[openstack-dev] Barbican : Dependency of pyenv configuration in Barbican.sh script

Asha Seshagiri asha.seshagiri at gmail.com
Thu Apr 23 22:46:34 UTC 2015


Thanks a lot Douglas for your response.
Explanation is great ! I appreciate for your time and efforts.

But Accept header is not required for posting the secret but is required
while geting the secret as per [1]
Accept header was  mentioned while retrieving the secret .

The same curl command works when we standup the barbican instance using
barbican.sh script

Please find the curl command and response below when barbican.sh script is
used to stand up an instance of barbican :

For Storing the secret :

[root at barbican-keystone2 ~]#  curl -X POST -H
'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload":
"my-secret-here", "payload_content_type": "text/plain"}'
http://localhost:9311/v1/secrets
{"secret_ref": "
http://localhost:9311/v1/secrets/cf1e41ba-a50e-4fda-87aa-05d967e23559
"}[root at barbican-keystone2 ~]#

For Retrieving the secret :

[root at barbican-keystone2 ~]# curl -H 'Accept: application/json' -H
'X-Project-Id:12345' http://localhost:9311/v1/secrets
{"secrets": [{"status": "ACTIVE", "secret_type": "opaque", "updated":
"2015-04-23T19:53:56.766523", "name": null, "algorithm": null, "created":
"2015-04-23T19:53:56.759230", "secret_ref": "
http://localhost:9311/v1/secrets/8e373140-8388-4d44-a4ee-4093b9c5f477",
"content_types": {"default": "text/plain"}, "creator_id": null, "mode":
null, "bit_length": null, "expiration": null}, {"status": "ACTIVE",
"secret_type": "opaque", "updated": "2015-04-23T22:34:53.642004", "name":
null, "algorithm": null, "created": "2015-04-23T22:34:53.635745",
"secret_ref": "
http://localhost:9311/v1/secrets/cf1e41ba-a50e-4fda-87aa-05d967e23559",
"content_types": {"default": "text/plain"}, "creator_id": null, "mode":
null, "bit_length": null, "expiration": null}], "total":
2}[root at barbican-keystone2 ~]#

[1] :https://github.com/cloudkeep/barbican/wiki/Barbican-Quick-Start-Guide

It would be great if you could please elaborate the syntax.
Looking forward for your response.

Thanks and Regards,
Asha Seshagiri

On Thu, Apr 23, 2015 at 4:42 PM, Douglas Mendizabal <
douglas.mendizabal at rackspace.com> wrote:

