[hopem,r=]
Fix PKI issues (from l/e merge)
This commit is contained in:
parent
66238dd6ad
commit
0f49717cd1
@ -76,6 +76,7 @@ from keystone_utils import (
|
||||
is_pki_enabled,
|
||||
ensure_ssl_dir,
|
||||
ensure_pki_dir_permissions,
|
||||
ensure_permissions,
|
||||
force_ssl_sync,
|
||||
filter_null,
|
||||
ensure_ssl_dirs,
|
||||
@ -181,12 +182,19 @@ def initialise_pki():
|
||||
NOTE: keystone.conf [signing] section must be up-to-date prior to
|
||||
executing this.
|
||||
"""
|
||||
if is_ssl_cert_master():
|
||||
if not peer_units() or is_ssl_cert_master():
|
||||
log("Ensuring PKI token certs created", level=DEBUG)
|
||||
cmd = ['keystone-manage', 'pki_setup', '--keystone-user', 'keystone',
|
||||
'--keystone-group', 'keystone']
|
||||
check_call(cmd)
|
||||
|
||||
# Ensure logfile has keystone perms since we may have just created it
|
||||
# with root.
|
||||
ensure_permissions('/var/log/keystone', user='keystone',
|
||||
group='keystone', perms=0o744)
|
||||
ensure_permissions('/var/log/keystone/keystone.log', user='keystone',
|
||||
group='keystone', perms=0o644)
|
||||
|
||||
ensure_pki_dir_permissions()
|
||||
|
||||
|
||||
|
@ -306,6 +306,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
@patch('keystone_utils.log')
|
||||
@patch('keystone_utils.ensure_ssl_cert_master')
|
||||
@patch('keystone_utils.ensure_ssl_dirs')
|
||||
@patch.object(hooks, 'ensure_permissions')
|
||||
@patch.object(hooks, 'ensure_pki_dir_permissions')
|
||||
@patch.object(hooks, 'ensure_ssl_dir')
|
||||
@patch.object(hooks, 'is_pki_enabled')
|
||||
@ -330,6 +331,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
mock_is_ssl_cert_master,
|
||||
mock_is_pki_enabled,
|
||||
mock_ensure_ssl_dir,
|
||||
mock_ensure_permissions,
|
||||
mock_ensure_pki_dir_permissions,
|
||||
mock_ensure_ssl_dirs,
|
||||
mock_ensure_ssl_cert_master,
|
||||
@ -368,6 +370,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
@patch('keystone_utils.ensure_ssl_cert_master')
|
||||
@patch('keystone_utils.ensure_ssl_dirs')
|
||||
@patch.object(hooks, 'update_all_identity_relation_units')
|
||||
@patch.object(hooks, 'ensure_permissions')
|
||||
@patch.object(hooks, 'ensure_pki_dir_permissions')
|
||||
@patch.object(hooks, 'ensure_ssl_dir')
|
||||
@patch.object(hooks, 'is_pki_enabled')
|
||||
@ -387,6 +390,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
mock_peer_units,
|
||||
mock_is_pki_enabled,
|
||||
mock_ensure_ssl_dir,
|
||||
mock_ensure_permissions,
|
||||
mock_ensure_pki_permissions,
|
||||
mock_update_all_id_rel_units,
|
||||
ensure_ssl_dirs,
|
||||
@ -416,6 +420,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
@patch('keystone_utils.log')
|
||||
@patch('keystone_utils.ensure_ssl_cert_master')
|
||||
@patch('keystone_utils.ensure_ssl_dirs')
|
||||
@patch.object(hooks, 'ensure_permissions')
|
||||
@patch.object(hooks, 'ensure_pki_dir_permissions')
|
||||
@patch.object(hooks, 'ensure_ssl_dir')
|
||||
@patch.object(hooks, 'is_pki_enabled')
|
||||
@ -439,6 +444,7 @@ class KeystoneRelationTests(CharmTestCase):
|
||||
mock_is_ssl_cert_master,
|
||||
mock_is_pki_enabled,
|
||||
mock_ensure_ssl_dir,
|
||||
mock_ensure_permissions,
|
||||
mock_ensure_pki_permissions,
|
||||
mock_ensure_ssl_dirs,
|
||||
mock_ensure_ssl_cert_master,
|
||||
|
Loading…
Reference in New Issue
Block a user