Render paste ini properly and other fixes
This commit is contained in:
parent
653329d5bb
commit
0c6bb990c9
@ -13,15 +13,16 @@ openstack-services:
|
|||||||
branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
|
branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
|
||||||
constraints: mem=1G
|
constraints: mem=1G
|
||||||
keystone:
|
keystone:
|
||||||
branch: lp:~openstack-charmers/charms/trusty/keystone/next
|
branch: lp:~gnuoy/charms/trusty/keystone/secret-store
|
||||||
constraints: mem=1G
|
constraints: mem=1G
|
||||||
options:
|
options:
|
||||||
admin-password: openstack
|
admin-password: openstack
|
||||||
admin-token: ubuntutesting
|
admin-token: ubuntutesting
|
||||||
|
openstack-origin: cloud:trusty-kilo
|
||||||
barbican:
|
barbican:
|
||||||
charm: barbican
|
charm: barbican
|
||||||
options:
|
options:
|
||||||
openstack-origin: cloud:trusty-liberty
|
openstack-origin: cloud:trusty-kilo
|
||||||
relations:
|
relations:
|
||||||
- [ keystone, mysql ]
|
- [ keystone, mysql ]
|
||||||
- [ barbican, mysql ]
|
- [ barbican, mysql ]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
from openstack.adapters import OpenStackRelationAdapters
|
from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
|
||||||
from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
|
from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
|
||||||
from charmhelpers.contrib.openstack.utils import (
|
from charmhelpers.contrib.openstack.utils import (
|
||||||
configure_installation_source,
|
configure_installation_source,
|
||||||
@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
|
|||||||
"""
|
"""
|
||||||
Adapters class for the Barbican charm.
|
Adapters class for the Barbican charm.
|
||||||
"""
|
"""
|
||||||
pass
|
def __init__(self, relations):
|
||||||
|
super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
|
||||||
|
|
||||||
|
|
||||||
|
class BarbicanConfigurationAdapter(ConfigurationAdapter):
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
super(BarbicanConfigurationAdapter, self).__init__()
|
||||||
|
if config('keystone-api-version') not in ['2', '3', 'none']:
|
||||||
|
raise ValueError('Unsupported keystone-api-version (%s). Should'
|
||||||
|
'be 2 or 3' % (config('keystone-api-version')))
|
||||||
|
|
||||||
|
@property
|
||||||
|
def barbican_api_keystone_pipeline(self):
|
||||||
|
if config('keystone-api-version') == "2":
|
||||||
|
return 'keystone_authtoken context apiapp'
|
||||||
|
else:
|
||||||
|
return 'keystone_v3_authtoken context apiapp'
|
||||||
|
|
||||||
|
@property
|
||||||
|
def barbican_api_pipeline(self):
|
||||||
|
if config('keystone-api-version') == "2":
|
||||||
|
return "keystone_authtoken context apiapp"
|
||||||
|
elif config('keystone-api-version') == "3":
|
||||||
|
return "keystone_v3_authtoken context apiapp"
|
||||||
|
elif config('keystone-api-version') == "none":
|
||||||
|
return "unauthenticated-context apiapp"
|
||||||
|
|
||||||
|
|
||||||
def api_port(service):
|
def api_port(service):
|
||||||
@ -80,7 +106,7 @@ def setup_endpoint(keystone):
|
|||||||
internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
|
internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
|
||||||
api_port('barbican-internal-api')
|
api_port('barbican-internal-api')
|
||||||
)
|
)
|
||||||
keystone.register_endpoints('keystore', config('region'), public_url,
|
keystone.register_endpoints('secretstore', config('region'), public_url,
|
||||||
internal_url, admin_url)
|
internal_url, admin_url)
|
||||||
|
|
||||||
@when('shared-db.available')
|
@when('shared-db.available')
|
||||||
|
@ -11,7 +11,7 @@ pipeline = versionapp
|
|||||||
[pipeline:barbican_api]
|
[pipeline:barbican_api]
