From d88f3882d4fe1bba12ce592ffd86fd6c71133b13 Mon Sep 17 00:00:00 2001
From: Keith Holman <Keith.Holman@windriver.com>
Date: Thu, 22 May 2014 13:34:28 -0400
Subject: barbican: increase uwsgi buffer-size to work with keystone

uWSGI defaults to a maximum packet size of 4096 bytes.  This
is too small to support working with PKI tokens that are now default
in Keystone.  The size of the packets within Barbican are dependent
on both the size of the Keystone token and the size of the secret to
be stored & retrieved.  Increasing the buffer size to the maximum
allowed by uWSGI allows Barbican to support the largest possible
secrets.

Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
---
 ...ncrease-buffer-size-to-support-PKI-tokens.patch | 38 ++++++++++++++++++++++
 .../python/python-barbican/barbican.init           |  2 +-
 .../recipes-devtools/python/python-barbican_git.bb |  6 ++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch

(limited to 'meta-openstack/recipes-devtools/python')

diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch
new file mode 100644
index 0000000..b0e87de
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch
@@ -0,0 +1,38 @@
+From 8b78d792ca7f7ba4e105225c3917c0a467a2fadb Mon Sep 17 00:00:00 2001
+From: Keith Holman <Keith.Holman@windriver.com>
+Date: Thu, 22 May 2014 12:08:13 -0400
+Subject: [PATCH] barbican: increase buffer-size to support PKI tokens
+
+With Keystone using larger PKI tokens (versus the previous UUID
+tokens) causes Barbican to fail when using authentication, as
+the generated packets are too large.  Increasing the maximum
+buffer size uWSGI uses fixes this problem.  This fix allows the
+packet sized to be specified in the build recipe file.
+
+Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
+---
+ etc/barbican/vassals/barbican-admin.ini | 1 +
+ etc/barbican/vassals/barbican-api.ini   | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/etc/barbican/vassals/barbican-admin.ini b/etc/barbican/vassals/barbican-admin.ini
+index e270b13..3b58430 100644
+--- a/etc/barbican/vassals/barbican-admin.ini
++++ b/etc/barbican/vassals/barbican-admin.ini
+@@ -8,3 +8,4 @@ no-default-app = true
+ memory-report = true
+ plugins = python
+ paste = config:/etc/barbican/barbican-admin-paste.ini
++buffer-size = %BARBICAN_MAX_PACKET_SIZE%
+diff --git a/etc/barbican/vassals/barbican-api.ini b/etc/barbican/vassals/barbican-api.ini
+index 8f6f504..82de732 100644
+--- a/etc/barbican/vassals/barbican-api.ini
++++ b/etc/barbican/vassals/barbican-api.ini
+@@ -8,3 +8,4 @@ no-default-app = true
+ memory-report = true
+ plugins = python
+ paste = config:/etc/barbican/barbican-api-paste.ini
++buffer-size = %BARBICAN_MAX_PACKET_SIZE%
+-- 
+1.9.0
+
diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
index 2b3f35a..8bf0de1 100644
--- a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
+++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
@@ -16,7 +16,7 @@ PIDFILE="/var/run/barbican/barbican-$SUFFIX.pid"
 CONFIG_DIR="/etc/barbican"
 LOG_DIR="/var/log/barbican"
 UWSGI="/usr/bin/uwsgi"
-EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log"
+EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log -b %BARBICAN_MAX_PACKET_SIZE%"
 
 if [ ! -d /var/run/barbican ]; then
 	mkdir -p /var/run/barbican
diff --git a/meta-openstack/recipes-devtools/python/python-barbican_git.bb b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
index 765bd0f..713813f 100644
--- a/meta-openstack/recipes-devtools/python/python-barbican_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
@@ -6,9 +6,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fc8be9e7dffe97390d1216b01fd0be01"
 
 PR = "r0"
 SRCNAME = "barbican"
+BARBICAN_MAX_PACKET_SIZE ?= "65535"
 
 SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \
            file://barbican.init \
+           file://barbican-increase-buffer-size-to-support-PKI-tokens.patch \
           "
 
 SRCREV="177d4499af6b261f48814503e3565f433e86cc66"
@@ -26,11 +28,15 @@ do_install_append() {
 
     install -d ${D}${localstatedir}/lib/barbican
 
+    sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-api.ini
+    sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-admin.ini
+
     if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
         install -d ${D}${sysconfdir}/init.d
 
 	for binary in api; do
 	    sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh
+	    sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${WORKDIR}/barbican-$binary.init.sh
             install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary
 	done
 	rm -f ${D}/usr/bin/barbican.sh
-- 
cgit v1.2.3-54-g00ecf