Prerequisites

updated: 2023-04-14 08:19

Prerequisites¶

Before you install and configure the Key Manager service, you must create a database, service credentials, and API endpoints.

To create the database, complete these steps:
- Use the database access client to connect to the database server as the root user:
```
# mysql
```
- Create the barbican database:
```
CREATE DATABASE barbican;
```
- Grant proper access to the barbican database:
```
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' \
  IDENTIFIED BY 'BARBICAN_DBPASS';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' \
  IDENTIFIED BY 'BARBICAN_DBPASS';
```
  Replace BARBICAN_DBPASS with a suitable password.
- Exit the database access client.
```
exit;
```
Source the admin credentials to gain access to admin-only CLI commands:
```
$ source admin-openrc
```

To create the service credentials, complete these steps:

Create the barbican user:

$ openstack user create --domain default --password-prompt barbican

Add the admin role to the barbican user:

$ openstack role add --project service --user barbican admin

Create the creator role:
```
$ openstack role create creator
```

Add the creator role to the barbican user:

$ openstack role add --project service --user barbican creator

Create the barbican service entities:

$ openstack service create --name barbican --description "Key Manager" key-manager

Create the Key Manager service API endpoints:

$ openstack endpoint create --region RegionOne \
  key-manager public http://controller:9311
$ openstack endpoint create --region RegionOne \
  key-manager internal http://controller:9311
$ openstack endpoint create --region RegionOne \
  key-manager admin http://controller:9311

updated: 2023-04-14 08:19

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.