From 5ba56d49bfda2446a502f84e6a4556eac638af6d Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias.urdin@binero.se>
Date: Thu, 18 Jun 2020 16:15:07 +0200
Subject: [PATCH] Ensure fernet keys are created before bootstrap

The bootstrap command will fail if the fernet keys
has not been created/generated or it will fail.

See [1] this output.

[1] http://paste.openstack.org/show/794949/

Change-Id: I560438a9bd402feba425656ba5213a087ab9e663
---
 manifests/deps.pp                  | 4 ++++
 manifests/init.pp                  | 1 +
 spec/classes/keystone_init_spec.rb | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/manifests/deps.pp b/manifests/deps.pp
index 1b88a46e4..982f69b40 100644
--- a/manifests/deps.pp
+++ b/manifests/deps.pp
@@ -79,4 +79,8 @@ class keystone::deps {
   # Otherwise, the run isn't indempotent.
   Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-enabled' |>
   Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-available' |>
+
+  # Bootstrap needs to be executed after fernet keys are created/generated.
+  Exec<| title == 'keystone-manage fernet_setup' |> -> Exec<| title == 'keystone bootstrap' |>
+  File<| tag == 'keystone-fernet-key' |> -> Exec<| title == 'keystone bootstrap' |>
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 37901dadd..da383e5b2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -946,6 +946,7 @@ running as a standalone service, or httpd for being run by a httpd server")
           'mode'      => '0600',
           'replace'   => $fernet_replace_keys,
           'subscribe' => 'Anchor[keystone::install::end]',
+          'tag'       => 'keystone-fernet-key',
         }
       )
     } else {
diff --git a/spec/classes/keystone_init_spec.rb b/spec/classes/keystone_init_spec.rb
index 7f47ea1d9..05734e73c 100644
--- a/spec/classes/keystone_init_spec.rb
+++ b/spec/classes/keystone_init_spec.rb
@@ -733,6 +733,7 @@ describe 'keystone' do
       'mode'      => '0600',
       'replace'   => true,
       'subscribe' => 'Anchor[keystone::install::end]',
+      'tag'       => 'keystone-fernet-key',
     )}
     it { is_expected.to contain_file('/etc/keystone/fernet-keys/1').with(
       'content'   => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
@@ -740,6 +741,7 @@ describe 'keystone' do
       'mode'      => '0600',
       'replace'   => true,
       'subscribe' => 'Anchor[keystone::install::end]',
+      'tag'       => 'keystone-fernet-key',
     )}
   end