>  Hi Asha,
>
>  I hope I can clear up some of your confusion about the Barbican server.
> Barbican is a standard WSGI application. [1]  The WSGI application object
> is created by the create_main_app function in barbican.api.app [2].  WSGI
> should not be confused with uWSGI [3], which is a web server that can serve
> WSGI applications.
>
>  There are many ways to deploy a WSGI application.  You could use apache
> with mod_wsgi [4],  or you could use gunicorn [5], or you could use
> paste.httpserver [6] as the barbican-api script does, or you could use
> uWSGI as the barbican.sh script does.  Whatever your choice of web server
> will not affect how Barbican works.
>
>  The barbican-api script that runs Barbican using paste.httpserver is a
> very lightweight script to get Barbican running quickly in development
> environments without any additional requirements.  The barbican.sh script
> is a very opinionated script for setting up a development environment.
> Note that uwsgi and pyenv are not required by Barbican itself, only for the
> barbican.sh script.  Neither script is intended to be used for production
> deployments.
>
>  The Barbican team currently defers all deployment decisions to the
> operator, so you will have to figure out which WSGI host is right for your
> deployment, and create your own deployment scripts.
>
>  The reason you’re seeing 406 errors with your curl commands is because
> you’re not specifying an “Accept” header with your requests.  You should
> retry the curl commands with –H “Accept: application/json” and you should
> see the correct responses.
>
>  Thanks,
> - Douglas Mendizabal
>
>  [1] https://www.python.org/dev/peps/pep-3333/
> [2]
> http://git.openstack.org/cgit/openstack/barbican/tree/barbican/api/app.py#n74
> [3] http://uwsgi-docs.readthedocs.org/en/latest/
> [4] https://code.google.com/p/modwsgi/
> [5] http://gunicorn.org/
> [6] http://pythonpaste.org/modules/httpserver.html
>
>   From: Asha Seshagiri <asha.seshagiri at gmail.com>
> Date: Thursday, April 23, 2015 at 4:17 PM
> To: Adam Harwell <adam.harwell at RACKSPACE.COM>
> Cc: neetu jain <nutshi at gmail.com>, John Wood <john.wood at RACKSPACE.COM>,
> openstack-dev <openstack-dev at lists.openstack.org>, "Reller, Nathan S." <
> Nathan.Reller at jhuapl.edu>, Douglas Mendizábal <
> douglas.mendizabal at rackspace.com>, Paul Kehrer <paul.kehrer at RACKSPACE.COM>,
> Alexis Lee <alexisl at hp.com>
>
> Subject: Re: Barbican : Dependency of pyenv configuration in Barbican.sh
> script
>
>   Hi All ,
>
>  Would need help!
>
> I tried executing the script present in the link
> https://github.com/openstack/barbican/blob/master/bin/barbican-api  to
> start the barbican instance but  the use cases of barbican are failing.
> Please find the details of the investigations :
>
> Usecase for posting and retrieving the secret.
>
> [root at barbican-keystone2 ~]# curl -X POST -H
> 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload":
> "my-secret-here", "payload_content_type": "text/plain"}'
> http://localhost:9311/v1/secrets
> {"code": 406, "description": null, "title": "Not
> Acceptable"}[root at barbican-keystone2 ~]#
>
> [root at barbican-keystone2 ~]# curl -H 'Accept: application/json' -H
> 'X-Project-Id:12345' http://localhost:9311/v1/secrets
> {"code": 406, "description": null, "title": "Not
> Acceptable"}[root at barbican-keystone2 ~]#
> [root at barbican-keystone2 ~]#
>
> [root at barbican-keystone2 ~]#  curl -X POST -H
> 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload":
> "my-secret-here", "payload_content_type": "text/plain"}'
> http://127.0.0.1:9311/v1/secrets
> {"code": 406, "description": null, "title": "Not
> Acceptable"}[root at barbican-keystone2 ~]#
>
> The output of the ps command when the barbican instance is stood up using
> the python script as pointed in the above link
> We do not see the instance of uwsgi in the response:
>
> [root at barbican-keystone2 ~]# ps -ef | grep barbican
> avahi     2920     1  0 Apr22 ?        00:00:00 avahi-daemon: running
> [barbican-keystone2.local]
> root     14743 14554  2 14:54 pts/1    00:00:01 python bin/barbican-api
> root     14781 13975  0 14:55 pts/0    00:00:00 grep --color=auto barbican
>
> The output of the ps command when the barbican instance is stood up using
> the barbican.sh script
> [root at barbican-keystone2 ~]# ps -ef | grep barbican
> avahi     2920     1  0 Apr22 ?        00:00:00 avahi-daemon: running
> [barbican-                 keystone2.local]
> root     14577 14554  0 14:50 pts/1    00:00:00 /bin/bash bin/barbican.sh
> start
>
>
>
>
>
> *root     14582 14577  0 14:50 pts/1    00:00:00 uwsgi --master --emperor
> /etc/barbican/vassals root     14583 14582  0 14:50 pts/1    00:00:00 uwsgi
> --master --emperor /etc/barbican/vassals root     14584 14583  0 14:50
> pts/1    00:00:00 /usr/bin/uwsgi --ini barbican-admin.ini root     14585
> 14583  0 14:50 pts/1    00:00:00 /usr/bin/uwsgi --ini barbican-api.ini
> root     14586 14584 10 14:50 pts/1    00:00:01 /usr/bin/uwsgi --ini
> barbican-admin.ini root     14587 14585 12 14:50 pts/1    00:00:01
> /usr/bin/uwsgi --ini barbican-api.ini*
> root     14601 13975  0 14:50 pts/0    00:00:00 grep --color=auto barbican
>
> The barbican instance needs to be started on top of uswgi server instance
> since uwsgi is the webserver which serves the request for barbican
> services. The script does not start the uwsgi server
>
> Please correct me if I am wrong.
