83d36f4641
A breaking change to the paste.ini was introduced in git commit
3b20d84312 where the main app was
renamed from "apiapp" to "apiapp_v1".
This was an unnecessary change that would force deployers to rewrite
their configuration files, which may include changes to configuration
management systems.
This change reverts the incompatible name change so that operators are
able to upgrade from Kilo to Liberty witouth having to rewrite their
paste file.
Change-Id: If3dc7060ae5ea6d427c3a1e9989fa1e17a469db7
1.7 KiB
1.7 KiB
Using Keystone Middleware with Barbican
Prerequisites
To enable Keystone integration with Barbican you'll need a relatively current version of Keystone. If you don't have an instance of Keystone available, you can use one of the following ways to setup your own.
Hooking up Barbican to Keystone
Assuming that you've already setup your Keystone instance, connecting Barbican to Keystone is quite simple. When completed, Barbican should require a valid X-Auth-Token to be provided with all API calls except the get version call.
Turn off any active instances of Barbican
Edit
/etc/barbican/barbican-api-paste.ini- Replace the
barbican_apipipeline with an authenticated pipeline
[pipeline:barbican_api] pipeline = keystone_authtoken context apiapp- Replace
keystone_authtokenfilter values to match your Keystone setup
[filter:keystone_authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory signing_dir = /tmp/barbican/cache identity_uri = http://{YOUR_KEYSTONE_ENDPOINT}:35357 admin_tenant_name = service admin_user = {YOUR_KEYSTONE_USERNAME} admin_password = {YOUR_KEYSTONE_PASSWORD} auth_version = v2.0- Replace the
Start Barbican
{barbican_home}/bin/barbican.sh start