Hi,
I also test certificate generation on devstack.
I added below configuration to barbican.conf.
enabled_certificate_plugins = snakeoil_ca
[snakeoil_ca_plugin]
ca_cert_path = /path/to/ca_cert
ca_cert_key_path = /path/to/ca_key
and request ca list using curl
curl -H 'content-type:application/json' \
-H "X-Auth-Token: e628cc7bb2c94192a0656af3cfc11bdc" \
http://localhost:9311/v1/cas
but there is no cas in the response.
It seems that default CA is also absent.
So what should I do get ca list?
Thanks
-OTSUKA, Motohiro/Yuanying
On Friday, May 22, 2015 at 01:45, Ganesh Narayanan (ganeshna) wrote:
> Hi,
>
> I am running devstack on Ubuntu as a virtual machine. Please let me know how
> do I enable dogtag and symantec plugins for certificates. Should I enable
> them in local.conf of devstack ? I see the below check for
> BARBICAN_USE_DOGTAG, but not sure what option I should enable for this.
>
> Also to use dogtag CA, should I be running devstack on Fedora instead of
> Ubuntu for local development ?
>
> devstack/extras.d/70-barbican.sh:
>
> elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
> echo_summary "Configuring Barbican"
> configure_barbican
> if [[ -n $BARBICAN_USE_DOGTAG ]]; then <<<
> configure_dogtag_plugin
> Fi
>
> CA Plugins installed
> ================
>
> curl -H 'content-type:application/json' -H
> "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" http://localhost:9311/v1/cas/
>
> {"cas":
> ["http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468";],
> "total": 1}
>
> curl -H 'content-type:application/json' -H
> "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390"
> http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468
> {"status": "ACTIVE", "updated": "2015-05-21T16:27:04", "created":
> "2015-05-21T16:27:04", "plugin_name":
> "barbican.plugin.simple_certificate_manager.SimpleCertificatePlugin", "meta":
> [{"ca_signing_cert": "XXXXXXXXXXXXXXXXX"}, {"intermediates":
> "YYYYYYYYYYYYYYYY"}, {"name": "Simple CA"}, {"description": "Certificate
> Authority - Simple CA"}], "ca_id": "c1ca4ea6-0b93-47aa-90ed-a52352e67468",
> "plugin_ca_id": "Simple CA", "expiration": "2015-05-22T16:27:04â}
>
>
> Certificate creation request
> =======================
>
> With the default CA, if I try to generate certificate, it stays in the
> Pending state:
>
> test@ubuntu:~/devstack$
> test@ubuntu:~/devstack$ curl -X POST -H 'content-type:application/json' -H
> "X-Auth-Token:6df4ccb04575456cbd284eee99afa9eb"
> -d'{"type":"certificate","meta":{"profile_id":"caServCert","cert_request_type":"pkcs10","cert_request":"MII"}}'
> http://localhost:9311/v1/orders/
> {"order_ref":
> "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7fâ}
>
>
> test@ubuntu:~/devstack$
> test@ubuntu:~/devstack$ curl -H
> "X-Auth-Token:488903bb6dbf4cd3a10f2eb10a7e54e0"
> http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f
> {"status": "PENDING", "sub_status": "cert_request_pending", "updated":
> "2015-05-21T16:44:28", "created": "2015-05-21T16:44:28", "order_ref":
> "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f";,
> "creator_id": "992f4bb2499a473d9e40dc44dc9633ed", "meta": {"profile_id":
> "caServCert", "cert_request": "MII", "cert_request_type": "pkcs10"},
> "sub_status_message": "Request has been submitted to the CA. Waiting for
> certificate to be generated", "type": "certificate"}test@ubuntu:~/devstack$
>
> Links that I referred
> =================
> https://wiki.openstack.org/wiki/BarbicanDevStack
>
> Thanks,
> Ganesh
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: [email protected]?subject:unsubscribe
> (mailto:[email protected]?subject:unsubscribe)
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
