40 Commits

Author SHA1 Message Date
Bertrand Lallau
afdd11b9a2 Generalize api_interface_address variable usage
Useful api_interface_address variable has been define here:
https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L57
In order to simplify codebase we must use it as much as possible.

Change-Id: I18fec19bf69e05a22a4142a9cd1165eccd022455
2017-05-23 08:35:15 +00:00
Jeffrey Zhang
b1f015616c Add timeout parameter for precheck tasks
wait_for module waits 300 seconds for the port started or stopped.  This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.

Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
2017-05-04 09:02:25 +08:00
zhubingbing
6d0e31f232
Fix can't find /usr/lib/libCryptoki2_64.so in barbican
Link https://docs.openstack.org/project-install-guide/key-manager/newton/barbican-backend.html#simple-crypto-plugin

Change-Id: I351738c2a98090c56ac69e477fbe5ddec4cc5b26
Closes-Bug: #1672001
2017-03-22 20:43:14 +08:00
Paul Bourke
5418ada148 Enable sanity checks from kolla-ansible
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.

Add stub files to all services that don't currently have checks.

Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
2017-03-09 10:37:06 +00:00
Jenkins
d9740e9c40 Merge "Remove unnecessary until in register.yml file" 2017-02-22 12:28:06 +00:00
Jenkins
5b9744e591 Merge "Add default roles used by Barbican" 2017-02-15 08:58:16 +00:00
Nenad Radojevic
4385fb682c Add default roles used by Barbican
The default roles used by Barbican are missing.
According to the policy.json the Key Manager
comes with, four roles have to be defined.

Change-Id: I8882c2cf328b62e68797e383b26908540d669629
Closes-Bug: #1657742
2017-02-14 17:06:54 +00:00
Duong Ha-Quang
f45fe3243f Change Barbican default secret store to pkcs11
Change-Id: I758eedb8569ce5ddbfb44f7dc79d622891997e84
Closes-Bug: #1625340
2017-02-09 13:40:13 +07:00
Jeffrey Zhang
38ad05a872 Remove unnecessary until in register.yml file
Change-Id: I1577cc3afef4dadd3a188c8ba749c9cdfad313ae
2017-02-04 14:38:54 +08:00
Eduardo Gonzalez
4e0fa6a334 Remove hardcoded usernames in register.yml
Usernames can be configured with variables in
configuration files, but user creation is hardcoded.

Change-Id: I057cfb921d776217db66f59226dcfa79f3eb7368
Closes-Bug: #1661587
2017-02-03 12:17:54 +00:00
Jenkins
be311f62bd Merge "External_fqdn for host_href in barbican.conf" 2017-02-03 04:31:23 +00:00
Nenad Radojevic
5229c83a7f External_fqdn for host_href in barbican.conf
The barbican service should use the external fqdn as value for the
host_href parameter. Typically this is the endpoint that clients
would use to connect to barbican from outside.

Change-Id: I075acb6335354a61f935d57a7b84f0f92978c9bd
Closes-Bug: #1660282
2017-01-30 11:20:54 +01:00
venkatamahesh
b7fefc1c50 Fix a typo in config.yml
Change-Id: Id0efea7ab3fdfab5f9ff42c8761e5afc6a93b9aa
Closes-Bug: #1660005
2017-01-28 10:32:52 +05:30
Jenkins
8884422f3d Merge "Refactor register.yml files" 2017-01-26 18:48:59 +00:00
Jeffrey Zhang
8155d74d8d Refactor register.yml files
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Change-Id: I9a4a6b6523dee4b388513386b7d85d421f2b7b89
2017-01-26 17:10:27 +00:00
caoyuan
91dbe0ec0c Optimize reconfiguration for barbican
Change-Id: I0808b32115989ed55bf5401d2f5401930766d39a
Partially-implements: blueprint better-reconfigure
2017-01-24 13:55:53 +00:00
Jeffrey Zhang
7233b45d29 Refactor bootstrap.yml file
Change-Id: I00d2dcb0895548ba169ab85764cf546c2214cbf5
2017-01-12 23:37:50 +08:00
caoyuan
8fdc01f197 Move barbican precheck into its own role
Change-Id: I823f1a5e2e529037d0adf7edd6e407faa629e940
Partially-implements: blueprint condition-pre-check
2016-12-23 22:47:55 +08:00
Eduardo Gonzalez
775d8019b6 Add custom policies in service.json
Include custom policy.json files in service-api.json.j2 files

Change-Id: Ic55bfc6f61131aa72c3497ce8b2282056bcc7f92
Partially-Implements: blueprint custom-policies
2016-12-02 16:22:17 +00:00
Jenkins
7fcff0e1f2 Merge "Fix barbican upgrade permission issue" 2016-12-02 13:17:18 +00:00
zhubingbing
af3eaa5a23 Fix barbican upgrade permission issue
Change-Id: I08bfa65223fd42df218bfd9e81765d6f1a4e10c8
Closes-Bug: #1646008
2016-11-30 12:43:51 +00:00
Duong Ha-Quang
b5d1e4b457 Fix placement of policy.json
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.

Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.

Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).

Redundant files will be removed in follow up patchset.

Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
2016-11-29 16:00:09 +07:00
portdirect
200dbafb1c Update Barbican to use correct mysql connection string
PyMySQL is prefered to PythonMySQL for Sqlalchemy, as it provides
python3 support and is actively maintained, and is therefore the
currently recommended lib for db connections.
 * https://wiki.openstack.org/wiki/PyMySQL_evaluation

Kolla currently uses PyMySQL for all connections bar Barbican
(which works fine with PyMySQL): once this commit is merged it will
be possible to remove the PythonMySQL libs, and mysql libs for kolla
images (except kolla-toolbox).

TrivialFix

Change-Id: Id256387134ca551a181c5e49c9b6d63f62b72523
2016-11-17 14:27:47 +00:00
Jenkins
dbc881456b Merge "Custom policy files" 2016-11-04 13:42:55 +00:00
Jenkins
da832be870 Merge "Barbican: Fix race condition when starting procs simultaneously" 2016-11-03 17:31:12 +00:00
Pete Birley
51e6c102d1 Barbican: Fix race condition when starting procs simultaneously
This fixes a race condition when starting barbican processes,
as by default they attempt to manage the db schema on startup.

TrivialFix

Change-Id: Ic168211880709a3279511ce519756e4cbdd57fe8
2016-11-03 14:24:02 +00:00
Jeffrey Zhang
fa45801946 Move precheck into its own role
* Merge prechecks.yml and site.yml playbook
* Create empty precheck.yml into all roles.

Change-Id: I8a138558a26c0a2a66c5fd48ed37be657c99c1dd
Implements: blueprint condition-pre-check
2016-11-03 14:48:58 +08:00
Eduardo Gonzalez
ef1fd6b8c0 Custom policy files
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.

Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
2016-10-28 10:47:05 +01:00
Jenkins
5661f72f98 Merge "Remove default values from conf file" 2016-10-14 02:17:00 +00:00
Jenkins
45b0f2cf63 Merge "Remove do_reconfigure.yml file for all roles" 2016-10-13 16:20:30 +00:00
Jenkins
2abef796d6 Merge "Mount host localtime for containers" 2016-10-13 14:06:20 +00:00
Jeffrey Zhang
16a1f9f006 Mount host localtime for containers
Add /etc/localtime:/etc/localtime:ro to volume for aodh, barbican, etcd,
gnocchi, kuryr and sahara.
All the containers are added in Netwon cycle, so no need to backport

Closes-Bug: #1633049
Change-Id: I9cdba54cf730af44fb1a9ff6f2c936d23dadbe9a
2016-10-13 11:35:03 +00:00
liyingjun
626967c1a4 Enable keystone authentication for Barbican
By default Barbican has not enabled the Keystone authentication:

[pipeline:barbican_api]
pipeline = cors unauthenticated-context apiapp

According to the Barbican install guide[1] this pipeline should be:

pipeline = cors authtoken context apiapp

[1]: http://docs.openstack.org/developer/barbican/setup/keystone.html

Change-Id: I941515a98772a72762b20507e100e7872f3b4ab8
Closes-bug: #1625337
2016-10-11 17:44:17 +08:00
liyingjun
cd0336658f Fix 'Address already in use' for barbican-api
By default barbican uwsgi is configured to listen all address on host
[1], we need to change this to the ip address of the host.

[1]:
https://github.com/openstack/barbican/blob/master/etc/barbican/vassals/barbican-api.ini

Change-Id: I4a1f9fb44ad55caf21f82c1b6d272a9743d65fd8
Closes-bug: #1632177
2016-10-11 17:43:19 +08:00
Mauricio Lima
579dd2eb7e Remove default values from conf file
baf5edfbf9/barbican/common/config.py (L108-L131)

TrivialFix

Change-Id: I64baf401718ee694be4651fea6c1aae7cece358c
2016-10-06 10:15:02 -03:00
Jeffrey Zhang
fa856556d5 Remove do_reconfigure.yml file for all roles
do_reconfigure.yml is introduced to use serial directive. But we use
it in wrong. Now serial has moved to playbook file. So it is time to
remove the do_reconfigure.yml file

Closes-Bug: #1628152
Change-Id: I8d42d27e6bc302a0e575b0353956eaef9b2ca9fd
2016-09-27 15:04:00 +00:00
Christian Berendt
6bc976aa07 Set ownership of barbican configuration files to barbican
Change-Id: I6fe7f0928812f816080ced76dec2659f2094276d
Closes-bug: #1625317
2016-09-19 20:58:06 +02:00
Jeffrey Zhang
e328ada3bd Optimized the serial upgrade and reconfigure
* add serial for reconfigure
* set playbook serial by using variable
* fix serial for barbican, influxdb and vmtp

Closes-Bug: #1624607
Change-Id: I66530c7736e1673a592eddbde75637825d12d9e2
2016-09-17 04:08:58 +00:00
zhubingbing
7306b251e6 Add upgrade file to barbican role
Change-Id: I2e2b840676456abcb0dddea05864ad69f1c6b397
2016-09-14 15:48:53 +00:00
zhubingbing
e0537385d0 Add Barbican ansible role
Partially-Implements: blueprint barbican-ansible

Change-Id: Id6be35b1d0527d5c38d4ea8576b233ebcc404718
2016-09-13 02:56:27 +00:00