Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
set -e
if ! [ "$BARBICAN_DB_PASSWORD" ]; then
BARBICAN_DB_PASSWORD=$(openssl rand -hex 15)
export BARBICAN_DB_PASSWORD
fi
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
KEYSTONE_ADMIN_SERVICE_PORT BARBICAN_ADMIN_PASSWORD
fail_unless_db
fail_unless_os_service_running keystone
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
CREATE DATABASE IF NOT EXISTS ${BARBICAN_DB_NAME};
GRANT ALL PRIVILEGES ON barbican.* TO
'${BARBICAN_DB_USER}'@'%' IDENTIFIED BY '${BARBICAN_DB_PASSWORD}'
EOF
# config file setup
crudini --set /etc/barbican/barbican-api.conf \
DEFAULT \
sql_connection \
"mysql://${BARBICAN_DB_USER}:${BARBICAN_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${BARBICAN_DB_NAME}"
crudini --set /etc/barbican/barbican-api.conf \
DEFAULT \
log_dir \
"/var/log/barbican/"
crudini --set /etc/barbican/barbican-api.conf \
DEFAULT \
log_file \
"/var/log/barbican/barbican.log"
crudini --set /etc/barbican/barbican-api-paste.ini \
pipeline:barbican_api \
pipeline \
"keystone_authtoken context apiapp"
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
auth_host \
${KEYSTONE_ADMIN_SERVICE_HOST}
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
auth_port \
${KEYSTONE_ADMIN_SERVICE_PORT}
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
auth_protocol \
${KEYSTONE_AUTH_PROTOCOL}
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
admin_tenant_name \
${ADMIN_TENANT_NAME}
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
admin_user \
${BARBICAN_KEYSTONE_USER}
crudini --set /etc/barbican/barbican-api-paste.ini \
filter:keystone_authtoken \
admin_password \
${BARBICAN_KEYSTONE_USER}
# create the required keystone entities for barbican
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-create --name ${BARBICAN_KEYSTONE_USER} --pass ${BARBICAN_ADMIN_PASSWORD}
keystone role-get observer > /dev/null 2>&1 || /bin/keystone role-create --name observer
keystone role-get creator > /dev/null 2>&1 || /bin/keystone role-create --name creator
keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-role-add --user ${BARBICAN_KEYSTONE_USER} --role admin --tenant ${ADMIN_TENANT_NAME}
# launch Barbican using uwsgi
exec uwsgi --master --emperor /etc/barbican/vassals