>  Any help would be highly appreciated.
>
> Thanks and Regards,
> Asha Seshagiri
>
> On Thu, Apr 23, 2015 at 11:27 AM, Asha Seshagiri <asha.seshagiri at gmail.com
> > wrote:
>
>> Hi All,
>>
>>  Thanks Adam for your response.
>> I am able to run the barbican-api script without SQLLite installation .I
>> guess SQLLite comes configured with barbican installation .Please correct
>> me if I am wrong.
>>
>>  [root at barbican-keystone2 barbican]# bin/barbican-api
>> 2015-04-23 11:12:31.571 8265 INFO barbican.model.repositories [-] Setting
>> up database engine and session factory
>> 2015-04-23 11:12:31.640 8265 INFO barbican.model.repositories [-]
>> Updating schema to latest version
>> 2015-04-23 11:12:31.640 8265 WARNING barbican.model.migration.commands
>> [-] !!! Limited support for migration commands using sqlite databases; This
>> operation may not succeed.
>> 2015-04-23 11:12:31.643 8265 INFO alembic.migration [-] Context impl
>> SQLiteImpl.
>> 2015-04-23 11:12:31.644 8265 INFO alembic.migration [-] Will assume
>> non-transactional DDL.
>> serving on http://127.0.0.1:9311
>>
>>  I would like to get confirmation from the team that barbican-api would
>> be used only to standup the barbican instance , for installation of
>> barbican ,debugging and stoping the barbican instance , we still need to
>> use barbican.sh script .
>>
>>  Any help would highly be appreciated.
>>
>>  Thanks and Regards,
>> Asha Seshagiri
>>
>>
>> On Thu, Apr 23, 2015 at 10:28 AM, Adam Harwell <
>> adam.harwell at rackspace.com> wrote:
>>
>>>   Do you have sqlite installed on your system, and do you have
>>> config.py in the root of your barbican directory? The database is
>>> configured there (assuming it hasn’t changed since I last ran Barbican
>>> locally), and mine looks like this:
>>>
>>>  config = {
>>>     'sqlalchemy': {
>>>         'url': 'sqlite:////tmp/barbican.db',
>>>         'echo': True,
>>>         'echo_pool': False,
>>>         'pool_recycle': 3600,
>>>         'encoding': 'utf-8'
>>>     }
>>> }
>>>
>>>   --Adam
>>>
>>>  https://keybase.io/rm_you
>>>
>>>
>>>   From: neetu jain <nutshi at gmail.com>
>>> Date: Thursday, April 23, 2015 at 10:07 AM
>>> To: Asha Seshagiri <asha.seshagiri at gmail.com>
>>> Cc: John Wood <john.wood at RACKSPACE.COM>, openstack-dev <
>>> openstack-dev at lists.openstack.org>, "Reller, Nathan S." <
>>> Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
>>> douglas.mendizabal at RACKSPACE.COM>, Paul Kehrer <
>>> paul.kehrer at RACKSPACE.COM>, Adam Harwell <adam.harwell at rackspace.com>,
>>> Alexis Lee <alexisl at hp.com>
>>> Subject: Re: Barbican : Dependency of pyenv configuration in
>>> Barbican.sh script
>>>
>>>     Thanks John for you answer.
>>>  I tried running the  script bin/barbican-api and ran into this issue
>>> (pasted at the end) . Seems like the script does not take care of the
>>> database side.
>>>
>>>  1) do we need to do something else to setup database? or its being
>>> worked on ?
>>>  2) Can we help in the process of removing dependencies in these
>>> scripts? Should that be through the launchpad ?
>>>
>>>
>>> TASK: [barbican | install barbican]
>>> *******************************************
>>> failed: [barbican-04] => {"changed": true, "cmd": "cd /root/barbican/;
>>> python bin/barbican-api", "delta": "0:00:00.553279", "end": "2015-04-23
>>> 14:56:45.773115", "rc": 1, "start": "2015-04-23 14:56:45.219836",
>>> "warnings": []}
>>> stderr: 2015-04-23 14:56:45.736 6984 CRITICAL barbican [-]
>>> BarbicanException: No SQL connection configured
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican Traceback (most recent call
>>> last):
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File "bin/barbican-api",
>>> line 17, in <module>
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     run()
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File "bin/barbican-api",
>>> line 12, in run
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     relative_to='.')
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in
>>> loadapp
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return loadobj(APP, uri,
>>> name=name, **kw)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in
>>> loadobj
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return context.create()
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in
>>> create
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return
>>> self.object_type.invoke(self)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 144, in
>>> invoke
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     **context.local_conf)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/util.py", line 56, in
>>> fix_call
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     val = callable(*args,
>>> **kw)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib64/python2.7/site-packages/paste/urlmap.py", line 31, in
>>> urlmap_factory
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     app =
>>> loader.get_app(app_name, global_conf=global_conf)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 350, in
>>> get_app
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     name=name,
>>> global_conf=global_conf).create()
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in
>>> create
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return
>>> self.object_type.invoke(self)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 203, in
>>> invoke
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     app =
