Fix outdated barbican-api-paste.ini file

Kolla-ansible actually bring it's own barbican-api-paste.ini file to enable Keystone authentication, in order to fix this https://bugs.launchpad.net/kolla/+bug/1625337 auth_token middleware is actually managed by Barbican. Furthermore barbican-api-paste.ini brings by Kolla-ansible is outdated: * http_proxy_to_wsgi middleware is missing Hence this file should not be managed statically by kolla-ansible. This patch keep custom paste file feature. Just put the file to /etc/kolla/config/barbican/barbican-api.ini path. Change-Id: Ia50237f7df7f89526a976575b017145c71b11ec0 Closes-bug: #1695026
2017-06-01 18:16:29 +02:00 · 2017-06-01 18:16:29 +02:00 · 08ab3d8e73
commit 08ab3d8e73
parent c59714ccff
3 changed files with 14 additions and 66 deletions
--- a/ansible/roles/barbican/tasks/config.yml
+++ b/ansible/roles/barbican/tasks/config.yml
@ -37,18 +37,25 @@
  notify:
    - Restart barbican-api container

+- name: Checking whether barbican-api-paste.ini file exists
+  vars:
+    barbican-api: "{{ barbican_services['barbican-api'] }}"
+  local_action: stat path="{{ node_custom_config }}/barbican/barbican-api-paste.ini"
+  run_once: True
+  register: check_barbican_api_paste_ini
+  when:
+    - barbican-api.enabled | bool
+
 - name: Copying over barbican-api-paste.ini
  vars:
    service: "{{ barbican_services['barbican-api'] }}"
-  merge_configs:
-    sources:
-      - "{{ role_path }}/templates/barbican-api-paste.ini.j2"
-      - "{{ node_custom_config }}/barbican-api/barbican-api-paste.ini"
-      - "{{ node_custom_config }}/barbican-api/{{ inventory_hostname }}/barbican-api-paste.ini"
+  template:
+    src: "{{ node_custom_config }}/barbican/barbican-api-paste.ini"
    dest: "{{ node_config_directory }}/barbican-api/barbican-api-paste.ini"
  when:
    - inventory_hostname in groups['barbican-api']
    - service.enabled | bool
+    - check_barbican_api_paste_ini.stat.exists
  register: barbican_api_paste
  notify:
    - Restart barbican-api container
--- a/ansible/roles/barbican/templates/barbican-api-paste.ini.j2
+++ b/ansible/roles/barbican/templates/barbican-api-paste.ini.j2
@ -1,60 +0,0 @@
-[composite:main]
-use = egg:Paste#urlmap
-/: barbican_version
-/v1: barbican-api-keystone
-
-# Use this pipeline for Barbican API - versions no authentication
-[pipeline:barbican_version]
-pipeline = cors versionapp
-
-# Use this pipeline for Barbican API - DEFAULT no authentication
-[pipeline:barbican_api]
-pipeline = cors unauthenticated-context apiapp
-
-#Use this pipeline to activate a repoze.profile middleware and HTTP port,
-#  to provide profiling information for the REST API processing.
-[pipeline:barbican-profile]
-pipeline = cors unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
-
-#Use this pipeline for keystone auth
-[pipeline:barbican-api-keystone]
-pipeline = cors authtoken context apiapp
-
-#Use this pipeline for keystone auth with audit feature
-[pipeline:barbican-api-keystone-audit]
-pipeline = authtoken context audit apiapp
-
-[app:apiapp]
-paste.app_factory = barbican.api.app:create_main_app
-
-[app:versionapp]
-paste.app_factory = barbican.api.app:create_version_app
-
-[filter:simple]
-paste.filter_factory = barbican.api.middleware.simple:SimpleFilter.factory
-
-[filter:unauthenticated-context]
-paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
-
-[filter:context]
-paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
-
-[filter:audit]
-paste.filter_factory = keystonemiddleware.audit:filter_factory
-audit_map_file = /etc/barbican/api_audit_map.conf
-
-[filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-[filter:profile]
-use = egg:repoze.profile
-log_filename = myapp.profile
-cachegrind_filename = cachegrind.out.myapp
-discard_first_request = true
-path = /__profile__
-flush_at_shutdown = true
-unwind = false
-
-[filter:cors]
-paste.filter_factory = oslo_middleware.cors:filter_factory
-oslo_config_project = barbican
--- a/ansible/roles/barbican/templates/barbican-api.json.j2
+++ b/ansible/roles/barbican/templates/barbican-api.json.j2
@ -17,7 +17,8 @@
            "source": "{{ container_config_directory }}/barbican-api-paste.ini",
            "dest": "/etc/barbican/barbican-api-paste.ini",
            "owner": "barbican",
-            "perm": "0600"
+            "perm": "0600",
+            "optional": true
        },
        {
            "source": "{{ container_config_directory }}/policy.json",