From 3c6df48cbc28322559be89ce68e33de6d9263810 Mon Sep 17 00:00:00 2001 From: Kaitlin Farr Date: Tue, 8 Aug 2017 22:38:38 +0000 Subject: [PATCH] Revert "Use devstack functions for deploying barbican-svc" Castellan unintentionally can't handle a barbican URL that has a path in addition to the hostname, such as http://ip-address/key-manager, unless it is followed by a forward slash (http://ip-address/key-manager/ ). We should either revert this change before rc1 or merge https://review.openstack.org/#/c/491942/, make a new release of Castellan, and beg for a change in upper-constraints for castellan to handle the new release. This reverts commit 508a34e23c05013a7ba1f33120c78e0da5cc8f28. Change-Id: Iceb3a5fa890d64468cd6e7f5dec297d11a274d20 --- devstack/lib/barbican | 8 ++++---- devstack/settings | 6 +----- functionaltests/api/v1/functional/test_secretmeta.py | 4 ++-- functionaltests/common/client.py | 2 -- functionaltests/run_tests.sh | 2 +- functionaltests/run_tests_parallel.sh | 2 +- 6 files changed, 9 insertions(+), 15 deletions(-) diff --git a/devstack/lib/barbican b/devstack/lib/barbican index 50259f667..7dba9e3a7 100644 --- a/devstack/lib/barbican +++ b/devstack/lib/barbican @@ -144,7 +144,7 @@ function configure_barbican { else echo_summary "Barbican requires that the RabbitMQ service is enabled" fi - write_uwsgi_config "$BARBICAN_UWSGI_CONF" "$BARBICAN_WSGI" "/key-manager" + ## Set up keystone # Turn on the middleware @@ -186,7 +186,7 @@ function install_barbicanclient { # start_barbican - Start running processes, including screen function start_barbican { # Start the Barbican service up. - run_process barbican-svc "$BARBICAN_BIN_DIR/uwsgi --ini $BARBICAN_UWSGI_CONF" + run_process barbican-svc "$BARBICAN_BIN_DIR/uwsgi --master --emperor $BARBICAN_CONF_DIR/vassals" # Pause while the barbican-svc populates the database, otherwise the retry # service below might try to do this at the same time, leading to race @@ -363,12 +363,12 @@ function create_barbican_accounts { --os-identity-api-version 3 \ --region RegionOne \ $BARBICAN_SERVICE \ - public "http://$SERVICE_HOST/key-manager" + public "http://$SERVICE_HOST:9311" openstack endpoint create \ --os-identity-api-version 3 \ --region RegionOne \ $BARBICAN_SERVICE \ - internal "http://$SERVICE_HOST/key-manager" + internal "http://$SERVICE_HOST:9311" } diff --git a/devstack/settings b/devstack/settings index 3d854e461..bd93c875f 100644 --- a/devstack/settings +++ b/devstack/settings @@ -17,10 +17,6 @@ PYKMIP_LOG_DIR=${PYKMIP_LOG_DIR:-/var/log/pykmip} # Support potential entry-points console scripts BARBICAN_BIN_DIR=$(get_python_exec_prefix) -# WSGI variables -BARBICAN_WSGI=$BARBICAN_BIN_DIR/barbican-wsgi-api -BARBICAN_UWSGI_CONF=$BARBICAN_CONF_DIR/barbican-uwsgi.ini - # Set Barbican repository BARBICAN_REPO=${BARBICAN_REPO:-${GIT_BASE}/openstack/barbican.git} BARBICAN_BRANCH=${BARBICAN_BRANCH:-master} @@ -30,7 +26,7 @@ BARBICANCLIENT_REPO=${BARBICANCLIENT_REPO:-${GIT_BASE}/openstack/python-barbican BARBICANCLIENT_BRANCH=${BARBICANCLIENT_BRANCH:-master} # Set host href -BARBICAN_HOST_HREF=${BARBICAN_HOST_HREF:-http://${SERVICE_HOST}/key-manager} +BARBICAN_HOST_HREF=${BARBICAN_HOST_HREF:-http://${SERVICE_HOST}:9311} # Tell Tempest this project is present TEMPEST_SERVICES+=,barbican diff --git a/functionaltests/api/v1/functional/test_secretmeta.py b/functionaltests/api/v1/functional/test_secretmeta.py index c0e670218..827a47c0a 100644 --- a/functionaltests/api/v1/functional/test_secretmeta.py +++ b/functionaltests/api/v1/functional/test_secretmeta.py @@ -82,7 +82,7 @@ class SecretMetadataTestCase(base.TestCase): @testcase.attr('negative') def test_secret_metadata_create_no_secret(self): - secret_ref = ('http://localhost/key-manager/secrets/%s' % + secret_ref = ('http://localhost:9311/secrets/%s' % uuidutils.generate_uuid(dashed=False)) meta_resp, metadata_ref = self.behaviors.create_or_update_metadata( @@ -111,7 +111,7 @@ class SecretMetadataTestCase(base.TestCase): @testcase.attr('negative') def test_secret_metadata_get_no_secret(self): - secret_ref = ('http://localhost/key-manager/secrets/%s' % + secret_ref = ('http://localhost:9311/secrets/%s' % uuidutils.generate_uuid(dashed=False)) get_resp = self.behaviors.get_metadata(secret_ref) diff --git a/functionaltests/common/client.py b/functionaltests/common/client.py index e4354734c..9235055d9 100644 --- a/functionaltests/common/client.py +++ b/functionaltests/common/client.py @@ -199,8 +199,6 @@ class BarbicanClient(object): base_url = endpoint['key-manager'][0].get('publicURL') else: base_url = endpoint['key-manager'][0].get('url') - # Handle urls that aren't just an address - base_url = self._get_url_w_trailing_slash(base_url) # Make sure we handle the edge cases around Keystone providing # endpoints with or without versions diff --git a/functionaltests/run_tests.sh b/functionaltests/run_tests.sh index 4baf923ff..d0cc10103 100755 --- a/functionaltests/run_tests.sh +++ b/functionaltests/run_tests.sh @@ -15,7 +15,7 @@ # How many seconds to wait for the API to be responding before giving up API_RESPONDING_TIMEOUT=20 -if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1/key-manager 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then +if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1:9311/ 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds" exit 1 fi diff --git a/functionaltests/run_tests_parallel.sh b/functionaltests/run_tests_parallel.sh index 2c39053c5..551c68461 100644 --- a/functionaltests/run_tests_parallel.sh +++ b/functionaltests/run_tests_parallel.sh @@ -15,7 +15,7 @@ # How many seconds to wait for the API to be responding before giving up API_RESPONDING_TIMEOUT=20 -if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1/key-manager 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then +if ! timeout ${API_RESPONDING_TIMEOUT} sh -c "while ! curl -s http://127.0.0.1:9311/ 2>/dev/null | grep -q 'v1' ; do sleep 1; done"; then echo "The Barbican API failed to respond within ${API_RESPONDING_TIMEOUT} seconds" exit 1 fi