OpenStack Barbican Pike版本安装使用

以下操作不做特殊说明均在控制节点执行

1 RPM包安装

控制节点：
openstack-barbican-common-5.0.0-1.el7.noarch
openstack-barbican-5.0.0-1.el7.noarch
python2-barbicanclient-4.5.2-1.el7.noarch
openstack-barbican-worker-5.0.0-1.el7.noarch
openstack-barbican-api-5.0.0-1.el7.noarch
python-barbican-5.0.0-1.el7.noarch

计算节点：
python2-barbicanclient-4.5.2-1.el7.noarch

2 创建OpenStack账户和数据库

  openstack service create --name "barbican" key-manager --description "Barbican Key Management Service"
  openstack endpoint create --region RegionOne --publicurl "http://xxx.xxx.xxx.xxx:9311" --adminurl "http://xxx.xxx.xxx.xxx:9311" --internalurl "http://xxx.xxx.xxx.xxx:9311" key-manager
  openstack user create --password barbican barbican
  openstack role add --project services --user barbican admin

CREATE DATABASE barbican; 
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'barbican'; 
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'barbican';

3 barbican配置修改

修改/etc/barbican/barbican-functional.conf

[identity]
uri=http://xxx.xxx.xxx.xxx:5000/v2.0

修改/etc/barbican/barbican.conf

[DEFAULT]
host_href = http://xxx.xxx.xxx.xxx:9311
log_file = /var/log/barbican/api.log

[keystone_authtoken]
admin_password = barbican
admin_user = barbican
admin_tenant_name = services
identity_uri = http://xxx.xxx.xxx.xxx:35357
auth_version = v3.0

4 启动服务

systemctl start openstack-barbican-api.service
systemctl start openstack-barbican-worker.service
到此步骤barbican安装完成

5 启用barbican作为密钥存储后端

启用barbican作为密钥存储后端需要修改cinder和nova的配置

修改/etc/cinder/cinder.conf
[KEYMGR]
api_class = cinder.keymgr.barbican.BarbicanKeyManager
修改/etc/nova/nova.conf (计算节点修改)
[keymgr]
api_class = nova.keymgr.barbican.BarbicanKeyManager
[barbican]
endpoint_template=v1

启动服务
systemctl start openstack-barbican-api.service
systemctl restart openstack-cinder-volume.service
systemctl restart openstack-nova-compute.service (计算节点执行)