x
/
fuel-ccp-keystone
Code Issues Proposed changes

Merge "Add credential keys setup"

This commit is contained in:
Jenkins 2016-11-15 10:17:08 +00:00 committed by Gerrit Code Review
parent 294fd9f8e8 b3503d709e
commit ef45fb4f8b
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/keystone/Dockerfile.j2
View File

@ -14,13 +14,13 @@ RUN apt-get install -y --no-install-recommends \
RUN useradd --user-group keystone \
&& /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
&& mkdir -p /etc/keystone/fernet-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& cp -r /keystone/etc/* /etc/keystone/ \
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
&& touch /etc/keystone/fernet-keys/.placeholder \
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
&& chmod -R 500 /etc/keystone/fernet-keys
&& chmod -R 500 /etc/keystone/fernet-keys /etc/keystone/credential-keys
COPY daemon.sh /usr/local/bin/daemon.sh
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers

1
service/files/credential-key.j2 Normal file
View File

@ -0,0 +1 @@
{{ keystone.credential_key }}

1
service/files/defaults.yaml
View File

@ -19,6 +19,7 @@ configs:
# 100% random default
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
openstack:
user_password: password

7
service/keystone.yaml
View File

@ -49,7 +49,6 @@ service:
--bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }}
--bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }}
--bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }}
daemon:
dependencies:
- memcached
@ -57,6 +56,7 @@ service:
- keystone-conf
- wsgi-keystone-conf
- fernet-key
- credential-key
command: daemon.sh
post:
- name: keystone-create-project
@ -73,3 +73,8 @@ files:
fernet-key:
path: /etc/keystone/fernet-keys/1
content: fernet-key.j2
credential-key:
path: /etc/keystone/credential-keys/1
content: credential-key.j2
perm: "0600"
user: keystone