安装barbican
1.准备数据库
mysql -uroot -p
CREATE DATABASE barbican;
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'P1ssw0rd';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'P1ssw0rd';
2.创建用户,并将用户加入到service项目中,并赋予admin权限
openstack user create --domain default --password-prompt barbican
openstack role add --project service --user barbican admin
#密码是:P@ssw0rd
3.创建creator角色并赋予给barbican用户
openstack role create creator
openstack role add --project service --user barbican creator
4.创建barbican服务实体和对应的API
openstack service create --name barbican --description "Key Manager" key-manager
openstack endpoint create --region RegionOne key-manager public http://controller:9311
openstack endpoint create --region RegionOne key-manager internal http://controller:9311
openstack endpoint create --region RegionOne key-manager admin http://controller:9311
5.安装barbican组件
yum -y install openstack-barbican-api
6.修改配置文件
openstack-config --set /etc/barbican/barbican.conf DEFAULT sql_connection mysql+pymysql://barbican:P1ssw0rd@controller/barbican
openstack-config --set /etc/barbican/barbican.conf DEFAULT db_auto_create false
openstack-config --set /etc/barbican/barbican.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/barbican/barbican.conf DEFAULT transport_url rabbit://openstack:openstack@controller
openstack-config --set /etc/barbican/barbican.conf DEFAULT auth_type keystone
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_type password
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_version 3
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_name service
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken username barbican
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken password P@ssw0rd
7.同步数据库
su -s /bin/sh -c "barbican-manage db upgrade" barbican
8.创建http启动配置
vi /etc/httpd/conf.d/wsgi-barbican.conf
<VirtualHost [::1]:9311>
ServerName controller
## Logging
ErrorLog "/var/log/httpd/barbican_wsgi_main_error_ssl.log"
LogLevel debug
ServerSignature Off
CustomLog "/var/log/httpd/barbican_wsgi_main_access_ssl.log" combined
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess barbican-api display-name=barbican-api group=barbican processes=2 threads=8 user=barbican
WSGIProcessGroup barbican-api
WSGIScriptAlias / "/usr/lib/python2.7/site-packages/barbican/api/app.wsgi"
WSGIPassAuthorization On
</VirtualHost>
9.重启http以便加载barbican组件
systemctl restart httpd.service
systemctl status httpd.service