diff --git a/api/v1beta1/barbican_types.go b/api/v1beta1/barbican_types.go
index b1a77c6..e1f465d 100644
--- a/api/v1beta1/barbican_types.go
+++ b/api/v1beta1/barbican_types.go
@@ -74,6 +74,9 @@ type BarbicanStatus struct {
// Map of hashes to track e.g. job status
Hash map[string]string `json:"hash,omitempty"`
+ // ServiceID
+ ServiceID string `json:"serviceID,omitempty"`
+
// Conditions
Conditions condition.Conditions `json:"conditions,omitempty" optional:"true"`
diff --git a/api/v1beta1/barbicanapi_types.go b/api/v1beta1/barbicanapi_types.go
index 10f9c39..67fc95f 100644
--- a/api/v1beta1/barbicanapi_types.go
+++ b/api/v1beta1/barbicanapi_types.go
@@ -37,6 +37,10 @@ type BarbicanAPISpec struct {
BarbicanAPITemplate `json:",inline"`
+ // +kubebuilder:validation:Required
+ // DatabaseHostname - Barbican Database Hostname
+ DatabaseHostname string `json:"databaseHostname"`
+
// TransportURLSecret - Secret containing RabbitMQ transportURL
TransportURLSecret string `json:"transportURLSecret,omitempty"`
}
diff --git a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml
index 663a815..ca28cc2 100644
--- a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml
+++ b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml
@@ -54,6 +54,9 @@ spec:
items:
type: string
type: array
+ databaseHostname:
+ description: DatabaseHostname - Barbican Database Hostname
+ type: string
databaseInstance:
description: 'MariaDB instance name TODO(dmendiza): Is this comment
right? Right now required by the maridb-operator to get the credentials
@@ -251,6 +254,7 @@ spec:
type: string
required:
- containerImage
+ - databaseHostname
- databaseInstance
- rabbitMqClusterName
- serviceAccount
diff --git a/config/crd/bases/barbican.openstack.org_barbicans.yaml b/config/crd/bases/barbican.openstack.org_barbicans.yaml
index 924fc23..1c5e79d 100644
--- a/config/crd/bases/barbican.openstack.org_barbicans.yaml
+++ b/config/crd/bases/barbican.openstack.org_barbicans.yaml
@@ -461,6 +461,9 @@ spec:
type: string
description: Map of hashes to track e.g. job status
type: object
+ serviceID:
+ description: ServiceID
+ type: string
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
diff --git a/config/samples/barbican_v1beta1_barbican.yaml b/config/samples/barbican_v1beta1_barbican.yaml
index 9914ea3..3a9123d 100644
--- a/config/samples/barbican_v1beta1_barbican.yaml
+++ b/config/samples/barbican_v1beta1_barbican.yaml
@@ -22,8 +22,8 @@ spec:
debug:
dbInitContainer: false
dbSync: false
- initContainer: true
- service: true
+ initContainer: false
+ service: false
preserveJobs: true
nodeSelector:
node: controller
diff --git a/controllers/barbican_controller.go b/controllers/barbican_controller.go
index 97431f1..ad47041 100644
--- a/controllers/barbican_controller.go
+++ b/controllers/barbican_controller.go
@@ -22,6 +22,7 @@ import (
"time"
"k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
@@ -43,7 +44,11 @@ import (
nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+ oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+ "github.com/openstack-k8s-operators/lib-common/modules/common/util"
"github.com/openstack-k8s-operators/lib-common/modules/database"
+ mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
+ batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
@@ -294,7 +299,7 @@ func (r *BarbicanReconciler) reconcileNormal(ctx context.Context, instance *barb
// TODO(dmendiza): Handle service upgrade
// create or update Barbican API deployment
- _, op, err = r.apiDeploymentCreateOrUpdate(ctx, instance)
+ _, op, err = r.apiDeploymentCreateOrUpdate(ctx, instance, helper)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
barbicanv1beta1.BarbicanAPIReadyCondition,
@@ -330,6 +335,39 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb
}
}
+ // Remove the finalizer from our KeystoneService CR
+ keystoneService, err := keystonev1.GetKeystoneServiceWithName(ctx, helper, barbican.ServiceName, instance.Namespace)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+
+ if err == nil {
+ if controllerutil.RemoveFinalizer(keystoneService, helper.GetFinalizer()) {
+ err = r.Update(ctx, keystoneService)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+ util.LogForObject(helper, "Removed finalizer from our KeystoneService", instance)
+ }
+ }
+
+ // Remove finalizers from any existing child GlanceAPIs
+ barbicanAPI := &barbicanv1beta1.BarbicanAPI{}
+ err = r.Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%s-api", instance.Name), Namespace: instance.Namespace}, barbicanAPI)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+
+ if err == nil {
+ if controllerutil.RemoveFinalizer(barbicanAPI, helper.GetFinalizer()) {
+ err = r.Update(ctx, barbicanAPI)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+ util.LogForObject(helper, fmt.Sprintf("Removed finalizer from BarbicanAPI %s", barbicanAPI.Name), barbicanAPI)
+ }
+ }
+
// Service is deleted so remove the finalizer.
