Fix three issues breaking CI

1. Change cert plugin from snakeoil to simple_certificate

The snakeoil plugin offers more functionality, but requires a little
more setup.  Ultimately, though, we will likely replace this plugin
with the dogtag plugin, if we do not disable the cert functionality
altogether.

For now, as at least one plugin is required, we use the
simple_certificate plugin, which requires no setup.

2. Make sure Barbican packaging is installed before db-sync

CI is currently failing because db-sync does not work, python-pymysql is
installed *after* running db-sync and this is wrong.

This patch makes sure things like this don't happen anymore.

3. Move keystone settings to barbican.conf

The current settings (in barbican-api-paste.ini) were not working
and putting them in barbican.conf is more in line with other projects.

Change-Id: Ifa3171f794be527c8df66894572ebf2f893986da
This commit is contained in:
Ade Lee 2016-07-07 10:26:11 -04:00
parent 84bffbecb9
commit 63c72cda5a
4 changed files with 29 additions and 18 deletions

View File

@ -411,23 +411,31 @@ class barbican::api (
}
barbican_api_paste_ini {
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
'filter:authtoken/auth_url': value => $auth_url;
'filter:authtoken/project_name': value => $keystone_tenant;
'filter:authtoken/username': value => $keystone_user;
'filter:authtoken/password': value => $keystone_password, secret => true;
'filter:authtoken/user_domain_id': value => $user_domain_id;
'filter:authtoken/project_domain_id': value => $project_domain_id;
'pipeline:barbican_api/pipeline': value => 'cors authtoken context apiapp';
}
barbican_config {
'keystone_authtoken/auth_plugin': value => 'password';
'keystone_authtoken/auth_url': value => $auth_url;
'keystone_authtoken/project_name': value => $keystone_tenant;
'keystone_authtoken/username': value => $keystone_user;
'keystone_authtoken/password': value => $keystone_password, secret => true;
'keystone_authtoken/user_domain_id': value => $user_domain_id;
'keystone_authtoken/project_domain_id': value => $project_domain_id;
}
} else {
barbican_api_paste_ini {
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
'filter:authtoken/auth_url': ensure => 'absent';
'filter:authtoken/project_name': ensure => 'absent';
'filter:authtoken/username': ensure => 'absent';
'filter:authtoken/password': ensure => 'absent';
'filter:authtoken/user_domain_id': ensure => 'absent';
'filter:authtoken/project_domain_id': ensure => 'absent';
'pipeline:barbican_api/pipeline': value => 'cors unauthenticated-context apiapp';
}
barbican_config {
'keystone_authtoken/auth_plugin': ensure => 'absent';
'keystone_authtoken/auth_uri': ensure => 'absent';
'keystone_authtoken/project_name': ensure => 'absent';
'keystone_authtoken/username': ensure => 'absent';
'keystone_authtoken/password': ensure => 'absent';
'keystone_authtoken/user_domain_id': ensure => 'absent';
'keystone_authtoken/project_domain_id': ensure => 'absent';
}
}

View File

@ -16,8 +16,11 @@ class barbican::db::sync(
path => '/usr/bin',
user => 'barbican',
refreshonly => true,
subscribe => [Package['barbican-api'], Barbican_config['database/connection'], Barbican_config['DEFAULT/sql_connection'], ]
}
Barbican_config <| title == 'database/connection' |> ~> Exec['barbican-db-manage']
Barbican_config <| title == 'DEFAULT/sql_connection' |> ~> Exec['barbican-db-manage']
Package <| tag == 'barbican-package' |> ~> Exec['barbican-db-manage']
Package <| tag == 'openstack' |> -> Exec['barbican-db-manage']
Exec['barbican-db-manage'] ~> Service<| title == 'barbican-api' |>
}

View File

@ -41,7 +41,7 @@ describe 'barbican::api basic test class' do
auth_type => 'keystone',
keystone_password => 'a_big_secret',
service_name => 'httpd',
enabled_certificate_plugins => ['snakeoil_ca'],
enabled_certificate_plugins => ['simple_certificate'],
db_auto_create => false,
}

View File

@ -225,9 +225,9 @@ describe 'barbican::api' do
it 'is_expected.to set keystone params correctly' do
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
.with_value('cors authtoken context apiapp')
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/auth_url')\
is_expected.to contain_barbican_config('keystone_authtoken/auth_url')\
.with_value('http://localhost:35357')
is_expected.to contain_barbican_api_paste_ini('filter:authtoken/project_name')\
is_expected.to contain_barbican_config('keystone_authtoken/project_name')\
.with_value('services')
end
end