Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to enable dogtag and symantec plugin in Barbican

Hi,

I am running devstack on Ubuntu as a virtual machine. Please let me know how do I enable dogtag and symantec plugins for certificates. Should I enable them in local.conf of devstack ? I see the below check for BARBICAN_USE_DOGTAG, but not sure what option I should enable for this.

Also to use dogtag CA, should I be running devstack on Fedora instead of Ubuntu for local development ?

devstack/extras.d/70-barbican.sh:

elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
        echo_summary "Configuring Barbican"
        configure_barbican
        if [[ -n $BARBICAN_USE_DOGTAG ]]; then  <<<
            configure_dogtag_plugin
        Fi

CA Plugins installed - don't see dogtag or symantec here:

curl -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" http://localhost:9311/v1/cas/ {"cas": ["http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468"], "total": 1}

curl -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468 {"status": "ACTIVE", "updated": "2015-05-21T16:27:04", "created": "2015-05-21T16:27:04", "plugin_name": "barbican.plugin.simple_certificate_manager.SimpleCertificatePlugin", "meta": [{"ca_signing_cert": "XXXXXXXXXXXXXXXXX"}, {"intermediates": "YYYYYYYYYYYYYYYY"}, {"name": "Simple CA"}, {"description": "Certificate Authority - Simple CA"}], "ca_id": "c1ca4ea6-0b93-47aa-90ed-a52352e67468", "plugin_ca_id": "Simple CA", "expiration": "2015-05-22T16:27:04”}

Certificate creation request - with the default CA, if I try to generate certificate, it stays in the Pending state:

test@ubuntu:~/devstack$ test@ubuntu:~/devstack$ curl -X POST -H 'content-type:application/json' -H "X-Auth-Token:6df4ccb04575456cbd284eee99afa9eb" -d'{"type":"certificate","meta":{"profile_id":"caServCert","cert_request_type":"pkcs10","cert_request":"MII"}}' http://localhost:9311/v1/orders/ {"order_ref": "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f”}

test@ubuntu:~/devstack$ test@ubuntu:~/devstack$ curl -H "X-Auth-Token:488903bb6dbf4cd3a10f2eb10a7e54e0" http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f {"status": "PENDING", "sub_status": "cert_request_pending", "updated": "2015-05-21T16:44:28", "created": "2015-05-21T16:44:28", "order_ref": "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f", "creator_id": "992f4bb2499a473d9e40dc44dc9633ed", "meta": {"profile_id": "caServCert", "cert_request": "MII", "cert_request_type": "pkcs10"}, "sub_status_message": "Request has been submitted to the CA. Waiting for certificate to be generated", "type": "certificate"}test@ubuntu:~/devstack$

How to enable dogtag and symantec plugin in Barbican

Hi,

I am running devstack on Ubuntu as a virtual machine. Please let me know how do I enable dogtag and symantec plugins for certificates. Should I enable them in local.conf of devstack ? I see the below check for BARBICAN_USE_DOGTAG, but not sure what option I should enable for this.

Also to use dogtag CA, should I be running devstack on Fedora instead of Ubuntu for local development ?

devstack/extras.d/70-barbican.sh:

elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
        echo_summary "Configuring Barbican"
        configure_barbican
        if [[ -n $BARBICAN_USE_DOGTAG ]]; then  <<<
            configure_dogtag_plugin
        Fi

CA Plugins installed - don't see dogtag or symantec here:

curl  -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" http://localhost:9311/v1/cas/
{"cas": ["http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468"], "total": 1}

1} curl -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468 {"status": "ACTIVE", "updated": "2015-05-21T16:27:04", "created": "2015-05-21T16:27:04", "plugin_name": "barbican.plugin.simple_certificate_manager.SimpleCertificatePlugin", "meta": [{"ca_signing_cert": "XXXXXXXXXXXXXXXXX"}, {"intermediates": "YYYYYYYYYYYYYYYY"}, {"name": "Simple CA"}, {"description": "Certificate Authority - Simple CA"}], "ca_id": "c1ca4ea6-0b93-47aa-90ed-a52352e67468", "plugin_ca_id": "Simple CA", "expiration": "2015-05-22T16:27:04”}

"2015-05-22T16:27:04”}

Certificate creation request - with the default CA, if I try to generate certificate, it stays in the Pending state:

test@ubuntu:~/devstack$ 
test@ubuntu:~/devstack$ curl -X POST -H 'content-type:application/json' -H "X-Auth-Token:6df4ccb04575456cbd284eee99afa9eb" -d'{"type":"certificate","meta":{"profile_id":"caServCert","cert_request_type":"pkcs10","cert_request":"MII"}}' http://localhost:9311/v1/orders/
{"order_ref": "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f”}

"http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f”} test@ubuntu:~/devstack$ test@ubuntu:~/devstack$ curl -H "X-Auth-Token:488903bb6dbf4cd3a10f2eb10a7e54e0" http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f {"status": "PENDING", "sub_status": "cert_request_pending", "updated": "2015-05-21T16:44:28", "created": "2015-05-21T16:44:28", "order_ref": "http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f", "creator_id": "992f4bb2499a473d9e40dc44dc9633ed", "meta": {"profile_id": "caServCert", "cert_request": "MII", "cert_request_type": "pkcs10"}, "sub_status_message": "Request has been submitted to the CA. Waiting for certificate to be generated", "type": "certificate"}test@ubuntu:~/devstack$

"certificate"}test@ubuntu:~/devstack$