Render paste ini properly and other fixes

This commit is contained in:
Liam Young 2015-12-11 13:43:03 +00:00
parent 653329d5bb
commit 0c6bb990c9
6 changed files with 66 additions and 20 deletions

View File

@ -13,15 +13,16 @@ openstack-services:
branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
constraints: mem=1G constraints: mem=1G
keystone: keystone:
branch: lp:~openstack-charmers/charms/trusty/keystone/next branch: lp:~gnuoy/charms/trusty/keystone/secret-store
constraints: mem=1G constraints: mem=1G
options: options:
admin-password: openstack admin-password: openstack
admin-token: ubuntutesting admin-token: ubuntutesting
openstack-origin: cloud:trusty-kilo
barbican: barbican:
charm: barbican charm: barbican
options: options:
openstack-origin: cloud:trusty-liberty openstack-origin: cloud:trusty-kilo
relations: relations:
- [ keystone, mysql ] - [ keystone, mysql ]
- [ barbican, mysql ] - [ barbican, mysql ]

View File

@ -1,4 +1,4 @@
from openstack.adapters import OpenStackRelationAdapters from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
from charmhelpers.contrib.openstack.utils import ( from charmhelpers.contrib.openstack.utils import (
configure_installation_source, configure_installation_source,
@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
""" """
Adapters class for the Barbican charm. Adapters class for the Barbican charm.
""" """
pass def __init__(self, relations):
super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
class BarbicanConfigurationAdapter(ConfigurationAdapter):
def __init__(self):
super(BarbicanConfigurationAdapter, self).__init__()
if config('keystone-api-version') not in ['2', '3', 'none']:
raise ValueError('Unsupported keystone-api-version (%s). Should'
'be 2 or 3' % (config('keystone-api-version')))
@property
def barbican_api_keystone_pipeline(self):
if config('keystone-api-version') == "2":
return 'keystone_authtoken context apiapp'
else:
return 'keystone_v3_authtoken context apiapp'
@property
def barbican_api_pipeline(self):
if config('keystone-api-version') == "2":
return "keystone_authtoken context apiapp"
elif config('keystone-api-version') == "3":
return "keystone_v3_authtoken context apiapp"
elif config('keystone-api-version') == "none":
return "unauthenticated-context apiapp"
def api_port(service): def api_port(service):
@ -80,7 +106,7 @@ def setup_endpoint(keystone):
internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL), internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
api_port('barbican-internal-api') api_port('barbican-internal-api')
) )
keystone.register_endpoints('keystore', config('region'), public_url, keystone.register_endpoints('secretstore', config('region'), public_url,
internal_url, admin_url) internal_url, admin_url)
@when('shared-db.available') @when('shared-db.available')

View File

@ -11,7 +11,7 @@ pipeline = versionapp
[pipeline:barbican_api] [pipeline:barbican_api]
####pipeline = simple apiapp ####pipeline = simple apiapp
#pipeline = keystone_authtoken context apiapp #pipeline = keystone_authtoken context apiapp
pipeline = {{ barbican_api_pipeline }} pipeline = {{ options.barbican_api_pipeline }}
#Use this pipeline to activate a repoze.profile middleware and HTTP port, #Use this pipeline to activate a repoze.profile middleware and HTTP port,
# to provide profiling information for the REST API processing. # to provide profiling information for the REST API processing.
@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
#Use this pipeline for keystone auth #Use this pipeline for keystone auth
[pipeline:barbican-api-keystone] [pipeline:barbican-api-keystone]
#pipeline = keystone_authtoken context apiapp #pipeline = keystone_authtoken context apiapp
pipeline = {{ barbican_api_keystone_pipeline }} pipeline = {{ options.barbican_api_keystone_pipeline }}
[app:apiapp] [app:apiapp]
paste.app_factory = barbican.api.app:create_main_app paste.app_factory = barbican.api.app:create_main_app
@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
[filter:keystone_authtoken] [filter:keystone_authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory paste.filter_factory = keystonemiddleware.auth_token:filter_factory
signing_dir = /var/lib/barbican/keystone-signing signing_dir = /var/lib/barbican/keystone-signing
auth_host = {{ auth_host }} auth_host = {{ identity_service.auth_host }}
#need ability to re-auth a token, thus admin url #need ability to re-auth a token, thus admin url
auth_port = {{ auth_port }} auth_port = {{ identity_service.auth_port }}
auth_protocol = {{ auth_protocol }} auth_protocol = {{ identity_service.auth_protocol }}
admin_tenant_name = {{ admin_tenant_name }} admin_tenant_name = {{ identity_service.service_tenant }}
admin_user = {{ admin_user }} admin_user = {{ identity_service.service_username }}
admin_password = {{ admin_password }} admin_password = {{ identity_service.service_password }}
auth_version = v2.0 auth_version = v2.0
#delay failing perhaps to log the unauthorized request in barbican .. #delay failing perhaps to log the unauthorized request in barbican ..
#delay_auth_decision = true #delay_auth_decision = true
@ -55,13 +55,13 @@ auth_version = v2.0
[filter:keystone_v3_authtoken] [filter:keystone_v3_authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
signing_dir = /var/lib/barbican/keystone-signing signing_dir = /var/lib/barbican/keystone-signing
auth_host = {{ auth_host }} auth_host = {{ identity_service.auth_host }}
#need ability to re-auth a token, thus admin url #need ability to re-auth a token, thus admin url
auth_port = {{ auth_port }} auth_port = {{ identity_service.auth_port }}
auth_protocol = {{ auth_protocol }} auth_protocol = {{ identity_service.auth_protocol }}
admin_tenant_name = {{ admin_tenant_name }} admin_tenant_name = {{ identity_service.service_tenant }}
admin_user = {{ admin_user }} admin_user = {{ identity_service.service_username }}
admin_password = {{ admin_password }} admin_password = {{ identity_service.service_password }}
auth_version = v3.0 auth_version = v3.0
#delay failing perhaps to log the unauthorized request in barbican .. #delay failing perhaps to log the unauthorized request in barbican ..
#delay_auth_decision = true #delay_auth_decision = true

11
keystone_setup.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -ex
# Create demo/testing users, tenants and flavor
openstack project create demo
openstack user create --project demo --password pass --email demo@dev.null demo
openstack role add --user demo --project demo Member
openstack project create alt_demo
openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
openstack role add --user alt_demo --project alt_demo Member

8
novarc Normal file
View File

@ -0,0 +1,8 @@
export OS_REGION_NAME=RegionOne
export OS_USER_DOMAIN_ID=Default
export OS_PROJECT_NAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_DOMAIN_NAME=Default

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
export http_proxy=http://squid.internal:3128 export http_proxy=http://squid.internal:3128
export https_proxy=http://squid.internal:3128 export https_proxy=http://squid.internal:3128
export JUJU_REPOSITORY=build export JUJU_REPOSITORY="$(pwd)/build"
#export INTERFACE_PATH=interfaces #export INTERFACE_PATH=interfaces
export LAYER_PATH=layers export LAYER_PATH=layers
rm -rf $JUJU_REPOSITORY rm -rf $JUJU_REPOSITORY