From 97ca000995000879a539d1570537509fd16616d4 Mon Sep 17 00:00:00 2001 From: Olivier Bourdon Date: Mon, 26 Feb 2018 11:11:27 +0100 Subject: [PATCH] Fix for removal of uuid token provider, replaced by fernet Due to recent removal of uuid token provider in keystone: see: https://review.openstack.org/#/c/543060/ Change-Id: I06362eb415c2e956eecc825820e9903a0d6cb97d --- .../tasks/bootstrap.yml | 26 ++++++++++++++++++- .../templates/keystone.conf.j2 | 2 +- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml index f9e6bfaa3..b0747f429 100644 --- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml @@ -107,6 +107,24 @@ group: "keystone" mode: 0755 +- name: "Retrieve Keystone major version" + command: keystone-manage --version + register: keystone_version_str + +- name: "Set Keystone major version" + set_fact: + keystone_version: "{{ keystone_version_str.stderr.split('.')[0] }}" + +- name: "Set Keystone provider to uuid" + set_fact: + keystone_provider: "uuid" + when: keystone_version | int < 13 + +- name: "Set Keystone provider to fernet" + set_fact: + keystone_provider: "fernet" + when: keystone_version | int >= 13 + - name: "Write keystone configuration from template" template: src: keystone.conf.j2 @@ -128,10 +146,16 @@ command: keystone-manage db_sync environment: "{{ bifrost_venv_env if enable_venv else {} }}" +- name: "Setup Fernet key repositories" + command: > + keystone-manage fernet_setup + --keystone-user="{{ nginx_user }}" --keystone-group="{{ nginx_user }}" + when: keystone_version | int >= 13 + - name: "Setup Keystone Credentials" command: > keystone-manage credential_setup - --keystone-user=keystone --keystone-group=keystone + --keystone-user="{{ nginx_user }}" --keystone-group="{{ nginx_user }}" - name: "Bootstrap Keystone Database" command: > diff --git a/playbooks/roles/bifrost-keystone-install/templates/keystone.conf.j2 b/playbooks/roles/bifrost-keystone-install/templates/keystone.conf.j2 index 0ef719802..cfac5389f 100644 --- a/playbooks/roles/bifrost-keystone-install/templates/keystone.conf.j2 +++ b/playbooks/roles/bifrost-keystone-install/templates/keystone.conf.j2 @@ -23,4 +23,4 @@ use_db_reconnect = true lockout_failure_attempts = 3 [token] -provider = uuid +provider = {{ keystone_provider }}