fix: Barbican use same uwsgi config as other services. (#1119)
This renew Barbican uwsgi config and make sure it uses same uwsgi config as other services.
relate to #42
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/.charts.yml b/.charts.yml
index a03428a..77038bd 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -13,6 +13,10 @@
version: 0.3.10
repository: *openstack_helm_repository
dependencies: *openstack_helm_dependencies
+ patches:
+ gerrit:
+ review.opendev.org:
+ - 916034
- name: ceph-csi-rbd
version: 3.5.1
repository:
diff --git a/charts/barbican/templates/bin/_barbican.sh.tpl b/charts/barbican/templates/bin/_barbican.sh.tpl
index 1ac7911..21612f7 100644
--- a/charts/barbican/templates/bin/_barbican.sh.tpl
+++ b/charts/barbican/templates/bin/_barbican.sh.tpl
@@ -18,7 +18,7 @@
COMMAND="${@:-start}"
function start () {
- exec uwsgi --die-on-term --master --emperor /etc/barbican/vassals
+ exec uwsgi --ini /etc/barbican/barbican-api-uwsgi.ini
}
function stop () {
diff --git a/charts/barbican/templates/configmap-etc.yaml b/charts/barbican/templates/configmap-etc.yaml
index d9323e0..d2bff2c 100644
--- a/charts/barbican/templates/configmap-etc.yaml
+++ b/charts/barbican/templates/configmap-etc.yaml
@@ -67,12 +67,10 @@
{{- $_ := tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" -}}
{{- end -}}
-{{- if empty .Values.conf.barbican.barbican_api.bind_port -}}
-{{- $_ := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.barbican.barbican_api "bind_port" -}}
-{{- end -}}
-
-{{- if empty .Values.conf.barbican_api.uwsgi.socket -}}
-{{- $_ := printf ":%s" ( tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" ) | set .Values.conf.barbican_api.uwsgi "socket" -}}
+{{- if empty (index .Values.conf.barbican_api_uwsgi.uwsgi "http-socket") -}}
+{{- $http_socket_port := tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
+{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
+{{- $_ := set .Values.conf.barbican_api_uwsgi.uwsgi "http-socket" $http_socket -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
@@ -99,6 +97,6 @@
barbican-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
- barbican-api.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | b64enc }}
+ barbican-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api_uwsgi | b64enc }}
old_kek: {{ index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default "" | b64enc | quote }}
{{- end }}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index d777f42..8ae9ea4 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -90,8 +90,8 @@
- name: etcbarbican
mountPath: /etc/barbican
- name: barbican-etc
- mountPath: /etc/barbican/vassals/barbican-api.ini
- subPath: barbican-api.ini
+ mountPath: /etc/barbican/barbican-api-uwsgi.ini
+ subPath: barbican-api-uwsgi.ini
readOnly: true
- name: barbican-etc
mountPath: /etc/barbican/barbican.conf
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index 9e6f406..e2e87bf 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -356,18 +356,28 @@
service_endpoints:
# map endpoint type defined in service catalog to CADF typeURI
key-manager: service/security/keymanager
- barbican_api:
+ barbican_api_uwsgi:
uwsgi:
- socket: null
- protocol: http
- processes: 1
- lazy: true
- vacuum: true
- no-default-app: true
- memory-report: true
- plugins: python
- paste: "config:/etc/barbican/barbican-api-paste.ini"
add-header: "Connection: close"
+ buffer-size: 65535
+ chunked-input-limit: "4096000"
+ die-on-term: true
+ enable-threads: true
+ exit-on-reload: false
+ hook-master-start: unix_signal:15 gracefully_kill_them_all
+ http-auto-chunked: true
+ http-raw-body: true
+ lazy-apps: true
+ log-x-forwarded-for: true
+ master: true
+ need-app: true
+ procname-prefix-spaced: "barbiacan-api:"
+ route-user-agent: '^kube-probe.* donotlog:'
+ socket-timeout: 10
+ thunder-lock: true
+ worker-reload-mercy: 80
+ wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api
+ processes: 1
barbican:
DEFAULT:
transport_url: null
diff --git a/charts/patches/barbican/0001-tune-uwsgi-config.patch b/charts/patches/barbican/0001-tune-uwsgi-config.patch
new file mode 100644
index 0000000..3c472ee
--- /dev/null
+++ b/charts/patches/barbican/0001-tune-uwsgi-config.patch
@@ -0,0 +1,25 @@
+diff --git a/barbican/values.yaml b/charts/barbican/values.yaml
+index 3991d2ba..86abf1d3 100644
+--- a/barbican/values.yaml
++++ b/barbican/values.yaml
+@@ -360,15 +360,20 @@ conf:
+ uwsgi:
+ add-header: "Connection: close"
+ buffer-size: 65535
++ chunked-input-limit: "4096000"
+ die-on-term: true
+ enable-threads: true
+ exit-on-reload: false
+ hook-master-start: unix_signal:15 gracefully_kill_them_all
++ http-auto-chunked: true
++ http-raw-body: true
+ lazy-apps: true
+ log-x-forwarded-for: true
+ master: true
++ need-app: true
+ procname-prefix-spaced: "barbiacan-api:"
+ route-user-agent: '^kube-probe.* donotlog:'
++ socket-timeout: 10
+ thunder-lock: true
+ worker-reload-mercy: 80
+ wsgi-file: /var/lib/openstack/bin/barbican-wsgi-api