At present, keystone.log's user:group permit is root:kolla,
when got token from keystone, it failed. The reason is that:
Permission denied. So it shoud be changed keystone:keystone.
Change-Id: Ibbbf1d88ba16e5040f9068ea9948373d10593514
Closes-Bug: #1631685
Change needed to add header blocks to all Dockerfiles, similar to the
base.
Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.
Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
Is a best practice in Unix/Linux scripts to use dots
instead of source command.
Using dots will avoid issues with non BASH shells
TrivialFix
Change-Id: Ie6480a1954f853f79faffa093452715ebd9f7d90
Signed-off-by: Eduardo Gonzalez <dabarren@gmail.com>
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.
- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
This will handle key rotations through keystone-manage and trigger
an rsync to push new tokens to other nodes.
The Ansible component is implemented in:
https://review.openstack.org/#/c/349366
Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support