chown fernet keys to match container's keystone user and group
We used to use the host's keystone user and group. This is wrong since we need to use the container's keystone user and group, which differs from the host. This fixes that. Change-Id: I0a64843c94bb173bb9e418bfca26927c1e2a123f Closes-Bug: #1726727
This commit is contained in:
Juan Antonio Osorio Robles
parent
2a8efeb0f6
commit
6b039f4bbb
@ -11,6 +11,9 @@
|
|||||||
|
|
||||||
- name: Rotate fernet keys for keystone container
|
- name: Rotate fernet keys for keystone container
|
||||||
block:
|
block:
|
||||||
|
- set_fact:
|
||||||
|
keystone_base: /var/lib/config-data/puppet-generated/keystone
|
||||||
|
|
||||||
- name: Remove previous fernet keys
|
- name: Remove previous fernet keys
|
||||||
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
|
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
|
||||||
args:
|
args:
|
||||||
@ -18,11 +21,14 @@
|
|||||||
|
|
||||||
- name: Persist fernet keys to repository
|
- name: Persist fernet keys to repository
|
||||||
copy:
|
copy:
|
||||||
dest: "/var/lib/config-data/puppet-generated/keystone{{ item.key }}"
|
dest: "{{ keystone_base }}{{ item.key }}"
|
||||||
content: "{{ item.value.content }}"
|
content: "{{ item.value.content }}"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
owner: keystone
|
with_dict: "{{ fernet_keys }}"
|
||||||
group: keystone
|
no_log: true
|
||||||
|
|
||||||
|
- name: Set permissions to match container's user
|
||||||
|
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
|
||||||
with_dict: "{{ fernet_keys }}"
|
with_dict: "{{ fernet_keys }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user