From d75c22a4920cca4c5b60b50d105f68be4431afd0 Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Thu, 6 Jun 2013 15:15:18 -0500 Subject: [PATCH 1/5] Removed unused uwsgi.ini file. --- uwsgi.ini | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 uwsgi.ini diff --git a/uwsgi.ini b/uwsgi.ini deleted file mode 100644 index 46cb38765..000000000 --- a/uwsgi.ini +++ /dev/null @@ -1,17 +0,0 @@ -[uwsgi] - -socket = :8080 -protocol = http - -processes = 1 - -master = true -vaccum = true - -no-default-app = true -memory-report = true - -#env = CONFIG_FILE=/etc/barbican/barbican.cfg - -pythonpath = ./ -module = barbican.api.app:application From a9deec106b3016987d3c4922fa5c6ffcb2867bbf Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Mon, 10 Jun 2013 15:44:27 -0500 Subject: [PATCH 2/5] Added admin api as a separate falcon app. --- barbican/api/app.py | 10 ++++++++++ etc/barbican/barbican-admin-paste.ini | 8 ++++++++ etc/barbican/barbican-api.ini | 11 ----------- etc/barbican/vassals/barbican-admin.ini | 8 ++++++++ etc/barbican/vassals/barbican-api.ini | 8 ++++++++ 5 files changed, 34 insertions(+), 11 deletions(-) create mode 100644 etc/barbican/barbican-admin-paste.ini delete mode 100644 etc/barbican/barbican-api.ini create mode 100644 etc/barbican/vassals/barbican-admin.ini create mode 100644 etc/barbican/vassals/barbican-api.ini diff --git a/barbican/api/app.py b/barbican/api/app.py index a18cb67ab..905678a7b 100644 --- a/barbican/api/app.py +++ b/barbican/api/app.py @@ -57,3 +57,13 @@ def create_main_app(global_config, **local_conf): api.add_route('/{0}'.format(performance_uri), performance) return wsgi_app + + +def create_admin_app(global_config, **local_conf): + config.parse_args() + + versions = res.VersionResource() + wsgi_app = api = falcon.API() + api.add_route('/', versions) + + return wsgi_app \ No newline at end of file diff --git a/etc/barbican/barbican-admin-paste.ini b/etc/barbican/barbican-admin-paste.ini new file mode 100644 index 000000000..e24b9fb72 --- /dev/null +++ b/etc/barbican/barbican-admin-paste.ini @@ -0,0 +1,8 @@ +[pipeline:main] +pipeline = unauthenticated-context admin + +[app:admin] +paste.app_factory = barbican.api.app:create_admin_app + +[filter:unauthenticated-context] +paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory diff --git a/etc/barbican/barbican-api.ini b/etc/barbican/barbican-api.ini deleted file mode 100644 index 10f384a09..000000000 --- a/etc/barbican/barbican-api.ini +++ /dev/null @@ -1,11 +0,0 @@ -[uwsgi] -socket = :9311 -protocol = http -processes = 1 -master = true -vaccum = true -no-default-app = true -memory-report = true - -pythonpath = /etc/barbican -module = barbican.api.app:application diff --git a/etc/barbican/vassals/barbican-admin.ini b/etc/barbican/vassals/barbican-admin.ini new file mode 100644 index 000000000..636ad18b8 --- /dev/null +++ b/etc/barbican/vassals/barbican-admin.ini @@ -0,0 +1,8 @@ +[uwsgi] +socket = :9312 +protocol = http +processes = 1 +vacuum = true +no-default-app = true +memory-report = true +paste = config:/etc/barbican/barbican-admin-paste.ini diff --git a/etc/barbican/vassals/barbican-api.ini b/etc/barbican/vassals/barbican-api.ini new file mode 100644 index 000000000..9f2d55bde --- /dev/null +++ b/etc/barbican/vassals/barbican-api.ini @@ -0,0 +1,8 @@ +[uwsgi] +socket = :9311 +protocol = http +processes = 1 +vacuum = true +no-default-app = true +memory-report = true +paste = config:/etc/barbican/barbican-api-paste.ini From 60b2f2f3ccc050ccc536919ad7646bba26466f06 Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Mon, 10 