From 3c7ef7a45b0ff1af91ab9d51272aeae5e35aa5c5 Mon Sep 17 00:00:00 2001
From: Venkat Sundaram <tsv@hp.com>
Date: Sun, 26 Oct 2014 17:37:37 -0600
Subject: [PATCH] Containerizing barbican service

Adding Dockerfile, pod and service. Please note
that this uses the Juno version of Barbican
from tar ball and uses uwsgi to run the service.
Addressed review comments and added admin service
as well.

Fixing Maintainer email and yum clean up

Change-Id: If58c5eec00131582024045f8d213e48f9f466f4d
---
 docker/barbican/Dockerfile               | 41 +++++++++++
 docker/barbican/build                    |  1 +
 docker/barbican/start.sh                 | 86 ++++++++++++++++++++++++
 k8s/pod/barbican-pod.yaml                | 22 ++++++
 k8s/service/barbican-admin-service.yaml  |  7 ++
 k8s/service/barbican-public-service.yaml |  7 ++
 6 files changed, 164 insertions(+)
 create mode 100644 docker/barbican/Dockerfile
 create mode 120000 docker/barbican/build
 create mode 100755 docker/barbican/start.sh
 create mode 100644 k8s/pod/barbican-pod.yaml
 create mode 100644 k8s/service/barbican-admin-service.yaml
 create mode 100644 k8s/service/barbican-public-service.yaml

