Merge "Enable fernet keys generation"
This commit is contained in:
commit
efb0046354
|
@ -1 +1 @@
|
||||||
%microservices ALL=(root) NOPASSWD: /bin/chown keystone\:keystone /var/log/ccp/keystone
|
%microservices ALL=(root) NOPASSWD: /bin/chown keystone\:keystone /var/log/ccp/keystone, /bin/chown keystone\:keystone /etc/keystone/fernet-keys
|
||||||
|
|
|
@ -17,8 +17,8 @@ configs:
|
||||||
processes: 6
|
processes: 6
|
||||||
threads: 1
|
threads: 1
|
||||||
|
|
||||||
|
fernet_secret_name: keystone-fernet-keys
|
||||||
# 100% random default
|
# 100% random default
|
||||||
fernet_key: "ZAabsQIXsSW7Ez52UZRqUXDz87y9+R+mbxVZ38gRmjg="
|
|
||||||
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
|
credential_key: "2jjLrgOLvI-wj7g-8058SSCw0-ZnL4Ghg5cLuBirxL8="
|
||||||
|
|
||||||
notifications:
|
notifications:
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
{{ keystone.fernet_key }}
|
|
|
@ -1,4 +1,4 @@
|
||||||
dsl_version: 0.4.0
|
dsl_version: 0.6.0
|
||||||
service:
|
service:
|
||||||
name: keystone
|
name: keystone
|
||||||
ports:
|
ports:
|
||||||
|
@ -24,6 +24,16 @@ service:
|
||||||
pre:
|
pre:
|
||||||
- name: chown-logs-dir
|
- name: chown-logs-dir
|
||||||
command: "sudo /bin/chown keystone:keystone /var/log/ccp/keystone"
|
command: "sudo /bin/chown keystone:keystone /var/log/ccp/keystone"
|
||||||
|
- name: chown-fernet-dir
|
||||||
|
command: "sudo /bin/chown keystone:keystone /etc/keystone/fernet-keys"
|
||||||
|
- name: remove-fernet-dir-sticky-bit
|
||||||
|
command: /bin/chmod -t /etc/keystone/fernet-keys
|
||||||
|
- name: generate-fernet-keys
|
||||||
|
command: "/usr/bin/python /opt/ccp/bin/fernet-manage.py fernet_setup"
|
||||||
|
image: keystone
|
||||||
|
type: single
|
||||||
|
files:
|
||||||
|
- fernet-manage
|
||||||
- name: keystone-db-create
|
- name: keystone-db-create
|
||||||
dependencies:
|
dependencies:
|
||||||
- {{ service.database }}
|
- {{ service.database }}
|
||||||
|
@ -63,8 +73,9 @@ service:
|
||||||
files:
|
files:
|
||||||
- keystone-conf
|
- keystone-conf
|
||||||
- wsgi-keystone-conf
|
- wsgi-keystone-conf
|
||||||
- fernet-key
|
|
||||||
- credential-key
|
- credential-key
|
||||||
|
secrets:
|
||||||
|
- keystone-fernet
|
||||||
command: daemon.sh
|
command: daemon.sh
|
||||||
post:
|
post:
|
||||||
- name: keystone-create-project
|
- name: keystone-create-project
|
||||||
|
@ -78,13 +89,18 @@ files:
|
||||||
wsgi-keystone-conf:
|
wsgi-keystone-conf:
|
||||||
path: /etc/apache2/conf-enabled/wsgi-keystone.conf
|
path: /etc/apache2/conf-enabled/wsgi-keystone.conf
|
||||||
content: wsgi-keystone.conf.j2
|
content: wsgi-keystone.conf.j2
|
||||||
fernet-key:
|
|
||||||
path: /etc/keystone/fernet-keys/1
|
|
||||||
content: fernet-key.j2
|
|
||||||
perm: "0600"
|
|
||||||
user: keystone
|
|
||||||
credential-key:
|
credential-key:
|
||||||
path: /etc/keystone/credential-keys/1
|
path: /etc/keystone/credential-keys/1
|
||||||
content: credential-key.j2
|
content: credential-key.j2
|
||||||
perm: "0600"
|
perm: "0600"
|
||||||
user: keystone
|
user: keystone
|
||||||
|
fernet-manage:
|
||||||
|
path: /opt/ccp/bin/fernet-manage.py
|
||||||
|
content: fernet-manage.py
|
||||||
|
perm: "0400"
|
||||||
|
user: keystone
|
||||||
|
secrets:
|
||||||
|
keystone-fernet:
|
||||||
|
path: "/etc/keystone/fernet-keys"
|
||||||
|
secret:
|
||||||
|
secretName: {{ keystone.fernet_secret_name }}
|
||||||
|
|
Loading…
Reference in New Issue