Repository files navigation

Admin webapp for OpenStack Keystone and OpenStack Swift.

Manage users and projects on your Keystone service.

Manage containers and objects on Swift. (A customized version ofdjango-swiftbrowser)

Vault has users and teams. Users have the permission to add other users to their teams. This gives them more autonomy.

Users can create projects that will belong to their teams. A Keystone project corresponds to a Swift account.

Users can create, modify or delete any container or object from accounts owned by one of their teams.

An admin can create users and teams, as well as add and remove users from those teams. Admins can also manage Keystone projects and users.

This section describes how to use Docker Compose to locally setup Vault, running all the necessary services in containers.

$ make docker-start

After a while, Vault will be accessible at localhost:8000. The initial admin user's credentials are:

• username: admin
• password: admin

There will also be a non-admin user available. That user's credentials are:

• username: user
• password: user

For more information on the docker implementation seeDocker.

This section describes how to setup Vault in your own infrastructure, to facilitate administration of your existing Keystone and Swift services. In this case, Vault will run in your own environment, such as in a Virtual Machine.

$ pip install -r requirements.txt

$export VAULT_MYSQL_DB=vault$export VAULT_MYSQL_USER=mysql_user$export VAULT_MYSQL_PASSWORD=mysql_pass$export VAULT_MYSQL_HOST=mysql.endpoint$export VAULT_MYSQL_PORT=3306$export VAULT_KEYSTONE_USERNAME=keystone_user$export VAULT_KEYSTONE_PASSWORD=keystone_password$export VAULT_KEYSTONE_PROJECT=Vault$export VAULT_KEYSTONE_URL=http://keystone.endpoint:5000/v3

For optional variables and more information on each of the environment variables, seeEnvironment Variables.

mysql> create database vault;mysql> CREATE USER'mysql_user'@'localhost' IDENTIFIED BY'mysql_pass';mysql>GRANT ALL PRIVILEGESON vault.* TO'mysql_user'@'localhost';

Then

$ python manage.py migrate

$ python manage.py create_user -s

You will be asked for a username, e-mail, team and password. A superuser with the provided information will be created. If the team does not yet exist, it will be created. The superuser will be added to the provided team.

Optionally, you can pass the--username,--email,--teamname and--password arguments, skipping the need to interactively fill out these pieces of information.

The-s (or--superuser) option makes the new user a superuser, meaning it has admin privileges. For a normal user, don't use this option.

$ python manage.py runserver

In a production environment, it is recommended to use a WSGI HTTP server. Here's an example usingGunicorn:

gunicorn --timeout 60 -b 0.0.0.0:$PORT vault.wsgi

Vault uses the default Django authentication, but also allows for OAuth2 authentication viadjango-all-access. To add an OAuth2 provider, simply use the Django admin. For more information, seeOAuth2 Authentication.

Only admins can create new users, unless when using OAuth2 authentication.

If you want to upload Vault's static files to your current Swift cluster, simply create a project (named here as<swift-project>) and, in that project, a container (named here as<swift-container>). Then, using the credentials of a user with permission to write to that container, do the following:

$ python manage.py collectstatic --noinput$ swift upload --os-username=<swift-user> --os-password=<swift-pass> --os-project-name=<swift-project> --os-auth-url=<swift-auth-url> --os-storage-url=<swift-admin-url><swift-container> vault_static/

pip install -r requirements_test.txtmake tests

While Vault already delivers an app for Swift management and another for Keystone management, it also allows you to easily implement your own apps. This helps you centralize several services in a single, standardized web interface. For more information, seeHow to create a Vault App.

• Django
• Swift
• Keystone

How to edit locale files:

# In the app directorydjango-admin makemessages --alldjango-admin compilemessages --locale=pt_BR