Merge "Fix permission denied during Fernet key rotation"

2020-10-28 20:50:01 +00:00 · 2020-10-28 20:50:01 +00:00 · f5f94d77ef
parent ecf567d6ee b45679f122
commit f5f94d77ef
3 changed files with 21 additions and 0 deletions
--- a/ansible/roles/keystone/templates/keystone-fernet.json.j2
+++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2
@ -50,5 +50,12 @@
            "owner": "keystone",
            "perm": "0600"
        }{% endif %}
    ],
    "permissions": [
        {
            "path": "/etc/keystone/fernet-keys",
            "owner": "keystone:keystone",
            "perm": "0770"
        }
    ]
 }
--- a/ansible/roles/keystone/templates/keystone-ssh.json.j2
+++ b/ansible/roles/keystone/templates/keystone-ssh.json.j2
@ -13,5 +13,12 @@
            "owner": "keystone",
            "perm": "0600"
        }
    ],
    "permissions": [
        {
            "path": "/etc/keystone/fernet-keys",
            "owner": "keystone:keystone",
            "perm": "0770"
        }
    ]
 }
--- a/releasenotes/notes/fix-keystone-fernet-perms-82632fb9e53ca3d5.yaml
+++ b/releasenotes/notes/fix-keystone-fernet-perms-82632fb9e53ca3d5.yaml
@ -0,0 +1,7 @@
 ---
 fixes:
  - |
    Fixes an issue where Keystone Fernet key rotation may fail due to
    permission denied error if the Keystone rotation happens before the
    Keystone container starts. `LP#1888512
    <https://bugs.launchpad.net/kolla-ansible/+bug/1888512>`__