barbican: increase uwsgi buffer-size to work with keystone

uWSGI defaults to a maximum packet size of 4096 bytes. This is too small to support working with PKI tokens that are now default in Keystone. The size of the packets within Barbican are dependent on both the size of the Keystone token and the size of the secret to be stored & retrieved. Increasing the buffer size to the maximum allowed by uWSGI allows Barbican to support the largest possible secrets. Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
author: Keith Holman <Keith.Holman@windriver.com> 2014-05-22 13:34:28 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-05-23 23:39:38 -0400
commit: 6350b155270f7f086624db36ecc6e6008ebcd378 (patch)
tree: 1be9f4036c0d32962c9cba3a87cc4d3a6b0b7e8f
parent: 601fb3a5c7c77ae940720830ee21a177f8fc322e (diff)
download: meta-cloud-services-6350b155270f7f086624db36ecc6e6008ebcd378.tar.gz
3 files changed, 45 insertions, 1 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch
new file mode 100644
index 0000000..b0e87de
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch
@@ -0,0 +1,38 @@
+From 8b78d792ca7f7ba4e105225c3917c0a467a2fadb Mon Sep 17 00:00:00 2001
+From: Keith Holman <Keith.Holman@windriver.com>
+Date: Thu, 22 May 2014 12:08:13 -0400
+Subject: [PATCH] barbican: increase buffer-size to support PKI tokens
+With Keystone using larger PKI tokens (versus the previous UUID
+tokens) causes Barbican to fail when using authentication, as
+the generated packets are too large.  Increasing the maximum
+buffer size uWSGI uses fixes this problem.  This fix allows the
+packet sized to be specified in the build recipe file.
+Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
+---
+ etc/barbican/vassals/barbican-admin.ini | 1 +
+ etc/barbican/vassals/barbican-api.ini   | 1 +
+ 2 files changed, 2 insertions(+)
+diff --git a/etc/barbican/vassals/barbican-admin.ini b/etc/barbican/vassals/barbican-admin.ini
+index e270b13..3b58430 100644
+--- a/etc/barbican/vassals/barbican-admin.ini
+++ b/etc/barbican/vassals/barbican-admin.ini
+@@ -8,3 +8,4 @@ no-default-app = true
+ memory-report = true
+ plugins = python
+ paste = config:/etc/barbican/barbican-admin-paste.ini
+buffer-size = %BARBICAN_MAX_PACKET_SIZE%
+diff --git a/etc/barbican/vassals/barbican-api.ini b/etc/barbican/vassals/barbican-api.ini
+index 8f6f504..82de732 100644
+--- a/etc/barbican/vassals/barbican-api.ini
+++ b/etc/barbican/vassals/barbican-api.ini
+@@ -8,3 +8,4 @@ no-default-app = true
+ memory-report = true
+ plugins = python
+ paste = config:/etc/barbican/barbican-api-paste.ini
+buffer-size = %BARBICAN_MAX_PACKET_SIZE%
+-- 
+1.9.0
diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
index 2b3f35a..8bf0de1 100644
--- a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
+++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
@@ -16,7 +16,7 @@ PIDFILE="/var/run/barbican/barbican-$SUFFIX.pid"
 CONFIG_DIR="/etc/barbican"
 LOG_DIR="/var/log/barbican"
 UWSGI="/usr/bin/uwsgi"
-EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log"
+EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log -b %BARBICAN_MAX_PACKET_SIZE%"
 if [ ! -d /var/run/barbican ]; then
        mkdir -p /var/run/barbican
diff --git a/meta-openstack/recipes-devtools/python/python-barbican_git.bb b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
index bc12fcd..eb4b44e 100644
--- a/meta-openstack/recipes-devtools/python/python-barbican_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
@@ -6,9 +6,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fc8be9e7dffe97390d1216b01fd0be01"
 PR = "r0"
 SRCNAME = "barbican"
+BARBICAN_MAX_PACKET_SIZE ?= "65535"
 SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \
           file://barbican.init \
+           file://barbican-increase-buffer-size-to-support-PKI-tokens.patch \
          "
 SRCREV="177d4499af6b261f48814503e3565f433e86cc66"
@@ -26,11 +28,15 @@ do_install_append() {
    install -d ${D}${localstatedir}/lib/barbican
+    sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-api.ini
+    sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-admin.ini
    if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
        install -d ${D}${sysconfdir}/init.d
        for binary in api; do
            sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh
+            sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${WORKDIR}/barbican-$binary.init.sh
            install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary
        done
        rm -f ${D}/usr/bin/barbican.sh
author	Keith Holman <Keith.Holman@windriver.com>	2014-05-22 13:34:28 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-05-23 23:39:38 -0400
commit	6350b155270f7f086624db36ecc6e6008ebcd378 (patch)
tree	1be9f4036c0d32962c9cba3a87cc4d3a6b0b7e8f
parent	601fb3a5c7c77ae940720830ee21a177f8fc322e (diff)
download	meta-cloud-services-6350b155270f7f086624db36ecc6e6008ebcd378.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch new file mode 100644 index 0000000..b0e87de --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican-increase-buffer-size-to-support-PKI-tokens.patch
@@ -0,0 +1,38 @@
		1	From 8b78d792ca7f7ba4e105225c3917c0a467a2fadb Mon Sep 17 00:00:00 2001
		2	From: Keith Holman <Keith.Holman@windriver.com>
		3	Date: Thu, 22 May 2014 12:08:13 -0400
		4	Subject: [PATCH] barbican: increase buffer-size to support PKI tokens
		5
		6	With Keystone using larger PKI tokens (versus the previous UUID
		7	tokens) causes Barbican to fail when using authentication, as
		8	the generated packets are too large. Increasing the maximum
		9	buffer size uWSGI uses fixes this problem. This fix allows the
		10	packet sized to be specified in the build recipe file.
		11
		12	Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
		13	---
		14	etc/barbican/vassals/barbican-admin.ini \| 1 +
		15	etc/barbican/vassals/barbican-api.ini \| 1 +
		16	2 files changed, 2 insertions(+)
		17
		18	diff --git a/etc/barbican/vassals/barbican-admin.ini b/etc/barbican/vassals/barbican-admin.ini
		19	index e270b13..3b58430 100644
		20	--- a/etc/barbican/vassals/barbican-admin.ini
		21	+++ b/etc/barbican/vassals/barbican-admin.ini
		22	@@ -8,3 +8,4 @@ no-default-app = true
		23	memory-report = true
		24	plugins = python
		25	paste = config:/etc/barbican/barbican-admin-paste.ini
		26	+buffer-size = %BARBICAN_MAX_PACKET_SIZE%
		27	diff --git a/etc/barbican/vassals/barbican-api.ini b/etc/barbican/vassals/barbican-api.ini
		28	index 8f6f504..82de732 100644
		29	--- a/etc/barbican/vassals/barbican-api.ini
		30	+++ b/etc/barbican/vassals/barbican-api.ini
		31	@@ -8,3 +8,4 @@ no-default-app = true
		32	memory-report = true
		33	plugins = python
		34	paste = config:/etc/barbican/barbican-api-paste.ini
		35	+buffer-size = %BARBICAN_MAX_PACKET_SIZE%
		36	--
		37	1.9.0
		38


