OpenStack Barbican Pike版本安装使用

以下操作不做特殊说明均在控制节点执行

1 RPM包安装

控制节点:
openstack-barbican-common-5.0.0-1.el7.noarch
openstack-barbican-5.0.0-1.el7.noarch
python2-barbicanclient-4.5.2-1.el7.noarch
openstack-barbican-worker-5.0.0-1.el7.noarch
openstack-barbican-api-5.0.0-1.el7.noarch
python-barbican-5.0.0-1.el7.noarch

计算节点:
python2-barbicanclient-4.5.2-1.el7.noarch

2 创建OpenStack账户和数据库

  openstack service create --name "barbican" key-manager --description "Barbican Key Management Service"
  openstack endpoint create --region RegionOne --publicurl "http://xxx.xxx.xxx.xxx:9311" --adminurl "http://xxx.xxx.xxx.xxx:9311" --internalurl "http://xxx.xxx.xxx.xxx:9311" key-manager
  openstack user create --password barbican barbican
  openstack role add --project services --user barbican admin
CREATE DATABASE barbican; 
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'barbican'; 
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'barbican';

3 barbican配置修改

修改/etc/barbican/barbican-functional.conf

[identity]
uri=http://xxx.xxx.xxx.xxx:5000/v2.0

修改/etc/barbican/barbican.conf

[DEFAULT]
host_href = http://xxx.xxx.xxx.xxx:9311
log_file = /var/log/barbican/api.log

[keystone_authtoken]
admin_password = barbican
admin_user = barbican
admin_tenant_name = services
identity_uri = http://xxx.xxx.xxx.xxx:35357
auth_version = v3.0

4 启动服务

systemctl start openstack-barbican-api.service
systemctl start openstack-barbican-worker.service
到此步骤barbican安装完成

5 启用barbican作为密钥存储后端

启用barbican作为密钥存储后端需要修改cinder和nova的配置

修改/etc/cinder/cinder.conf
[KEYMGR]
api_class = cinder.keymgr.barbican.BarbicanKeyManager
修改/etc/nova/nova.conf (计算节点修改)
[keymgr]
api_class = nova.keymgr.barbican.BarbicanKeyManager
[barbican]
endpoint_template=v1

启动服务
systemctl start openstack-barbican-api.service
systemctl restart openstack-cinder-volume.service
systemctl restart openstack-nova-compute.service (计算节点执行)

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
以下是 OpenStack Barbican Pike 的配置步骤: 1.安装Barbican ``` sudo apt-get install -y barbican-api barbican-worker python-barbicanclient ``` 2.配置数据库 编辑 /etc/barbican/barbican.conf 文件,将数据库的连接信息配置为: ``` [database] connection = mysql+pymysql://barbican:BARBICAN_DBPASS@controller/barbican ``` 3.配置消息队列 编辑 /etc/barbican/barbican.conf 文件,将消息队列的连接信息配置为: ``` [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller ``` 4.配置认证服务 编辑 /etc/barbican/barbican.conf 文件,将认证服务的连接信息配置为: ``` [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = barbican password = BARBICAN_PASS ``` 5.配置SSL/TLS 编辑 /etc/barbican/barbican.conf 文件,将 SSL/TLS 的证书和密钥路径配置为: ``` [ssl] enable = True certfile = /etc/barbican/certs/barbican.crt keyfile = /etc/barbican/certs/barbican.key ca_certs = /etc/barbican/certs/ca.crt ``` 6.配置日志 编辑 /etc/barbican/barbican.conf 文件,将日志的路径和级别配置为: ``` [DEFAULT] log_dir = /var/log/barbican log_file = barbican.log log_level = INFO ``` 7.重启服务 重启 Barbican 服务: ``` sudo service barbican-api restart sudo service barbican-worker restart ``` 这样,你就完成了 OpenStack Barbican Pike 的配置。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值