diff --git a/docker/barbican/Dockerfile b/docker/barbican/Dockerfile
new file mode 100644
index 0000000000..58759fb766
--- /dev/null
+++ b/docker/barbican/Dockerfile
@@ -0,0 +1,41 @@
+FROM kollaglue/fedora-rdo-base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+ADD ./start.sh /start.sh
+
+# Install required packages
+RUN yum install -y gcc Cython sqlite-devel mysql-devel libffi-devel && yum clean all
+
+# use the Barbican Juno version
+# setting this as environment variable also keeps pbr version checking happy
+# TODO: when the Barbican rpm from cloudkeep.io is usable,
+# switch to using that instead
+ENV PBR_VERSION 2014.2
+
+# Get and extract the Barbican tar ball
+RUN curl -o /barbican-$PBR_VERSION.tar.gz https://github.com/openstack/barbican/archive/$PBR_VERSION.tar.gz -L
+RUN tar -xzf barbican-$PBR_VERSION.tar.gz
+
+# Install Barbican requirements
+RUN pip install -r barbican-$PBR_VERSION/requirements.txt
+RUN pip install MySQL-python
+
+# Install Barbican
+RUN cd barbican-$PBR_VERSION ; python setup.py install
+
+# Configure Barbican
+RUN mkdir -p /etc/barbican
+RUN mkdir -p /var/log/barbican
+RUN cp -r /barbican-$PBR_VERSION/etc/barbican/* /etc/barbican
+
+# Instal uwsgi as that is what we will use to run Barbican
+RUN pip install uwsgi
+
+# Cleanup files not required anymore
+RUN rm -rf /barbican-$PBR_VERSION
+RUN rm -rf /barbican-$PBR_VERSION.tar.gz
+
+# Expose the dev and admin ports
+EXPOSE 9311 9312
+
+CMD ["/start.sh"]
diff --git a/docker/barbican/build b/docker/barbican/build
new file mode 120000
index 0000000000..d2accf7d39
--- /dev/null
+++ b/docker/barbican/build
@@ -0,0 +1 @@
+../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/barbican/start.sh b/docker/barbican/start.sh
new file mode 100755
index 0000000000..676374faa0
--- /dev/null
+++ b/docker/barbican/start.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -e
+
+: ${BARBICAN_DB_USER:=barbican}
+: ${BARBICAN_DB_NAME:=barbican}
+: ${KEYSTONE_AUTH_PROTOCOL:=http}
+: ${BARBICAN_KEYSTONE_USER:=barbican}
+: ${ADMIN_TENANT_NAME:=admin}
+
+if ! [ "$KEYSTONE_ADMIN_TOKEN" ]; then
+    echo "*** Missing KEYSTONE_ADMIN_TOKEN" >&2
+        exit 1
+fi
+
+if ! [ "$DB_ROOT_PASSWORD" ]; then
+        echo "*** Missing DB_ROOT_PASSWORD" >&2
+        exit 1
+fi
+
+if ! [ "$BARBICAN_DB_PASSWORD" ]; then
+        BARBICAN_DB_PASSWORD=$(openssl rand -hex 15)
+        export BARBICAN_DB_PASSWORD
+fi
+
+mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
+CREATE DATABASE IF NOT EXISTS ${BARBICAN_DB_NAME};
+GRANT ALL PRIVILEGES ON barbican.* TO
+    '${BARBICAN_DB_USER}'@'%' IDENTIFIED BY '${BARBICAN_DB_PASSWORD}'
+EOF
+
+# config file setup
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    sql_connection \
+    "mysql://${BARBICAN_DB_USER}:${BARBICAN_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${BARBICAN_DB_NAME}"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_dir \
+    "/var/log/barbican/"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_file \
+    "/var/log/barbican/barbican.log"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    pipeline:barbican_api \
+    pipeline \
+    "keystone_authtoken context apiapp"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_host \
+    ${KEYSTONE_ADMIN_SERVICE_HOST}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_port \
+    ${KEYSTONE_ADMIN_SERVICE_PORT}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_protocol \
+    ${KEYSTONE_AUTH_PROTOCOL}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_tenant_name \
+    ${ADMIN_TENANT_NAME}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_user \
+    ${BARBICAN_KEYSTONE_USER}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_password \
+    ${BARBICAN_KEYSTONE_USER}
+
+# create the required keystone entities for barbican
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-create --name ${BARBICAN_KEYSTONE_USER} --pass ${BARBICAN_ADMIN_PASSWORD}
+
+keystone role-get observer > /dev/null 2>&1 || /bin/keystone role-create --name observer
+keystone role-get creator > /dev/null 2>&1 || /bin/keystone role-create --name creator
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-role-add --user ${BARBICAN_KEYSTONE_USER} --role admin --tenant ${ADMIN_TENANT_NAME}
+
+# launch Barbican using uwsgi
+exec uwsgi --master --emperor /etc/barbican/vassals
diff --git a/k8s/pod/barbican-pod.yaml b/k8s/pod/barbican-pod.yaml
new file mode 100644
index 0000000000..1a79adbace
--- /dev/null
+++ b/k8s/pod/barbican-pod.yaml
@@ -0,0 +1,22 @@
+desiredState:
+  manifest:
+    containers:
+    - env:
+      - name: BARBICAN_DB_PASSWORD
+        value: password
+      - name: DB_ROOT_PASSWORD
+        value: password
+      - name: KEYSTONE_ADMIN_TOKEN
+        value: ADMINTOKEN
+      - name: BARBICAN_ADMIN_PASSWORD
+        value: kolla
+      image: kollaglue/fedora-rdo-barbican
+      name: barbican
+      ports:
+      - containerPort: 9311
+      - containerPort: 9312
+    id: barbican
+    version: v1beta1
+id: barbican
+labels:
+  name: barbican
diff --git a/k8s/service/barbican-admin-service.yaml b/k8s/service/barbican-admin-service.yaml
new file mode 100644
index 0000000000..b2a2a88aac
--- /dev/null
+++ b/k8s/service/barbican-admin-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9312
+id: barbican-admin
+kind: Service
+port: 9312
+selector:
+  name: barbican
diff --git a/k8s/service/barbican-public-service.yaml b/k8s/service/barbican-public-service.yaml
new file mode 100644
index 0000000000..c555dde3af
--- /dev/null
+++ b/k8s/service/barbican-public-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9311
+id: barbican-public
+kind: Service
+port: 9311
+selector:
+  name: barbican