diff --git a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init index 2b3f35a..8bf0de1 100644 --- a/meta-openstack/recipes-devtools/python/python-barbican/barbican.init +++ b/meta-openstack/recipes-devtools/python/python-barbican/barbican.init
@@ -16,7 +16,7 @@ PIDFILE="/var/run/barbican/barbican-$SUFFIX.pid"
16	CONFIG_DIR="/etc/barbican"	16	CONFIG_DIR="/etc/barbican"
17	LOG_DIR="/var/log/barbican"	17	LOG_DIR="/var/log/barbican"
18	UWSGI="/usr/bin/uwsgi"	18	UWSGI="/usr/bin/uwsgi"
19	EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log"	19	EXEC="--master --emperor $CONFIG_DIR/vassals --logto $LOG_DIR/barbican.log -b %BARBICAN_MAX_PACKET_SIZE%"
20		20
21	if [ ! -d /var/run/barbican ]; then	21	if [ ! -d /var/run/barbican ]; then
22	mkdir -p /var/run/barbican	22	mkdir -p /var/run/barbican


diff --git a/meta-openstack/recipes-devtools/python/python-barbican_git.bb b/meta-openstack/recipes-devtools/python/python-barbican_git.bb index bc12fcd..eb4b44e 100644 --- a/meta-openstack/recipes-devtools/python/python-barbican_git.bb +++ b/meta-openstack/recipes-devtools/python/python-barbican_git.bb
@@ -6,9 +6,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=fc8be9e7dffe97390d1216b01fd0be01"
6		6
7	PR = "r0"	7	PR = "r0"
8	SRCNAME = "barbican"	8	SRCNAME = "barbican"
		9	BARBICAN_MAX_PACKET_SIZE ?= "65535"
9		10
10	SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \	11	SRC_URI = "git://github.com/stackforge/barbican.git;branch=master \
11	file://barbican.init \	12	file://barbican.init \
		13	file://barbican-increase-buffer-size-to-support-PKI-tokens.patch \
12	"	14	"
13		15
14	SRCREV="177d4499af6b261f48814503e3565f433e86cc66"	16	SRCREV="177d4499af6b261f48814503e3565f433e86cc66"
@@ -26,11 +28,15 @@ do_install_append() {
26		28
27	install -d ${D}${localstatedir}/lib/barbican	29	install -d ${D}${localstatedir}/lib/barbican
28		30
		31	sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-api.ini
		32	sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${BARBICAN_CONF_DIR}/vassals/barbican-admin.ini
		33
29	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then	34	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
30	install -d ${D}${sysconfdir}/init.d	35	install -d ${D}${sysconfdir}/init.d
31		36
32	for binary in api; do	37	for binary in api; do
33	sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh	38	sed "s:@suffix@:$binary:" < ${WORKDIR}/barbican.init >${WORKDIR}/barbican-$binary.init.sh
		39	sed -e "s:%BARBICAN_MAX_PACKET_SIZE%:${BARBICAN_MAX_PACKET_SIZE}:g" -i ${WORKDIR}/barbican-$binary.init.sh
34	install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary	40	install -m 0755 ${WORKDIR}/barbican-$binary.init.sh ${D}${sysconfdir}/init.d/barbican-$binary
35	done	41	done
36	rm -f ${D}/usr/bin/barbican.sh	42	rm -f ${D}/usr/bin/barbican.sh