Merge "Add credential keys setup"
This commit is contained in:
commit
ef45fb4f8b
|
@ -14,13 +14,13 @@ RUN apt-get install -y --no-install-recommends \
|
||||||
|
|
||||||
RUN useradd --user-group keystone \
|
RUN useradd --user-group keystone \
|
||||||
&& /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
|
&& /var/lib/microservices/venv/bin/pip install --upgrade /keystone \
|
||||||
&& mkdir -p /etc/keystone/fernet-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
&& mkdir -p /etc/keystone/fernet-keys /etc/keystone/credential-keys /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
||||||
&& cp -r /keystone/etc/* /etc/keystone/ \
|
&& cp -r /keystone/etc/* /etc/keystone/ \
|
||||||
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
|
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
|
||||||
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
|
&& cp /var/lib/microservices/venv/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/public \
|
||||||
&& touch /etc/keystone/fernet-keys/.placeholder \
|
&& touch /etc/keystone/fernet-keys/.placeholder \
|
||||||
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
&& chown -R keystone: /etc/keystone /var/www/cgi-bin/keystone /var/log/apache2 /home/keystone \
|
||||||
&& chmod -R 500 /etc/keystone/fernet-keys
|
&& chmod -R 500 /etc/keystone/fernet-keys /etc/keystone/credential-keys
|
||||||
|
|
||||||
COPY daemon.sh /usr/local/bin/daemon.sh
|
COPY daemon.sh /usr/local/bin/daemon.sh
|
||||||
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers
|
COPY keystone_sudoers /etc/sudoers.d/keystone_sudoers
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
{{ keystone.credential_key }}
|
|
@ -19,6 +19,7 @@ configs:
|
||||||
|
|
||||||
# 100% random default
|
# 100% random default
|
||||||
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
|
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
|
||||||
|
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
|
||||||
|
|
||||||
openstack:
|
openstack:
|
||||||
user_password: password
|
user_password: password
|
||||||
|
|
|
@ -49,7 +49,6 @@ service:
|
||||||
--bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }}
|
--bootstrap-admin-url http://{{ address('keystone') }}:{{ keystone.admin_port.cont }}
|
||||||
--bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }}
|
--bootstrap-public-url {{ address('keystone', keystone.public_port, external=True, with_scheme=True) }}
|
||||||
--bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }}
|
--bootstrap-internal-url http://{{ address('keystone') }}:{{ keystone.public_port.cont }}
|
||||||
|
|
||||||
daemon:
|
daemon:
|
||||||
dependencies:
|
dependencies:
|
||||||
- memcached
|
- memcached
|
||||||
|
@ -57,6 +56,7 @@ service:
|
||||||
- keystone-conf
|
- keystone-conf
|
||||||
- wsgi-keystone-conf
|
- wsgi-keystone-conf
|
||||||
- fernet-key
|
- fernet-key
|
||||||
|
- credential-key
|
||||||
command: daemon.sh
|
command: daemon.sh
|
||||||
post:
|
post:
|
||||||
- name: keystone-create-project
|
- name: keystone-create-project
|
||||||
|
@ -73,3 +73,8 @@ files:
|
||||||
fernet-key:
|
fernet-key:
|
||||||
path: /etc/keystone/fernet-keys/1
|
path: /etc/keystone/fernet-keys/1
|
||||||
content: fernet-key.j2
|
content: fernet-key.j2
|
||||||
|
credential-key:
|
||||||
|
path: /etc/keystone/credential-keys/1
|
||||||
|
content: credential-key.j2
|
||||||
|
perm: "0600"
|
||||||
|
user: keystone
|
||||||
|
|
Loading…
Reference in New Issue