Barbican/Dogtag plugin

- Install dogtag requirements
- use dogtag_crypto instead of dogtag_plugin
- fix port from 8433 to 8443

+
- jinja formating
- comment out the enabled_*_plugins: not needed with
  `multiple secret stores` configuration

Change-Id: Iad378e9c7e54205300200ecbace34e32951fbfa7
diff --git a/README.rst b/README.rst
index 0ed5ade..2255dca 100644
--- a/README.rst
+++ b/README.rst
@@ -169,7 +169,7 @@
           dogtag:
             pem_path: '/etc/barbican/kra_admin_cert.pem'
             dogtag_host: localhost
-            dogtag_port: 8433
+            dogtag_port: 8443
             nss_db_path: '/etc/barbican/alias'
             nss_db_path_ca: '/etc/barbican/alias-ca'
             nss_password: 'password123'
@@ -251,7 +251,7 @@
           dogtag:
             pem_path: '/etc/barbican/kra_admin_cert.pem'
             dogtag_host: localhost
-            dogtag_port: 8433
+            dogtag_port: 8443
             nss_db_path: '/etc/barbican/alias'
             nss_db_path_ca: '/etc/barbican/alias-ca'
             nss_password: 'password123'
@@ -266,7 +266,7 @@
           kmip:
             store_plugin: kmip_plugin
           dogtag:
-            store_plugin: dogtag_plugin
+            store_plugin: dogtag_crypto
           pkcs11:
             store_plugin: store_crypto
             crypto_plugin: p11_crypto
diff --git a/barbican/files/ocata/barbican.conf.Debian b/barbican/files/ocata/barbican.conf.Debian
index eaf7280..c0da2bb 100644
--- a/barbican/files/ocata/barbican.conf.Debian
+++ b/barbican/files/ocata/barbican.conf.Debian
@@ -263,24 +263,24 @@
 # ================= Secret Store Plugin ===================
 [secretstore]
 namespace = barbican.secretstore.plugin
-enabled_secretstore_plugins = store_crypto
+#enabled_secretstore_plugins = store_crypto
 enable_multiple_secret_stores = True
 stores_lookup_suffix = {{ server.get('store', {}).keys() | join(', ') }}
 
 # ================= Crypto plugin ===================
 [crypto]
 namespace = barbican.crypto.plugin
-enabled_crypto_plugins = simple_crypto
+#enabled_crypto_plugins = simple_crypto
 
 {% for store_name, store in server.get('store', {}).iteritems() %}
 [secretstore:{{ store_name }}]
-{% if store.store_plugin is defined -%}
+{%- if store.store_plugin is defined %}
 secret_store_plugin = {{ store.store_plugin }}
 {%- endif %}
-{% if store.crypto_plugin is defined -%}
+{%- if store.crypto_plugin is defined %}
 crypto_plugin = {{ store.crypto_plugin }}
 {%- endif %}
-{% if store.global_default is defined -%}
+{%- if store.global_default is defined %}
 global_default = {{ store.global_default }}
 {%- endif %}
 {% endfor %}
diff --git a/barbican/files/ocata/plugin/_dogtag.conf b/barbican/files/ocata/plugin/_dogtag.conf
index fb16a77..2797eb2 100644
--- a/barbican/files/ocata/plugin/_dogtag.conf
+++ b/barbican/files/ocata/plugin/_dogtag.conf
@@ -1,7 +1,7 @@
 [{{ plugin_name }}_plugin]
 pem_path = '{{ plugin.get('pem_path', '/etc/barbican/kra_admin_cert.pem') }}'
 dogtag_host = {{ plugin.get('dogtag_host', 'localhost') }}
-dogtag_port = {{ plugin.get('dogtag_port', '8433') }}
+dogtag_port = {{ plugin.get('dogtag_port', '8443') }}
 nss_db_path = '{{ plugin.get('nss_db_path', '/etc/barbican/alias') }}'
 nss_db_path_ca = '{{ plugin.get('nss_db_path_ca', '/etc/barbican/alias-ca') }}'
 nss_password = '{{ plugin.nss_password }}'
diff --git a/barbican/map.jinja b/barbican/map.jinja
index f334fec..bb9c15f 100644
--- a/barbican/map.jinja
+++ b/barbican/map.jinja
@@ -14,6 +14,10 @@
   services:
   - barbican-keystone-listener
   - barbican-worker
+  dogtag_pkgs:
+  - libnss3-tools
+  - python-nss
+  - pki-base
 {%- endload %}
 
 {%- load_yaml as client_defaults %}
diff --git a/barbican/server.sls b/barbican/server.sls
index 351160f..cbf613b 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls
@@ -27,8 +27,8 @@
 
 barbican_api_config:
   file.symlink:
-     - name: /etc/apache2/sites-enabled/barbican-api.conf
-     - target: /etc/apache2/sites-available/barbican-api.conf
+  - name: /etc/apache2/sites-enabled/barbican-api.conf
+  - target: /etc/apache2/sites-available/barbican-api.conf
 
 barbican_apache_restart:
   service.running:
@@ -46,4 +46,12 @@
   - watch:
     - file: /etc/barbican/barbican.conf
 
+{%- if 'dogtag' in server.get('plugin', {}) %}
+barbican_dogtag_packages:
+  pkg.installed:
+  - names: {{ server.dogtag_pkgs }}
+  - watch_in:
+    - service: barbican_server_services
+{%- endif %}
+
 {%- endif %}
diff --git a/metadata/service/server/plugin/dogtag.yml b/metadata/service/server/plugin/dogtag.yml
index 5979258..3b862f0 100644
--- a/metadata/service/server/plugin/dogtag.yml
+++ b/metadata/service/server/plugin/dogtag.yml
@@ -7,7 +7,7 @@
       plugin:
         dogtag:
           dogtag_host: ${_param:barbican_dogtag_host}
-          dogtag_port: 8433
+          dogtag_port: 8443
           nss_db_path: '/etc/barbican/alias'
           nss_db_path_ca: '/etc/barbican/alias-ca'
           nss_password: "${_param:barbican_dogtag_nss_password}"
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index d438e3d..581ede3 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -24,7 +24,7 @@
       dogtag:
         pem_path: '/etc/barbican/kra_admin_cert.pem'
         dogtag_host: localhost
-        dogtag_port: 8433
+        dogtag_port: 8443
         nss_db_path: '/etc/barbican/alias'
         nss_db_path_ca: '/etc/barbican/alias-ca'
         nss_password: 'password123'
@@ -39,7 +39,7 @@
       kmip:
         store_plugin: kmip_plugin
       dogtag:
-        store_plugin: dogtag_plugin
+        store_plugin: dogtag_crypto
       pkcs11:
         store_plugin: store_crypto
         crypto_plugin: p11_crypto
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index d438e3d..581ede3 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -24,7 +24,7 @@
       dogtag:
         pem_path: '/etc/barbican/kra_admin_cert.pem'
         dogtag_host: localhost
-        dogtag_port: 8433
+        dogtag_port: 8443
         nss_db_path: '/etc/barbican/alias'
         nss_db_path_ca: '/etc/barbican/alias-ca'
         nss_password: 'password123'
@@ -39,7 +39,7 @@
       kmip:
         store_plugin: kmip_plugin
       dogtag:
-        store_plugin: dogtag_plugin
+        store_plugin: dogtag_crypto
       pkcs11:
         store_plugin: store_crypto
         crypto_plugin: p11_crypto