controllerutil.RemoveFinalizer(instance, helper.GetFinalizer())
r.Log.Info(fmt.Sprintf("Reconciled Service '%s' delete successfully", instance.Name))
@@ -341,6 +379,12 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb
func (r *BarbicanReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&barbicanv1beta1.Barbican{}).
+ Owns(&barbicanv1beta1.BarbicanAPI{}).
+ Owns(&mariadbv1.MariaDBDatabase{}).
+ Owns(&keystonev1.KeystoneService{}).
+ Owns(&corev1.ServiceAccount{}).
+ Owns(&batchv1.Job{}).
+ Owns(&corev1.Secret{}).
Owns(&corev1.ServiceAccount{}).
Owns(&rbacv1.Role{}).
Owns(&rbacv1.RoleBinding{}).
@@ -396,6 +440,7 @@ func (r *BarbicanReconciler) generateServiceConfig(
"ServiceUser": instance.Spec.ServiceUser,
"ServiceURL": "TODO",
"TransportURL": string(transportURLSecret.Data["transport_url"]),
+ "LogFile": fmt.Sprintf("%s%s.log", barbican.BarbicanLogPath, instance.Name),
}
return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, false)
@@ -424,12 +469,14 @@ func (r *BarbicanReconciler) transportURLCreateOrUpdate(
return transportURL, op, err
}
-func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican) (*barbicanv1beta1.BarbicanAPI, controllerutil.OperationResult, error) {
+func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican, helper *helper.Helper) (*barbicanv1beta1.BarbicanAPI, controllerutil.OperationResult, error) {
r.Log.Info(fmt.Sprintf("Creating barbican API spec. transporturlsecret: '%s'", instance.Status.TransportURLSecret))
+ r.Log.Info(fmt.Sprintf("database hostname: '%s'", instance.Status.DatabaseHostname))
apiSpec := barbicanv1beta1.BarbicanAPISpec{
BarbicanTemplate: instance.Spec.BarbicanTemplate,
BarbicanAPITemplate: instance.Spec.BarbicanAPI,
+ DatabaseHostname: instance.Status.DatabaseHostname,
TransportURLSecret: instance.Status.TransportURLSecret,
}
@@ -449,7 +496,9 @@ func (r *BarbicanReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, in
return err
}
- // TODO(dmendiza): Do we want a finalizer here? Glance has one.
