -lt "20" ]
|
||||||
|
do
|
||||||
|
sleep 2
|
||||||
|
awk '/Root Token:/ {print $3}' vault.log > $TOKEN_ID_FILE
|
||||||
|
COUNTER=$[COUNTER + 1]
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ ! -s $TOKEN_ID_FILE ]; then
|
||||||
|
echo "Wah! Need to throw an error code here!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#debug code follows:
|
||||||
|
export VAULT_ADDR="http://${HOST_IP}:8200"
|
||||||
|
vault status
|
||||||
|
vault kv put secret/hello foo=world
|
||||||
|
vault kv get secret/hello
|
||||||
|
vault kv delete secret/hello
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function configure_vault_plugin {
|
||||||
|
root_token_id=`cat vault_root_token_id`
|
||||||
|
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins vault_plugin
|
||||||
|
iniset $BARBICAN_CONF vault_plugin root_token_id $root_token_id
|
||||||
|
iniset $BARBICAN_CONF vault_plugin vault_url "http://${HOST_IP}:8200"
|
||||||
|
iniset $BARBICAN_CONF vault_plugin use_ssl "false"
|
||||||
|
}
|
||||||
|
|
||||||
# Restore xtrace
|
# Restore xtrace
|
||||||
$XTRACE
|
$XTRACE
|
||||||
|
@ -23,6 +23,10 @@ if is_service_enabled barbican; then
|
|||||||
echo_summary "Installing Dogtag"
|
echo_summary "Installing Dogtag"
|
||||||
install_dogtag_components
|
install_dogtag_components
|
||||||
fi
|
fi
|
||||||
|
if is_service_enabled barbican-vault; then
|
||||||
|
echo_summary "Installing Vault"
|
||||||
|
install_vault
|
||||||
|
fi
|
||||||
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
||||||
echo_summary "Configuring Barbican"
|
echo_summary "Configuring Barbican"
|
||||||
configure_barbican
|
configure_barbican
|
||||||
@ -34,6 +38,10 @@ if is_service_enabled barbican; then
|
|||||||
echo_summary "Configuring Dogtag plugin"
|
echo_summary "Configuring Dogtag plugin"
|
||||||
configure_dogtag_plugin
|
configure_dogtag_plugin
|
||||||
fi
|
fi
|
||||||
|
if is_service_enabled barbican-vault; then
|
||||||
|
echo_summary "Configuring Vault plugin"
|
||||||
|
configure_vault_plugin
|
||||||
|
fi
|
||||||
configure_barbicanclient
|
configure_barbicanclient
|
||||||
|
|
||||||
# Configure Cinder, Nova and Glance to use Barbican
|
# Configure Cinder, Nova and Glance to use Barbican
|
||||||
|
Loading…
x
Reference in New Issue
Block a user