Age | Commit message (Collapse) | Author |
|
Several packages utilize the keystone package service/user addition
services recently added. The data passed to this service depends on
the value assigned to CONTROLLER_IP (used as KEYSTONE_HOST), however,
bitbake is not able to automatically determine this dependency so
several tasks which should be rerun to create updated package postinst
scripts are not run when CONTROLLER_IP is modified. Adding the
necessary vardeps ensure these tasks are rerun and now adjustments
made to CONTROLLER_IP are reflected in the generated packages.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates its own keystone identities by queueing them up in its postinstall
to a file /etc/keystone/service-user-setup. service-user-setup
script, when run as the last postinstall, calls identity.sh with keystone
identity parameters to create necessary identities for the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
|
Barbican tests fail because white space is not being properly parsed
by the iso8601 python package. This fix updates the barbican code
using a patch file to strip white space from the date before passing
it to the is8601 package for parsing.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Barbican expects configuration files for its tests to be in the same
location as they appear in the source tree. However, during
deployment configuration files are put into the /etc/barbican
directory. This fix patches the tests to find the configuration files
in the directory they are placed by the barbican recipe.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
uWSGI defaults to a maximum packet size of 4096 bytes. This
is too small to support working with PKI tokens that are now default
in Keystone. The size of the packets within Barbican are dependent
on both the size of the Keystone token and the size of the secret to
be stored & retrieved. Increasing the buffer size to the maximum
allowed by uWSGI allows Barbican to support the largest possible
secrets.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Issue: US-34303
Barbican source code comes with scripts that are intended to control
the service. Added previously was a script for this same purpose
that is placed into init.d that integrates more consistently with
the system. This makes the need for these scripts redundant. This
patch removes the scripts being put into the final system package.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
management of secrets
Introduce the barbican package: https://wiki.openstack.org/wiki/Barbican, to
support the management of keys and secrets on an OpenStack system.
The barbican api service can be started with the packaged initscript, and has
been validated against the barbican quick start guide.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|