Merge "Added KMIP Secret Store to Devstack"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
b4cafdb3dd
@ -25,6 +25,12 @@
|
||||
XTRACE=$(set +o | grep xtrace)
|
||||
set +o xtrace
|
||||
|
||||
# PyKMIP configuration
|
||||
PYKMIP_SERVER_KEY=${PYKMIP_SERVER_KEY:-$INT_CA_DIR/private/pykmip-server.key}
|
||||
PYKMIP_SERVER_CERT=${PYKMIP_SERVER_CERT:-$INT_CA_DIR/pykmip-server.crt}
|
||||
PYKMIP_CLIENT_KEY=${PYKMIP_CLIENT_KEY:-$INT_CA_DIR/private/pykmip-client.key}
|
||||
PYKMIP_CLIENT_CERT=${PYKMIP_CLIENT_CERT:-$INT_CA_DIR/pykmip-client.crt}
|
||||
PYKMIP_CA_PATH=${PYKMIP_CA_PATH:-$INT_CA_DIR/ca-chain.pem}
|
||||
|
||||
# Functions
|
||||
# ---------
|
||||
@ -361,6 +367,59 @@ function create_barbican_accounts {
|
||||
|
||||
}
|
||||
|
||||
# PyKMIP functions
|
||||
# ----------------
|
||||
|
||||
# install_pykmip - install the PyKMIP python module
|
||||
# create keys and certificate for server
|
||||
function install_pykmip {
|
||||
pip_install 'pykmip'
|
||||
|
||||
if is_service_enabled pykmip-server; then
|
||||
[ ! -d ${PYKMIP_CONF_DIR} ] && sudo mkdir -p ${PYKMIP_CONF_DIR}
|
||||
sudo chown ${USER} ${PYKMIP_CONF_DIR}
|
||||
[ ! -d ${PYKMIP_LOG_DIR} ] && sudo mkdir -p ${PYKMIP_LOG_DIR}
|
||||
sudo chown ${USER} ${PYKMIP_LOG_DIR}
|
||||
|
||||
init_CA
|
||||
if [ ! -e ${PYKMIP_SERVER_KEY} ]; then
|
||||
make_cert ${INT_CA_DIR} 'pykmip-server' 'pykmip-server'
|
||||
chmod 400 ${PYKMIP_SERVER_KEY}
|
||||
fi
|
||||
if [ ! -e ${PYKMIP_CLIENT_KEY} ]; then
|
||||
make_cert ${INT_CA_DIR} 'pykmip-client' 'pykmip-client'
|
||||
chmod 400 ${PYKMIP_CLIENT_KEY}
|
||||
fi
|
||||
|
||||
if [ ! -e ${PYKMIP_CONF} ]; then
|
||||
cat > ${PYKMIP_CONF} <<EOF
|
||||
[server]
|
||||
hostname=127.0.0.1
|
||||
port=5696
|
||||
certificate_path=${PYKMIP_SERVER_CERT}
|
||||
key_path=${PYKMIP_SERVER_KEY}
|
||||
ca_path=${PYKMIP_CA_PATH}
|
||||
auth_suite=Basic
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# configure_pykmip - enable KMIP plugin and configure
|
||||
function configure_pykmip {
|
||||
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins kmip_plugin
|
||||
iniset $BARBICAN_CONF kmip_plugin username demo
|
||||
iniset $BARBICAN_CONF kmip_plugin password secretpassword
|
||||
iniset $BARBICAN_CONF kmip_plugin keyfile ${PYKMIP_CLIENT_KEY}
|
||||
iniset $BARBICAN_CONF kmip_plugin certfile ${PYKMIP_CLIENT_CERT}
|
||||
iniset $BARBICAN_CONF kmip_plugin ca_certs ${PYKMIP_CA_PATH}
|
||||
}
|
||||
|
||||
# start_pykmip - start the PyKMIP server
|
||||
function start_pykmip {
|
||||
run_process pykmip-server "pykmip-server -f \'${PYKMIP_CONF}\' -l \'${PYKMIP_LOG_DIR}/pykmip-devstack.log\'"
|
||||
}
|
||||
|
||||
# Dogtag functions
|
||||
# ----------------
|
||||
|
||||
|
||||
@ -9,6 +9,10 @@ if is_service_enabled barbican; then
|
||||
echo_summary "Installing Barbican"
|
||||
install_barbican
|
||||
install_barbicanclient
|
||||
if is_service_enabled barbican-pykmip; then
|
||||
echo_summary "Installing PyKMIP"
|
||||
install_pykmip
|
||||
fi
|
||||
if is_service_enabled barbican-dogtag; then
|
||||
echo_summary "Installing Dogtag"
|
||||
install_dogtag_components
|
||||
@ -16,6 +20,10 @@ if is_service_enabled barbican; then
|
||||
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
||||
echo_summary "Configuring Barbican"
|
||||
configure_barbican
|
||||
if is_service_enabled barbican-pykmip; then
|
||||
echo_summary "Configuring KMIP plugin"
|
||||
configure_pykmip
|
||||
fi
|
||||
if is_service_enabled barbican-dogtag; then
|
||||
echo_summary "Configuring Dogtag plugin"
|
||||
configure_dogtag_plugin
|
||||
@ -29,6 +37,10 @@ if is_service_enabled barbican; then
|
||||
echo_summary "Initializing Barbican"
|
||||
init_barbican
|
||||
start_barbican
|
||||
if is_service_enabled pykmip-server; then
|
||||
echo_summary "Starting PyKMIP server"
|
||||
start_pykmip
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "unstack" ]]; then
|
||||
|
||||
@ -10,6 +10,10 @@ BARBICAN_PASTE_CONF=$BARBICAN_CONF_DIR/barbican-api-paste.ini
|
||||
BARBICAN_API_LOG_DIR=$DEST/logs
|
||||
BARBICAN_AUTH_CACHE_DIR=${BARBICAN_AUTH_CACHE_DIR:-/var/cache/barbican}
|
||||
|
||||
PYKMIP_CONF_DIR=${PYKMIP_CONF_DIR:-/etc/pykmip}
|
||||
PYKMIP_CONF=${PYKMIP_CONF_DIR}/server.conf
|
||||
PYKMIP_LOG_DIR=${PYKMIP_LOG_DIR:-/var/log/pykmip}
|
||||
|
||||
# Support potential entry-points console scripts
|
||||
BARBICAN_BIN_DIR=$(get_python_exec_prefix)
|
||||
|
||||
|
||||
1
tox.ini
1
tox.ini
@ -72,6 +72,7 @@ setenv = OS_TEST_PATH={toxinidir}/functionaltests
|
||||
commands =
|
||||
/usr/bin/find . -type f -name "*.pyc" -delete
|
||||
/bin/bash {toxinidir}/functionaltests/pretty_tox.sh '{posargs}'
|
||||
passenv = KMIP_PLUGIN_ENABLED
|
||||
|
||||
[flake8]
|
||||
exclude = .git,.idea,.tox,bin,dist,debian,rpmbuild,tools,*.egg-info,*.eggs,*openstack/common,contrib,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user