Browse Source

Render paste ini properly and other fixes

changes/57/350257/1
Liam Young 7 years ago
parent
commit
0c6bb990c9
  1. 5
      barbican.yaml
  2. 32
      barbican/reactive/barbican.py
  3. 28
      barbican/templates/juno/barbican-api-paste.ini
  4. 11
      keystone_setup.sh
  5. 8
      novarc
  6. 2
      setup.sh

5
barbican.yaml

@ -13,15 +13,16 @@ openstack-services:
branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
constraints: mem=1G
keystone:
branch: lp:~openstack-charmers/charms/trusty/keystone/next
branch: lp:~gnuoy/charms/trusty/keystone/secret-store
constraints: mem=1G
options:
admin-password: openstack
admin-token: ubuntutesting
openstack-origin: cloud:trusty-kilo
barbican:
charm: barbican
options:
openstack-origin: cloud:trusty-liberty
openstack-origin: cloud:trusty-kilo
relations:
- [ keystone, mysql ]
- [ barbican, mysql ]

32
barbican/reactive/barbican.py

@ -1,4 +1,4 @@
from openstack.adapters import OpenStackRelationAdapters
from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
from charmhelpers.contrib.openstack.utils import (
configure_installation_source,
@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
"""
Adapters class for the Barbican charm.
"""
pass
def __init__(self, relations):
super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
class BarbicanConfigurationAdapter(ConfigurationAdapter):
def __init__(self):
super(BarbicanConfigurationAdapter, self).__init__()
if config('keystone-api-version') not in ['2', '3', 'none']:
raise ValueError('Unsupported keystone-api-version (%s). Should'
'be 2 or 3' % (config('keystone-api-version')))
@property
def barbican_api_keystone_pipeline(self):
if config('keystone-api-version') == "2":
return 'keystone_authtoken context apiapp'
else:
return 'keystone_v3_authtoken context apiapp'
@property
def barbican_api_pipeline(self):
if config('keystone-api-version') == "2":
return "keystone_authtoken context apiapp"
elif config('keystone-api-version') == "3":
return "keystone_v3_authtoken context apiapp"
elif config('keystone-api-version') == "none":
return "unauthenticated-context apiapp"
def api_port(service):
@ -80,7 +106,7 @@ def setup_endpoint(keystone):
internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
api_port('barbican-internal-api')
)
keystone.register_endpoints('keystore', config('region'), public_url,
keystone.register_endpoints('secretstore', config('region'), public_url,
internal_url, admin_url)
@when('shared-db.available')

28
barbican/templates/juno/barbican-api-paste.ini

@ -11,7 +11,7 @@ pipeline = versionapp
[pipeline:barbican_api]
####pipeline = simple apiapp
#pipeline = keystone_authtoken context apiapp
pipeline = {{ barbican_api_pipeline }}
pipeline = {{ options.barbican_api_pipeline }}
#Use this pipeline to activate a repoze.profile middleware and HTTP port,
# to provide profiling information for the REST API processing.
@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
#Use this pipeline for keystone auth
[pipeline:barbican-api-keystone]
#pipeline = keystone_authtoken context apiapp
pipeline = {{ barbican_api_keystone_pipeline }}
pipeline = {{ options.barbican_api_keystone_pipeline }}
[app:apiapp]
paste.app_factory = barbican.api.app:create_main_app
@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
[filter:keystone_authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
signing_dir = /var/lib/barbican/keystone-signing
auth_host = {{ auth_host }}
auth_host = {{ identity_service.auth_host }}
#need ability to re-auth a token, thus admin url
auth_port = {{ auth_port }}
auth_protocol = {{ auth_protocol }}
admin_tenant_name = {{ admin_tenant_name }}
admin_user = {{ admin_user }}
admin_password = {{ admin_password }}
auth_port = {{ identity_service.auth_port }}
auth_protocol = {{ identity_service.auth_protocol }}
admin_tenant_name = {{ identity_service.service_tenant }}
admin_user = {{ identity_service.service_username }}
admin_password = {{ identity_service.service_password }}
auth_version = v2.0
#delay failing perhaps to log the unauthorized request in barbican ..
#delay_auth_decision = true
@ -55,13 +55,13 @@ auth_version = v2.0
[filter:keystone_v3_authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
signing_dir = /var/lib/barbican/keystone-signing
auth_host = {{ auth_host }}
auth_host = {{ identity_service.auth_host }}
#need ability to re-auth a token, thus admin url
auth_port = {{ auth_port }}
auth_protocol = {{ auth_protocol }}
admin_tenant_name = {{ admin_tenant_name }}
admin_user = {{ admin_user }}
admin_password = {{ admin_password }}
auth_port = {{ identity_service.auth_port }}
auth_protocol = {{ identity_service.auth_protocol }}
admin_tenant_name = {{ identity_service.service_tenant }}
admin_user = {{ identity_service.service_username }}
admin_password = {{ identity_service.service_password }}
auth_version = v3.0
#delay failing perhaps to log the unauthorized request in barbican ..
#delay_auth_decision = true

11
keystone_setup.sh

@ -0,0 +1,11 @@
#!/bin/bash
set -ex
# Create demo/testing users, tenants and flavor
openstack project create demo
openstack user create --project demo --password pass --email demo@dev.null demo
openstack role add --user demo --project demo Member
openstack project create alt_demo
openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
openstack role add --user alt_demo --project alt_demo Member

8
novarc

@ -0,0 +1,8 @@
export OS_REGION_NAME=RegionOne
export OS_USER_DOMAIN_ID=Default
export OS_PROJECT_NAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_DOMAIN_NAME=Default

2
setup.sh

@ -1,7 +1,7 @@
#!/bin/bash
export http_proxy=http://squid.internal:3128
export https_proxy=http://squid.internal:3128
export JUJU_REPOSITORY=build
export JUJU_REPOSITORY="$(pwd)/build"
#export INTERFACE_PATH=interfaces
export LAYER_PATH=layers
rm -rf $JUJU_REPOSITORY

Loading…
Cancel
Save