openstack/barbican
Code Issues Proposed changes
1cda8e0e06
barbican/install-guide/source/common_configure.rst
Jeremy Liu 61aa385e80 Correct configuration of db connection 
Change-Id: I314874866e725cf982a229cfebdffc7b3aa47a03
Closes-bug: #1655323
Closes-bug: #1654402
2017-01-18 15:13:19 +08:00

2.6 KiB
Raw Blame History

  1. Edit the /etc/barbican/barbican.conf file and complete the following actions:

    • In the [DEFAULT] section, configure database access:

      [DEFAULT]
...
sql_connection = mysql+pymysql://barbican:BARBICAN_DBPASS@controller/barbican

      Replace BARBICAN_DBPASS with the password you chose for the Key Manager service database.

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = barbican
password = BARBICAN_PASS

      Replace BARBICAN_PASS with the password you chose for the barbican user in the Identity service.

      Note

      Comment out or remove any other options in the [keystone_authtoken] section.

  2. Edit the /etc/barbican/barbican-api-paste.ini file and complete the following actions:

    • In the [pipeline:barbican_api] section, configure the pipeline to use the Identity Service auth token.

      [pipeline:barbican_api]
pipeline = cors authtoken context apiapp

  3. Populate the Key Manager service database:

    The Key Manager service database will be automatically populated when the service is first started. To prevent this, and run the database sync manually, edit the /etc/barbican/barbican.conf file and set db_auto_create in the [DEFAULT] section to False.

    Then populate the database as below:

    $ su -s /bin/sh -c "barbican-manage db upgrade" barbican

    Note

    Ignore any deprecation messages in this output.

  4. Barbican has a plugin architecture which allows the deployer to store secrets in a number of different back-end secret stores. By default, Barbican is configured to store secrets in a basic file-based keystore. This key store is NOT safe for production use.

    For a list of supported plugins and detailed instructions on how to configure them, see barbican_backend