Update the keystone configuration script for Barbican per Johns Hopkins team.

The Johns Hopkins team has been working to integrate Barbican in to their encryption key management work flows. Hadi A. Esiely Barrera provided modifications that were needed to the Barbican Keystone configuration script to make it function correctly. This change request also restores the barbican-all script as teams such as Johns Hopkins are utilizing it. Change-Id: I764bd1606a0f8124660651104eb0dd58e82b9f6f
2013-11-05 15:06:27 -06:00 · 2013-11-05 15:06:27 -06:00 · 0dfb842b54
commit 0dfb842b54
parent fc155c2f72
2 changed files with 62 additions and 7 deletions
--- a/bin/barbican-all
+++ b/bin/barbican-all
@ -0,0 +1,56 @@
+#!/bin/bash
+
+#####
+# WARNING: This script is deprecated now. Please use the barbican.sh script instead.
+#####
+
+# barbican-api - Script run Cloudkeep's Barbican API app.
+
+PKG=barbican
+
+# For local development, set VENV_PYTHON equal to the path to your virtual environment's site-packages location
+VENV=${VENV:-.venv}
+VENV_HOME=${VENV_HOME:-$PWD}
+VENV_PYTHON=$VENV_HOME/$VENV/lib/python2.7/site-packages
+
+PKG_DIR=/etc/$PKG
+CONF_FILE=$PKG_DIR/barbican-api.conf
+POLICY_FILE=$PKG_DIR/policy.json
+SIGNING_DIR=$PKG_DIR/cache/
+OPTS='--daemonize /var/log/barbican/uwsgi.log'
+
+# Configure for a local deployment environment:
+if [ ! -f $CONF_FILE ];
+then
+  echo 'Running locally...'
+
+  PKG_DIR=$PWD/etc/$PKG
+  CONF_FILE=./etc/$PKG/barbican-api.conf
+  PYTHONPATH=$VENV_PYTHON:$PYTHONPATH
+  OPTS='-H '$VENV_HOME/$VENV' --stats :9314'
+
+  # Copy conf file to home directory so oslo.config can find it
+  LOCAL_CONF_FILE=~/barbican-api.conf
+  if [ ! -f $LOCAL_CONF_FILE ];
+  then
+    cp ./etc/$PKG/barbican-api.conf ~
+  fi
+fi
+
+# TODO: This is breaking deployment...need to analyze.
+#if [ ! -f $POLICY_FILE ];
+#then
+#  LOCAL_POLICY_FILE=./etc/$PKG/policy.json
+#  mkdir -p $PKG_DIR
+#  sudo cp $LOCAL_POLICY_FILE POLICY_FILE
+#fi
+#
+#if [ ! -f $SIGNING_DIR ];
+#then
+#  echo "making "$SIGNING_DIR
+#  sudo mkdir -p $SIGNING_DIR
+#fi
+
+echo 'Running Barbican uWSGI Emperor '$PKG_DIR/vassals
+echo 'Executing uwsgi with these options: '$PKG_DIR/vassals' '$OPTS
+uwsgi --master --emperor $PKG_DIR/vassals $OPTS
--- a/bin/keystone_data.sh
+++ b/bin/keystone_data.sh
@ -9,7 +9,7 @@
 # alternately export values for
 export OS_AUTH_URL="http://localhost:5000/v2.0"
 # your secret password
-export OS_PASSWORD="orange" 
+export OS_PASSWORD="password"
 export OS_TENANT_NAME="service" 
 export OS_USERNAME="nova" 

@ -42,6 +42,7 @@ ENABLED_SERVICES="barbican"
 SERVICE_PASSWORD="orange"
 SERVICE_HOST="localhost"
 SERVICE_TENANT_NAME="service"
+KEYSTONE_CATALOG_BACKEND='sql'

 #============================
 # Lookups
@ -64,15 +65,13 @@ if [[ "$ENABLED_SERVICES" =~ "barbican" ]]; then
    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
        BARBICAN_SERVICE=$(get_id keystone service-create \
            --name=barbican \
-            --type="key store" \
+            --type="keystore" \
            --description="Barbican Key Management Service")
        keystone endpoint-create \
            --region RegionOne \
            --service_id $BARBICAN_SERVICE \
-            --publicurl "http://$SERVICE_HOST:9311" \
-            --adminurl "http://$SERVICE_HOST:9312" \
-            --internalurl "http://$SERVICE_HOST:9313"
+            --publicurl "http://$SERVICE_HOST:9311/v1" \
+            --adminurl "http://$SERVICE_HOST:9312/v1" \
+            --internalurl "http://$SERVICE_HOST:9313/v1"
    fi
 fi
-
-