CentOS Stream 8
Sponsored Link

OpenStack Victoria : Barbican 利用方法2021/03/25

 
OpenStack Key Manager Service(Barbican)の利用方法です。
当例では以下のような環境を例に Barbican をインストールしています。
------------+---------------------------+---------------------------+------------
            |                           |                           |
        eth0|10.0.0.30              eth0|10.0.0.50              eth0|10.0.0.51
+-----------+-----------+   +-----------+-----------+   +-----------+-----------+
|    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
|                       |   |                       |   |                       |
|  MariaDB    RabbitMQ  |   |      Open vSwitch     |   |        Libvirt        |
|  Memcached  httpd     |   |     Neutron Server    |   |     Nova Compute      |
|  Keystone   Glance    |   |       OVN-Northd      |   |      Open vSwitch     |
|  Nova API             |   |     Cinder Volume     |   |   OVN Metadata Agent  |
|  Cinder API           |   |      iSCSI Target     |   |     OVN-Controller    |
|  Barbican API         |   |     Heat API/Engine   |   |                       |
+-----------------------+   +-----------------------+   +-----------------------+

[1] Barbican の基本的な利用方法です。
# キーを格納 : --name [キーの名称] --payload [キーのデータ]

[root@dlp ~(keystone)]#
openstack secret store --name secret01 --payload secretkey

+---------------+-----------------------------------------------------------------------+
| Field         | Value                                                                 |
+---------------+-----------------------------------------------------------------------+
| Secret href   | http://10.0.0.30:9311/v1/secrets/9d1e6852-d6c9-4c2c-99c7-702eba29c6a3 |
| Name          | secret01                                                              |
| Created       | None                                                                  |
| Status        | None                                                                  |
| Content types | None                                                                  |
| Algorithm     | aes                                                                   |
| Bit length    | 256                                                                   |
| Secret type   | opaque                                                                |
| Mode          | cbc                                                                   |
| Expiration    | None                                                                  |
+---------------+-----------------------------------------------------------------------+

# キーの一覧を表示

[root@dlp ~(keystone)]#
openstack secret list

+-----------------------------------------------------------------------+----------+---------------------------
| Secret href                                                           | Name     | Created                   
+-----------------------------------------------------------------------+----------+---------------------------
| http://10.0.0.30:9311/v1/secrets/9d1e6852-d6c9-4c2c-99c7-702eba29c6a3 | secret01 | 2021-03-25T00:50:59+00:00 
+-----------------------------------------------------------------------+----------+---------------------------
+--------+-----------------------------------------+-----------+------------+-------------+------+------------+
| Status | Content types                           | Algorithm | Bit length | Secret type | Mode | Expiration |
+--------+-----------------------------------------+-----------+------------+-------------+------+------------+
| ACTIVE | {'default': 'application/octet-stream'} | aes       |        256 | opaque      | cbc  | None       |
+--------+-----------------------------------------+-----------+------------+-------------+------+------------+

# 格納したキーのメタデータを参照

[root@dlp ~(keystone)]#
openstack secret get http://10.0.0.30:9311/v1/secrets/9d1e6852-d6c9-4c2c-99c7-702eba29c6a3

+---------------+-----------------------------------------------------------------------+
| Field         | Value                                                                 |
+---------------+-----------------------------------------------------------------------+
| Secret href   | http://10.0.0.30:9311/v1/secrets/9d1e6852-d6c9-4c2c-99c7-702eba29c6a3 |
| Name          | secret01                                                              |
| Created       | 2021-03-25T00:50:59+00:00                                             |
| Status        | ACTIVE                                                                |
| Content types | {'default': 'application/octet-stream'}                               |
| Algorithm     | aes                                                                   |
| Bit length    | 256                                                                   |
| Secret type   | opaque                                                                |
| Mode          | cbc                                                                   |
| Expiration    | None                                                                  |
+---------------+-----------------------------------------------------------------------+

# 格納したキーのデータを参照

[root@dlp ~(keystone)]#
openstack secret get http://10.0.0.30:9311/v1/secrets/9d1e6852-d6c9-4c2c-99c7-702eba29c6a3 --payload

+---------+-----------+
| Field   | Value     |
+---------+-----------+
| Payload | secretkey |
+---------+-----------+

# キーを生成して格納する

[root@dlp ~(keystone)]#
openstack secret order create --name secret02 --algorithm aes --bit-length 256 \
--mode cbc --payload-content-type application/octet-stream key

+----------------+----------------------------------------------------------------------+
| Field          | Value                                                                |
+----------------+----------------------------------------------------------------------+
| Order href     | http://10.0.0.30:9311/v1/orders/7b4eb18a-615d-42b6-b68b-74718e3056ed |
| Type           | Key                                                                  |
| Container href | N/A                                                                  |
| Secret href    | None                                                                 |
| Created        | None                                                                 |
| Status         | None                                                                 |
| Error code     | None                                                                 |
| Error message  | None                                                                 |
+----------------+----------------------------------------------------------------------+

# 生成したキーの一覧を表示

[root@dlp ~(keystone)]#
openstack secret order list

+----------------------------------------------------------------------+------+----------------
| Order href                                                           | Type | Container href 
+----------------------------------------------------------------------+------+----------------
| http://10.0.0.30:9311/v1/orders/7b4eb18a-615d-42b6-b68b-74718e3056ed | Key  | N/A            
+----------------------------------------------------------------------+------+----------------
+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+
| Secret href                                                           | Created                   | Status | Error code | Error message |
+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+
| http://10.0.0.30:9311/v1/secrets/1b6099d6-37f9-40fb-9ddf-47e35ffc6871 | 2021-03-25T00:53:09+00:00 | ACTIVE | None       | None          |
+-----------------------------------------------------------------------+---------------------------+--------+------------+---------------+

# 生成したキーを参照

[root@dlp ~(keystone)]#
openstack secret order get http://10.0.0.30:9311/v1/orders/7b4eb18a-615d-42b6-b68b-74718e3056ed

+----------------+-----------------------------------------------------------------------+
| Field          | Value                                                                 |
+----------------+-----------------------------------------------------------------------+
| Order href     | http://10.0.0.30:9311/v1/orders/7b4eb18a-615d-42b6-b68b-74718e3056ed  |
| Type           | Key                                                                   |
| Container href | N/A                                                                   |
| Secret href    | http://10.0.0.30:9311/v1/secrets/1b6099d6-37f9-40fb-9ddf-47e35ffc6871 |
| Created        | 2021-03-25T00:53:09+00:00                                             |
| Status         | ACTIVE                                                                |
| Error code     | None                                                                  |
| Error message  | None                                                                  |
+----------------+-----------------------------------------------------------------------+

# 生成したキーのメタデータを参照

[root@dlp ~(keystone)]#
openstack secret get http://10.0.0.30:9311/v1/secrets/1b6099d6-37f9-40fb-9ddf-47e35ffc6871

+---------------+-----------------------------------------------------------------------+
| Field         | Value                                                                 |
+---------------+-----------------------------------------------------------------------+
| Secret href   | http://10.0.0.30:9311/v1/secrets/1b6099d6-37f9-40fb-9ddf-47e35ffc6871 |
| Name          | secret02                                                              |
| Created       | 2021-03-25T00:53:09+00:00                                             |
| Status        | ACTIVE                                                                |
| Content types | {'default': 'application/octet-stream'}                               |
| Algorithm     | aes                                                                   |
| Bit length    | 256                                                                   |
| Secret type   | symmetric                                                             |
| Mode          | cbc                                                                   |
| Expiration    | None                                                                  |
+---------------+-----------------------------------------------------------------------+
関連コンテンツ