+ // Add a finalizer to prevent user from manually removing child BarbicanAPI
+ controllerutil.AddFinalizer(deployment, helper.GetFinalizer())
+
return nil
})
@@ -543,6 +592,50 @@ func (r *BarbicanReconciler) reconcileInit(
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)
// create service DB - end
+ //
+ // create Keystone service and users
+ //
+ _, _, err = oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace)
+ if err != nil {
+ if k8s_errors.IsNotFound(err) {
+ return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("OpenStack secret %s not found", instance.Spec.Secret)
+ }
+ return ctrl.Result{}, err
+ }
+
+ ksSvcSpec := keystonev1.KeystoneServiceSpec{
+ ServiceType: barbican.ServiceType,
+ ServiceName: barbican.ServiceName,
+ ServiceDescription: "Barbican Service",
+ Enabled: true,
+ ServiceUser: instance.Spec.ServiceUser,
+ Secret: instance.Spec.Secret,
+ PasswordSelector: instance.Spec.PasswordSelectors.Service,
+ }
+
+ ksSvc := keystonev1.NewKeystoneService(ksSvcSpec, instance.Namespace, serviceLabels, time.Duration(10)*time.Second)
+ ctrlResult, err = ksSvc.CreateOrPatch(ctx, helper)
+ if err != nil {
+ return ctrlResult, err
+ }
+
+ // mirror the Status, Reason, Severity and Message of the latest keystoneservice condition
+ // into a local condition with the type condition.KeystoneServiceReadyCondition
+ c := ksSvc.GetConditions().Mirror(condition.KeystoneServiceReadyCondition)
+ if c != nil {
+ instance.Status.Conditions.Set(c)
+ }
+
+ if (ctrlResult != ctrl.Result{}) {
+ return ctrlResult, nil
+ }
+
+ instance.Status.ServiceID = ksSvc.GetServiceID()
+
+ if instance.Status.Hash == nil {
+ instance.Status.Hash = map[string]string{}
+ }
+
//
// run Barbican db sync
//
diff --git a/controllers/barbicanapi_controller.go b/controllers/barbicanapi_controller.go
index b392915..4452cd8 100644
--- a/controllers/barbicanapi_controller.go
+++ b/controllers/barbicanapi_controller.go
@@ -22,6 +22,7 @@ import (
"time"
"github.com/go-logr/logr"
+ routev1 "github.com/openshift/api/route/v1"
barbicanv1beta1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1"
"github.com/openstack-k8s-operators/barbican-operator/pkg/barbican"
"github.com/openstack-k8s-operators/barbican-operator/pkg/barbicanapi"
@@ -36,14 +37,16 @@ import (
nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
- corev1 "k8s.io/api/core/v1"
- k8s_errors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/log"
+
+ appsv1 "k8s.io/api/apps/v1"
+ corev1 "k8s.io/api/core/v1"
+ k8s_errors "k8s.io/apimachinery/pkg/api/errors"
)
// GetClient -
@@ -260,25 +263,174 @@ func (r *BarbicanAPIReconciler) generateServiceConfigs(
return err
}
+ transportURLSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.TransportURLSecret, instance.Namespace)
+ if err != nil {
+ return err
+ }
+
templateParameters := map[string]interface{}{
"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s",
instance.Spec.DatabaseUser,
string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]),
- instance.Status.DatabaseHostname,
+ instance.Spec.DatabaseHostname,
barbican.DatabaseName,
),
"KeystoneAuthURL": keystoneInternalURL,
"ServicePassword": string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]),
"ServiceUser": instance.Spec.ServiceUser,
- "ServiceURL": "TODO",
- "TransportURL": instance.Spec.TransportURLSecret,
+ "ServiceURL": "https://barbican.openstack.svc:9311",
+ "TransportURL": string(transportURLSecret.Data["transport_url"]),
+ "LogFile": fmt.Sprintf("%s%s.log", barbican.BarbicanLogPath, instance.Name),
}
return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, false)
}
+func (r *BarbicanAPIReconciler) reconcileInit(
+ ctx context.Context,
+ instance *barbicanv1beta1.BarbicanAPI,
+ helper *helper.Helper,
