Merge "Enable fernet keys generation"
This commit is contained in:
commit
efb0046354
|
@ -1 +1 @@
|
|||
%microservices ALL=(root) NOPASSWD: /bin/chown keystone\:keystone /var/log/ccp/keystone
|
||||
%microservices ALL=(root) NOPASSWD: /bin/chown keystone\:keystone /var/log/ccp/keystone, /bin/chown keystone\:keystone /etc/keystone/fernet-keys
|
||||
|
|
|
@ -17,8 +17,8 @@ configs:
|
|||
processes: 6
|
||||
threads: 1
|
||||
|
||||
fernet_secret_name: keystone-fernet-keys
|
||||
# 100% random default
|
||||
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
|
||||
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
|
||||
|
||||
notifications:
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
{{ keystone.fernet_key }}
|
|
@ -1,4 +1,4 @@
|
|||
dsl_version: 0.4.0
|
||||
dsl_version: 0.6.0
|
||||
service:
|
||||
name: keystone
|
||||
ports:
|
||||
|
@ -24,6 +24,16 @@ service:
|
|||
pre:
|
||||
- name: chown-logs-dir
|
||||
command: "sudo /bin/chown keystone:keystone /var/log/ccp/keystone"
|
||||
- name: chown-fernet-dir
|
||||
command: "sudo /bin/chown keystone:keystone /etc/keystone/fernet-keys"
|
||||
- name: remove-fernet-dir-sticky-bit
|
||||
command: /bin/chmod -t /etc/keystone/fernet-keys
|
||||
- name: generate-fernet-keys
|
||||
command: "/usr/bin/python /opt/ccp/bin/fernet-manage.py fernet_setup"
|
||||
image: keystone
|
||||
type: single
|
||||
files:
|
||||
- fernet-manage
|
||||
- name: keystone-db-create
|
||||
dependencies:
|
||||
- {{ service.database }}
|
||||
|
@ -63,8 +73,9 @@ service:
|
|||
files:
|
||||
- keystone-conf
|
||||
- wsgi-keystone-conf
|
||||
- fernet-key
|
||||
- credential-key
|
||||
secrets:
|
||||
- keystone-fernet
|
||||
command: daemon.sh
|
||||
post:
|
||||
- name: keystone-create-project
|
||||
|
@ -78,13 +89,18 @@ files:
|
|||
wsgi-keystone-conf:
|
||||
path: /etc/apache2/conf-enabled/wsgi-keystone.conf
|
||||
content: wsgi-keystone.conf.j2
|
||||
fernet-key:
|
||||
path: /etc/keystone/fernet-keys/1
|
||||
content: fernet-key.j2
|
||||
perm: "0600"
|
||||
user: keystone
|
||||
credential-key:
|
||||
path: /etc/keystone/credential-keys/1
|
||||
content: credential-key.j2
|
||||
perm: "0600"
|
||||
user: keystone
|
||||
fernet-manage:
|
||||
path: /opt/ccp/bin/fernet-manage.py
|
||||
content: fernet-manage.py
|
||||
perm: "0400"
|
||||
user: keystone
|
||||
secrets:
|
||||
keystone-fernet:
|
||||
path: "/etc/keystone/fernet-keys"
|
||||
secret:
|
||||
secretName: {{ keystone.fernet_secret_name }}
|
||||
|
|
Loading…
Reference in New Issue