Merge "Fix keystone-startup.sh - remove Fernet key age check"
This commit is contained in:
commit
b77b4eb829
@ -4,32 +4,21 @@
|
|||||||
set -o errexit
|
set -o errexit
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
TOKEN_DIR="/etc/keystone/fernet-keys"
|
FERNET_KEY_DIR="/etc/keystone/fernet-keys"
|
||||||
|
|
||||||
# Ensure tokens are populated, check for 0 (staging) key
|
# Ensure Fernet keys are populated, check for 0 (staging) key
|
||||||
n=0
|
n=0
|
||||||
while [ ! -f "${TOKEN_DIR}/0" ]; do
|
while [ ! -f "${FERNET_KEY_DIR}/0" ]; do
|
||||||
if [ $n -lt 36 ]; then
|
if [ $n -lt 36 ]; then
|
||||||
n=$(( n + 1 ))
|
n=$(( n + 1 ))
|
||||||
echo "ERROR: Fernet tokens have not been populated, rechecking in 5 seconds"
|
echo "ERROR: Fernet keys have not been populated, rechecking in 5 seconds"
|
||||||
echo "DEBUG: ${TOKEN_DIR} contents:"
|
echo "DEBUG: ${FERNET_KEY_DIR} contents:"
|
||||||
ls -l ${TOKEN_DIR}
|
ls -l ${FERNET_KEY_DIR}
|
||||||
sleep 5
|
sleep 5
|
||||||
else
|
else
|
||||||
echo "CRITICAL: Waited for 10 minutes - failing"
|
echo "CRITICAL: Waited for 3 minutes - failing"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Ensure tokens are not stale
|
|
||||||
# Get primary token (file with highest number)
|
|
||||||
TOKEN_PRIMARY=$(ls -1 ${TOKEN_DIR} | sort -hr | head -n 1)
|
|
||||||
# Check it's age in seconds
|
|
||||||
TOKEN_AGE=$(($(date +%s) - $(date +%s -r "${TOKEN_DIR}/${TOKEN_PRIMARY}")))
|
|
||||||
# Compare if it's older than fernet_key_rotation_interval and fail if it's stale
|
|
||||||
if [ "${TOKEN_AGE}" -gt "{{ fernet_key_rotation_interval }}" ]; then
|
|
||||||
echo "ERROR: Primary token ${TOKEN_PRIMARY} is stale."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
exec /usr/sbin/{{ keystone_cmd }} $@
|
exec /usr/sbin/{{ keystone_cmd }} $@
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes an issue with Keystone startup when Fernet key rotation does not
|
||||||
|
occur within the configured interval. This may happen due to one of the
|
||||||
|
Keystone hosts being down at the scheduled time of rotation, or due to
|
||||||
|
uneven intervals between cron jobs. `LP#1895723
|
||||||
|
<https://bugs.launchpad.net/kolla-ansible/+bug/1895723>`__
|
Loading…
Reference in New Issue
Block a user