安装barbican

1.准备数据库

mysql -uroot -p

CREATE DATABASE barbican;

GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'P1ssw0rd';

GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'P1ssw0rd';

2.创建用户，并将用户加入到service项目中，并赋予admin权限

openstack user create --domain default --password-prompt barbican

openstack role add --project service --user barbican admin

#密码是：P@ssw0rd

3.创建creator角色并赋予给barbican用户

openstack role create creator

openstack role add --project service --user barbican creator

4.创建barbican服务实体和对应的API

openstack service create --name barbican --description "Key Manager" key-manager

openstack endpoint create --region RegionOne key-manager public http://controller:9311

openstack endpoint create --region RegionOne key-manager internal http://controller:9311

openstack endpoint create --region RegionOne key-manager admin http://controller:9311

5.安装barbican组件

yum -y install openstack-barbican-api

6.修改配置文件

openstack-config --set /etc/barbican/barbican.conf DEFAULT sql_connection mysql+pymysql://barbican:P1ssw0rd@controller/barbican

openstack-config --set /etc/barbican/barbican.conf DEFAULT db_auto_create false

openstack-config --set /etc/barbican/barbican.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/barbican/barbican.conf DEFAULT transport_url rabbit://openstack:openstack@controller

openstack-config --set /etc/barbican/barbican.conf DEFAULT auth_type keystone

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_url http://controller:5000

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken memcached_servers controller:11211

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_type password

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_version 3

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_domain_name Default

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken user_domain_name Default

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_name service

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken username barbican

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken password P@ssw0rd

7.同步数据库

su -s /bin/sh -c "barbican-manage db upgrade" barbican

8.创建http启动配置

vi /etc/httpd/conf.d/wsgi-barbican.conf

<VirtualHost [::1]:9311>

ServerName controller

## Logging

ErrorLog "/var/log/httpd/barbican_wsgi_main_error_ssl.log"

LogLevel debug

ServerSignature Off

CustomLog "/var/log/httpd/barbican_wsgi_main_access_ssl.log" combined

WSGIApplicationGroup %{GLOBAL}

WSGIDaemonProcess barbican-api display-name=barbican-api group=barbican processes=2 threads=8 user=barbican

WSGIProcessGroup barbican-api

WSGIScriptAlias / "/usr/lib/python2.7/site-packages/barbican/api/app.wsgi"

WSGIPassAuthorization On

</VirtualHost>

9.重启http以便加载barbican组件

systemctl restart httpd.service

systemctl status httpd.service