Basic barbican configuration Usual suspects: - database - keystone - messaging Services: - apache web site for api's - worker - keystone-listener Barbican: - Crypto plugins configuration fragments - Support multiple stores Add some information to README Change-Id: Ie58a0daf318c99ea0e41c3c9dd5fcc450f356276

commit: 1ff6f5645c3c754638c92bbfe75e62e1b5321541 [log] [tgz]
author: Petr Jediný <petr.jediny@gmail.com> Wed Aug 09 14:38:09 2017 +0200
committer: Petr Jediný <petr.jediny@gmail.com> Wed Aug 23 15:13:41 2017 +0200
tree: 8523f5427caa9f8eda6068a45166e2d7445b3f59
parent: dd6387a58aa178fdb14b5ec394a646952758c48b [diff]
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index ca23e30..73a690e 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml

@@ -3,8 +3,53 @@
 classes:
 - service.barbican.support
 parameters:
+  _param:
+    keystone_barbican_endpoint_type: internalURL
   barbican:
     server:
       enabled: true
+      version: ${_param:barbican_version}
+      region: ${_param:openstack_region}
+      host_href: ''
+      is_proxied: true
       bind:
-        address: 0.0.0.0
+        address: ${_param:cluster_local_address}
+        port: 9311
+        admin_port: 9312
+      database:
+        engine: "mysql+pymysql"
+        host: ${_param:cluster_vip_address}
+        port: 3306
+        name: barbican
+        user: barbican
+        password: ${_param:mysql_barbican_password}
+      identity:
+        engine: keystone
+        host: ${_param:cluster_vip_address}
+        port: 35357
+        domain: default
+        tenant: service
+        user: barbican
+        password: ${_param:keystone_barbican_password}
+        endpoint_type: ${_param:keystone_barbican_endpoint_type}
+      message_queue:
+        engine: rabbitmq
+        user: openstack
+        password: ${_param:rabbitmq_openstack_password}
+        virtual_host: '/openstack'
+        members:
+        - host: ${_param:openstack_message_queue_node01_address}
+          port: 5672
+        - host: ${_param:openstack_message_queue_node02_address}
+          port: 5672
+        - host: ${_param:openstack_message_queue_node03_address}
+          port: 5672
+      cache:
+        members:
+        - host: ${_param:openstack_control_node01_address}
+          port: 11211
+        - host: ${_param:openstack_control_node02_address}
+          port: 11211
+        - host: ${_param:openstack_control_node03_address}
+          port: 11211
+

diff --git a/metadata/service/server/plugin/dogtag.yml b/metadata/service/server/plugin/dogtag.yml
new file mode 100644
index 0000000..5979258
--- /dev/null
+++ b/metadata/service/server/plugin/dogtag.yml

@@ -0,0 +1,16 @@
+parameters:
+  _param:
+    barbican_dogtag_host: localhost
+    barbican_dogtag_simple_cmc_profile: 'caOtherCert'
+  barbican:
+    server:
+      plugin:
+        dogtag:
+          dogtag_host: ${_param:barbican_dogtag_host}
+          dogtag_port: 8433
+          nss_db_path: '/etc/barbican/alias'
+          nss_db_path_ca: '/etc/barbican/alias-ca'
+          nss_password: "${_param:barbican_dogtag_nss_password}"
+          simple_cmc_profile: "${_param:barbican_dogtag_simple_cmc_profile}"
+          ca_expiration_time: 1
+          plugin_working_dir: '/etc/barbican/dogtag'

diff --git a/metadata/service/server/plugin/kmip.yml b/metadata/service/server/plugin/kmip.yml
new file mode 100644
index 0000000..b0ac108
--- /dev/null
+++ b/metadata/service/server/plugin/kmip.yml

@@ -0,0 +1,18 @@
+parameters:
+  _param:
+    barbican_kmip_username: admin
+    barbican_kmip_host: localhost
+    barbican_kmip_keyfile: '/etc/barbican/kmip/cert.key'
+    barbican_kmip_certfile: '/etc/barbican/kmip/cert.crt'
+    barbican_kmip_ca_certs: '/etc/barbican/kmip/LocalCA.crt'
+  barbican:
+    server:
+      plugin:
+        kmip:
+          username: "${_param:barbican_kmip_username}"
+          password: "${_param:barbican_kmip_password}"
+          host: ${_param:barbican_kmip_host}
+          port: 5696
+          keyfile: "${_param:barbican_kmip_keyfile}"
+          certfile: "${_param:barbican_kmip_certfile}"
+          ca_certs: "${_param:barbican_kmip_ca_certs}"

diff --git a/metadata/service/server/plugin/p11_crypto.yml b/metadata/service/server/plugin/p11_crypto.yml
new file mode 100644
index 0000000..394c094
--- /dev/null
+++ b/metadata/service/server/plugin/p11_crypto.yml

@@ -0,0 +1,12 @@
+parameters:
+  _param:
+    barbican_p11crypto_mkek_length: 32
+  barbican:
+    server:
+      plugin:
+        p11_crypto:
+          library_path: '/usr/lib/libCryptoki2_64.so'
+          login: ${_param:barbican_p11crypto_login}
+          mkek_label: ${_param:barbican_p11crypto_mkek_label}
+          mkek_length: ${_param:barbican_p11crypto_mkek_length}
+          hmac_label: ${_param:barbican_p11crypto_hmac_label}

diff --git a/metadata/service/server/plugin/simple_crypto.yml b/metadata/service/server/plugin/simple_crypto.yml
new file mode 100644
index 0000000..65ff497
--- /dev/null
+++ b/metadata/service/server/plugin/simple_crypto.yml

@@ -0,0 +1,6 @@
+parameters:
+  barbican:
+    server:
+      plugin:
+        simple_crypto:
+          kek: ${_param:barbican_simple_crypto_kek}
\ No newline at end of file

diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index ca23e30..91d1b2f 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml

@@ -3,8 +3,44 @@
 classes:
 - service.barbican.support
 parameters:
+  _param:
+    keystone_barbican_endpoint_type: internalURL
   barbican:
     server:
       enabled: true
+      version: ${_param:barbican_version}
+      region: ${_param:openstack_region}
+      host_href: ''
+      is_proxied: false
       bind:
-        address: 0.0.0.0
+        address: ${_param:single_address}
+        port: 9311
+        admin_port: 9312
+      database:
+        engine: "mysql+pymysql"
+        host: ${_param:single_address}
+        port: 3306
+        name: barbican
+        user: barbican
+        password: ${_param:mysql_barbican_password}
+      identity:
+        engine: keystone
+        host: ${_param:single_address}
+        port: 35357
+        domain: default
+        tenant: service
+        user: barbican
+        password: ${_param:keystone_barbican_password}
+        endpoint_type: ${_param:keystone_barbican_endpoint_type}
+      message_queue:
+        engine: rabbitmq
+        host: ${_param:single_address}
+        port: 5672
+        user: openstack
+        password: ${_param:rabbitmq_openstack_password}
+        virtual_host: '/openstack'
+      cache:
+        members:
+        - host: ${_param:single_address}
+          port: 11211
+
commit	1ff6f5645c3c754638c92bbfe75e62e1b5321541	[log] [tgz]
author	Petr Jediný <petr.jediny@gmail.com>	Wed Aug 09 14:38:09 2017 +0200
committer	Petr Jediný <petr.jediny@gmail.com>	Wed Aug 23 15:13:41 2017 +0200
tree	8523f5427caa9f8eda6068a45166e2d7445b3f59
parent	dd6387a58aa178fdb14b5ec394a646952758c48b [diff]