以下操作不做特殊说明均在控制节点执行
1 RPM包安装
控制节点:
openstack-barbican-common-5.0.0-1.el7.noarch
openstack-barbican-5.0.0-1.el7.noarch
python2-barbicanclient-4.5.2-1.el7.noarch
openstack-barbican-worker-5.0.0-1.el7.noarch
openstack-barbican-api-5.0.0-1.el7.noarch
python-barbican-5.0.0-1.el7.noarch
计算节点:
python2-barbicanclient-4.5.2-1.el7.noarch
2 创建OpenStack账户和数据库
openstack service create --name "barbican" key-manager --description "Barbican Key Management Service"
openstack endpoint create --region RegionOne --publicurl "http://xxx.xxx.xxx.xxx:9311" --adminurl "http://xxx.xxx.xxx.xxx:9311" --internalurl "http://xxx.xxx.xxx.xxx:9311" key-manager
openstack user create --password barbican barbican
openstack role add --project services --user barbican admin
CREATE DATABASE barbican;
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'barbican';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'barbican';
3 barbican配置修改
修改/etc/barbican/barbican-functional.conf
[identity]
uri=http://xxx.xxx.xxx.xxx:5000/v2.0
修改/etc/barbican/barbican.conf
[DEFAULT]
host_href = http://xxx.xxx.xxx.xxx:9311
log_file = /var/log/barbican/api.log
[keystone_authtoken]
admin_password = barbican
admin_user = barbican
admin_tenant_name = services
identity_uri = http://xxx.xxx.xxx.xxx:35357
auth_version = v3.0
4 启动服务
systemctl start openstack-barbican-api.service
systemctl start openstack-barbican-worker.service
到此步骤barbican安装完成
5 启用barbican作为密钥存储后端
启用barbican作为密钥存储后端需要修改cinder和nova的配置
修改/etc/cinder/cinder.conf
[KEYMGR]
api_class = cinder.keymgr.barbican.BarbicanKeyManager
修改/etc/nova/nova.conf (计算节点修改)
[keymgr]
api_class = nova.keymgr.barbican.BarbicanKeyManager
[barbican]
endpoint_template=v1
启动服务
systemctl start openstack-barbican-api.service
systemctl restart openstack-cinder-volume.service
systemctl restart openstack-nova-compute.service (计算节点执行)