|
||||||
####pipeline = simple apiapp
|
####pipeline = simple apiapp
|
||||||
#pipeline = keystone_authtoken context apiapp
|
#pipeline = keystone_authtoken context apiapp
|
||||||
pipeline = {{ barbican_api_pipeline }}
|
pipeline = {{ options.barbican_api_pipeline }}
|
||||||
|
|
||||||
#Use this pipeline to activate a repoze.profile middleware and HTTP port,
|
#Use this pipeline to activate a repoze.profile middleware and HTTP port,
|
||||||
# to provide profiling information for the REST API processing.
|
# to provide profiling information for the REST API processing.
|
||||||
@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
|
|||||||
#Use this pipeline for keystone auth
|
#Use this pipeline for keystone auth
|
||||||
[pipeline:barbican-api-keystone]
|
[pipeline:barbican-api-keystone]
|
||||||
#pipeline = keystone_authtoken context apiapp
|
#pipeline = keystone_authtoken context apiapp
|
||||||
pipeline = {{ barbican_api_keystone_pipeline }}
|
pipeline = {{ options.barbican_api_keystone_pipeline }}
|
||||||
|
|
||||||
[app:apiapp]
|
[app:apiapp]
|
||||||
paste.app_factory = barbican.api.app:create_main_app
|
paste.app_factory = barbican.api.app:create_main_app
|
||||||
@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
|
|||||||
[filter:keystone_authtoken]
|
[filter:keystone_authtoken]
|
||||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||||
signing_dir = /var/lib/barbican/keystone-signing
|
signing_dir = /var/lib/barbican/keystone-signing
|
||||||
auth_host = {{ auth_host }}
|
auth_host = {{ identity_service.auth_host }}
|
||||||
#need ability to re-auth a token, thus admin url
|
#need ability to re-auth a token, thus admin url
|
||||||
auth_port = {{ auth_port }}
|
auth_port = {{ identity_service.auth_port }}
|
||||||
auth_protocol = {{ auth_protocol }}
|
auth_protocol = {{ identity_service.auth_protocol }}
|
||||||
admin_tenant_name = {{ admin_tenant_name }}
|
admin_tenant_name = {{ identity_service.service_tenant }}
|
||||||
admin_user = {{ admin_user }}
|
admin_user = {{ identity_service.service_username }}
|
||||||
admin_password = {{ admin_password }}
|
admin_password = {{ identity_service.service_password }}
|
||||||
auth_version = v2.0
|
auth_version = v2.0
|
||||||
#delay failing perhaps to log the unauthorized request in barbican ..
|
#delay failing perhaps to log the unauthorized request in barbican ..
|
||||||
#delay_auth_decision = true
|
#delay_auth_decision = true
|
||||||
@ -55,13 +55,13 @@ auth_version = v2.0
|
|||||||
[filter:keystone_v3_authtoken]
|
[filter:keystone_v3_authtoken]
|
||||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||||
signing_dir = /var/lib/barbican/keystone-signing
|
signing_dir = /var/lib/barbican/keystone-signing
|
||||||
auth_host = {{ auth_host }}
|
auth_host = {{ identity_service.auth_host }}
|
||||||
#need ability to re-auth a token, thus admin url
|
#need ability to re-auth a token, thus admin url
|
||||||
auth_port = {{ auth_port }}
|
auth_port = {{ identity_service.auth_port }}
|
||||||
auth_protocol = {{ auth_protocol }}
|
auth_protocol = {{ identity_service.auth_protocol }}
|
||||||
admin_tenant_name = {{ admin_tenant_name }}
|
admin_tenant_name = {{ identity_service.service_tenant }}
|
||||||
admin_user = {{ admin_user }}
|
admin_user = {{ identity_service.service_username }}
|
||||||
admin_password = {{ admin_password }}
|
admin_password = {{ identity_service.service_password }}
|
||||||
auth_version = v3.0
|
auth_version = v3.0
|
||||||
#delay failing perhaps to log the unauthorized request in barbican ..
|
#delay failing perhaps to log the unauthorized request in barbican ..
|
||||||
#delay_auth_decision = true
|
#delay_auth_decision = true
|
||||||
|
11
keystone_setup.sh
Executable file
11
keystone_setup.sh
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Create demo/testing users, tenants and flavor
|
||||||
|
openstack project create demo
|
||||||
|
openstack user create --project demo --password pass --email demo@dev.null demo
|
||||||
|
openstack role add --user demo --project demo Member
|
||||||
|
openstack project create alt_demo
|
||||||
|
openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
|
||||||
|
openstack role add --user alt_demo --project alt_demo Member
|
8
novarc
Normal file
8
novarc
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
export OS_REGION_NAME=RegionOne
|
||||||
|
export OS_USER_DOMAIN_ID=Default
|
||||||
|
export OS_PROJECT_NAME=admin
|
||||||
|
export OS_PASSWORD=openstack
|
||||||
|
export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
|
||||||
|
export OS_USERNAME=admin
|
||||||
|
export OS_TENANT_NAME=admin
|
||||||
|
export OS_PROJECT_DOMAIN_NAME=Default
|
2
setup.sh
2
setup.sh
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
export http_proxy=http://squid.internal:3128
|
export http_proxy=http://squid.internal:3128
|
||||||
export https_proxy=http://squid.internal:3128
|
export https_proxy=http://squid.internal:3128
|
||||||
export JUJU_REPOSITORY=build
|
export JUJU_REPOSITORY="$(pwd)/build"
|
||||||
#export INTERFACE_PATH=interfaces
|
#export INTERFACE_PATH=interfaces
|
||||||
export LAYER_PATH=layers
|
export LAYER_PATH=layers
|
||||||
rm -rf $JUJU_REPOSITORY
|
rm -rf $JUJU_REPOSITORY
|
||||||
|
Loading…
Reference in New Issue
Block a user