Jun 2013 16:34:38 -0500 Subject: [PATCH 3/5] Use upstart instead of init scripts for uwsgi emperor. --- debian/barbican-api.init | 94 ------------------------------------- debian/barbican-api.install | 5 +- debian/barbican-api.upstart | 7 +++ 3 files changed, 10 insertions(+), 96 deletions(-) delete mode 100644 debian/barbican-api.init create mode 100644 debian/barbican-api.upstart diff --git a/debian/barbican-api.init b/debian/barbican-api.init deleted file mode 100644 index 933d3b7f9..000000000 --- a/debian/barbican-api.init +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: barbican-api -# Required-Start: $network $local_fs $remote_fs $syslog -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Barbican API server -# Description: Frontend Barbican API server -### END INIT INFO - -# Author: John Wood - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="Key Management Service API" -NAME=barbican-api -DAEMON=/usr/bin/barbican-api -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x $DAEMON ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -. /lib/lsb/init-functions - -do_start() -{ - start-stop-daemon --start --background --quiet --chuid barbican:barbican --make-pidfile --pidfile $PIDFILE --startas $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --background --quiet --chuid barbican:barbican --make-pidfile --pidfile $PIDFILE --startas $DAEMON \ - || return 2 -} - -do_stop() -{ - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE - RETVAL="$?" - rm -f $PIDFILE - - # TBD: HACK ALERT! Need to figure out why uwsgi spawns a separate process! - killall -s SIGKILL uwsgi - - return "$RETVAL" -} - -case "$1" in - start) - log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/debian/barbican-api.install b/debian/barbican-api.install index 3beb540a1..759f568b2 100644 --- a/debian/barbican-api.install +++ b/debian/barbican-api.install @@ -1,4 +1,5 @@ etc/barbican/barbican-api-paste.ini etc/barbican +etc/barbican/barbican-admin-paste.ini etc/barbican etc/barbican/barbican-api.conf etc/barbican -etc/barbican/barbican-api.ini etc/barbican -usr/bin/barbican-api +etc/barbican/vassals/barbican-api.ini etc/barbican/vassals +etc/barbican/vassals/barbican-admin.ini etc/barbican/vassals diff --git a/debian/barbican-api.upstart b/debian/barbican-api.upstart new file mode 100644 index 000000000..ab30110b7 --- /dev/null +++ b/debian/barbican-api.upstart @@ -0,0 +1,7 @@ +# Barbican script + +description "Barbican Key Management APIs" +start on runlevel [2345] +stop on runlevel [06] + +exec uwsgi --master --die-on-term --emperor /etc/barbican/vassals From c4d96027b65c7077cb297ab360926597c215fef1 Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Mon, 10 Jun 2013 17:28:45 -0500 Subject: [PATCH 4/5] Renamed barbican-api script to barbican-all. --- bin/barbican-all | 35 ++++++++++++++++++++++++++ bin/barbican-api | 50 ------------------------------------- debian/barbican-api.upstart | 2 +- 3 files changed, 36 insertions(+), 51 deletions(-) create mode 100755 bin/barbican-all delete mode 100755 bin/barbican-api diff --git a/bin/barbican-all b/bin/barbican-all new file mode 100755 index 000000000..f34cb15be --- /dev/null +++ b/bin/barbican-all @@ -0,0 +1,35 @@ +#!