[openstack-dev] [barbican] Utilizing the KMIP plugin

John Wood john.wood at RACKSPACE.COM
Wed Apr 8 20:12:57 UTC 2015 

Hello Christopher,

My local configuration is indeed seeing the kmip_plugin selection, but when stevedore tries to load the KMIP plugin it crashes because required files are missing in my local environment (see https://github.com/openstack/barbican/blob/master/barbican/plugin/kmip_secret_store.py#L131) for example.

Stevedore logs the exception but then doesn't load this module, so when Barbican asks for an available plugin it doesn't see it and crashes as you see. So the root exception from stevedore isn't showing up in my logs for some reason, and probably not in yours as well. We'll try to put up a CR to at least expose this exception in logs. In the mean time, make sure the KMIP values checked via that link above are configured on your machine.

Sorry for the inconvenience,
John


From: Christopher N Solis <cnsolis at us.ibm.com<mailto:cnsolis at us.ibm.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Wednesday, April 8, 2015 at 11:27 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [barbican] Utilizing the KMIP plugin


Hey John.
I do have the barbican-api.conf file located in the /etc/barbican folder. But that does not seem to be the one that barbican
reads from. It seems to be reading from the barbican-api.conf file locate in my home directory.
Either way, both have the exact same configurations.

I also checked the setup.cfg file and it does have the line for kmip_plugin .

Regards,

  CHRIS SOLIS

[Inactive hide details for John Wood ---04/07/2015 10:39:18 AM---Hello Christopher, Just checking, but is that barbican-api.conf]John Wood ---04/07/2015 10:39:18 AM---Hello Christopher, Just checking, but is that barbican-api.conf file located in your local system's

From: John Wood <john.wood at RACKSPACE.COM<mailto:john.wood at RACKSPACE.COM>>
To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: 04/07/2015 10:39 AM
Subject: Re: [openstack-dev] [barbican] Utilizing the KMIP plugin

________________________________



Hello Christopher,

Just checking, but is that barbican-api.conf file located in your local system's /etc/barbican folder? If not that is the preferred place for local development. Modifying the copy that is in your local git repository will have no effect.

Also, please double check that your local git repository's setup.cfg has a line like this in there (at/around #35):

    kmip_plugin = barbican.plugin.kmip_secret_store:KMIPSecretStore

Thanks,
John




From: Christopher N Solis <cnsolis at us.ibm.com<mailto:cnsolis at us.ibm.com>>
Reply-To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Monday, April 6, 2015 at 10:25 AM
To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: [openstack-dev] [barbican] Utilizing the KMIP plugin

Hello!

Sorry to Kaitlin Farr for not responding directly to your e-mail.
My openstack settings were misconfigured and I was not receiving e-mail from the dev mailing list.
Thanks for looking into the issue.

I double checked the permissions at the bottom of the kmip_plugin part in the barbican-api.conf file
and they are set to 400.

I would also like to note that I do not think the code ever actually entered the __init__ function
of KMIPSecretStore. I put a breakpoint in the __init__ function but the debugger never gets open.
The error occurs and returns without ever seeming to enter the init function.

Here are the parts of the barbican-api.conf file that concern the kmip_plugin:
.....................
[secretstore]
namespace = barbican.secretstore.plugin
enabled_secretstore_plugins = kmip_plugin
.....................
[kmip_plugin]
username = '**********'
password = '**********'
host = ********
port = ********
keyfile = '/etc/barbican/rootCA.key'
certfile = '/etc/barbican/rootCA.pem'
ca_certs = '/etc/barbican/rootCA.pem'
.......................

Thank You!!

Regards,
Christopher Solis__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150408/090b7919/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: graycol.gif
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150408/090b7919/attachment.gif>

More information about the OpenStack-dev mailing list