安装barbican服务
来源:互联网 发布:淘宝网小衫春季女 编辑:程序博客网 时间:2024/06/07 20:12
前言
在用cinder 加密卷的时候,为了给每个cinder盘唯一的加密KEY,就不能使用fixed_key了,于是安装barbican服务,来提供key服务
使用O版本,服务器centos
准备工作
创建数据库
$ mysql -u root -pCREATE DATABASE barbican;GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' \ IDENTIFIED BY 'BARBICAN_DBPASS';GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' \ IDENTIFIED BY 'BARBICAN_DBPASS';exit;
创建用户 角色
$ source admin-openrc$ openstack user create --domain default --password-prompt barbican$ openstack role add --project service --user barbican admin$ openstack role create creator$ openstack role add --project service --user barbican creator$ openstack service create --name barbican --description "Key Manager" key-manager
创建endpoint
$ openstack endpoint create --region RegionOne \ key-manager public http://controller:9311$ openstack endpoint create --region RegionOne \ key-manager internal http://controller:9311$ openstack endpoint create --region RegionOne \ key-manager admin http://controller:9311
安装组件
# yum install openstack-barbican-api
编辑/etc/barbican/barbican.conf
[DEFAULT]...sql_connection = mysql+pymysql://barbican:BARBICAN_DBPASS@controller/barbican[DEFAULT]...transport_url = rabbit://openstack:RABBIT_PASS@controller
设置keystone
[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = barbicanpassword = BARBICAN_PASS
编辑/etc/barbican/barbican-api-paste.ini
[pipeline:barbican_api]pipeline = cors authtoken context apiapp$ su -s /bin/sh -c "barbican-manage db upgrade" barbican
创建/etc/httpd/conf.d/wsgi-barbican.conf
Listen 9311<VirtualHost *:9311> #ServerName server101.e3cloud.com ## Logging <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/barbican_wsgi_main_error_ssl.log LogLevel debug ServerSignature Off CustomLog /var/log/httpd/barbican_wsgi_main_access_ssl.log combined WSGIApplicationGroup %{GLOBAL} WSGIDaemonProcess barbican-api display-name=barbican-api group=barbican processes=2 threads=8 user=barbican WSGIProcessGroup barbican-api WSGIScriptAlias / /usr/lib/python2.7/site-packages/barbican/api/app.wsgi WSGIPassAuthorization On <Directory /usr/lib> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost>
重启服务
# systemctl enable httpd.service# systemctl start httpd.service
验证
$ . admin-openrc$ openstack secret store --name mysecret --payload j4=]d21+---------------+-----------------------------------------------------------------------+| Field | Value |+---------------+-----------------------------------------------------------------------+| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa || Name | mysecret || Created | None || Status | None || Content types | None || Algorithm | aes || Bit length | 256 || Secret type | opaque || Mode | cbc || Expiration | None |+---------------+-----------------------------------------------------------------------+openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa+---------------+-----------------------------------------------------------------------+| Field | Value |+---------------+-----------------------------------------------------------------------+| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa || Name | mysecret || Created | 2016-08-16 16:04:10+00:00 || Status | ACTIVE || Content types | {u'default': u'application/octet-stream'} || Algorithm | aes || Bit length | 256 || Secret type | opaque || Mode | cbc || Expiration | None |+---------------+-----------------------------------------------------------------------+
参考:
https://docs.openstack.org/project-install-guide/key-manager/ocata/install-rdo.html
阅读全文
0 0
- 安装barbican服务
- Barbican dev 环境安装及工作原理
- Barbican 简介
- Barbican M 版本 ReleaseNotes和Blueprints
- OpenStack密钥管理组件 - Barbican介绍
- 服务安装
- 制作windows服务安装服务
- centos7服务安装_SAMBA服务
- vs2005安装服务,反安装服务命令
- C#启用服务 关闭服务 安装服务 卸载服务
- C#启用服务 关闭服务 安装服务 卸载服务 收藏
- C#启用服务 关闭服务 安装服务 卸载服务
- C#启用服务 关闭服务 安装服务 卸载服务 .
- 命令行安装终端服务
- windows服务安装问题解决
- apache2 安装服务方法
- 服务和安装
- 软硬件安装维护服务
- spring 依赖注入bean的属性
- 使用 PowerShell 创建 Linux 虚拟机
- 视频编解码学习之二:编解码框架
- 顏色和編碼?兩者有關係嗎?
- Unity安卓交互
- 安装barbican服务
- VMWare使用rhel7.2(一)
- CDH Oozie 安装,使用,优化小技巧
- Jetson TX1/TX2配置教程--拷贝离线安装包
- MobaXterm连接Linux虚拟机
- linux的常用命令
- AWS将虚拟化技术从XEN切换到KVM ,聊一聊大象转身过程中的技术难点
- 从AlexNet到ResNet,从里程碑到里程碑
- 在创建Android项目完成之后修改包名和app名