From b3503d709e41d19d40f712f0f26718794698dbbe Mon Sep 17 00:00:00 2001 From: Proskurin Kirill Date: Wed, 26 Oct 2016 21:54:19 +0000 Subject: [PATCH] Add credential keys setup Same as "keystone_mamage credential_setup" Change-Id: I8bf71402905c2c0de72a002cffa5ca6eef3609e6 --- docker/keystone/Dockerfile.j2 | 4 ++-- service/files/credential-key.j2 | 1 + service/files/defaults.yaml | 1 + service/keystone.yaml | 7 ++++++- 4 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 service/files/credential-key.j2 diff --git a/docker/keystone/Dockerfile.j2 b/docker/keystone/Dockerfile.j2 index 5ae93b7..36660d4 100644 --- a/docker/keystone/Dockerfile.j2 +++ b/docker/keystone/Dockerfile.j2 @@ -14,13 +14,13 @@ RUN apt-get install -y --no-install-recommends \ RUN useradd --user-group keystone \ && /var/lib/microservices/venv/bin/pip install --upgrade /keystone \ - && mkdir -p /etc/keystone/fernet-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \ + && mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \ && cp -r /keystone/etc/* /etc/keystone/ \ && cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \ && cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \ && touch /etc/keystone/fernet-keys/.placeholder \ && chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \ - && chmod -R 500 /etc/keystone/fernet-keys + && chmod -R 500 /etc/keystone/fernet-keys /etc/keystone/credential-keys COPY daemon.sh /usr/local/bin/daemon.sh COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers diff --git a/service/files/credential-key.j2 b/service/files/credential-key.j2 new file mode 100644 index 0000000..76fc407 --- /dev/null +++ b/service/files/credential-key.j2 @@ -0,0 +1 @@ +{{ keystone.credential_key }} diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml index 2341aff..9104c44 100644 --- a/service/files/defaults.yaml +++ b/service/files/defaults.yaml @@ -19,6 +19,7 @@ configs: # 100% random default fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg=" + credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8=" openstack: user_password: password diff --git a/service/keystone.yaml b/service/keystone.yaml index 819e338..a405a16 100644 --- a/service/keystone.yaml +++ b/service/keystone.yaml @@ -48,7 +48,6 @@ service: --bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }} --bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }} --bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }} - daemon: dependencies: - memcached @@ -56,6 +55,7 @@ service: - keystone-conf - wsgi-keystone-conf - fernet-key + - credential-key command: daemon.sh post: - name: keystone-create-project @@ -72,3 +72,8 @@ files: fernet-key: path: /etc/keystone/fernet-keys/1 content: fernet-key.j2 + credential-key: + path: /etc/keystone/credential-keys/1 + content: credential-key.j2 + perm: "0600" + user: keystone