+ serviceLabels map[string]string,
+) (ctrl.Result, error) {
+ r.Log.Info(fmt.Sprintf("Reconciling Service '%s' init", instance.Name))
+
+ //
+ // expose the service (create service, route and return the created endpoint URLs)
+ //
+ ports := map[endpoint.Endpoint]endpoint.Data{}
+ ports[endpoint.EndpointInternal] = endpoint.Data{
+ Port: barbican.BarbicanInternalPort,
+ }
+ ports[endpoint.EndpointPublic] = endpoint.Data{
+ Port: barbican.BarbicanPublicPort,
+ }
+
+ for _, metallbcfg := range instance.Spec.ExternalEndpoints {
+ portCfg := ports[metallbcfg.Endpoint]
+ portCfg.MetalLB = &endpoint.MetalLBData{
+ IPAddressPool: metallbcfg.IPAddressPool,
+ SharedIP: metallbcfg.SharedIP,
+ SharedIPKey: metallbcfg.SharedIPKey,
+ LoadBalancerIPs: metallbcfg.LoadBalancerIPs,
+ }
+
+ ports[metallbcfg.Endpoint] = portCfg
+ }
+
+ apiEndpoints, ctrlResult, err := endpoint.ExposeEndpoints(
+ ctx,
+ helper,
+ barbican.ServiceName,
+ serviceLabels,
+ ports,
+ time.Duration(5)*time.Second,
+ )
+ if err != nil {
+ instance.Status.Conditions.Set(condition.FalseCondition(
+ condition.ExposeServiceReadyCondition,
+ condition.ErrorReason,
+ condition.SeverityWarning,
+ condition.ExposeServiceReadyErrorMessage,
+ err.Error()))
+ return ctrlResult, err
+ } else if (ctrlResult != ctrl.Result{}) {
+ instance.Status.Conditions.Set(condition.FalseCondition(
+ condition.ExposeServiceReadyCondition,
+ condition.RequestedReason,
+ condition.SeverityInfo,
+ condition.ExposeServiceReadyRunningMessage))
+ return ctrlResult, nil
+ }
+ instance.Status.Conditions.MarkTrue(condition.ExposeServiceReadyCondition, condition.ExposeServiceReadyMessage)
+
+ //
+ // Update instance status with service endpoint url from route host information
+ //
+ // TODO: need to support https default here
+ if instance.Status.APIEndpoints == nil {
+ instance.Status.APIEndpoints = map[string]string{}
+ }
+ instance.Status.APIEndpoints = apiEndpoints
+
+ // expose service - end
+
+ //
+ // create keystone endpoints
+ //
+
+ ksEndpointSpec := keystonev1.KeystoneEndpointSpec{
+ ServiceName: barbican.ServiceName,
+ Endpoints: instance.Status.APIEndpoints,
+ }
+
+ ksSvc := keystonev1.NewKeystoneEndpoint(instance.Name, instance.Namespace, ksEndpointSpec, serviceLabels, time.Duration(10)*time.Second)
+ ctrlResult, err = ksSvc.CreateOrPatch(ctx, helper)
+ if err != nil {
+ return ctrlResult, err
+ }
+
+ // mirror the Status, Reason, Severity and Message of the latest keystoneendpoint condition
+ // into a local condition with the type condition.KeystoneEndpointReadyCondition
+ c := ksSvc.GetConditions().Mirror(condition.KeystoneEndpointReadyCondition)
+ if c != nil {
+ instance.Status.Conditions.Set(c)
+ }
+
+ if (ctrlResult != ctrl.Result{}) {
+ return ctrlResult, nil
+ }
+
+ //
+ // create keystone endpoints - end
+ //
+
+ r.Log.Info(fmt.Sprintf("Reconciled Service '%s' init successfully", instance.Name))
+ return ctrl.Result{}, nil
+}
+
+func (r *BarbicanAPIReconciler) reconcileUpdate(ctx context.Context, instance *barbicanv1beta1.BarbicanAPI, helper *helper.Helper) (ctrl.Result, error) {
+ r.Log.Info(fmt.Sprintf("Reconciling Service '%s' update", instance.Name))
+
+ // TODO: should have minor update tasks if required
+ // - delete dbsync hash from status to rerun it?
+
+ r.Log.Info(fmt.Sprintf("Reconciled Service '%s' update successfully", instance.Name))
+ return ctrl.Result{}, nil
+}
+
+func (r *BarbicanAPIReconciler) reconcileUpgrade(ctx context.Context, instance *barbicanv1beta1.BarbicanAPI, helper *helper.Helper) (ctrl.Result, error) {
+ r.Log.Info(fmt.Sprintf("Reconciling Service '%s' upgrade", instance.Name))
+
+ // TODO: should have major version upgrade tasks
+ // -delete dbsync hash from status to rerun it?
