configuration for iwhd/imagefactory/conductor oauth authentication

bin/aeolus-configure

@@ -68,6 +68,11 @@ echo "Launching aeolus configuration recipe..."
 export FACTER_AEOLUS_ENABLE_HTTPS=true
 export FACTER_AEOLUS_ENABLE_SECURITY=false
 
+export FACTER_IWHD_OAUTH_USER=`uuidgen`
+export FACTER_IWHD_OAUTH_PASSWORD=`uuidgen`
+export FACTER_IMAGEFACTORY_OAUTH_USER=`uuidgen`
+export FACTER_IMAGEFACTORY_OAUTH_PASSWORD=`uuidgen`
+
 NODE_ARRAY=(`echo $PUPPET_NODE | tr "," "\n"`)
 for x in "${NODE_ARRAY[@]}"
 do
@@ -77,4 +82,4 @@ do
        --logdest=/var/log/aeolus-configure/aeolus-configure.log \
        --logdest=console \
        $LOGLEVEL
-done
+done

recipes/aeolus/manifests/conductor.pp

@@ -23,6 +23,10 @@
               ensure => 'installed',
               provider => $package_provider }
 
+    file{"/usr/share/aeolus-conductor/config/settings.yml":
+      content => template("aeolus/conductor-settings.yml"),
+      require => Package['aeolus-conductor']}
+
     file {"/var/lib/aeolus-conductor":
       ensure => directory,
       owner => 'aeolus',
@@ -48,7 +52,8 @@
       require => [Package['aeolus-conductor-daemons'],
                   Rails::Migrate::Db[migrate_aeolus_database],
                   Service['httpd'],
-                  Apache::Site[aeolus-conductor], Exec[reload-apache]] }
+                  Apache::Site[aeolus-conductor], Exec[reload-apache],
+                  File['/usr/share/aeolus-conductor/config/settings.yml']] }
 
   ### Initialize and start the aeolus database
     # Right now we configure and start postgres, at some point I want

recipes/aeolus/manifests/image-factory.pp

@@ -59,8 +59,16 @@
                enable  => true,
                hasstatus => true,
                require => Package['libvirt']}
+
+
+    file {"/etc/imagefactory/imagefactory.conf":
+      content => template("aeolus/imagefactory.conf"),
+      mode => 755,
+      require => Package['imagefactory'] }
+
     $requires = [Package['imagefactory'],
-                 File['/var/tmp/imagefactory-mock'],
+                 File['/var/tmp/imagefactory-mock',
+                      '/etc/imagefactory/imagefactory.conf'],
                  Service[qpidd], Service[libvirtd],
                  Rails::Seed::Db[seed_aeolus_database]]
     service { 'imagefactory':

recipes/aeolus/manifests/iwhd.pp

@@ -30,6 +30,11 @@
     file { "/etc/iwhd": ensure => 'directory'}
     file { "/var/lib/iwhd":  ensure => 'directory' }
 
+    file {"/etc/init.d/iwhd":
+      content => template("aeolus/iwhd.init"),
+      mode => 755,
+      require => Package['iwhd'] }
+
     service { 'mongod':
       ensure  => 'running',
       enable  => true,
@@ -39,9 +44,9 @@
       ensure  => 'running',
       enable  => true,
       hasstatus => true,
-      require => [Package['iwhd'],
-                  Service[mongod],
-                  File['/var/lib/iwhd']]}
+      require => [Service[mongod],
+                  File['/var/lib/iwhd',
+                       '/etc/init.d/iwhd']]}
 
     # XXX ugly hack but iwhd might take some time to come up
     exec{"iwhd_startup_pause":

recipes/aeolus/templates/conductor-settings.yml

@@ -0,0 +1,23 @@
+:default_deltacloud_url: http://localhost:3002/api
+
+:auth:
+  # supported strategies: database, ldap
+  :strategy: database
+  :ldap:
+    :host: localhost
+    # '%s' expression in username_dn string will be replaced
+    # by user's login
+    # username_dn: "deltacloud\%s"
+    :username_dn: uid=%s,ou=People,dc=my-domain,dc=com
+    # :port: 389
+:iwhd:
+  :url: http://localhost:9090
+  :oauth:
+    :consumer_key: <%= iwhd_oauth_user %>
+    :consumer_secret: <%= iwhd_oauth_password %>
+
+:imagefactory:
+  :url: https://localhost:8075/imagefactory
+  :oauth:
+    :consumer_key: <%= imagefactory_oauth_user %>
+    :consumer_secret: <%= imagefactory_oauth_password %>

recipes/aeolus/templates/imagefactory.conf

@@ -0,0 +1,15 @@
+{
+  "warehouse": "http://localhost:9090/",
+  "image_bucket": "images",
+  "build_bucket": "builds",
+  "target_bucket": "target_images",
+  "template_bucket": "templates",
+  "icicle_bucket": "icicles",
+  "provider_bucket": "provider_images",
+  "imgdir": "/var/lib/imagefactory/images",
+  "ec2_build_style": "snapshot",
+  "ec2_ami_type": "s3",
+  "clients": {
+    "<%= imagefactory_oauth_user %>": "<%= imagefactory_oauth_password %>"
+    }
+}

