chown fernet keys to match container's keystone user and group
We used to use the host's keystone user and group. This is wrong since
we need to use the container's keystone user and group, which differs
from the host. This fixes that.
Change-Id: I0a64843c94bb173bb9e418bfca26927c1e2a123f
Closes-Bug: #1726727
(cherry picked from commit 6b039f4bbb
)
This commit is contained in:
parent
6bef899ed1
commit
6444887b1f
|
@ -11,6 +11,9 @@
|
|||
|
||||
- name: Rotate fernet keys for keystone container
|
||||
block:
|
||||
- set_fact:
|
||||
keystone_base: /var/lib/config-data/puppet-generated/keystone
|
||||
|
||||
- name: Remove previous fernet keys
|
||||
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
|
||||
args:
|
||||
|
@ -18,11 +21,14 @@
|
|||
|
||||
- name: Persist fernet keys to repository
|
||||
copy:
|
||||
dest: "/var/lib/config-data/puppet-generated/keystone{{ item.key }}"
|
||||
dest: "{{ keystone_base }}{{ item.key }}"
|
||||
content: "{{ item.value.content }}"
|
||||
mode: 0600
|
||||
owner: keystone
|
||||
group: keystone
|
||||
with_dict: "{{ fernet_keys }}"
|
||||
no_log: true
|
||||
|
||||
- name: Set permissions to match container's user
|
||||
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
|
||||
with_dict: "{{ fernet_keys }}"
|
||||
no_log: true
|
||||
|
||||
|
|
Loading…
Reference in New Issue