openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes
Role os_keystone for OpenStack-Ansible
741 Commits 9 Branches 17 Tags 11 MiB
Jinja 69.3%
Python 22.1%
Shell 8.6%
Go to file
Jonathan Rosser 8e1f7f4ad8 Fix loss of fernet and credential keys during Rocky to Stein upgrade 
This applies only to source based installations.

The introduction of smart-sources in [1] created a code path
which deletes the /etc/keystone directory before symlinking it
into the keystone venv and creating the necessary config files.

Unfortunatley this has the side effect of also deleting any fernet
and credential keys which pre-existed in the case of an upgrade from
Rocky. The original keys were deleted simulataneously across the whole
keystone_all group in a way which is makes them unrecoverable in
the absence of a backup taken by the operator.

This change simplifies the smart-sources code to always keep the
keystone config files and fernet keys in the host /etc/keystone.
This ensures that the lifecycle of the fernet keys is not coupled
to the lifecycle of the keystone venvs.

In addition, a task is added to rescue any keys which have been
created in the keystone venv by installations from the Stein
release-candidate.

[1] https://review.opendev.org/#/c/588960/

Closes-Bug: 1833414
Change-Id: Ide611fd3d88e352367220f05dbcf4186ac20319f
 		2019-06-20 15:46:28 +00:00
defaults Replace git.openstack.org with opendev.org 2019-05-24 17:12:37 +00:00
doc Replace git.openstack.org with opendev.org 2019-05-24 17:12:37 +00:00
examples Remove keystone service user 2018-10-18 09:56:05 -07:00
files add gentoo support to keystone 2019-02-26 09:04:07 -06:00
handlers Set default address to wait for 2019-04-06 03:13:10 +00:00
library Resolved Keystone Federation bugs 2017-02-07 21:01:09 -06:00
meta Clarify supported SUSE versions 2019-05-27 07:15:23 +00:00
releasenotes Merge "Replacing the HTTP protocal with HTTPS in jobs.yaml." 2019-04-24 20:15:02 +00:00
tasks Fix loss of fernet and credential keys during Rocky to Stein upgrade 2019-06-20 15:46:28 +00:00
templates Merge "Fix distro installs on Ubuntu" 2019-06-11 08:48:32 +00:00
tests Replace git.openstack.org with opendev.org 2019-05-24 17:12:37 +00:00
vars Fix distro installs on Ubuntu 2019-06-03 13:05:41 -07:00
zuul.d Update uw_apache to run against bionic 2019-05-24 15:14:35 +00:00
.gitignore Updated from OpenStack Ansible Tests 2018-10-02 14:53:27 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:36:31 +00:00
CONTRIBUTING.rst [Trivial Fix] Replace Chinese punctuation with English punctuation 2018-09-06 10:36:48 +08:00
LICENSE Updated role to be an independent role 2016-02-26 14:13:43 -06:00
README.rst Replace git.openstack.org with opendev.org 2019-05-24 17:12:37 +00:00
Vagrantfile Updated from OpenStack Ansible Tests 2019-05-09 11:34:48 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2019-05-09 11:34:48 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 08:56:33 +01:00
run_tests.sh Updated from OpenStack Ansible Tests 2019-05-09 11:34:48 +00:00
setup.cfg Update mailinglist from dev to discuss 2018-12-05 09:16:39 +08:00
setup.py Updated from global requirements 2017-03-02 11:51:52 +00:00
tox.ini Replace git.openstack.org with opendev.org 2019-05-24 17:12:37 +00:00

README.rst

Team and repository tags

image

OpenStack-Ansible keystone

Ansible role that installs and configures OpenStack Keystone. Keystone is installed behind the Apache webserver listening on port 5000 by default.

Documentation for the project can be found at: https://docs.openstack.org/openstack-ansible-os_keystone/latest/

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/openstack-ansible-os_keystone/

The project source code repository is located at: https://opendev.org/openstack/openstack-ansible-os_keystone/

The project home is at: https://launchpad.net/openstack-ansible

The project bug tracker is located at: https://bugs.launchpad.net/openstack-ansible