Did anyone tried configure barbican to use KMIP ?
We changed https://github.com/openstack/kolla-ansible/blob/stable/2023.1/ansible/roles/barbican/templates/barbican.conf.j2
so result is like below
[secretstore]
namespace = barbican.secretstore.plugin
enabled_secretstore_plugins = kmip_crypto
[crypto]
namespace = barbican.crypto.plugin
enabled_crypto_plugins = p11_crypto
[kmip_plugin]
username = xxx
password = xxx
host = xxx
port = 5696
ca_certs = /usr/local/share/ca-certificates/kolla-customca-root.crt
keyfile = /etc/barbican/barbican-key.pem
certfile = /etc/barbican/barbican-cert.pem
Resulting in api logs during create secret
2023-08-30 18:24:17.784 736 WARNING stevedore.named [None req-85d3320b-888b-4071-b70c-040d491a46ad 1b6e2f3fc6b546bf9e285cc22338f5eb 9da43fbc38d14861b07ec28673c70cd2 - - default default] Could not load kmip_crypto
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers [None req-85d3320b-888b-4071-b70c-040d491a46ad 1b6e2f3fc6b546bf9e285cc22338f5eb 9da43fbc38d14861b07ec28673c70cd2 - - default default] Secret creation failure seen - please contact site administrator.: barbican.plugin.interface.secret_store.SecretStorePluginsNotConfigured: No secret store plugins have been configured
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers Traceback (most recent call last):
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/api/controllers/__init__.py", line 107, in handler
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/api/controllers/__init__.py", line 93, in enforcer
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/api/controllers/__init__.py", line 155, in content_types_enforcer
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/api/controllers/secrets.py", line 462, in on_post
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers new_secret, transport_key_model = plugin.store_secret(
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/plugin/resources.py", line 98, in store_secret
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers store_plugin = plugin_manager.get_plugin_store(key_spec=key_spec,
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.10/site-packages/barbican/plugin/interface/secret_store.py", line 549, in _check_plugins_configured
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers raise SecretStorePluginsNotConfigured()
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers barbican.plugin.interface.secret_store.SecretStorePluginsNotConfigured: No secret store plugins have been configured
2023-08-30 18:24:17.784 736 ERROR barbican.api.controllers
2023-08-30 18:24:17.788 736 INFO barbican.api.middleware.context [None req-85d3320b-888b-4071-b70c-040d491a46ad 1b6e2f3fc6b546bf9e285cc22338f5eb 9da43fbc38d14861b07ec28673c70cd2 - - default default] Processed request: 500 Internal Server Error - POST https://xxx:9311/v1/secrets/
I get the same error as well, i tried using single store as well : https:/
But i get the same error message.
Could i know your kmip device being used ?