openstack/barbican
Code Issues Proposed changes

Add support for dogtag in devstack testing

Browse Source 
Added scripts for installing dogtag and configuring barbican to use the
dogtag plugin in order to add a new gate that run the functional test
suite against dogtag.

Change-Id: I40dfdbc414dbc4fa07b5a5cbed074e6d340c7778
This commit is contained in:
Douglas Mendizábal
2015-02-19 15:19:35 -06:00
parent 36b8aeb917
commit a1e5404416
3 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/devstack/extras.d/70-barbican.sh
View File

@@ -12,6 +12,9 @@ if is_service_enabled barbican; then
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Configuring Barbican" echo_summary "Configuring Barbican"
configure_barbican configure_barbican
if [[ -n $BARBICAN_USE_DOGTAG ]]; then
configure_dogtag_plugin
fi
configure_barbicanclient configure_barbicanclient
if is_service_enabled key; then if is_service_enabled key; then

9
contrib/devstack/lib/barbican
View File

@@ -66,6 +66,15 @@ function configure_barbicanclient {
setup_develop $BARBICANCLIENT_DIR setup_develop $BARBICANCLIENT_DIR
} }
# configure_dogtag_plugin - Change config to use dogtag plugin
function configure_dogtag_plugin {
openssl pkcs12 -in /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -passin pass:PASSWORD -out $BARBICAN_CONF_DIR/kra_admin_cert.pem -nodes
sudo chown $USER $BARBICAN_CONF_DIR/kra_admin_cert.pem
iniset $BARBICAN_CONF dogtag_plugin dogtag_port 8373
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins dogtag_crypto
iniset $BARBICAN_CONF certificate enabled_certificate_plugins dogtag
}
# configure_barbican - Set config files, create data dirs, etc # configure_barbican - Set config files, create data dirs, etc
function configure_barbican { function configure_barbican {
setup_develop $BARBICAN_DIR setup_develop $BARBICAN_DIR

101
functionaltests/pre_test_hook.sh
View File

@@ -19,3 +19,104 @@ BARBICAN_BASE=/opt/stack/new/barbican/contrib/devstack
DEVSTACK_BASE=/opt/stack/new/devstack DEVSTACK_BASE=/opt/stack/new/devstack
cp $BARBICAN_BASE/lib/* $DEVSTACK_BASE/lib cp $BARBICAN_BASE/lib/* $DEVSTACK_BASE/lib
cp $BARBICAN_BASE/extras.d/* $DEVSTACK_BASE/extras.d cp $BARBICAN_BASE/extras.d/* $DEVSTACK_BASE/extras.d
function install_389_directory_server {
yum install -y 389-ds-base
mkdir -p /etc/389-ds
cat > /etc/389-ds/setup.inf <<EOF
[General]
FullMachineName= localhost.localdomain
SuiteSpotUserID= nobody
SuiteSpotGroup= nobody
[slapd]
ServerPort= 389
ServerIdentifier= pki-tomcat
Suffix= dc=example,dc=com
RootDN= cn=Directory Manager
RootDNPwd= PASSWORD
EOF
setup-ds.pl --silent --file=/etc/389-ds/setup.inf
}
function wait_for_ca {
while true; do
ca_running=$(curl -s -k https://localhost:8373/ca/admin/ca/getStatus | grep -c running)
if [[ $ca_running == 1 ]]; then
break
fi
sleep 1
done
}
function install_dogtag {
yum install -y pki-ca pki-kra
mkdir -p /etc/dogtag
cat > /etc/dogtag/ca.cfg <<EOF
[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=PASSWORD
pki_admin_uid=caadmin
pki_backup_password=PASSWORD
pki_client_database_password=PASSWORD
pki_client_database_purge=False
pki_client_pkcs12_password=PASSWORD
pki_clone_pkcs12_password=PASSWORD
pki_ds_base_dn=dc=ca,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=PASSWORD
pki_security_domain_name=EXAMPLE
pki_token_password=PASSWORD
pki_https_port=8373
pki_http_port=8370
pki_ajp_port=8379
pki_tomcat_server_port=8375
EOF
pkispawn -v -f /etc/dogtag/ca.cfg -s CA
wait_for_ca
cat > /etc/dogtag/kra.cfg <<EOF
[KRA]
pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert
pki_admin_email=kraadmin@example.com
pki_admin_name=kraadmin
pki_admin_nickname=kraadmin
pki_admin_password=PASSWORD
pki_admin_uid=kraadmin
pki_backup_password=PASSWORD
pki_client_database_password=PASSWORD
pki_client_database_purge=False
pki_client_pkcs12_password=PASSWORD
pki_clone_pkcs12_password=PASSWORD
pki_ds_base_dn=dc=kra,dc=example,dc=com
pki_ds_database=kra
pki_ds_password=PASSWORD
pki_security_domain_name=EXAMPLE
pki_security_domain_user=caadmin
pki_security_domain_password=PASSWORD
pki_token_password=PASSWORD
pki_https_port=8373
pki_http_port=8370
pki_ajp_port=8379
pki_tomcat_server_port=8375
pki_security_domain_hostname=localhost.localdomain
pki_security_domain_https_port=8373
EOF
pkispawn -v -f /etc/dogtag/kra.cfg -s KRA
}
if [[ -n $BARBICAN_USE_DOGTAG ]]; then
# Make sure that 127.0.0.1 resolves to localhost.localdomain for Directory Server
sed -i "s/^127\.0\.0\.1.*/127\.0\.0\.1\tlocalhost.localdomain localhost/" /etc/hosts
install_389_directory_server
install_dogtag
fi