Ensure fernet keys are created before bootstrap

The bootstrap command will fail if the fernet keys has not been created/generated or it will fail. See [1] this output. [1] http://paste.openstack.org/show/794949/ Change-Id: I560438a9bd402feba425656ba5213a087ab9e663
2020-06-18 16:15:07 +02:00 · 2020-06-18 16:15:07 +02:00 · 5ba56d49bf
commit 5ba56d49bf
parent 9ebf00d435
3 changed files with 7 additions and 0 deletions
--- a/manifests/deps.pp
+++ b/manifests/deps.pp
@ -79,4 +79,8 @@ class keystone::deps {
  # Otherwise, the run isn't indempotent.
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-enabled' |>
  Package<| tag == 'keystone-package'|> -> File<| title == '/etc/apache2/sites-available' |>
+
+  # Bootstrap needs to be executed after fernet keys are created/generated.
+  Exec<| title == 'keystone-manage fernet_setup' |> -> Exec<| title == 'keystone bootstrap' |>
+  File<| tag == 'keystone-fernet-key' |> -> Exec<| title == 'keystone bootstrap' |>
 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -946,6 +946,7 @@ running as a standalone service, or httpd for being run by a httpd server")
          'mode'      => '0600',
          'replace'   => $fernet_replace_keys,
          'subscribe' => 'Anchor[keystone::install::end]',
+          'tag'       => 'keystone-fernet-key',
        }
      )
    } else {
--- a/spec/classes/keystone_init_spec.rb
+++ b/spec/classes/keystone_init_spec.rb
@ -733,6 +733,7 @@ describe 'keystone' do
      'mode'      => '0600',
      'replace'   => true,
      'subscribe' => 'Anchor[keystone::install::end]',
+      'tag'       => 'keystone-fernet-key',
    )}
    it { is_expected.to contain_file('/etc/keystone/fernet-keys/1').with(
      'content'   => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
@ -740,6 +741,7 @@ describe 'keystone' do
      'mode'      => '0600',
      'replace'   => true,
      'subscribe' => 'Anchor[keystone::install::end]',
+      'tag'       => 'keystone-fernet-key',
    )}
  end