Admin webapp for OpenStack Keystone and OpenStack Swift.
Manage users and projects on your Keystone service.
Manage containers and objects on Swift. (A customized version of django-swiftbrowser)
Vault has users and teams. Users have the permission to add other users to their teams. This gives them more autonomy.
Users can create projects that will belong to their teams. A Keystone project corresponds to a Swift account.
Users can create, modify or delete any container or object from accounts owned by one of their teams.
An admin can create users and teams, as well as add and remove users from those teams. Admins can also manage Keystone projects and users.
This section describes how to use Docker Compose to locally setup Vault, running all the necessary services in containers.
$ make docker-start
After a while, Vault will be accessible at localhost:8000. The initial admin user's credentials are:
- username: admin
- password: admin
There will also be a non-admin user available. That user's credentials are:
- username: user
- password: user
For more information on the docker implementation see Docker.
This section describes how to setup Vault in your own infrastructure, to facilitate administration of your existing Keystone and Swift services. In this case, Vault will run in your own environment, such as in a Virtual Machine.
$ pip install -r requirements.txt
$ export VAULT_MYSQL_DB=vault
$ export VAULT_MYSQL_USER=mysql_user
$ export VAULT_MYSQL_PASSWORD=mysql_pass
$ export VAULT_MYSQL_HOST=mysql.endpoint
$ export VAULT_MYSQL_PORT=3306
$ export VAULT_KEYSTONE_USERNAME=keystone_user
$ export VAULT_KEYSTONE_PASSWORD=keystone_password
$ export VAULT_KEYSTONE_PROJECT=Vault
$ export VAULT_KEYSTONE_URL=http://keystone.endpoint:5000/v3
For optional variables and more information on each of the environment variables, see Environment Variables.
mysql> create database vault;
mysql> CREATE USER 'mysql_user'@'localhost' IDENTIFIED BY 'mysql_pass';
mysql> GRANT ALL PRIVILEGES ON vault.* TO 'mysql_user'@'localhost';
Then
$ python manage.py migrate
$ python manage.py create_user -s
You will be asked for a username, e-mail, team and password. A superuser with the provided information will be created. If the team does not yet exist, it will be created. The superuser will be added to the provided team.
Optionally, you can pass the --username
, --email
, --teamname
and --password
arguments, skipping the need to interactively fill out these pieces of information.
The -s
(or --superuser
) option makes the new user a superuser, meaning it has admin privileges. For a normal user, don't use this option.
$ python manage.py runserver
In a production environment, it is recommended to use a WSGI HTTP server. Here's an example using Gunicorn:
gunicorn --timeout 60 -b 0.0.0.0:$PORT vault.wsgi
Vault uses the default Django authentication, but also allows for OAuth2 authentication via django-all-access. To add an OAuth2 provider, simply use the Django admin. For more information, see OAuth2 Authentication.
Only admins can create new users, unless when using OAuth2 authentication.
If you want to upload Vault's static files to your current Swift cluster, simply create a project (named here as <swift-project>
) and, in that project, a container (named here as <swift-container>
). Then, using the credentials of a user with permission to write to that container, do the following:
$ python manage.py collectstatic --noinput
$ swift upload --os-username=<swift-user> --os-password=<swift-pass> --os-project-name=<swift-project> --os-auth-url=<swift-auth-url> --os-storage-url=<swift-admin-url> <swift-container> vault_static/
pip install -r requirements_test.txt
make tests
While Vault already delivers an app for Swift management and another for Keystone management, it also allows you to easily implement your own apps. This helps you centralize several services in a single, standardized web interface. For more information, see How to create a Vault App.
- Django
- Swift
- Keystone
How to edit locale files:
# In the app directory
django-admin makemessages --all
django-admin compilemessages --locale=pt_BR