From 2ba40be73f3abf28ffb0c8d1b3fd65dbf237ac4c Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Wed, 23 Apr 2014 23:31:25 -0400 Subject: barbican: ReST API designed for the secure storage, provisioning and management of secrets Introduce the barbican package: https://wiki.openstack.org/wiki/Barbican, to support the management of keys and secrets on an OpenStack system. The barbican api service can be started with the packaged initscript, and has been validated against the barbican quick start guide. Signed-off-by: Bruce Ashfield --- .../python/python-barbican/barbican.init | 101 +++++++++++++++++++++ .../recipes-devtools/python/python-barbican_git.bb | 100 ++++++++++++++++++++ 2 files changed, 201 insertions(+) create mode 100644 meta-openstack/recipes-devtools/python/python-barbican/barbican.init create mode 100644 meta-openstack/recipes-devtools/python/python-barbican_git.bb (limited to 'meta-openstack/recipes-devtools') diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init new file mode 100644 index 0000000..ba3a019 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init @@ -0,0 +1,101 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: barbican barbican-api +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: OpenStack Secrets (barbican) - @suffix@ +# Description: OpenStack Secrets (barbican) - @suffix@ +### END INIT INFO + +SUFFIX="@suffix@" +DESC="barbican-@suffix@" +PIDFILE="/var/run/barbican/barbican-$SUFFIX.pid" +CONFIG_DIR="/etc/barbican" +UWSGI="/usr/bin/uwsgi" +EXEC="--master --emperor $CONFIG_DIR/vassals" + +if [ ! -d /var/run/barbican ]; then + mkdir -p /var/run/barbican + chown barbican:barbican /var/run/barbican +fi + +start () +{ + if [ -e $PIDFILE ]; then + PIDDIR=/proc/$(cat $PIDFILE) + if [ -d ${PIDDIR} ]; then + echo "$DESC already running." + exit 1 + else + echo "Removing stale PID file $PIDFILE" + rm -f $PIDFILE + fi + fi + PIDDIR=`dirname $PIDFILE` + if [ ! -d $PIDDIR ]; then + mkdir -p $PIDDIR + chown barbican $PIDDIR + fi + if [ ! -d /var/log/barbican ]; then + mkdir /var/log/barbican + fi + echo -n "Starting $DESC..." + + start-stop-daemon --start --quiet --background \ + --exec ${UWSGI} -- --pidfile ${PIDFILE} ${EXEC} + + if [ $? -eq 0 ]; then + echo "done." + else + echo "failed." + fi +} + +stop () +{ + echo -n "Stopping $DESC..." + start-stop-daemon --stop --signal 9 --quiet --pidfile $PIDFILE + if [ $? -eq 0 ]; then + echo "done." + else + echo "failed." + fi + rm -f $PIDFILE +} + +status() +{ + pid=`cat $PIDFILE 2>/dev/null` + if [ -n "$pid" ]; then + if ps -p $pid >&- ; then + echo "$DESC is running" + return + fi + fi + echo "$DESC is not running" +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|force-reload|reload) + stop + start + ;; + status) + status + ;; + *) + echo "Usage: $0 {start|stop|force-reload|restart|reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/meta-openstack/recipes-devtools/python/python-barbican_git.bb b/meta-openstack/recipes-devtools/python/python-barbican_git.bb new file mode 100644 index 0000000..838346c --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-barbican_git.bb @@ -0,0 +1,100 @@ +DESCRIPTION = "Barbican is a ReST API designed for the secure storage, provisioning and management of secrets." +HOMEPAGE = "https://wiki.openstack.org/wiki/Barbican" +SECTION = "devel/python" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fc8be9e7dffe97390d1216b01fd0be01" + +PR = "r0" +SRCNAME = "barbican" + +SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \ + file://barbican.init \ + " + +SRCREV="177d4499af6b261f48814503e3565f433e86cc66" +PV="2014.1+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit update-rc.d setuptools identity hosts useradd default_configs + +do_install_append() { + TEMPLATE_CONF_DIR=${S}${sysconfdir}/${SRCNAME} + BARBICAN_CONF_DIR=${D}${sysconfdir}/${SRCNAME} + + install -d ${BARBICAN_CONF_DIR} + cp -r ${TEMPLATE_CONF_DIR}/* ${BARBICAN_CONF_DIR} + + install -d ${D}${localstatedir}/lib/barbican + + if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/init.d + + for binary in api; do + sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh + install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary + done + fi +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system barbican" +USERADD_PARAM_${PN} = "--system --home /var/lib/barbican -g barbican \ + --no-create-home --shell /bin/false barbican" + +PACKAGES += "${SRCNAME} \ + ${SRCNAME}-setup " + +FILES_${PN} = "${libdir}/* \ +" +FILES_${SRCNAME} = "${sysconfdir}/${SRCNAME}/* \ + ${sysconfdir}/init.d/barbican-api \ + ${bindir}/* \ + ${localstatedir}/* \ +" + +ALLOW_EMPTY_${SRCNAME}-setup = "1" +pkg_postinst_${SRCNAME}-setup () { + if [ "x$D" != "x" ]; then + exit 1 + fi + + chown -R barbican:barbican ${sysconfdir}/${SRCNAME} + chown -R barbican:barbican ${localstatedir}/lib/barbican +} + +DEPENDS += " \ + python-pip \ + python-pbr \ + " + +RDEPENDS_${SRCNAME} = "${PN} \ + ${SRCNAME}-setup \ + uwsgi \ + python-falcon \ + python-oslo.messaging" + +RDEPENDS_${PN} += " \ + python-pip \ + python-pbr \ + python-alembic \ + python-babel \ + python-eventlet \ + python-falcon \ + python-iso8601 \ + python-jsonschema \ + python-kombu \ + python-netaddr \ + python-pastedeploy \ + python-paste \ + python-pycrypto \ + python-pysqlite \ + python-keystoneclient \ + python-sqlalchemy \ + python-stevedore \ + python-webob \ + python-wsgiref \ + " + +INITSCRIPT_PACKAGES = "${SRCNAME}" +INITSCRIPT_NAME_${SRCNAME} = "barbican-api" +INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}" -- cgit v1.2.3-54-g00ecf