openstack/openstack-helm
Code Issues Proposed changes

Sync Babrican uWSGI config to other services.

Browse Source 
Change-Id: Ie905eb428e7efa4cf2339261b383f4d855a9f571
This commit is contained in:
ricolin 2024-04-17 11:51:56 +08:00
parent 0516fb92c1
commit 42c455a4e8
6 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
barbican/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Barbican description: OpenStack-Helm Barbican
name: barbican name: barbican
version: 0.3.12 version: 0.3.13
home: https://docs.openstack.org/barbican/latest/ home: https://docs.openstack.org/barbican/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
sources: sources:

2
barbican/templates/bin/_barbican.sh.tpl
View File

@ -18,7 +18,7 @@ set -ex
COMMAND="${@:-start}" COMMAND="${@:-start}"
function start () { function start () {
exec uwsgi --die-on-term --master --emperor /etc/barbican/vassals exec uwsgi --ini /etc/barbican/barbican-api-uwsgi.ini
} }
function stop () { function stop () {

12
barbican/templates/configmap-etc.yaml
View File

@ -67,12 +67,10 @@ limitations under the License.
{{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}} {{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.barbican_api.bind_port -}} {{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}}
{{- $_ := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.barbican.barbican_api "bind_port" -}} {{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
{{- end -}} {{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
{{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}}
{{- if empty .Values.conf.barbican_api.uwsgi.socket -}}
{{- $_ := printf ":%s" ( tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" ) | set .Values.conf.barbican_api.uwsgi "socket" -}}
{{- end -}} {{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}} {{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
@ -99,6 +97,6 @@ data:
barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }} barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }} policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }} barbican-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api_uwsgi | b64enc }}
old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }} old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }}
{{- end }} {{- end }}

4
barbican/templates/deployment-api.yaml
View File

@ -90,8 +90,8 @@ spec:
- name: etcbarbican - name: etcbarbican
mountPath: /etc/barbican mountPath: /etc/barbican
- name: barbican-etc - name: barbican-etc
mountPath: /etc/barbican/vassals/barbican-api.ini mountPath: /etc/barbican/barbican-api-uwsgi.ini
subPath: barbican-api.ini subPath: barbican-api-uwsgi.ini
readOnly: true readOnly: true
- name: barbican-etc - name: barbican-etc
mountPath: /etc/barbican/barbican.conf mountPath: /etc/barbican/barbican.conf

25
barbican/values.yaml
View File

@ -356,18 +356,23 @@ conf:
service_endpoints: service_endpoints:
# map endpoint type defined in service catalog to CADF typeURI # map endpoint type defined in service catalog to CADF typeURI
key-manager: service/security/keymanager key-manager: service/security/keymanager
barbican_api: barbican_api_uwsgi:
uwsgi: uwsgi:
socket: null
protocol: http
processes: 1
lazy: true
vacuum: true
no-default-app: true
memory-report: true
plugins: python
paste: "config:/etc/barbican/barbican-api-paste.ini"
add-header: "Connection: close" add-header: "Connection: close"
buffer-size: 65535
die-on-term: true
enable-threads: true
exit-on-reload: false
hook-master-start: unix_signal:15 gracefully_kill_them_all
lazy-apps: true
log-x-forwarded-for: true
master: true
procname-prefix-spaced: "barbiacan-api:"
route-user-agent: '^kube-probe.* donotlog:'
thunder-lock: true
worker-reload-mercy: 80
wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api
processes: 1
barbican: barbican:
DEFAULT: DEFAULT:
transport_url: null transport_url: null

1
releasenotes/notes/barbican.yaml
View File

@ -36,4 +36,5 @@ barbican:
- 0.3.10 Add 2024.1 overrides - 0.3.10 Add 2024.1 overrides
- 0.3.11 Enable custom annotations for Openstack secrets - 0.3.11 Enable custom annotations for Openstack secrets
- 0.3.12 Update images used by default - 0.3.12 Update images used by default
- 0.3.13 Sync uWSGI config to other services
... ...