openstack/barbican
Code Issues Proposed changes
barbican/doc/source/install/common_configure.rst
Andreas Jaeger b86d6b5660 move documentation into the new standard layout 
This change moves existing files.
It is not meant to be the final word on how the main page looks or how the
other files are organized, but it gets everything roughly into shape. If
the barbican team wants to make changes, please do those as follow-up patches.

Note this does not touch the api directory, this one needs to be
migrated to the api-ref.

This is part of the docs migration work for Pike.

Change-Id: Ibb9d971806964ac185882272514ee9563089d69d
2017-06-30 20:12:52 +02:00

2.3 KiB
Raw Blame History

  1. Edit the /etc/barbican/barbican.conf file and complete the following actions:

    • In the [DEFAULT] section, configure database access:

      [DEFAULT]
...
sql_connection = mysql+pymysql://barbican:BARBICAN_DBPASS@controller/barbican

      Replace BARBICAN_DBPASS with the password you chose for the Key Manager service database.

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = barbican
password = BARBICAN_PASS

      Replace BARBICAN_PASS with the password you chose for the barbican user in the Identity service.

      Note

      Comment out or remove any other options in the [keystone_authtoken] section.

  2. Populate the Key Manager service database:

    The Key Manager service database will be automatically populated when the service is first started. To prevent this, and run the database sync manually, edit the /etc/barbican/barbican.conf file and set db_auto_create in the [DEFAULT] section to False.

    Then populate the database as below:

    $ su -s /bin/sh -c "barbican-manage db upgrade" barbican

    Note

    Ignore any deprecation messages in this output.

  3. Barbican has a plugin architecture which allows the deployer to store secrets in a number of different back-end secret stores. By default, Barbican is configured to store secrets in a basic file-based keystore. This key store is NOT safe for production use.

    For a list of supported plugins and detailed instructions on how to configure them, see barbican_backend