+
+ r.Log.Info(fmt.Sprintf("Reconciled Service '%s' upgrade successfully", instance.Name))
+ return ctrl.Result{}, nil
+}
+
func (r *BarbicanAPIReconciler) reconcileDelete(ctx context.Context, instance *barbicanv1beta1.BarbicanAPI, helper *helper.Helper) (ctrl.Result, error) {
r.Log.Info(fmt.Sprintf("Reconciling Service '%s' delete", instance.Name))
+
+ // Remove the finalizer from our KeystoneEndpoint CR
+ keystoneEndpoint, err := keystonev1.GetKeystoneEndpointWithName(ctx, helper, instance.Name, instance.Namespace)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+
+ if err == nil {
+ if controllerutil.RemoveFinalizer(keystoneEndpoint, helper.GetFinalizer()) {
+ err = r.Update(ctx, keystoneEndpoint)
+ if err != nil && !k8s_errors.IsNotFound(err) {
+ return ctrl.Result{}, err
+ }
+ util.LogForObject(helper, "Removed finalizer from our KeystoneEndpoint", instance)
+ }
+ }
+
+ // Service is deleted so remove the finalizer.
+ controllerutil.RemoveFinalizer(instance, helper.GetFinalizer())
+ r.Log.Info(fmt.Sprintf("Reconciled Service '%s' delete successfully", instance.Name))
+
return ctrl.Result{}, nil
}
@@ -383,6 +535,30 @@ func (r *BarbicanAPIReconciler) reconcileNormal(ctx context.Context, instance *b
instance.Spec.NetworkAttachments, err)
}
+ // Handle service init
+ ctrlResult, err = r.reconcileInit(ctx, instance, helper, serviceLabels)
+ if err != nil {
+ return ctrlResult, err
+ } else if (ctrlResult != ctrl.Result{}) {
+ return ctrlResult, nil
+ }
+
+ // Handle service update
+ ctrlResult, err = r.reconcileUpdate(ctx, instance, helper)
+ if err != nil {
+ return ctrlResult, err
+ } else if (ctrlResult != ctrl.Result{}) {
+ return ctrlResult, nil
+ }
+
+ // Handle service upgrade
+ ctrlResult, err = r.reconcileUpgrade(ctx, instance, helper)
+ if err != nil {
+ return ctrlResult, err
+ } else if (ctrlResult != ctrl.Result{}) {
+ return ctrlResult, nil
+ }
+
r.Log.Info(fmt.Sprintf("[API] Defining deployment '%s'", instance.Name))
// Define a new Deployment object
deplDef := barbicanapi.Deployment(instance, inputHash, serviceLabels, serviceAnnotations)
@@ -445,5 +621,10 @@ func (r *BarbicanAPIReconciler) reconcileNormal(ctx context.Context, instance *b
func (r *BarbicanAPIReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&barbicanv1beta1.BarbicanAPI{}).
+ //Owns(&keystonev1.KeystoneEndpoint{}).
+ Owns(&corev1.Service{}).
+ Owns(&corev1.Secret{}).
+ Owns(&appsv1.Deployment{}).
+ Owns(&routev1.Route{}).
