From 42c455a4e8b8c840b33fcd1c2448f773b154c8e0 Mon Sep 17 00:00:00 2001
From: ricolin <rlin@vexxhost.com>
Date: Wed, 17 Apr 2024 11:51:56 +0800
Subject: [PATCH] Sync Babrican uWSGI config to other services.

Change-Id: Ie905eb428e7efa4cf2339261b383f4d855a9f571
---
 barbican/Chart.yaml                     |  2 +-
 barbican/templates/bin/_barbican.sh.tpl |  2 +-
 barbican/templates/configmap-etc.yaml   | 12 +++++-------
 barbican/templates/deployment-api.yaml  |  4 ++--
 barbican/values.yaml                    | 25 +++++++++++++++----------
 releasenotes/notes/barbican.yaml        |  1 +
 6 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml
index 84cd84df49..7f03f55fce 100644
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.3.12
+version: 0.3.13
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
diff --git a/barbican/templates/bin/_barbican.sh.tpl b/barbican/templates/bin/_barbican.sh.tpl
index 1ac7911e50..21612f7917 100644
--- a/barbican/templates/bin/_barbican.sh.tpl
+++ b/barbican/templates/bin/_barbican.sh.tpl
@@ -18,7 +18,7 @@ set -ex
 COMMAND="${@:-start}"
 
 function start () {
-  exec uwsgi --die-on-term --master --emperor /etc/barbican/vassals
+  exec uwsgi --ini /etc/barbican/barbican-api-uwsgi.ini
 }
 
 function stop () {
diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml
index d9323e08f8..d2bff2c014 100644
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@@ -67,12 +67,10 @@ limitations under the License.
 {{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}}
 {{- end -}}
 
-{{- if empty .Values.conf.barbican.barbican_api.bind_port -}}
-{{- $_ := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.barbican.barbican_api "bind_port" -}}
-{{- end -}}
-
-{{- if empty .Values.conf.barbican_api.uwsgi.socket -}}
-{{- $_ := printf ":%s" ( tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" ) | set .Values.conf.barbican_api.uwsgi "socket" -}}
+{{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}}
 {{- end -}}
 
 {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
@@ -99,6 +97,6 @@ data:
   barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
   api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
   policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
-  barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
+  barbican-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api_uwsgi | b64enc }}
   old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }}
 {{- end }}
diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
index d777f42fd0..8ae9ea426a 100644
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@@ -90,8 +90,8 @@ spec:
             - name: etcbarbican
               mountPath: /etc/barbican
             - name: barbican-etc
-              mountPath: /etc/barbican/vassals/barbican-api.ini
-              subPath: barbican-api.ini
+              mountPath: /etc/barbican/barbican-api-uwsgi.ini
+              subPath: barbican-api-uwsgi.ini
               readOnly: true
             - name: barbican-etc
               mountPath: /etc/barbican/barbican.conf
diff --git a/barbican/values.yaml b/barbican/values.yaml
index ed7bb06a30..c5c8495f34 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -356,18 +356,23 @@ conf:
     service_endpoints:
       # map endpoint type defined in service catalog to CADF typeURI
       key-manager: service/security/keymanager
-  barbican_api:
+  barbican_api_uwsgi:
     uwsgi:
-      socket: null
-      protocol: http
-      processes: 1
-      lazy: true
-      vacuum: true
-      no-default-app: true
-      memory-report: true
-      plugins: python
-      paste: "config:/etc/barbican/barbican-api-paste.ini"
       add-header: "Connection: close"
+      buffer-size: 65535
+      die-on-term: true
+      enable-threads: true
+      exit-on-reload: false
+      hook-master-start: unix_signal:15 gracefully_kill_them_all
+      lazy-apps: true
+      log-x-forwarded-for: true
+      master: true
+      procname-prefix-spaced: "barbiacan-api:"
+      route-user-agent: '^kube-probe.* donotlog:'
+      thunder-lock: true
+      worker-reload-mercy: 80
+      wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api
+      processes: 1
   barbican:
     DEFAULT:
       transport_url: null
diff --git a/releasenotes/notes/barbican.yaml b/releasenotes/notes/barbican.yaml
index cd60c3d8eb..1975353c50 100644
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@@ -36,4 +36,5 @@ barbican:
   - 0.3.10 Add 2024.1 overrides
   - 0.3.11 Enable custom annotations for Openstack secrets
   - 0.3.12 Update images used by default
+  - 0.3.13 Sync uWSGI config to other services
 ...