Basic barbican configuration
Usual suspects:
- database
- keystone
- messaging
Services:
- apache web site for api's
- worker
- keystone-listener
Barbican:
- Crypto plugins configuration fragments
- Support multiple stores
Add some information to README
Change-Id: Ie58a0daf318c99ea0e41c3c9dd5fcc450f356276
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 158f565..d438e3d 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -1,48 +1,84 @@
-nova:
- controller:
+barbican:
+ server:
enabled: true
- networking: default
- version: liberty
- vncproxy_url: 127.0.0.1
- security_group: false
- dhcp_domain: novalocal
- scheduler_default_filters: "DifferentHostFilter,RetryFilter,AvailabilityZoneFilter,RamFilter,CoreFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter"
- cpu_allocation_ratio: 16.0
- ram_allocation_ratio: 1.5
- bind:
- private_address: 127.0.0.1
- public_address: 127.0.0.1
- public_name: 127.0.0.1
- novncproxy_port: 6080
+ version: ocata
+ host_href: ''
+ is_proxied: true
+ plugin:
+ simple_crypto:
+ kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
+ p11_crypto:
+ library_path: '/usr/lib/libCryptoki2_64.so'
+ login: 'mypassword'
+ mkek_label: 'an_mkek'
+ mkek_length: 32
+ hmac_label: 'my_hmac_label'
+ kmip:
+ username: 'admin'
+ password: 'password'
+ host: localhost
+ port: 5696
+ keyfile: '/path/to/certs/cert.key'
+ certfile: '/path/to/certs/cert.crt'
+ ca_certs: '/path/to/certs/LocalCA.crt'
+ dogtag:
+ pem_path: '/etc/barbican/kra_admin_cert.pem'
+ dogtag_host: localhost
+ dogtag_port: 8433
+ nss_db_path: '/etc/barbican/alias'
+ nss_db_path_ca: '/etc/barbican/alias-ca'
+ nss_password: 'password123'
+ simple_cmc_profile: 'caOtherCert'
+ ca_expiration_time: 1
+ plugin_working_dir: '/etc/barbican/dogtag'
+ store:
+ software:
+ crypto_plugin: simple_crypto
+ store_plugin: store_crypto
+ global_default: True
+ kmip:
+ store_plugin: kmip_plugin
+ dogtag:
+ store_plugin: dogtag_plugin
+ pkcs11:
+ store_plugin: store_crypto
+ crypto_plugin: p11_crypto
database:
- engine: mysql
- host: 127.0.0.1
+ engine: "mysql+pymysql"
+ host: 10.0.106.20
port: 3306
- name: nova
- user: nova
+ name: barbican
+ user: barbican
password: password
+ bind:
+ address: 10.0.106.20
+ port: 9311
+ admin_port: 9312
identity:
engine: keystone
- host: 127.0.0.1
+ host: 10.0.106.20
port: 35357
- user: nova
- password: password
+ domain: default
tenant: service
+ user: barbican
+ password: password
message_queue:
engine: rabbitmq
- host: 127.0.0.1
- port: 5672
user: openstack
password: password
virtual_host: '/openstack'
- ha_queues: true
- glance:
- host:
- port: 9292
- network:
- engine: neutron
- host: 127.0.0.1
- port: 9696
- mtu: 1500
- metadata:
- password: metadata
+ members:
+ - host: 10.10.10.10
+ port: 5672
+ - host: 10.10.10.11
+ port: 5672
+ - host: 10.10.10.12
+ port: 5672
+ cache:
+ members:
+ - host: 10.10.10.10
+ port: 11211
+ - host: 10.10.10.11
+ port: 11211
+ - host: 10.10.10.12
+ port: 11211