ba1901de65
Partially Implements: Blueprint standard-start Change-Id: I34b4d96515b4c68d42319b477504abdfe9581bad
76 lines
2.7 KiB
Bash
76 lines
2.7 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
if ! [ "$BARBICAN_DB_PASSWORD" ]; then
|
|
BARBICAN_DB_PASSWORD=$(openssl rand -hex 15)
|
|
export BARBICAN_DB_PASSWORD
|
|
fi
|
|
|
|
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
|
|
KEYSTONE_ADMIN_SERVICE_PORT BARBICAN_ADMIN_PASSWORD
|
|
fail_unless_db
|
|
fail_unless_os_service_running keystone
|
|
|
|
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
|
CREATE DATABASE IF NOT EXISTS ${BARBICAN_DB_NAME};
|
|
GRANT ALL PRIVILEGES ON barbican.* TO
|
|
'${BARBICAN_DB_USER}'@'%' IDENTIFIED BY '${BARBICAN_DB_PASSWORD}'
|
|
EOF
|
|
|
|
# config file setup
|
|
crudini --set /etc/barbican/barbican-api.conf \
|
|
DEFAULT \
|
|
sql_connection \
|
|
"mysql://${BARBICAN_DB_USER}:${BARBICAN_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${BARBICAN_DB_NAME}"
|
|
crudini --set /etc/barbican/barbican-api.conf \
|
|
DEFAULT \
|
|
log_dir \
|
|
"/var/log/barbican/"
|
|
crudini --set /etc/barbican/barbican-api.conf \
|
|
DEFAULT \
|
|
log_file \
|
|
"/var/log/barbican/barbican.log"
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
pipeline:barbican_api \
|
|
pipeline \
|
|
"keystone_authtoken context apiapp"
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
auth_host \
|
|
${KEYSTONE_ADMIN_SERVICE_HOST}
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
auth_port \
|
|
${KEYSTONE_ADMIN_SERVICE_PORT}
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
auth_protocol \
|
|
${KEYSTONE_AUTH_PROTOCOL}
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
admin_tenant_name \
|
|
${ADMIN_TENANT_NAME}
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
admin_user \
|
|
${BARBICAN_KEYSTONE_USER}
|
|
crudini --set /etc/barbican/barbican-api-paste.ini \
|
|
filter:keystone_authtoken \
|
|
admin_password \
|
|
${BARBICAN_KEYSTONE_USER}
|
|
|
|
# create the required keystone entities for barbican
|
|
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
|
export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
|
|
|
|
keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-create --name ${BARBICAN_KEYSTONE_USER} --pass ${BARBICAN_ADMIN_PASSWORD}
|
|
|
|
keystone role-get observer > /dev/null 2>&1 || /bin/keystone role-create --name observer
|
|
keystone role-get creator > /dev/null 2>&1 || /bin/keystone role-create --name creator
|
|
|
|
keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-role-add --user ${BARBICAN_KEYSTONE_USER} --role admin --tenant ${ADMIN_TENANT_NAME}
|
|
|
|
# launch Barbican using uwsgi
|
|
exec uwsgi --master --emperor /etc/barbican/vassals
|