Edit the
/etc/barbican/barbican.conffile and complete the following actions:In the
[DEFAULT]section, configure database access:[DEFAULT] ... sql_connection = mysql+pymysql://barbican:BARBICAN_DBPASS@controller/barbican
Replace
BARBICAN_DBPASSwith the password you chose for the Key Manager service database.In the
[DEFAULT]section, configureRabbitMQmessage queue access:[DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace
RABBIT_PASSwith the password you chose for theopenstackaccount inRabbitMQ.In the
[keystone_authtoken]section, configure Identity service access:[keystone_authtoken] ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = barbican password = BARBICAN_PASS
Replace
BARBICAN_PASSwith the password you chose for thebarbicanuser in the Identity service.Note
Comment out or remove any other options in the
[keystone_authtoken]section.
Populate the Key Manager service database:
The Key Manager service database will be automatically populated when the service is first started. To prevent this, and run the database sync manually, edit the
/etc/barbican/barbican.conffile and set db_auto_create in the[DEFAULT]section to False.Then populate the database as below:
$ su -s /bin/sh -c "barbican-manage db upgrade" barbican
Note
Ignore any deprecation messages in this output.
Barbican has a plugin architecture which allows the deployer to store secrets in a number of different back-end secret stores. By default, Barbican is configured to store secrets in a basic file-based keystore. This key store is NOT safe for production use.
For a list of supported plugins and detailed instructions on how to configure them, see Secret Store Back-ends
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.