Sync Babrican uWSGI config to other services.

Change-Id: Ie905eb428e7efa4cf2339261b383f4d855a9f571
2024-04-17 11:51:56 +08:00 · 2024-04-17 11:51:56 +08:00 · 42c455a4e8
parent 0516fb92c1
commit 42c455a4e8
6 changed files with 25 additions and 21 deletions
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.3.12
+version: 0.3.13
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
--- a/barbican/templates/bin/_barbican.sh.tpl
+++ b/barbican/templates/bin/_barbican.sh.tpl
@ -18,7 +18,7 @@ set -ex
 COMMAND="${@:-start}"

 function start () {
-  exec uwsgi --die-on-term --master --emperor /etc/barbican/vassals
+  exec uwsgi --ini /etc/barbican/barbican-api-uwsgi.ini
 }

 function stop () {
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@ -67,12 +67,10 @@ limitations under the License.
 {{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.barbican_api.bind_port -}}
-{{- $_ := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.barbican.barbican_api "bind_port" -}}
-{{- end -}}
-
-{{- if empty .Values.conf.barbican_api.uwsgi.socket -}}
-{{- $_ := printf ":%s" ( tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" ) | set .Values.conf.barbican_api.uwsgi "socket" -}}
+{{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}}
 {{- end -}}

 {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
@ -99,6 +97,6 @@ data:
  barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
-  barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
+  barbican-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api_uwsgi | b64enc }}
  old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }}
 {{- end }}
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@ -90,8 +90,8 @@ spec:
            - name: etcbarbican
              mountPath: /etc/barbican
            - name: barbican-etc
-              mountPath: /etc/barbican/vassals/barbican-api.ini
-              subPath: barbican-api.ini
+              mountPath: /etc/barbican/barbican-api-uwsgi.ini
+              subPath: barbican-api-uwsgi.ini
              readOnly: true
            - name: barbican-etc
              mountPath: /etc/barbican/barbican.conf
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -356,18 +356,23 @@ conf:
    service_endpoints:
      # map endpoint type defined in service catalog to CADF typeURI
      key-manager: service/security/keymanager
-  barbican_api:
+  barbican_api_uwsgi:
    uwsgi:
-      socket: null
-      protocol: http
-      processes: 1
-      lazy: true
-      vacuum: true
-      no-default-app: true
-      memory-report: true
-      plugins: python
-      paste: "config:/etc/barbican/barbican-api-paste.ini"
      add-header: "Connection: close"
+      buffer-size: 65535
+      die-on-term: true
+      enable-threads: true
+      exit-on-reload: false
+      hook-master-start: unix_signal:15 gracefully_kill_them_all
+      lazy-apps: true
+      log-x-forwarded-for: true
+      master: true
+      procname-prefix-spaced: "barbiacan-api:"
+      route-user-agent: '^kube-probe.* donotlog:'
+      thunder-lock: true
+      worker-reload-mercy: 80
+      wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api
+      processes: 1
  barbican:
    DEFAULT:
      transport_url: null
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@ -36,4 +36,5 @@ barbican:
  - 0.3.10 Add 2024.1 overrides
  - 0.3.11 Enable custom annotations for Openstack secrets
  - 0.3.12 Update images used by default
+  - 0.3.13 Sync uWSGI config to other services
 ...