Merge "Add devstack gate for vault"

This commit is contained in:
Zuul 2018-06-07 01:00:27 +00:00 committed by Gerrit Code Review
commit 4c057e35eb
3 changed files with 61 additions and 0 deletions

View File

@ -61,6 +61,14 @@
services: barbican-dogtag,tempest,rabbit,mysql,key
plugin: dogtag
- job:
name: barbican-vault-devstack-functional
parent: barbican-devstack-functional-base
voting: false
vars:
services: barbican-vault,tempest,rabbit,mysql,key
plugin: vault
- job:
name: barbican-kmip-devstack-functional
parent: barbican-devstack-functional-base
@ -188,3 +196,4 @@
experimental:
jobs:
- barbican-simple-crypto-devstack-tempest-py35
- barbican-vault-devstack-functional

View File

@ -570,5 +570,49 @@ function install_dogtag_components {
}
# Vault functions
# ----------------
function install_vault {
wget https://releases.hashicorp.com/vault/0.10.1/vault_0.10.1_linux_amd64.zip
unzip vault_0.10.1_linux_amd64.zip
sudo mv vault /usr/bin
install_package screen
screen -d -m bash -c "vault server -dev -dev-listen-address=${HOST_IP}:8200 2>&1 >vault.log"
# get the root_token_id, use tempfile for counter
TOKEN_ID_FILE="vault_root_token_id"
touch $TOKEN_ID_FILE
COUNTER=0
while [ ! -s $TOKEN_ID_FILE ] && [ "$COUNTER" -lt "20" ]
do
sleep 2
awk '/Root Token:/ {print $3}' vault.log > $TOKEN_ID_FILE
COUNTER=$[COUNTER + 1]
done
if [ ! -s $TOKEN_ID_FILE ]; then
echo "Wah! Need to throw an error code here!"
fi
#debug code follows:
export VAULT_ADDR="http://${HOST_IP}:8200"
vault status
vault kv put secret/hello foo=world
vault kv get secret/hello
vault kv delete secret/hello
}
function configure_vault_plugin {
root_token_id=`cat vault_root_token_id`
iniset $BARBICAN_CONF secretstore enabled_secretstore_plugins vault_plugin
iniset $BARBICAN_CONF vault_plugin root_token_id $root_token_id
iniset $BARBICAN_CONF vault_plugin vault_url "http://${HOST_IP}:8200"
iniset $BARBICAN_CONF vault_plugin use_ssl "false"
}
# Restore xtrace
$XTRACE

View File

@ -23,6 +23,10 @@ if is_service_enabled barbican; then
echo_summary "Installing Dogtag"
install_dogtag_components
fi
if is_service_enabled barbican-vault; then
echo_summary "Installing Vault"
install_vault
fi
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
echo_summary "Configuring Barbican"
configure_barbican
@ -34,6 +38,10 @@ if is_service_enabled barbican; then
echo_summary "Configuring Dogtag plugin"
configure_dogtag_plugin
fi
if is_service_enabled barbican-vault; then
echo_summary "Configuring Vault plugin"
configure_vault_plugin
fi
configure_barbicanclient
# Configure Cinder, Nova and Glance to use Barbican