>>> context.app_context.create()
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in
>>> create
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return
>>> self.object_type.invoke(self)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 146, in
>>> invoke
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     return
>>> fix_call(context.object, context.global_conf, **context.local_conf)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/usr/lib/python2.7/site-packages/paste/deploy/util.py", line 56, in
>>> fix_call
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     val = callable(*args,
>>> **kw)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/root/barbican/barbican/api/app.py", line 89, in create_main_app
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican
>>> repositories.setup_database_engine_and_factory()
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/root/barbican/barbican/model/repositories.py", line 109, in
>>> setup_database_engine_and_factory
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     _ENGINE =
>>> _get_engine(_ENGINE)
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican   File
>>> "/root/barbican/barbican/model/repositories.py", line 170, in _get_engine
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican     u._('No SQL connection
>>> configured'))
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican BarbicanException: No SQL
>>> connection configured
>>> 2015-04-23 14:56:45.736 6984 TRACE barbican
>>>
>>> FATAL: all hosts have already failed -- aborting
>>>
>>>
>>> On Wed, Apr 22, 2015 at 11:50 PM, Asha Seshagiri <
>>> asha.seshagiri at gmail.com> wrote:
>>>
>>>> Thanks a lot John for your response.
>>>> I appreciate for your time and effort in answering the queries and also
>>>> pointing to the latest changes which you been always doing :)
>>>>
>>>>  Thanks and  Regards,
>>>> Asha Seshagiri
>>>>
>>>> On Wed, Apr 22, 2015 at 6:09 PM, John Wood <john.wood at rackspace.com>
>>>> wrote:
>>>>
>>>>>  Hello Asha,
>>>>>
>>>>>  The barbican.sh script was originally intended to be a convenient
>>>>> way to boot up a Barbican instance locally to quickly start evaluating its
>>>>> API and functionality.
>>>>>
>>>>>  It was not intended to be used as a production script, deferring
>>>>> instead to deployments utilizing packages such as RDO RPMs and so forth for
>>>>> that purpose.
>>>>>
>>>>>  That said, changes to that script have been discussed, including
>>>>> removing pyenv and uWSGI as dependencies, hence such changes would be good
>>>>> to consider.
>>>>>
>>>>>  I’d also note that a solution based on this recently added script
>>>>> [1] might be in order.
>>>>>
>>>>>  Thanks,
>>>>> John
>>>>>
>>>>>  [1]
>>>>> https://github.com/openstack/barbican/blob/master/bin/barbican-api
>>>>>
>>>>>
>>>>>   From: Asha Seshagiri <asha.seshagiri at gmail.com>
>>>>> Date: Wednesday, April 22, 2015 at 4:57 PM
>>>>> To: openstack-dev <openstack-dev at lists.openstack.org>
>>>>> Cc: John Wood <john.wood at rackspace.com>, "Reller, Nathan S." <
>>>>> Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
>>>>> douglas.mendizabal at RACKSPACE.COM>, Paul Kehrer <
>>>>> paul.kehrer at RACKSPACE.COM>, Adam Harwell <adam.harwell at RACKSPACE.COM>,
>>>>> Alexis Lee <alexisl at hp.com>, "nutshi at gmail.com" <nutshi at gmail.com>
>>>>> Subject: Barbican : Dependency of pyenv configuration in Barbican.sh
>>>>> script
>>>>>
>>>>>   Hi All,
>>>>>
>>>>>  I would like to know the reason behind the dependency of the pyenv
>>>>> virtual environment and pyenv in the barbican.sh script.
>>>>> Ideally in the production environment  , barbican would run on
>>>>> standalone virtual box with a particular python version .I feel that their
>>>>> dependecies needs to be removed from the script.
>>>>>
>>>>>  Was able to stand up the barbican instance without configuring pyenv
>>>>> and pyenv-virtualenv dependencies  by modifying the barbican script ,
>>>>> installing few additional packages and exporting the python path to PATH
>>>>> variable
>>>>> Please find the change in barbican.sh script for installation and
>>>>> starting of the script below :
>>>>>
>>>>> VENV_DIR=${VIRTUAL_ENV:-`pyenv prefix`} -> *This line needs to be
>>>>> removed *
>>>>> uwsgi --master --emperor $CONFIG_DIR/vassals* -H*  *$VENV_DIR -> The
>>>>>  **$VENV_DIR variable need to be removed as an argument and -H as an
>>>>> option.*
>>>>>
>>>>>  The barbican script has been tied to $VENV_DIR variable which is
>>>>> dependent on the pyenv  for python configuration.Hence the barbican.sh
>>>>> script needs to be  modified to remove *$VENV_DIR variable  *by
>>>>> configuring python path in PATH variable.
>>>>> On doing this , we can avoid the sourcing the pyenv and
>>>>> pyenv-virtualenv packages  and its dependices on Barbican script.
>>>>>
>>>>>  Any help would be highly appreciated and also would like to know
>>>>> opinion from the openstack group  on the changes indicated
>>>>> Thanks in advance
>>>>>
>>>>>
>>>>>  *Thanks and Regards,*
>>>>> *Asha Seshagiri*
>>>>>
>>>>
>>>>
>>>>
>>>>   --
>>>>  *Thanks and Regards,*
>>>> *Asha Seshagiri*
>>>>
>>>
>>>
>>
>>
>>  --
>>  *Thanks and Regards,*
>> *Asha Seshagiri*
>>
>
>
>
> --
>  *Thanks and Regards,*
> *Asha Seshagiri*
>



-- 
*Thanks and Regards,*
*Asha Seshagiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150423/d35ed21a/attachment.html>


More information about the OpenStack-dev mailing list