验证操作¶
验证密钥管理器 (barbican) 服务的操作。
注意
在控制器节点上执行以下命令。
安装 python-barbicanclient 包
对于 openSUSE 和 SUSE Linux Enterprise
$ zypper install python-barbicanclient
对于 Red Hat Enterprise Linux 和 CentOS
$ dnf install python-barbicanclient
对于 Ubuntu
$ apt-get install python-barbicanclient
获取
admin凭据,以便执行 Barbican API 调用$ . admin-openrc
使用 OpenStack CLI 存储一个密钥
$ openstack secret store --name mysecret --payload j4=]d21 +---------------+-----------------------------------------------------------------------+ | Field | Value | +---------------+-----------------------------------------------------------------------+ | Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa | | Name | mysecret | | Created | None | | Status | None | | Content types | None | | Algorithm | aes | | Bit length | 256 | | Secret type | opaque | | Mode | cbc | | Expiration | None | +---------------+-----------------------------------------------------------------------+
通过检索密钥来确认密钥已存储
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa +---------------+-----------------------------------------------------------------------+ | Field | Value | +---------------+-----------------------------------------------------------------------+ | Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa | | Name | mysecret | | Created | 2016-08-16 16:04:10+00:00 | | Status | ACTIVE | | Content types | {'default': 'application/octet-stream'} | | Algorithm | aes | | Bit length | 256 | | Secret type | opaque | | Mode | cbc | | Expiration | None | +---------------+-----------------------------------------------------------------------+
注意
一些项目在密钥创建后才会被填充,并且只有在检索密钥时才会显示。
通过检索密钥来确认密钥负载已存储
$ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload +---------+---------+ | Field | Value | +---------+---------+ | Payload | j4=]d21 | +---------+---------+
