Skip to content

Commit dadff60

Browse files
hertrstehertrste
committed
controller: basic barbican controller setup
Creates databases and openstack endpoints. Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> On-behalf-of: SAP stefan.kober@sap.com
1 parent 41ab8da commit dadff60

3 files changed

Lines changed: 39 additions & 0 deletions

File tree

modules/controller/keystone.nix

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,12 @@ let
4040
catalog.RegionOne.placement.internalURL = http://controller:8778
4141
catalog.RegionOne.placement.name = Placement Service
4242
43+
# barbican
44+
catalog.RegionOne.key-manager.publicURL = http://controller:9311
45+
catalog.RegionOne.key-manager.adminURL = http://controller:9311
46+
catalog.RegionOne.key-manager.internalURL = http://controller:9311
47+
catalog.RegionOne.key-manager.name = Barbican Service
48+
4349
catalog.RegionOne.volumev3.publicURL = http://controller:8776/v3
4450
catalog.RegionOne.volumev3.adminURL = http://controller:8776/v3
4551
catalog.RegionOne.volumev3.internalURL = http://controller:8776/v3

modules/controller/openstack-controller.nix

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
placement,
77
horizon,
88
cinder,
9+
barbican,
910
}:
1011
{
1112
config,
@@ -34,6 +35,7 @@ in
3435
(import ./neutron.nix { inherit neutron; })
3536
(import ./horizon.nix { inherit horizon; })
3637
(import ./cinder.nix { inherit cinder; }) # only cinder management component
38+
(import ./barbican.nix { inherit barbican; }) # only cinder management component
3739
];
3840

3941
config = {
@@ -68,6 +70,12 @@ in
6870
mysql -N -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
6971
mysql -N -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
7072
73+
# barbican
74+
mysql -N -e "drop database barbican;" || true
75+
mysql -N -e "create database barbican;" || true
76+
mysql -N -e "GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'barbican';"
77+
mysql -N -e "GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'barbican';"
78+
7179
# Placement
7280
mysql -N -e "drop database placement;" || true
7381
mysql -N -e "create database placement;" || true
@@ -154,6 +162,30 @@ in
154162
};
155163
};
156164

165+
systemd.services.barbican = {
166+
description = "OpenStack barbican setup";
167+
after = [ "keystone-all.service" ];
168+
wantedBy = [ "multi-user.target" ];
169+
environment = adminEnv;
170+
path = [
171+
pkgs.openstackclient
172+
barbican
173+
];
174+
serviceConfig = {
175+
Type = "oneshot";
176+
User = "barbican";
177+
Group = "barbican";
178+
ExecStart = pkgs.writeShellScript "barbican.sh" ''
179+
set -euxo pipefail
180+
openstack user create --domain default --password barbican barbican
181+
openstack role add --project service --user barbican admin
182+
openstack role add --user barbican --user-domain default --system all reader
183+
barbican-manage --config-file ${config.barbican.config} db upgrade
184+
barbican-manage --config-file ${config.barbican.config} db sync_secret_stores
185+
'';
186+
};
187+
};
188+
157189
systemd.services.cinder = {
158190
description = "OpenStack Cinder setup";
159191
after = [ "keystone-all.service" ];

modules/default.nix

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
glance
99
horizon
1010
cinder
11+
barbican
1112
;
1213
placement = openstackPkgs.openstack-placement;
1314
};

0 commit comments

Comments
 (0)