<div>
Hi,
</div><div><br></div><div>I also test certificate generation on devstack.</div><div>I added below configuration to barbican.conf.</div><div><br></div><div> enabled_certificate_plugins = snakeoil_ca</div><div><br></div><div> [snakeoil_ca_plugin]</div><div> ca_cert_path = /path/to/ca_cert</div><div> ca_cert_key_path = /path/to/ca_key</div><div><br></div><div>and request ca list using curl</div><div><br></div><div><div> curl -H 'content-type:application/json' \</div><div> -H "X-Auth-Token: e628cc7bb2c94192a0656af3cfc11bdc" \</div><div> http://localhost:9311/v1/cas</div></div>
<div><div><br></div><div>but there is no cas in the response.</div><div>It seems that default CA is also absent.</div><div><br></div><div>So what should I do get ca list?</div><div><br></div><div>Thanks</div><div>-OTSUKA, Motohiro/Yuanying</div><div><br></div></div>
<p style="color: #A0A0A8;">On Friday, May 22, 2015 at 01:45, Ganesh Narayanan (ganeshna) wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<div>Hi,</div>
<div><br>
</div>
<div>I am running devstack on Ubuntu as a virtual machine. Please let me know how do I enable dogtag and symantec plugins for certificates. Should I enable them in local.conf of devstack ? I see the below check for BARBICAN_USE_DOGTAG, but not sure what
option I should enable for this.</div>
<div><br>
</div>
<div>Also to use dogtag CA, should I be running devstack on Fedora instead of Ubuntu for local development ?</div>
<div><br>
</div>
<div>devstack/extras.d/70-barbican.sh:</div>
<div><br>
</div>
<div>elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then</div>
<div> echo_summary "Configuring Barbican"</div>
<div> configure_barbican</div>
<div> if [[ -n $BARBICAN_USE_DOGTAG ]]; then <<<</div>
<div> configure_dogtag_plugin</div>
<div> Fi</div>
<div><br>
</div>
<div>CA Plugins installed</div>
<div>================</div>
<div><br>
</div>
<div>curl -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" <a href="http://localhost:9311/v1/cas/">http://localhost:9311/v1/cas/</a></div>
<div>{"cas": ["<a href="http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468">http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468</a>"], "total": 1}</div>
<div><br>
</div>
<div>curl -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" <a href="http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468">http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468</a></div>
<div>{"status": "ACTIVE", "updated": "2015-05-21T16:27:04", "created": "2015-05-21T16:27:04", "plugin_name": "barbican.plugin.simple_certificate_manager.SimpleCertificatePlugin", "meta": [{"ca_signing_cert": "XXXXXXXXXXXXXXXXX"}, {"intermediates": "YYYYYYYYYYYYYYYY"},
{"name": "Simple CA"}, {"description": "Certificate Authority - Simple CA"}], "ca_id": "c1ca4ea6-0b93-47aa-90ed-a52352e67468", "plugin_ca_id": "Simple CA", "expiration": "2015-05-22T16:27:04”}</div>
<div><br>
</div>
<div><br>
</div>
<div>Certificate creation request</div>
<div>=======================</div>
<div><br>
</div>
<div>With the default CA, if I try to generate certificate, it stays in the Pending state:</div>
<div><br>
</div>
<div>test@ubuntu:~/devstack$ </div>
<div>test@ubuntu:~/devstack$ curl -X POST -H 'content-type:application/json' -H "X-Auth-Token:6df4ccb04575456cbd284eee99afa9eb" -d'{"type":"certificate","meta":{"profile_id":"caServCert","cert_request_type":"pkcs10","cert_request":"MII"}}' <a href="http://localhost:9311/v1/orders/">http://localhost:9311/v1/orders/</a></div>
<div>{"order_ref": "<a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a>”}</div>
<div><br>
</div>
<div><br>
</div>
<div>test@ubuntu:~/devstack$ </div>
<div>test@ubuntu:~/devstack$ curl -H "X-Auth-Token:488903bb6dbf4cd3a10f2eb10a7e54e0" <a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a></div>
<div>{"status": "PENDING", "sub_status": "cert_request_pending", "updated": "2015-05-21T16:44:28", "created": "2015-05-21T16:44:28", "order_ref": "<a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a>", "creator_id": "992f4bb2499a473d9e40dc44dc9633ed",
"meta": {"profile_id": "caServCert", "cert_request": "MII", "cert_request_type": "pkcs10"}, "sub_status_message": "Request has been submitted to the CA. Waiting for certificate to be generated", "type": "certificate"}test@ubuntu:~/devstack$ </div>
<div><br>
</div>
<div>Links that I referred</div>
<div>=================</div>
<div><a href="https://wiki.openstack.org/wiki/BarbicanDevStack">https://wiki.openstack.org/wiki/BarbicanDevStack</a></div>
<div><br>
</div>
<div>Thanks,</div>
<div>Ganesh</div>
<div><br>
</div>
<div><br>
</div>
</div><div><div>__________________________________________________________________________</div><div>OpenStack Development Mailing List (not for usage questions)</div><div>Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>