barbican: ReST API designed for the secure storage, provisioning and management of secrets

Introduce the barbican package: https://wiki.openstack.org/wiki/Barbican, to
support the management of keys and secrets on an OpenStack system.

The barbican api service can be started with the packaged initscript, and has
been validated against the barbican quick start guide.

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

2 files changed, 201 insertions, 0 deletions

diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
new file mode 100644
index 0000000..ba3a019
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          barbican barbican-api
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     3 5
+# Default-Stop:      0 1 2 6
+# Short-Description: OpenStack Secrets (barbican) - @suffix@
+# Description:       OpenStack Secrets (barbican) - @suffix@
+### END INIT INFO
+
+SUFFIX="@suffix@"
+DESC="barbican-@suffix@"
+PIDFILE="/var/run/barbican/barbican-$SUFFIX.pid"
+CONFIG_DIR="/etc/barbican"
+UWSGI="/usr/bin/uwsgi"
+EXEC="--master --emperor $CONFIG_DIR/vassals"
+
+if [ ! -d /var/run/barbican ]; then
+        mkdir -p /var/run/barbican
+        chown barbican:barbican /var/run/barbican
+fi
+
+start ()
+{
+    if [ -e $PIDFILE ]; then
+        PIDDIR=/proc/$(cat $PIDFILE)
+        if [ -d ${PIDDIR} ]; then
+            echo "$DESC already running."
+            exit 1
+        else
+            echo "Removing stale PID file $PIDFILE"
+            rm -f $PIDFILE
+        fi
+    fi
+    PIDDIR=`dirname $PIDFILE`
+    if [ ! -d $PIDDIR ]; then
+        mkdir -p $PIDDIR
+        chown barbican $PIDDIR
+    fi
+    if [ ! -d /var/log/barbican ]; then
+        mkdir /var/log/barbican
+    fi
+    echo -n "Starting $DESC..."
+
+    start-stop-daemon --start --quiet --background \
+        --exec ${UWSGI} -- --pidfile ${PIDFILE} ${EXEC} 
+
+    if [ $? -eq 0 ]; then
+        echo "done."
+    else
+        echo "failed."
+    fi
+}
+
+stop ()
+{
+    echo -n "Stopping $DESC..."
+    start-stop-daemon --stop --signal 9 --quiet --pidfile $PIDFILE
+    if [ $? -eq 0 ]; then
+        echo "done."
+    else
+        echo "failed."
+    fi
+    rm -f $PIDFILE
+}
+
+status()
+{
+    pid=`cat $PIDFILE 2>/dev/null`
+    if [ -n "$pid" ]; then
+        if ps -p $pid >&- ; then
+            echo "$DESC is running"
+            return
+        fi
+    fi
+    echo "$DESC is not running"
+}
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart|force-reload|reload)
+        stop
+        start
+        ;;
+    status)
+        status
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|force-reload|restart|reload|status}"
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-openstack/recipes-devtools/python/python-barbican_git.bb b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
new file mode 100644
index 0000000..838346c
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
@@ -0,0 +1,100 @@
+DESCRIPTION = "Barbican is a ReST API designed for the secure storage, provisioning and management of secrets."
+HOMEPAGE = "https://wiki.openstack.org/wiki/Barbican"
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fc8be9e7dffe97390d1216b01fd0be01"
+
+PR = "r0"
+SRCNAME = "barbican"
+
+SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \
+           file://barbican.init \
+          "
+
+SRCREV="177d4499af6b261f48814503e3565f433e86cc66"
+PV="2014.1+git${SRCPV}"
+S = "${WORKDIR}/git"
+
+inherit update-rc.d setuptools identity hosts useradd default_configs
+
+do_install_append() {
+    TEMPLATE_CONF_DIR=${S}${sysconfdir}/${SRCNAME}
+    BARBICAN_CONF_DIR=${D}${sysconfdir}/${SRCNAME}
+
+    install -d ${BARBICAN_CONF_DIR}
+    cp -r ${TEMPLATE_CONF_DIR}/* ${BARBICAN_CONF_DIR}
+
+    install -d ${D}${localstatedir}/lib/barbican
+
+    if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/init.d
+
+        for binary in api; do
+            sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh
+            install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary
+        done
+    fi
+}
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system barbican"
+USERADD_PARAM_${PN}  = "--system --home /var/lib/barbican -g barbican \
+                        --no-create-home --shell /bin/false barbican"
+
+PACKAGES += "${SRCNAME} \
+             ${SRCNAME}-setup "
+
+FILES_${PN} = "${libdir}/* \
+"
+FILES_${SRCNAME} = "${sysconfdir}/${SRCNAME}/* \
+                    ${sysconfdir}/init.d/barbican-api \
+                    ${bindir}/* \
+                    ${localstatedir}/* \
+"
+
+ALLOW_EMPTY_${SRCNAME}-setup = "1"
+pkg_postinst_${SRCNAME}-setup () {
+    if [ "x$D" != "x" ]; then
+        exit 1
+    fi
+
+    chown -R barbican:barbican ${sysconfdir}/${SRCNAME}
+    chown -R barbican:barbican ${localstatedir}/lib/barbican
+}
+
+DEPENDS += " \
+        python-pip \
+        python-pbr \
+        "
+
+RDEPENDS_${SRCNAME} = "${PN} \
+                       ${SRCNAME}-setup \
+                       uwsgi \
+                       python-falcon \
+                       python-oslo.messaging"
+
+RDEPENDS_${PN} += " \
+        python-pip \
+        python-pbr \
+        python-alembic \
+        python-babel \
+        python-eventlet \
+        python-falcon \
+        python-iso8601 \
+        python-jsonschema \
+        python-kombu \
+        python-netaddr \
+        python-pastedeploy \
+        python-paste \
+        python-pycrypto \
+        python-pysqlite \
+        python-keystoneclient \
+        python-sqlalchemy \
+        python-stevedore \
+        python-webob \
+        python-wsgiref \
+        "
+
+INITSCRIPT_PACKAGES = "${SRCNAME}"
+INITSCRIPT_NAME_${SRCNAME} = "barbican-api"
+INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}"