Adventures of a Small Time OpenStack Sysadmin relate the experience of converting a small VMware cluster into two small OpenStack clusters, and the adventures and friends I made along the way.
Adventures of a Small Time OpenStack Sysadmin Chapter 013 - OpenStack Barbican Key Management Service
https://docs.openstack.org/barbican/yoga/install/
Barbican is a pretty cool idea. Take a large number of physical crypto storage hardware solutions, or even just a plain text file, and wrap it with all the Keystone access control stuff WRT users and projects. My experience, so far, is it works very well.
Note that I configured with "enabled_secretstore_plugins = store_crypto" which just uses the crypto.simple software only crypto system. Still better than nothing.
The hand installed Barbican following the official installation guides came up with secret HREF uris listing localhost instead of a real IP address, which is weird, later on the Kolla-Ansible installation of Barbican worked perfectly out of the box, although that's getting way ahead of the story.
To test the hand installed Barbican I wrote some testing scripts. Later those were modified for a Kolla-Ansible installation, but they may still be useful for a hand installation, and can be found here at this public GitLab repository:
https://gitlab.com/SpringCitySolutionsLLC/openstack-scripts/-/tree/master/demos/barbican
As of writing this blogpost I have not written demonstration scripts for Barbican's Container functions or its Consumer functions, although I probably will sooner or later.
Stay tuned for the next chapter!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.