Fix issue with fernet_setup exec
The fernet_setup exec is requiring that the keystone-user and keystone-group is passed in the exec call. This change exposes two new parameters that default to "keystone" that are used in that exec call. Change-Id: I1e122dc34d496bc26926b6bcd0921e672e099d2e Closes-Bug: 1553327
This commit is contained in:
Matthew Black
parent
b8ae179f91
commit
cd4f7d8619
@ -487,6 +487,14 @@
|
||||
# error if it's not the case.
|
||||
# Defaults to '/etc/keystone/domains'
|
||||
#
|
||||
# [*keystone_user*]
|
||||
# (optional) Specify the keystone system user to be used with keystone-manage.
|
||||
# Defaults to 'keystone'
|
||||
#
|
||||
# [*keystone_group*]
|
||||
# (optional) Specify the keystone system group to be used with keystone-manage.
|
||||
# Defaults to 'keystone'
|
||||
#
|
||||
# == Dependencies
|
||||
# None
|
||||
#
|
||||
@ -610,6 +618,8 @@ class keystone(
|
||||
$policy_driver = $::os_service_default,
|
||||
$using_domain_config = false,
|
||||
$domain_config_directory = '/etc/keystone/domains',
|
||||
$keystone_user = $::keystone::params::keystone_user,
|
||||
$keystone_group = $::keystone::params::keystone_group,
|
||||
# DEPRECATED PARAMETERS
|
||||
$admin_workers = max($::processorcount, 2),
|
||||
$public_workers = max($::processorcount, 2),
|
||||
@ -913,6 +923,7 @@ class keystone(
|
||||
if $enable_fernet_setup {
|
||||
validate_string($fernet_key_repository)
|
||||
exec { 'keystone-manage fernet_setup':
|
||||
command => "keystone-manage fernet_setup --keystone-user ${keystone_user} --keystone-group ${keystone_group}",
|
||||
path => '/usr/bin',
|
||||
refreshonly => true,
|
||||
creates => "${fernet_key_repository}/0",
|
||||
|
||||
@ -3,7 +3,8 @@
|
||||
#
|
||||
class keystone::params {
|
||||
$client_package_name = 'python-keystone'
|
||||
|
||||
$keystone_user = 'keystone'
|
||||
$keystone_group = 'keystone'
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$package_name = 'keystone'
|
||||
|
||||
@ -869,10 +869,13 @@ describe 'keystone' do
|
||||
'enable_fernet_setup' => true,
|
||||
'fernet_max_active_keys' => 5,
|
||||
'revoke_by_id' => false,
|
||||
'keystone_user' => 'keystone',
|
||||
'keystone_group' => 'keystone'
|
||||
})
|
||||
end
|
||||
|
||||
it { is_expected.to contain_exec('keystone-manage fernet_setup').with(
|
||||
:command => 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone',
|
||||
:creates => '/etc/keystone/fernet-keys/0'
|
||||
) }
|
||||
it { is_expected.to contain_keystone_config('fernet_tokens/max_active_keys').with_value(5)}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user