/bin/bash + +# barbican-api - Script run Cloudkeep's Barbican API app. + +PKG=barbican + +# For local development, set VENV_PYTHON equal to the path to your virtual environment's site-packages location +VENV=${VENV:-.venv} +VENV_HOME=${VENV_HOME:-$PWD} +VENV_PYTHON=$VENV_HOME/$VENV/lib/python2.7/site-packages + +PKG_DIR=/etc/$PKG +CONF_FILE=$PKG_DIR/barbican-api.conf +POLICY_FILE=$PKG_DIR/policy.json +SIGNING_DIR=$PKG_DIR/cache/ +OPTS='--daemonize /var/log/barbican/uwsgi.log' + +# Configure for a local deployment environment: +if [ ! -f $CONF_FILE ]; +then + PKG_DIR=$PWD/etc/$PKG + CONF_FILE=./etc/$PKG/barbican-api.conf + PYTHONPATH=$VENV_PYTHON:$PYTHONPATH + OPTS='-H '$VENV_HOME/$VENV + + # Copy conf file to home directory so oslo.config can find it + LOCAL_CONF_FILE=~/barbican-api.conf + if [ ! -f $LOCAL_CONF_FILE ]; + then + cp ./etc/$PKG/barbican-api.conf ~ + fi +fi + +echo 'Running Barbican uWSGI Emperor '$PKG_DIR/vassals +uwsgi --master --emperor $PKG_DIR/vassals $OPTS \ No newline at end of file diff --git a/bin/barbican-api b/bin/barbican-api deleted file mode 100755 index b80516e24..000000000 --- a/bin/barbican-api +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -# barbican-api - Script run Cloudkeep's Barbican API app. - -PKG=barbican - -# For local development, set VENV_PYTHON equal to the path to your virtual environment's site-packages location -VENV=.venv -VENV_PYTHON=./$VENV/lib/python2.7/site-packages - -PATH=/opt/uwsgi:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/etc/$PKG:$PATH -PKG_DIR=/etc/$PKG -CONF_FILE=$PKG_DIR/barbican-api.ini -PASTE_FILE=$PKG_DIR/barbican-api-paste.ini -POLICY_FILE=$PKG_DIR/policy.json -SIGNING_DIR=$PKG_DIR/cache/ -OPTS='--daemonize /var/log/barbican/uwsgi.log' - -# Configure for a local deployment environment: -if [ ! -f $CONF_FILE ]; -then - CONF_FILE=./etc/$PKG/barbican-api.ini - PYTHONPATH=$VENV_PYTHON:$PYTHONPATH - PASTE_FILE=$PWD/etc/$PKG/barbican-api-paste.ini - OPTS='-H ./'$VENV - - # Copy conf file to home directory so oslo.config can find it - LOCAL_CONF_FILE=~/barbican-api.conf - if [ ! -f $LOCAL_CONF_FILE ]; - then - cp ./etc/$PKG/barbican-api.conf ~ - fi -fi - -# TODO: This is breaking deployment...need to analyze. -#if [ ! -f $POLICY_FILE ]; -#then -# LOCAL_POLICY_FILE=./etc/$PKG/policy.json -# mkdir -p $PKG_DIR -# sudo cp $LOCAL_POLICY_FILE POLICY_FILE -#fi -# -#if [ ! -f $SIGNING_DIR ]; -#then -# echo "making "$SIGNING_DIR -# sudo mkdir -p $SIGNING_DIR -#fi - -echo 'Running barbican-api uwsgi process, using init file here: ' $CONF_FILE -uwsgi --paste config:$PASTE_FILE --ini $CONF_FILE $OPTS diff --git a/debian/barbican-api.upstart b/debian/barbican-api.upstart index ab30110b7..a17d552f0 100644 --- a/debian/barbican-api.upstart +++ b/debian/barbican-api.upstart @@ -4,4 +4,4 @@ description "Barbican Key Management APIs" start on runlevel [2345] stop on runlevel [06] -exec uwsgi --master --die-on-term --emperor /etc/barbican/vassals +exec uwsgi --master --die-on-term --emperor /etc/barbican/vassals --daemonize /var/log/barbican/uwsgi.log From 66d92060180a00bd780474bcf395788064e87ac1 Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Mon, 10 Jun 2013 17:49:32 -0500 Subject: [PATCH 5/5] Restore comments about policy in barbican run script. --- bin/barbican-all | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/bin/barbican-all b/bin/barbican-all index f34cb15be..f8e3ab785 100755 --- a/bin/barbican-all +++ b/bin/barbican-all @@ -31,5 +31,19 @@ then fi fi +# TODO: This is breaking deployment...need to analyze. +#if [ ! -f $POLICY_FILE ]; +#then +# LOCAL_POLICY_FILE=./etc/$PKG/policy.json +# mkdir -p $PKG_DIR +# sudo cp $LOCAL_POLICY_FILE POLICY_FILE +#fi +# +#if [ ! -f $SIGNING_DIR ]; +#then +# echo "making "$SIGNING_DIR +# sudo mkdir -p $SIGNING_DIR +#fi + echo 'Running Barbican uWSGI Emperor '$PKG_DIR/vassals uwsgi --master --emperor $PKG_DIR/vassals $OPTS \ No newline at end of file