1.準備數據庫
mysql -uroot -p
CREATE DATABASE barbican;
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' IDENTIFIED BY 'P1ssw0rd';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' IDENTIFIED BY 'P1ssw0rd';
2.創建用戶,並將用戶加入到service項目中,並賦予admin權限
openstack user create --domain default --password-prompt barbican
openstack role add --project service --user barbican admin
#密碼是:P@ssw0rd
3.創建creator角色並賦予給barbican用戶
openstack role create creator
openstack role add --project service --user barbican creator
4.創建barbican服務實體和對應的API
openstack service create --name barbican --description "Key Manager" key-manager
openstack endpoint create --region RegionOne key-manager public http://controller:9311
openstack endpoint create --region RegionOne key-manager internal http://controller:9311
openstack endpoint create --region RegionOne key-manager admin http://controller:9311
5.安裝barbican組件
yum -y install openstack-barbican-api
6.修改配置文件
openstack-config --set /etc/barbican/barbican.conf DEFAULT sql_connection mysql+pymysql://barbican:P1ssw0rd@controller/barbican
openstack-config --set /etc/barbican/barbican.conf DEFAULT db_auto_create false
openstack-config --set /etc/barbican/barbican.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/barbican/barbican.conf DEFAULT transport_url rabbit://openstack:openstack@controller
openstack-config --set /etc/barbican/barbican.conf DEFAULT auth_type keystone
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_type password
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken auth_version 3
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken project_name service
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken username barbican
openstack-config --set /etc/barbican/barbican.conf keystone_authtoken password P@ssw0rd
7.同步數據庫
su -s /bin/sh -c "barbican-manage db upgrade" barbican
8.創建http啓動配置
vi /etc/httpd/conf.d/wsgi-barbican.conf
<VirtualHost [::1]:9311>
ServerName controller
## Logging
ErrorLog "/var/log/httpd/barbican_wsgi_main_error_ssl.log"
LogLevel debug
ServerSignature Off
CustomLog "/var/log/httpd/barbican_wsgi_main_access_ssl.log" combined
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess barbican-api display-name=barbican-api group=barbican processes=2 threads=8 user=barbican
WSGIProcessGroup barbican-api
WSGIScriptAlias / "/usr/lib/python2.7/site-packages/barbican/api/app.wsgi"
WSGIPassAuthorization On
</VirtualHost>
9.重啓http以便加載barbican組件
systemctl restart httpd.service
systemctl status httpd.service