Merge "Add Barbican Verification to Install Guide"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
df58a03c67
|
|
@ -10,7 +10,9 @@ Key Manager service
|
|||
verify.rst
|
||||
next-steps.rst
|
||||
|
||||
The Key Manager service (barbican) provides...
|
||||
The Key Manager service (barbican) provides secure storage, provisioning and
|
||||
management of secret data. This includes keying material such as symmetric
|
||||
keys, asymmetric keys, certificates and raw binary data.
|
||||
|
||||
This chapter assumes a working setup of OpenStack following the
|
||||
`OpenStack Installation Tutorial <http://docs.openstack.org/#install-guides>`_.
|
||||
|
|
|
|||
|
|
@ -3,22 +3,71 @@
|
|||
Verify operation
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
Verify operation of the Key Manager service.
|
||||
Verify operation of the Key Manager (barbican) service.
|
||||
|
||||
.. note::
|
||||
|
||||
Perform these commands on the controller node.
|
||||
|
||||
#. Source the ``admin`` project credentials to gain access to
|
||||
admin-only CLI commands:
|
||||
#. Source the ``admin`` credentials to be able to perform Barbican
|
||||
API calls:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ . admin-openrc
|
||||
|
||||
#. List service components to verify successful launch and registration
|
||||
of each process:
|
||||
#. Use the OpenStack CLI to store a secret:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack key manager service list
|
||||
$ openstack secret store --name mysecret --payload j4=]d21
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
| Field | Value |
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
|
||||
| Name | mysecret |
|
||||
| Created | None |
|
||||
| Status | None |
|
||||
| Content types | None |
|
||||
| Algorithm | aes |
|
||||
| Bit length | 256 |
|
||||
| Secret type | opaque |
|
||||
| Mode | cbc |
|
||||
| Expiration | None |
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
|
||||
#. Confirm that the secret was stored by retrieving it:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
| Field | Value |
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
| Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa |
|
||||
| Name | mysecret |
|
||||
| Created | 2016-08-16 16:04:10+00:00 |
|
||||
| Status | ACTIVE |
|
||||
| Content types | {u'default': u'application/octet-stream'} |
|
||||
| Algorithm | aes |
|
||||
| Bit length | 256 |
|
||||
| Secret type | opaque |
|
||||
| Mode | cbc |
|
||||
| Expiration | None |
|
||||
+---------------+-----------------------------------------------------------------------+
|
||||
|
||||
.. note::
|
||||
|
||||
Some items are populated after the secret has been created and will only
|
||||
display when retrieving it.
|
||||
|
||||
#. Confirm that the secret payload was stored by retrieving it:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload
|
||||
+---------+---------+
|
||||
| Field | Value |
|
||||
+---------+---------+
|
||||
| Payload | j4=]d21 |
|
||||
+---------+---------+
|
||||
|
|
|
|||
Loading…
Reference in New Issue