Containerizing barbican service

Adding Dockerfile, pod and service. Please note
that this uses the Juno version of Barbican
from tar ball and uses uwsgi to run the service.
Addressed review comments and added admin service
as well.

Fixing Maintainer email and yum clean up

Change-Id: If58c5eec00131582024045f8d213e48f9f466f4d

docker/barbican/Dockerfile

@@ -0,0 +1,41 @@
+FROM kollaglue/fedora-rdo-base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+ADD ./start.sh /start.sh
+
+# Install required packages
+RUN yum install -y gcc Cython sqlite-devel mysql-devel libffi-devel && yum clean all
+
+# use the Barbican Juno version
+# setting this as environment variable also keeps pbr version checking happy
+# TODO: when the Barbican rpm from cloudkeep.io is usable,
+# switch to using that instead
+ENV PBR_VERSION 2014.2
+
+# Get and extract the Barbican tar ball
+RUN curl -o /barbican-$PBR_VERSION.tar.gz https://github.com/openstack/barbican/archive/$PBR_VERSION.tar.gz -L
+RUN tar -xzf barbican-$PBR_VERSION.tar.gz
+
+# Install Barbican requirements
+RUN pip install -r barbican-$PBR_VERSION/requirements.txt
+RUN pip install MySQL-python
+
+# Install Barbican
+RUN cd barbican-$PBR_VERSION ; python setup.py install
+
+# Configure Barbican
+RUN mkdir -p /etc/barbican
+RUN mkdir -p /var/log/barbican
+RUN cp -r /barbican-$PBR_VERSION/etc/barbican/* /etc/barbican
+
+# Instal uwsgi as that is what we will use to run Barbican
+RUN pip install uwsgi
+
+# Cleanup files not required anymore
+RUN rm -rf /barbican-$PBR_VERSION
+RUN rm -rf /barbican-$PBR_VERSION.tar.gz
+
+# Expose the dev and admin ports
+EXPOSE 9311 9312
+
+CMD ["/start.sh"]

docker/barbican/build

@@ -0,0 +1 @@
+../../tools/build-docker-image

docker/barbican/start.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -e
+
+: ${BARBICAN_DB_USER:=barbican}
+: ${BARBICAN_DB_NAME:=barbican}
+: ${KEYSTONE_AUTH_PROTOCOL:=http}
+: ${BARBICAN_KEYSTONE_USER:=barbican}
+: ${ADMIN_TENANT_NAME:=admin}
+
+if ! [ "$KEYSTONE_ADMIN_TOKEN" ]; then
+    echo "*** Missing KEYSTONE_ADMIN_TOKEN" >&2
+        exit 1
+fi
+
+if ! [ "$DB_ROOT_PASSWORD" ]; then
+        echo "*** Missing DB_ROOT_PASSWORD" >&2
+        exit 1
+fi
+
+if ! [ "$BARBICAN_DB_PASSWORD" ]; then
+        BARBICAN_DB_PASSWORD=$(openssl rand -hex 15)
+        export BARBICAN_DB_PASSWORD
+fi
+
+mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
+CREATE DATABASE IF NOT EXISTS ${BARBICAN_DB_NAME};
+GRANT ALL PRIVILEGES ON barbican.* TO
+    '${BARBICAN_DB_USER}'@'%' IDENTIFIED BY '${BARBICAN_DB_PASSWORD}'
+EOF
+
+# config file setup
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    sql_connection \
+    "mysql://${BARBICAN_DB_USER}:${BARBICAN_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${BARBICAN_DB_NAME}"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_dir \
+    "/var/log/barbican/"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_file \
+    "/var/log/barbican/barbican.log"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    pipeline:barbican_api \
+    pipeline \
+    "keystone_authtoken context apiapp"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_host \
+    ${KEYSTONE_ADMIN_SERVICE_HOST}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_port \
+    ${KEYSTONE_ADMIN_SERVICE_PORT}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_protocol \
+    ${KEYSTONE_AUTH_PROTOCOL}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_tenant_name \
+    ${ADMIN_TENANT_NAME}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_user \
+    ${BARBICAN_KEYSTONE_USER}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_password \
+    ${BARBICAN_KEYSTONE_USER}
+
+# create the required keystone entities for barbican
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-create --name ${BARBICAN_KEYSTONE_USER} --pass ${BARBICAN_ADMIN_PASSWORD}
+
+keystone role-get observer > /dev/null 2>&1 || /bin/keystone role-create --name observer
+keystone role-get creator > /dev/null 2>&1 || /bin/keystone role-create --name creator
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-role-add --user ${BARBICAN_KEYSTONE_USER} --role admin --tenant ${ADMIN_TENANT_NAME}
+
+# launch Barbican using uwsgi
+exec uwsgi --master --emperor /etc/barbican/vassals

k8s/pod/barbican-pod.yaml

@@ -0,0 +1,22 @@
+desiredState:
+  manifest:
+    containers:
+    - env:
+      - name: BARBICAN_DB_PASSWORD
+        value: password
+      - name: DB_ROOT_PASSWORD
+        value: password
+      - name: KEYSTONE_ADMIN_TOKEN
+        value: ADMINTOKEN
+      - name: BARBICAN_ADMIN_PASSWORD
+        value: kolla
+      image: kollaglue/fedora-rdo-barbican
+      name: barbican
+      ports:
+      - containerPort: 9311
+      - containerPort: 9312
+    id: barbican
+    version: v1beta1
+id: barbican
+labels:
+  name: barbican

k8s/service/barbican-admin-service.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9312
+id: barbican-admin
+kind: Service
+port: 9312
+selector:
+  name: barbican

k8s/service/barbican-public-service.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9311
+id: barbican-public
+kind: Service
+port: 9311
+selector:
+  name: barbican