commit 1ff6f5645c3c754638c92bbfe75e62e1b5321541
author Petr Jediný <petr.jediny@gmail.com> Wed Aug 09 14:38:09 2017 +0200
committer Petr Jediný <petr.jediny@gmail.com> Wed Aug 23 15:13:41 2017 +0200
tree 8523f5427caa9f8eda6068a45166e2d7445b3f59
parent dd6387a58aa178fdb14b5ec394a646952758c48b

Basic barbican configuration

Usual suspects:
- database
- keystone
- messaging

Services:
- apache web site for api's
- worker
- keystone-listener

Barbican:
- Crypto plugins configuration fragments
- Support multiple stores

Add some information to README

Change-Id: Ie58a0daf318c99ea0e41c3c9dd5fcc450f356276

metadata/service/server/plugin/dogtag.yml

diff --git a/metadata/service/server/plugin/dogtag.yml b/metadata/service/server/plugin/dogtag.yml
new file mode 100644
index 0000000..5979258
--- /dev/null
+++ b/metadata/service/server/plugin/dogtag.yml
@@ -0,0 +1,16 @@
+parameters:
+  _param:
+    barbican_dogtag_host: localhost
+    barbican_dogtag_simple_cmc_profile: 'caOtherCert'
+  barbican:
+    server:
+      plugin:
+        dogtag:
+          dogtag_host: ${_param:barbican_dogtag_host}
+          dogtag_port: 8433
+          nss_db_path: '/etc/barbican/alias'
+          nss_db_path_ca: '/etc/barbican/alias-ca'
+          nss_password: "${_param:barbican_dogtag_nss_password}"
+          simple_cmc_profile: "${_param:barbican_dogtag_simple_cmc_profile}"
+          ca_expiration_time: 1
+          plugin_working_dir: '/etc/barbican/dogtag'

metadata/service/server/plugin/kmip.yml

diff --git a/metadata/service/server/plugin/kmip.yml b/metadata/service/server/plugin/kmip.yml
new file mode 100644
index 0000000..b0ac108
--- /dev/null
+++ b/metadata/service/server/plugin/kmip.yml
@@ -0,0 +1,18 @@
+parameters:
+  _param:
+    barbican_kmip_username: admin
+    barbican_kmip_host: localhost
+    barbican_kmip_keyfile: '/etc/barbican/kmip/cert.key'
+    barbican_kmip_certfile: '/etc/barbican/kmip/cert.crt'
+    barbican_kmip_ca_certs: '/etc/barbican/kmip/LocalCA.crt'
+  barbican:
+    server:
+      plugin:
+        kmip:
+          username: "${_param:barbican_kmip_username}"
+          password: "${_param:barbican_kmip_password}"
+          host: ${_param:barbican_kmip_host}
+          port: 5696
+          keyfile: "${_param:barbican_kmip_keyfile}"
+          certfile: "${_param:barbican_kmip_certfile}"
+          ca_certs: "${_param:barbican_kmip_ca_certs}"

metadata/service/server/plugin/p11_crypto.yml

diff --git a/metadata/service/server/plugin/p11_crypto.yml b/metadata/service/server/plugin/p11_crypto.yml
new file mode 100644
index 0000000..394c094
--- /dev/null
+++ b/metadata/service/server/plugin/p11_crypto.yml
@@ -0,0 +1,12 @@
+parameters:
+  _param:
+    barbican_p11crypto_mkek_length: 32
+  barbican:
+    server:
+      plugin:
+        p11_crypto:
+          library_path: '/usr/lib/libCryptoki2_64.so'
+          login: ${_param:barbican_p11crypto_login}
+          mkek_label: ${_param:barbican_p11crypto_mkek_label}
+          mkek_length: ${_param:barbican_p11crypto_mkek_length}
+          hmac_label: ${_param:barbican_p11crypto_hmac_label}

metadata/service/server/plugin/simple_crypto.yml

diff --git a/metadata/service/server/plugin/simple_crypto.yml b/metadata/service/server/plugin/simple_crypto.yml
new file mode 100644
index 0000000..65ff497
--- /dev/null
+++ b/metadata/service/server/plugin/simple_crypto.yml
@@ -0,0 +1,6 @@
+parameters:
+  barbican:
+    server:
+      plugin:
+        simple_crypto:
+          kek: ${_param:barbican_simple_crypto_kek}
\ No newline at end of file