x
/
fuel-ccp-keystone
Code Issues Proposed changes

Add credential keys setup 

Same as "keystone_mamage credential_setup"

Change-Id: I8bf71402905c2c0de72a002cffa5ca6eef3609e6
This commit is contained in:
Proskurin Kirill 2016-10-26 21:54:19 +00:00
parent 33ff493c81
commit b3503d709e
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/keystone/Dockerfile.j2
View File

@ -14,13 +14,13 @@ RUN apt-get install -y --no-install-recommends \
RUN useradd --user-group keystone \
&& /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
&& mkdir -p /etc/keystone/fernet-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& cp -r /keystone/etc/* /etc/keystone/ \
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
&& touch /etc/keystone/fernet-keys/.placeholder \
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& chmod -R 500 /etc/keystone/fernet-keys
&& chmod -R 500 /etc/keystone/fernet-keys /etc/keystone/credential-keys
COPY daemon.sh /usr/local/bin/daemon.sh
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers

1
service/files/credential-key.j2 Normal file
View File

@ -0,0 +1 @@
{{ keystone.credential_key }}

1
service/files/defaults.yaml
View File

@ -19,6 +19,7 @@ configs:
# 100% random default
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
openstack:
user_password: password

7
service/keystone.yaml
View File

@ -48,7 +48,6 @@ service:
--bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }}
--bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }}
--bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }}
daemon:
dependencies:
- memcached
@ -56,6 +55,7 @@ service:
- keystone-conf
- wsgi-keystone-conf
- fernet-key
- credential-key
command: daemon.sh
post:
- name: keystone-create-project
@ -72,3 +72,8 @@ files:
fernet-key:
path: /etc/keystone/fernet-keys/1
content: fernet-key.j2
credential-key:
path: /etc/keystone/credential-keys/1
content: credential-key.j2
perm: "0600"
user: keystone