Browse code
Allow setup of credential encryption using fernet
With the addition of encrypted credential in keystone, we need to be able to
add setup steps in devstack to configure the credential repository with
encryption keys.
Depends-On: I97e7701bc5b8765d207cc721793643bcefa2d4e2
Depends-On: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe
Change-Id: I433da9a257daa21ec3b5996b2bca571211f1fbba
Lance Bragstad authored on 2016/08/27 10:01:37Showing 1 changed files
| ... | ... |
@@ -345,6 +345,8 @@ function configure_keystone {
|
| 345 | 345 |
|
| 346 | 346 |
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/" |
| 347 | 347 |
|
| 348 |
+ iniset $KEYSTONE_CONF credential key_repository "$KEYSTONE_CONF_DIR/credential-keys/" |
|
| 349 |
+ |
|
| 348 | 350 |
# Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project. |
| 349 | 351 |
# The users from this project are globally admin as before, but it also |
| 350 | 352 |
# allows policy changes in order to clarify the adminess scope. |
| ... | ... |
@@ -514,6 +516,9 @@ function init_keystone {
|
| 514 | 514 |
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/" |
| 515 | 515 |
$KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF fernet_setup |
| 516 | 516 |
fi |
| 517 |
+ rm -rf "$KEYSTONE_CONF_DIR/credential-keys/" |
|
| 518 |
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF credential_setup |
|
| 519 |
+ |
|
| 517 | 520 |
} |
| 518 | 521 |
|
| 519 | 522 |
# install_keystoneauth() - Collect source and prepare |