Merge "Add credential keys setup"
This commit is contained in:
commit
ef45fb4f8b
|
@ -14,13 +14,13 @@ RUN apt-get install -y --no-install-recommends \
|
|||
|
||||
RUN useradd --user-group keystone \
|
||||
&& /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
|
||||
&& mkdir -p /etc/keystone/fernet-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
||||
&& mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
||||
&& cp -r /keystone/etc/* /etc/keystone/ \
|
||||
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
|
||||
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
|
||||
&& touch /etc/keystone/fernet-keys/.placeholder \
|
||||
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
||||
&& chmod -R 500 /etc/keystone/fernet-keys
|
||||
&& chmod -R 500 /etc/keystone/fernet-keys /etc/keystone/credential-keys
|
||||
|
||||
COPY daemon.sh /usr/local/bin/daemon.sh
|
||||
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{{ keystone.credential_key }}
|
|
@ -19,6 +19,7 @@ configs:
|
|||
|
||||
# 100% random default
|
||||
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
|
||||
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
|
||||
|
||||
openstack:
|
||||
user_password: password
|
||||
|
|
|
@ -49,7 +49,6 @@ service:
|
|||
--bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }}
|
||||
--bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }}
|
||||
--bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }}
|
||||
|
||||
daemon:
|
||||
dependencies:
|
||||
- memcached
|
||||
|
@ -57,6 +56,7 @@ service:
|
|||
- keystone-conf
|
||||
- wsgi-keystone-conf
|
||||
- fernet-key
|
||||
- credential-key
|
||||
command: daemon.sh
|
||||
post:
|
||||
- name: keystone-create-project
|
||||
|
@ -73,3 +73,8 @@ files:
|
|||
fernet-key:
|
||||
path: /etc/keystone/fernet-keys/1
|
||||
content: fernet-key.j2
|
||||
credential-key:
|
||||
path: /etc/keystone/credential-keys/1
|
||||
content: credential-key.j2
|
||||
perm: "0600"
|
||||
user: keystone
|
||||
|
|
Loading…
Reference in New Issue