openstack/barbican
Code Issues Proposed changes
31754b8518
barbican/doc/source/install/common_prerequisites.rst
Andreas Jaeger b86d6b5660 move documentation into the new standard layout 
This change moves existing files.
It is not meant to be the final word on how the main page looks or how the
other files are organized, but it gets everything roughly into shape. If
the barbican team wants to make changes, please do those as follow-up patches.

Note this does not touch the api directory, this one needs to be
migrated to the api-ref.

This is part of the docs migration work for Pike.

Change-Id: Ibb9d971806964ac185882272514ee9563089d69d
2017-06-30 20:12:52 +02:00

2.2 KiB
Raw Blame History

Prerequisites

Before you install and configure the Key Manager service, you must create a database, service credentials, and API endpoints.

  1. To create the database, complete these steps:

    • Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p

    • Create the barbican database:

      CREATE DATABASE barbican;

    • Grant proper access to the barbican database:

      GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' \
  IDENTIFIED BY 'BARBICAN_DBPASS';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' \
  IDENTIFIED BY 'BARBICAN_DBPASS';

      Replace BARBICAN_DBPASS with a suitable password.

    • Exit the database access client.

      exit;

  2. Source the admin credentials to gain access to admin-only CLI commands:

    $ source admin-openrc

  3. To create the service credentials, complete these steps:

    • Create the barbican user:

      $ openstack user create --domain default --password-prompt barbican

    • Add the admin role to the barbican user:

      $ openstack role add --project service --user barbican admin

    • Create the creator role:

      $ openstack role create creator

    • Add the creator role to the barbican user:

      $ openstack role add --project service --user barbican creator

    • Create the barbican service entities:

      $ openstack service create --name barbican --description "Key Manager" key-manager

  4. Create the Key Manager service API endpoints:

    $ openstack endpoint create --region RegionOne \
  key-manager public http://controller:9311
$ openstack endpoint create --region RegionOne \
  key-manager internal http://controller:9311
$ openstack endpoint create --region RegionOne \
  key-manager admin http://controller:9311