This fixes the issue when keystone-manage output included
backslashes and/or double quotation marks which broke JSON string.
Change-Id: Ifae18c407210c12745d29fc4c95dca69aeafe6a8
Closes-bug: #1866017
In some situations, Keystone bootstrap can fail, and then unhelpfully
fails displaying the error message output by the 'keystone-manage
bootstrap' command. This appears to be due to unprintable control
characters in the error message which prevent the output of the script
from being valid JSON.
This change fixes the issue by piping the output through 'cat -v', which
replaces unprintable characters with control codes.
Change-Id: I82444bc2272311023cc9e92c5a298d1c4c87483b
Closes-Bug: #1855701
Currently this causes bash to echo all lines parsed
and executed; which makes it not so nicely output the
bootstrapping password.
This is not something we should encourage and have show
up in peoples logs or other so stop doing that.
Change-Id: Iac963a5df393d0359b4c8f93b8756ca168f6f193
Currently when this is being ran, and say ara is being used to
capture the running of kolla-ansible ara will capture the full
command line ran (even if no_log is set); because by default these
modules do not hide what they are running.
So to avoid the situation where the command line shows the password
have this also be able to take in the password via an environment
variable as well (which ara will not capture).
Change-Id: I4d42d592d8031d0f3923bccc6b2db1149af08e75
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support