Setting Up PyKMIP Server

This setup is with a Ubuntu 20.04 VM.

As a first step, create the needed directories and change the ownership to the user that PyKMIP will run as:

    sudo mkdir /usr/local/PyKMIP /etc/pykmip /var/log/pykmip
    sudo chown ubuntu /usr/local/PyKMIP
    sudo chown ubuntu /etc/pykmip
    sudo chown ubuntu /var/log/pykmip

Next, install the required packages and create a self-signed certificate:

    sudo apt-get install -y python3-dev libffi-dev libssl-dev libsqlite3-dev
    sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt
    sudo chown ubuntu -R /etc/ssl/private
    sudo chown ubuntu -R /etc/ssl/certs/selfsigned.crt

We then download PyKMIP from the GitHub repo:

    cd /usr/local
    git clone https://github.com/OpenKMIP/PyKMIP
    cd /usr/local/PyKMIP
    sudo python3 /usr/local/PyKMIP/setup.py install

Create the PyKMIP server config:

    CONFIG=$(cat <<EOF
    [server]
    database_path=/etc/pykmip/pykmip.database
    hostname=127.0.0.1
    port=5696
    certificate_path=/etc/ssl/certs/selfsigned.crt
    key_path=/etc/ssl/private/selfsigned.key
    ca_path=/etc/ssl/certs/selfsigned.crt
    auth_suite=TLS1.2
    policy_path=/usr/local/PyKMIP/examples/
    enable_tls_client_auth=False
    tls_cipher_suites= TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    logging_level=DEBUG
    EOF
    )

    echo "$CONFIG" | sudo tee /etc/pykmip/server.conf

Finally, use cron to auto-start at boot-up, and start the server:

    crontab -e
    @reboot ( sleep 30s; python3 /usr/local/PyKMIP/bin/run_server.py & )

    python3 /usr/local/PyKMIP/bin/run_server.py &