安裝barbican

1.準備數據庫

mysql -uroot -p

CREATE DATABASE barbican;

GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'P1ssw0rd';

GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'P1ssw0rd';

2.創建用戶，並將用戶加入到service項目中，並賦予admin權限

openstack user create --domain default --password-prompt barbican

openstack role add --project service --user barbican admin

#密碼是：P@ssw0rd

3.創建creator角色並賦予給barbican用戶

openstack role create creator

openstack role add --project service --user barbican creator

4.創建barbican服務實體和對應的API

openstack service create --name barbican --description "Key Manager" key-manager

openstack endpoint create --region RegionOne key-manager public http://controller:9311

openstack endpoint create --region RegionOne key-manager internal http://controller:9311

openstack endpoint create --region RegionOne key-manager admin http://controller:9311

5.安裝barbican組件

yum -y install openstack-barbican-api

6.修改配置文件

openstack-config --set /etc/barbican/barbican.conf DEFAULT sql_connection mysql+pymysql://barbican:P1ssw0rd@controller/barbican

openstack-config --set /etc/barbican/barbican.conf DEFAULT db_auto_create false

openstack-config --set /etc/barbican/barbican.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/barbican/barbican.conf DEFAULT transport_url rabbit://openstack:openstack@controller

openstack-config --set /etc/barbican/barbican.conf DEFAULT auth_type keystone

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_url http://controller:5000

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken memcached_servers controller:11211

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_type password

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_version 3

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_domain_name Default

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken user_domain_name Default

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_name service

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken username barbican

openstack-config --set /etc/barbican/barbican.conf keystone_authtoken password P@ssw0rd

7.同步數據庫

su -s /bin/sh -c "barbican-manage db upgrade" barbican

8.創建http啓動配置

vi /etc/httpd/conf.d/wsgi-barbican.conf

<VirtualHost [::1]:9311>

ServerName controller

## Logging

ErrorLog "/var/log/httpd/barbican_wsgi_main_error_ssl.log"

LogLevel debug

ServerSignature Off

CustomLog "/var/log/httpd/barbican_wsgi_main_access_ssl.log" combined

WSGIApplicationGroup %{GLOBAL}

WSGIDaemonProcess barbican-api display-name=barbican-api group=barbican processes=2 threads=8 user=barbican

WSGIProcessGroup barbican-api

WSGIScriptAlias / "/usr/lib/python2.7/site-packages/barbican/api/app.wsgi"

WSGIPassAuthorization On

</VirtualHost>

9.重啓http以便加載barbican組件

systemctl restart httpd.service

systemctl status httpd.service