Complete(r)
}
diff --git a/pkg/barbican/const.go b/pkg/barbican/const.go
index 6548e98..95b0a55 100644
--- a/pkg/barbican/const.go
+++ b/pkg/barbican/const.go
@@ -5,10 +5,14 @@ import "github.com/openstack-k8s-operators/lib-common/modules/storage"
const (
// ServiceName -
ServiceName = "barbican"
+ // ServiceType -
+ ServiceType = "key-manager"
// DatabaseName -
DatabaseName = "barbican"
// BarbicanPublicPort -
BarbicanPublicPort int32 = 9311
+ // BarbicanInternalPort -
+ BarbicanInternalPort int32 = 9311
// DefaultsConfigFileName -
DefaultsConfigFileName = "00-default.conf"
// CustomConfigFileName -
diff --git a/pkg/barbicanapi/deployment.go b/pkg/barbicanapi/deployment.go
index f3bfaa6..cde17f6 100644
--- a/pkg/barbicanapi/deployment.go
+++ b/pkg/barbicanapi/deployment.go
@@ -16,7 +16,7 @@ import (
const (
// ServiceCommand -
- ServiceCommand = "/usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start"
+ ServiceCommand = "/usr/local/bin/kolla_start"
)
// Deployment - returns a BarbicanAPI Deployment
diff --git a/templates/barbican/config/00-default.conf b/templates/barbican/config/00-default.conf
index 4bcce2e..4d64981 100644
--- a/templates/barbican/config/00-default.conf
+++ b/templates/barbican/config/00-default.conf
@@ -3,6 +3,7 @@ sql_connection = {{ .DatabaseConnection }}
host_href = {{ .ServiceURL }}
debug = true
transport_url = {{ .TransportURL }}
+log_file = {{ .LogFile }}
[keystone_authtoken]
auth_version = v3
diff --git a/templates/barbican/config/10-barbican_wsgi_main.conf b/templates/barbican/config/10-barbican_wsgi_main.conf
new file mode 100644
index 0000000..adff73d
--- /dev/null
+++ b/templates/barbican/config/10-barbican_wsgi_main.conf
@@ -0,0 +1,26 @@
+
+ ServerName barbicanapi.openstack.svc
+
+ ## Vhost docroot
+ DocumentRoot "/var/www/cgi-bin/barbican"
+
+ ## Directories, there should at least be a declaration for /var/www/cgi-bin/barbican
+
+
+ Options -Indexes +FollowSymLinks +MultiViews
+ AllowOverride None
+ Require all granted
+
+
+ ## Logging
+ ErrorLog "/var/log/barbican/error.log"
+ ServerSignature Off
+ CustomLog "/var/log/barbican/access.log" combined env=!forwarded
+ SetEnvIf X-Forwarded-Proto https HTTPS=1
+
+ ## WSGI configuration
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIDaemonProcess barbican-api display-name=barbican_wsgi_main group=barbican processes=8 threads=1 user=barbican
+ WSGIProcessGroup barbican-api
+ WSGIScriptAlias / "/var/www/cgi-bin/barbican/main"
+
diff --git a/templates/barbican/config/barbican-api-config.json b/templates/barbican/config/barbican-api-config.json
index 60dad71..415bf86 100644
--- a/templates/barbican/config/barbican-api-config.json
+++ b/templates/barbican/config/barbican-api-config.json
@@ -1,5 +1,5 @@
{
- "command": "uwsgi --master --emperor /etc/barbican/vassals --logto /var/log/kolla/barbican/barbican_api_uwsgi_access.log --logfile-chmod 644",
+ "command": "/usr/sbin/httpd -DFOREGROUND",
"config_files": [
{
"source": "/var/lib/config-data/default/00-default.conf",
@@ -20,6 +20,41 @@
"owner": "barbican",
"perm": "0640",
"optional": true
+ },
+ {
+ "source": "/var/lib/config-data/default/10-barbican_wsgi_main.conf",
+ "dest": "/etc/httpd/conf.d/10-barbican_wsgi_main.conf",
+ "owner": "root",
+ "perm": "0640",
+ "optional": true
+ },
+ {
+ "source": "/var/lib/config-data/default/httpd.conf",
+ "dest": "/etc/httpd/conf/httpd.conf",
+ "owner": "root",
+ "perm": "0640",
+ "optional": true
+ },
+ {
+ "source": "/var/lib/config-data/default/main",
+ "dest": "/var/www/cgi-bin/barbican/main",
+ "owner": "barbican",
+ "perm": "0640",
+ "optional": true
+ },
+ {
+ "source": "/var/lib/config-data/default/mime.conf",
+ "dest": "/etc/httpd/conf.modules.d/mime.conf",
+ "owner": "root",
+ "perm": "0640",
+ "optional": true
+ },
+ {
+ "source": "/var/lib/config-data/default/kolla_extend_start",
+ "dest": "/usr/local/bin/kolla_extend_start",