recipes/aeolus/templates/iwhd.init

@@ -0,0 +1,146 @@
+#!/bin/sh
+
+# The following is the LSB init header.  See
+# http://www.linux-foundation.org/spec/booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
+#
+### BEGIN INIT INFO
+# Provides: iwhd
+# Default-Start: 3 4 5
+# Short-Description: image warehouse daemon
+# Description: This is the primary server process for the image warehouse
+### END INIT INFO
+
+# the following is chkconfig init header
+#
+# iwhd: image warehouse daemon
+#
+# chkconfig: - 40 60
+# Description: This is the primary server process for the image warehouse
+#
+# processname: iwhd
+# pidfile: /var/run/iwhd.pid
+
+. /etc/rc.d/init.d/functions
+
+SERVICE=iwhd
+PROCESS=iwhd
+PIDFILE=/var/run/$SERVICE.pid
+CONFIG_JS=/etc/iwhd/conf.js
+MONGOD_SERVER_SPEC=localhost:27017
+
+# How many seconds to wait for mongod to become usable before giving up.
+MONGOD_N_SECONDS=2
+
+# Tell iwhd to use /var/cache/iwhd, not /tmp for a small S3-related
+# temporary file.  This avoids conflict with SELinux policy that discourages
+# writing in /tmp.
+export TMPDIR=/var/cache/iwhd
+
+IWHD_ARGS="-d $MONGOD_SERVER_SPEC -l /var/log/iwhd.log"
+
+test -r /etc/sysconfig/iwhd && . /etc/sysconfig/iwhd
+
+RETVAL=0
+
+wait_for()
+{
+    local sleep_seconds=$1
+    local max_n_sleeps=$2
+    local cmd=$3
+    case $max_n_sleeps in
+        [0-9]*);; *) echo invalid max_n_sleeps $max_n_sleeps 1>&2; exit 1;;
+    esac
+    case $sleep_seconds in
+        [0-9]*|.[0-9]*);; *)
+          echo invalid sleep interval $sleep_seconds 1>&2; exit 1;;
+    esac
+    local i=0
+    while :; do
+        eval "$cmd" && return 0
+        sleep $sleep_seconds
+        i=$(expr $i + 1)
+        test $i = $max_n_sleeps && return 1
+    done
+}
+
+wait_for_mongod() {
+    # Wait for up to $1 seconds for mongod to begin listening.
+    wait_for .1 $(($1 * 10)) 'mongo $MONGOD_SERVER_SPEC \
+      < /dev/null >/dev/null 2>&1'
+}
+
+start() {
+    # This is a bit kludgey.  We'll use the standard daemon
+    # framework once iwhd knows how to daemonize itself.
+    test -f $PIDFILE && kill -0 $(cat $PIDFILE) 2>/dev/null \
+        && { printf %s $"$PROCESS appears to already be running"
+             echo_failure; echo; return 1; }
+    mkdir -p /var/cache/iwhd
+    rm -rf /var/cache/iwhd/*
+    printf %s $"waiting for mongod to listen on $MONGOD_SERVER_SPEC"
+    wait_for_mongod $MONGOD_N_SECONDS && echo_success \
+	|| { echo_failure; echo; return 1; }
+    echo
+
+    printf %s $"Starting $SERVICE daemon: "
+    $PROCESS -c "$CONFIG_JS" $IWHD_ARGS -o -U <%= iwhd_oauth_user %>:<%= iwhd_oauth_password %>&
+    pid=$!
+    RETVAL=$?
+    if test $RETVAL = 0; then
+        echo $pid > $PIDFILE
+        touch /var/lock/subsys/$SERVICE
+        success
+    else
+        failure
+    fi
+    echo
+    return $RETVAL
+}
+
+stop() {
+    action $"Stopping $SERVICE daemon: " killproc -p $PIDFILE $PROCESS
+    RETVAL=$?
+    if test $RETVAL = 0; then
+        rm -f /var/lock/subsys/$SERVICE
+        rm -f $PIDFILE
+        rm -rf /var/cache/iwhd/*
+    fi
+    return $RETVAL
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    printf %s $"Reloading $SERVICE configuration: "
+
+    killproc -p $PIDFILE $PROCESS -HUP
+    RETVAL=$?
+    echo
+    return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+    start|stop|restart|reload)
+        $1
+        ;;
+    status)
+        status -p $PIDFILE $PROCESS
+        ;;
+    force-reload)
+        reload
+        ;;
+    condrestart|try-restart)
+        test -f /var/lock/subsys/$SERVICE && restart || :
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart}"
+        exit 2
+        ;;
+esac
+
+# Exit with the result of the "case" statement.
+exit $?