OpenStack Flamingo : Barbican 利用方法2025/11/25 |
|
OpenStack Key Manager Service(Barbican)の利用方法です。 当例では以下のような環境を例に Barbican をインストールしています。
------------+--------------------------+--------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ dlp.srv.world ] | | [ network.srv.world ] | | [ node01.srv.world ] |
| (Control Node) | | (Network Node) | | (Compute Node) |
| | | | | |
| MariaDB RabbitMQ | | Open vSwitch | | Libvirt |
| Memcached Nginx | | Neutron Server | | Nova Compute |
| Keystone httpd | | OVN-Northd | | Open vSwitch |
| Glance Nova API | | Nginx iSCSI Target | | OVN Metadata Agent |
| Cinder API | | Cinder Volume | | OVN-Controller |
| Barbican API | | Heat API/Engine | | |
+-----------------------+ +-----------------------+ +-----------------------+
|
| [1] | Barbican の基本的な利用方法です。 |
|
# キーを格納 : --name [キーの名称] --payload [キーのデータ] root@dlp ~(keystone)# openstack secret store --name secret01 --payload secretkey +---------------+--------------------------------------------------------------+ | Field | Value | +---------------+--------------------------------------------------------------+ | Secret href | https://dlp.srv.world:9311/v1/secrets/7d8107b0-368d-438a- | | | 95fa-0631e9913d07 | | Name | secret01 | | Created | None | | Status | None | | Content types | None | | Algorithm | aes | | Bit length | 256 | | Secret type | opaque | | Mode | cbc | | Expiration | None | +---------------+--------------------------------------------------------------+ # キーの一覧を表示 root@dlp ~(keystone)# openstack secret list
+-------------+----------+----------+--------+---------------+-----------+------------+-------------+------+------------+
| Secret href | Name | Created | Status | Content types | Algorithm | Bit length | Secret type | Mode | Expiration |
+-------------+----------+----------+--------+---------------+-----------+------------+-------------+------+------------+
| https://dlp | secret01 | 2025-11- | ACTIVE | {'default': ' | aes | 256 | opaque | cbc | None |
| .srv.world: | | 25T01:38 | | application/o | | | | | |
| 9311/v1/sec | | :48+00:0 | | ctet-stream'} | | | | | |
| rets/7d8107 | | 0 | | | | | | | |
| b0-368d- | | | | | | | | | |
| 438a-95fa- | | | | | | | | | |
| 0631e9913d0 | | | | | | | | | |
| 7 | | | | | | | | | |
+-------------+----------+----------+--------+---------------+-----------+------------+-------------+------+------------+
# 格納したキーのメタデータを参照 root@dlp ~(keystone)# openstack secret get https://dlp.srv.world:9311/v1/secrets/7d8107b0-368d-438a-95fa-0631e9913d07
+---------------+--------------------------------------------------------------+
| Field | Value |
+---------------+--------------------------------------------------------------+
| Secret href | https://dlp.srv.world:9311/v1/secrets/7d8107b0-368d-438a- |
| | 95fa-0631e9913d07 |
| Name | secret01 |
| Created | 2025-11-25T01:38:48+00:00 |
| Status | ACTIVE |
| Content types | {'default': 'application/octet-stream'} |
| Algorithm | aes |
| Bit length | 256 |
| Secret type | opaque |
| Mode | cbc |
| Expiration | None |
+---------------+--------------------------------------------------------------+
# 格納したキーのデータを参照 root@dlp ~(keystone)# openstack secret get https://dlp.srv.world:9311/v1/secrets/7d8107b0-368d-438a-95fa-0631e9913d07 --payload +---------+-----------+ | Field | Value | +---------+-----------+ | Payload | secretkey | +---------+-----------+ # キーを生成して格納する場合は以下 root@dlp ~(keystone)# openstack secret order create --name secret02 --algorithm aes --bit-length 256 \ --mode cbc --payload-content-type application/octet-stream key +----------------+-------------------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------------------+ | Order href | https://dlp.srv.world:9311/v1/orders/d91bc447-a58a-4844- | | | ae24-e83f6bb6decb | | Type | Key | | Container href | N/A | | Secret href | None | | Created | None | | Status | None | | Error code | None | | Error message | None | +----------------+-------------------------------------------------------------+ # 生成したキーの一覧を表示 root@dlp ~(keystone)# openstack secret order list +------------+------+----------------+-------------+----------+--------+------------+---------------+ | Order href | Type | Container href | Secret href | Created | Status | Error code | Error message | +------------+------+----------------+-------------+----------+--------+------------+---------------+ | https://dl | Key | N/A | https://dlp | 2025-11- | ACTIVE | None | None | | p.srv.worl | | | .srv.world: | 25T01:40 | | | | | d:9311/v1/ | | | 9311/v1/sec | :59+00:0 | | | | | orders/d91 | | | rets/283116 | 0 | | | | | bc447- | | | cc-de4b- | | | | | | a58a-4844- | | | 438d-bba7- | | | | | | ae24- | | | 0ddf5f327cb | | | | | | e83f6bb6de | | | b | | | | | | cb | | | | | | | | +------------+------+----------------+-------------+----------+--------+------------+---------------+ # 生成したキーを参照 root@dlp ~(keystone)# openstack secret order get https://dlp.srv.world:9311/v1/orders/d91bc447-a58a-4844-ae24-e83f6bb6decb +----------------+-------------------------------------------------------------+ | Field | Value | +----------------+-------------------------------------------------------------+ | Order href | https://dlp.srv.world:9311/v1/orders/d91bc447-a58a-4844- | | | ae24-e83f6bb6decb | | Type | Key | | Container href | N/A | | Secret href | https://dlp.srv.world:9311/v1/secrets/283116cc- | | | de4b-438d-bba7-0ddf5f327cbb | | Created | 2025-11-25T01:40:59+00:00 | | Status | ACTIVE | | Error code | None | | Error message | None | +----------------+-------------------------------------------------------------+ # 生成したキーのメタデータを参照 root@dlp ~(keystone)# openstack secret get https://dlp.srv.world:9311/v1/secrets/283116cc-de4b-438d-bba7-0ddf5f327cbb
+---------------+--------------------------------------------------------------+
| Field | Value |
+---------------+--------------------------------------------------------------+
| Secret href | https://dlp.srv.world:9311/v1/secrets/283116cc- |
| | de4b-438d-bba7-0ddf5f327cbb |
| Name | secret02 |
| Created | 2025-11-25T01:40:59+00:00 |
| Status | ACTIVE |
| Content types | {'default': 'application/octet-stream'} |
| Algorithm | aes |
| Bit length | 256 |
| Secret type | symmetric |
| Mode | cbc |
| Expiration | None |
+---------------+--------------------------------------------------------------+
|
| Sponsored Link |
|
|