Add Barbican Verification to Install Guide

Adds the verification of operation for the Barbican Key Manager
Service to the install-guide.

Change-Id: Ie4723acdee590fc61a52a352ac57a50cf71534ce
This commit is contained in:
Fernando Diaz 2016-08-28 06:17:05 +00:00
parent 75dcd99562
commit 20ffc77b60
2 changed files with 58 additions and 7 deletions

View File

@ -10,7 +10,9 @@ Key Manager service
verify.rst
next-steps.rst
The Key Manager service (barbican) provides...
The Key Manager service (barbican) provides secure storage, provisioning and
management of secret data. This includes keying material such as symmetric
keys, asymmetric keys, certificates and raw binary data.
This chapter assumes a working setup of OpenStack following the
`OpenStack Installation Tutorial <http://docs.openstack.org/#install-guides>`_.

View File

@ -3,22 +3,71 @@
Verify operation
~~~~~~~~~~~~~~~~
Verify operation of the Key Manager service.
Verify operation of the Key Manager (barbican) service.
.. note::
Perform these commands on the controller node.
#. Source the ``admin`` project credentials to gain access to
admin-only CLI commands:
#. Source the ``admin`` credentials to be able to perform Barbican
API calls:
.. code-block:: console
$ . admin-openrc
#. List service components to verify successful launch and registration
of each process:
#. Use the OpenStack CLI to store a secret:
.. code-block:: console
$ openstack key manager service list
$ openstack secret store --name mysecret --payload j4=]d21
+---------------+-----------------------------------------------------------------------+
| Field | Value |
+---------------+-----------------------------------------------------------------------+
| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
| Name | mysecret |
| Created | None |
| Status | None |
| Content types | None |
| Algorithm | aes |
| Bit length | 256 |
| Secret type | opaque |
| Mode | cbc |
| Expiration | None |
+---------------+-----------------------------------------------------------------------+
#. Confirm that the secret was stored by retrieving it:
.. code-block:: console
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
+---------------+-----------------------------------------------------------------------+
| Field | Value |
+---------------+-----------------------------------------------------------------------+
| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
| Name | mysecret |
| Created | 2016-08-16 16:04:10+00:00 |
| Status | ACTIVE |
| Content types | {u'default': u'application/octet-stream'} |
| Algorithm | aes |
| Bit length | 256 |
| Secret type | opaque |
| Mode | cbc |
| Expiration | None |
+---------------+-----------------------------------------------------------------------+
.. note::
Some items are populated after the secret has been created and will only
display when retrieving it.
#. Confirm that the secret payload was stored by retrieving it:
.. code-block:: console
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
+---------+---------+
| Field | Value |
+---------+---------+
| Payload | j4=]d21 |
+---------+---------+