Improve devstack script for vault plugin
- Clean up vault related things before starting new screen session - Add the clean up functions in the cleanup stage Change-Id: I6e291a975755491927a971b7c3bf97e5dabafa05
This commit is contained in:
parent
d633693bb0
commit
ce0ab70429
|
@ -67,7 +67,18 @@ function is_barbican-keystone-listener_enabled {
|
||||||
# cleanup_barbican - Remove residual data files, anything left over from previous
|
# cleanup_barbican - Remove residual data files, anything left over from previous
|
||||||
# runs that a clean run would need to clean up
|
# runs that a clean run would need to clean up
|
||||||
function cleanup_barbican {
|
function cleanup_barbican {
|
||||||
:
|
if is_service_enabled barbican-vault; then
|
||||||
|
# Kill the vault process, screen session and remove the generated files
|
||||||
|
# during installation.
|
||||||
|
local session_name="barbican_vault"
|
||||||
|
local vault_token_file="${BARBICAN_DIR}/vault_root_token_id"
|
||||||
|
existing_ses=$(screen -ls | grep ${session_name} | awk '{print $1}')
|
||||||
|
if [[ -n "${existing_ses}" ]]; then
|
||||||
|
screen -S ${existing_ses} -X quit
|
||||||
|
fi
|
||||||
|
sudo pkill -f -9 "vault server"
|
||||||
|
sudo rm -f ${vault_token_file} vault.log
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# configure_barbicanclient - Set config files, create data dirs, etc
|
# configure_barbicanclient - Set config files, create data dirs, etc
|
||||||
|
@ -561,16 +572,29 @@ function install_dogtag_components {
|
||||||
# ----------------
|
# ----------------
|
||||||
|
|
||||||
function install_vault {
|
function install_vault {
|
||||||
wget https://releases.hashicorp.com/vault/0.10.3/vault_0.10.3_linux_amd64.zip
|
# Install vault if needed
|
||||||
unzip vault_0.10.3_linux_amd64.zip
|
if [[ ! -x "$(command -v vault)" ]]; then
|
||||||
sudo mv vault /usr/bin
|
wget https://releases.hashicorp.com/vault/1.3.0/vault_1.3.0_linux_amd64.zip
|
||||||
|
unzip vault_1.3.0_linux_amd64.zip
|
||||||
|
sudo mv vault /usr/bin
|
||||||
|
fi
|
||||||
|
|
||||||
install_package screen
|
install_package screen
|
||||||
screen -d -m bash -c "vault server -dev -dev-listen-address=${HOST_IP}:8200 2>&1 >vault.log"
|
TOKEN_ID_FILE="${BARBICAN_DIR}/vault_root_token_id"
|
||||||
|
local session_name="barbican_vault"
|
||||||
|
|
||||||
|
# Clean up first before starting new screen session
|
||||||
|
existing_ses=$(screen -ls | grep ${session_name} | awk '{print $1}')
|
||||||
|
if [[ -n "${existing_ses}" ]]; then
|
||||||
|
screen -S ${existing_ses} -X quit
|
||||||
|
fi
|
||||||
|
rm -f ${TOKEN_ID_FILE} vault.log
|
||||||
|
|
||||||
|
screen -dmS ${session_name}
|
||||||
|
screen -S ${session_name} -p bash -X stuff 'vault server -dev 2>&1 >vault.log\n'
|
||||||
|
|
||||||
# get the root_token_id, use tempfile for counter
|
# get the root_token_id, use tempfile for counter
|
||||||
TOKEN_ID_FILE="${BARBICAN_DIR}/vault_root_token_id"
|
|
||||||
touch $TOKEN_ID_FILE
|
touch $TOKEN_ID_FILE
|
||||||
|
|
||||||
COUNTER=0
|
COUNTER=0
|
||||||
|
|
||||||
while [ ! -s $TOKEN_ID_FILE ] && [ "$COUNTER" -lt "20" ]
|
while [ ! -s $TOKEN_ID_FILE ] && [ "$COUNTER" -lt "20" ]
|
||||||
|
@ -584,7 +608,7 @@ function install_vault {
|
||||||
echo "Wah! Need to throw an error code here!"
|
echo "Wah! Need to throw an error code here!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export VAULT_ADDR="http://${HOST_IP}:8200"
|
export VAULT_ADDR="http://127.0.0.1:8200"
|
||||||
|
|
||||||
# Enable kv version 1
|
# Enable kv version 1
|
||||||
vault secrets disable secret/
|
vault secrets disable secret/
|
||||||
|
@ -602,7 +626,7 @@ function configure_vault_plugin {
|
||||||
root_token_id=`cat ${BARBICAN_DIR}/vault_root_token_id`
|
root_token_id=`cat ${BARBICAN_DIR}/vault_root_token_id`
|
||||||
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins vault_plugin
|
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins vault_plugin
|
||||||
iniset $BARBICAN_CONF vault_plugin root_token_id $root_token_id
|
iniset $BARBICAN_CONF vault_plugin root_token_id $root_token_id
|
||||||
iniset $BARBICAN_CONF vault_plugin vault_url "http://${HOST_IP}:8200"
|
iniset $BARBICAN_CONF vault_plugin vault_url "http://127.0.0.1:8200"
|
||||||
iniset $BARBICAN_CONF vault_plugin use_ssl "false"
|
iniset $BARBICAN_CONF vault_plugin use_ssl "false"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue