c1ba5aa7af
Update the castellan-ui README with a Features section and Troubleshooting section. Change-Id: I8939abfac71536eb277b97b0d998155c4501f4bd
5.7 KiB
Castellan UI
Generic Key Manager UI Plugin for Horizon
- Free software: Apache license
- Source: http://git.openstack.org/cgit/openstack/castellan-ui
- Bugs: http://bugs.launchpad.net/castellan-ui
Features
--------------------+------------------+---------------------------+---------------+-----------+--------------+ | | Import from file | Import using direct input | Download | Delete | Generate [1] | ====================+==================+===========================+===============+===========+==============+ | X.509 Certificates | supported [2] | supported [2] | supported [2] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Private Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Public Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Symmetric Keys | supported [3] | supported [4] | supported [3] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Opaque Data | supported [3] | supported [4] | supported [3] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Passphrases [5] | X | supported | X | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+
- Key managers typically support generating keys only and do not generate other types of objects. Private and public keys will be generated as a key pair, and symmetric keys can be generated individually.
- Supports Privacy-enhanced Electronic Mail (PEM) formatted objects.
- Raw bytes represent the object.
- Object bytes are represented using hex characters.
- Because passphrases are typically not saved to files, passphrases are imported through a form on the web page and are not downloadable, only viewed through the web page.
Enabling in DevStack
Add this repo as an external repository into your
local.conf file:
[[local|localrc]]
enable_plugin castellan-ui https://github.com/openstack/castellan-uiManual Installation
Begin by cloning the Horizon and Castellan UI repositories:
git clone https://github.com/openstack/horizon
git clone https://github.com/openstack/castellan-uiCreate a virtual environment and install Horizon dependencies:
cd horizon
virtualenv horizon_dev
. horizon_dev/bin/activate
pip install -r requirements.txtSet up your local_settings.py file:
cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.pyOpen up the copied local_settings.py file in your
preferred text editor. You will want to customize several settings:
OPENSTACK_HOSTshould be configured with the hostname of your OpenStack server. Verify that theOPENSTACK_KEYSTONE_URLandOPENSTACK_KEYSTONE_DEFAULT_ROLEsettings are correct for your environment. (They should be correct unless you modified your OpenStack server to change them.)
Install Castellan UI with all dependencies in your virtual environment:
. horizon_dev/bin/activate
pip install -e ../castellan-ui/And enable it in Horizon (use full paths instead of relative paths):
ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_94_project_key_manager_symmetric_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_95_project_key_manager_opaque_data_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_96_project_key_manager_passphrase_panel.py openstack_dashboard/local/enabledTo run horizon with the newly enabled Castellan UI plugin run:
python manage.py runserver -- 0.0.0.0:8080to have the application start on port 8080 and the horizon dashboard will be available in your browser at http://localhost:8080/
Troubleshooting Tips
If you are using Barbican plugin for Castellan, be sure to note that Barbican requires the 'admin' or 'creator' role be assigned to a user before the user can list or create key manager objects. The error message that appears if this is not the case is as follows:
Could not list objects: Key manager error: Forbidden: Secret(s) retrieval attempt not allowed - please review your user/project privilegesTo add the appropriate role for a non-admin user, use the following command (as an admin) :
openstack role add --user <username> --project <project name> creatorSee Also
- Castellan: https://github.com/openstack/castellan
- Barbican: https://github.com/openstack/barbican
- Vault: https://github.com/hashicorp/vault
- PyKMIP: https://github.com/OpenKMIP/PyKMIP