Fix keystone-startup.sh

keystone-startup.sh is using fernet_token_expiry instead of fernet_key_rotation_interval - which effects in restart loop of keystone containers - when restarted after 2-3 days. Closes-Bug: #1895723 Change-Id: Ifff77af3d25d9dc659fff34f2ae3c6f2670df0f4
2020-09-24 15:16:55 +02:00 · 2020-09-24 15:16:55 +02:00 · d78673e77f
commit d78673e77f
parent 43a0a1ca3d
2 changed files with 8 additions and 2 deletions
--- a/ansible/roles/keystone/templates/keystone-startup.sh.j2
+++ b/ansible/roles/keystone/templates/keystone-startup.sh.j2
@ -26,8 +26,8 @@ done
 TOKEN_PRIMARY=$(ls -1 ${TOKEN_DIR} | sort -hr | head -n 1)
 # Check it's age in seconds
 TOKEN_AGE=$(($(date +%s) - $(date +%s -r "${TOKEN_DIR}/${TOKEN_PRIMARY}")))
-# Compare if it's older than fernet_token_expiry and run key rotation if needed
-if [ "${TOKEN_AGE}" -gt "{{ fernet_token_expiry }}" ]; then
+# Compare if it's older than fernet_key_rotation_interval and fail if it's stale
+if [ "${TOKEN_AGE}" -gt "{{ fernet_key_rotation_interval }}" ]; then
    echo "ERROR: Primary token ${TOKEN_PRIMARY} is stale."
    exit 1
 fi
--- a/releasenotes/notes/bug-1895723-910de90908de260a.yaml
+++ b/releasenotes/notes/bug-1895723-910de90908de260a.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    An issue has been fixed when ``keystone`` container would be stuck in
+    restart loop with a message that fernet key is stale.
+    `LP#1895723 <https://launchpad.net/bugs/1895723>`__