+ "owner": "root",
+ "perm": "0755",
+ "optional": true
}
],
"permissions": [
diff --git a/templates/barbican/config/httpd.conf b/templates/barbican/config/httpd.conf
new file mode 100644
index 0000000..1582685
--- /dev/null
+++ b/templates/barbican/config/httpd.conf
@@ -0,0 +1,45 @@
+ ServerTokens Prod
+ ServerSignature Off
+ TraceEnable Off
+
+ ServerName "barbican.openstack.svc"
+ ServerRoot "/etc/httpd"
+
+ PidFile run/httpd.pid
+ Timeout 90
+ KeepAlive On
+ MaxKeepAliveRequests 100
+ KeepAliveTimeout 15
+ LimitRequestFieldSize 8190
+ LimitRequestFields 100
+
+ User apache
+ Group apache
+ Listen 9311
+
+ AccessFileName .htaccess
+
+ Require all denied
+
+
+
+ Options FollowSymLinks
+ AllowOverride None
+
+
+
+ HostnameLookups Off
+ LogLevel debug
+ EnableSendfile On
+
+ Include "/etc/httpd/conf.modules.d/*.conf"
+
+ LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%a %l %u %t \"%r\" %>s %b" common
+ LogFormat "%{Referer}i -> %U" referer
+ LogFormat "%{User-agent}i" agent
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+
+ CustomLog "/var/log/barbican/access.log" combined env=!forwarded
+ ErrorLog "/var/log/barbican/error.log"
+ IncludeOptional "/etc/httpd/conf.d/*.conf"
diff --git a/templates/barbican/config/kolla_extend_start b/templates/barbican/config/kolla_extend_start
new file mode 100644
index 0000000..89d740b
--- /dev/null
+++ b/templates/barbican/config/kolla_extend_start
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
+# of the KOLLA_BOOTSTRAP variable being set, including empty.
+if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
+ barbican-db-manage upgrade
+ exit 0
+ fi
+
+. /usr/local/bin/kolla_httpd_setup
diff --git a/templates/barbican/config/main b/templates/barbican/config/main
new file mode 100644
index 0000000..e3b15dc
--- /dev/null
+++ b/templates/barbican/config/main
@@ -0,0 +1,53 @@
+#!/usr/bin/python3
+#PBR Generated from 'wsgi_scripts'
+
+import threading
+
+from barbican.api.app import get_api_wsgi_script
+
+if __name__ == "__main__":
+ import argparse
+ import socket
+ import sys
+ import wsgiref.simple_server as wss
+
+ parser = argparse.ArgumentParser(
+ description=get_api_wsgi_script.__doc__,
+ formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+ usage='%(prog)s [-h] [--port PORT] [--host IP] -- [passed options]')
+ parser.add_argument('--port', '-p', type=int, default=8000,
+ help='TCP port to listen on')
+ parser.add_argument('--host', '-b', default='',
+ help='IP to bind the server to')
+ parser.add_argument('args',
+ nargs=argparse.REMAINDER,
+ metavar='-- [passed options]',
+ help="'--' is the separator of the arguments used "
+ "to start the WSGI server and the arguments passed "
+ "to the WSGI application.")
+ args = parser.parse_args()
+ if args.args:
+ if args.args[0] == '--':
+ args.args.pop(0)
+ else:
+ parser.error("unrecognized arguments: %s" % ' '.join(args.args))
+ sys.argv[1:] = args.args
+ server = wss.make_server(args.host, args.port, get_api_wsgi_script())
+
+ print("*" * 80)
+ print("STARTING test server barbican.api.app.get_api_wsgi_script")
+ url = "http://%s:%d/" % (server.server_name, server.server_port)
+ print("Available at %s" % url)
+ print("DANGER! For testing only, do not use in production")
+ print("*" * 80)
+ sys.stdout.flush()
+
+ server.serve_forever()
+else:
+ application = None
+ app_lock = threading.Lock()
+
+ with app_lock:
+ if application is None:
+ application = get_api_wsgi_script()
+
diff --git a/templates/barbican/config/mime.conf b/templates/barbican/config/mime.conf
new file mode 100644
index 0000000..ac91a1c
--- /dev/null
+++ b/templates/barbican/config/mime.conf
@@ -0,0 +1,38 @@
+TypesConfig /etc/mime.types
+
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-bzip2 .bz2
+
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+AddHandler type-map var
+
+AddOutputFilter INCLUDES .shtml
+
+AddType text/html .shtml