chown fernet keys to match container's keystone user and group

We used to use the host's keystone user and group. This is wrong since
we need to use the container's keystone user and group, which differs
from the host. This fixes that.

Change-Id: I0a64843c94bb173bb9e418bfca26927c1e2a123f
Closes-Bug: #1726727
This commit is contained in:
Juan Antonio Osorio Robles 2017-10-24 10:11:40 +03:00
parent 2a8efeb0f6
commit 6b039f4bbb

View File

@ -11,6 +11,9 @@
- name: Rotate fernet keys for keystone container
block:
- set_fact:
keystone_base: /var/lib/config-data/puppet-generated/keystone
- name: Remove previous fernet keys
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
args:
@ -18,11 +21,14 @@
- name: Persist fernet keys to repository
copy:
dest: "/var/lib/config-data/puppet-generated/keystone{{ item.key }}"
dest: "{{ keystone_base }}{{ item.key }}"
content: "{{ item.value.content }}"
mode: 0600
owner: keystone
group: keystone
with_dict: "{{ fernet_keys }}"
no_log: true
- name: Set permissions to match container's user
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
with_dict: "{{ fernet_keys }}"
no_log: true