Fix permission denied during Fernet key rotation
During a deploy, if keystone Fernet key rotation happens before the keystone container starts, the rotation may fail with 'permission denied'. This happens because config.json for Keystone sets the permissions for /etc/keystone/fernet-keys. This change fixes the issue by also setting the permissions for /etc/keystone/fernet-keys in config.json for keystone-fernet and keystone-ssh. Change-Id: I561e4171d14dcaad8a2a9a36ccab84a670daa904 Closes-Bug: #1888512
This commit is contained in:
parent
ffef1f2953
commit
b45679f122
@ -50,5 +50,12 @@
|
||||
"owner": "keystone",
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/etc/keystone/fernet-keys",
|
||||
"owner": "keystone:keystone",
|
||||
"perm": "0770"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -13,5 +13,12 @@
|
||||
"owner": "keystone",
|
||||
"perm": "0600"
|
||||
}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
"path": "/etc/keystone/fernet-keys",
|
||||
"owner": "keystone:keystone",
|
||||
"perm": "0770"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes an issue where Keystone Fernet key rotation may fail due to
|
||||
permission denied error if the Keystone rotation happens before the
|
||||
Keystone container starts. `LP#1888512
|
||||
<https://bugs.launchpad.net/kolla-ansible/+bug/1888512>`__
|
Loading…
Reference in New Issue
Block a user