summaryrefslogtreecommitdiff
path: root/README.rst
blob: 88519465c11d3ef1ac219d157676df574b1654a2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
===============================
Castellan UI
===============================

Generic Key Manager UI Plugin for Horizon

* Free software: Apache license
* Source: http://git.openstack.org/cgit/openstack/castellan-ui
* Bugs: http://bugs.launchpad.net/castellan-ui

Features
--------

--------------------+------------------+---------------------------+---------------+-----------+--------------+
|                    | Import from file | Import using direct input | Download      | Delete    | Generate [1] |
====================+==================+===========================+===============+===========+==============+
| X.509 Certificates | supported [2]    | supported [2]             | supported [2] | supported | N/A          |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Private Keys       | supported [2]    | supported [2]             | supported [2] | supported | supported    |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Public Keys        | supported [2]    | supported [2]             | supported [2] | supported | supported    |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Symmetric Keys     | supported [3]    | supported [4]             | supported [3] | supported | supported    |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Opaque Data        | supported [3]    | supported [4]             | supported [3] | supported | N/A          |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Passphrases [5]    | X                | supported                 | X             | supported | N/A          |
--------------------+------------------+---------------------------+---------------+-----------+--------------+

1. Key managers typically support generating keys only and do not generate
   other types of objects. Private and public keys will be generated as a key
   pair, and symmetric keys can be generated individually.
2. Supports Privacy-enhanced Electronic Mail (PEM) formatted objects.
3. Raw bytes represent the object.
4. Object bytes are represented using hex characters.
5. Because passphrases are typically not saved to files, passphrases are
   imported through a form on the web page and are not downloadable, only
   viewed through the web page.

Enabling in DevStack
--------------------

Add this repo as an external repository into your ``local.conf`` file::

    [[local|localrc]]
    enable_plugin castellan-ui https://github.com/openstack/castellan-ui

Manual Installation
-------------------

Begin by cloning the Horizon and Castellan UI repositories::

    git clone https://github.com/openstack/horizon
    git clone https://github.com/openstack/castellan-ui

Create a virtual environment and install Horizon dependencies::

    cd horizon
    virtualenv horizon_dev
    . horizon_dev/bin/activate
    pip install -r requirements.txt

Set up your ``local_settings.py`` file::

    cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py

Open up the copied ``local_settings.py`` file in your preferred text
editor. You will want to customize several settings:

-  ``OPENSTACK_HOST`` should be configured with the hostname of your
   OpenStack server. Verify that the ``OPENSTACK_KEYSTONE_URL`` and
   ``OPENSTACK_KEYSTONE_DEFAULT_ROLE`` settings are correct for your
   environment. (They should be correct unless you modified your
   OpenStack server to change them.)

Install Castellan UI with all dependencies in your virtual environment::

   . horizon_dev/bin/activate
   pip install -e ../castellan-ui/

And enable it in Horizon (use full paths instead of relative paths)::

    ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_94_project_key_manager_symmetric_key_panel.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_95_project_key_manager_opaque_data_panel.py openstack_dashboard/local/enabled
    ln -s ../castellan-ui/castellan_ui/enabled/_96_project_key_manager_passphrase_panel.py openstack_dashboard/local/enabled

To run horizon with the newly enabled Castellan UI plugin run::

    python manage.py runserver -- 0.0.0.0:8080

to have the application start on port 8080 and the horizon dashboard will be
available in your browser at http://localhost:8080/

Troubleshooting Tips
--------------------

If you are using Barbican plugin for Castellan, be sure to note that Barbican
requires the 'admin' or 'creator' role be assigned to a user before the user
can list or create key manager objects. The error message that appears if this
is not the case is as follows::

    Could not list objects: Key manager error: Forbidden: Secret(s) retrieval attempt not allowed - please review your user/project privileges

To add the appropriate role for a non-admin user, use the following command (as an admin)  ::

    openstack role add --user <username> --project <project name> creator

See Also
--------

* Castellan: https://github.com/openstack/castellan
* Barbican: https://github.com/openstack/barbican
* Vault: https://github.com/hashicorp/vault
* PyKMIP: https://github.com/OpenKMIP/PyKMIP