openstack/kolla-ansible
Code Issues Proposed changes
2cc21b0e63
kolla-ansible/ansible/roles/keystone/templates/fernet-push.sh.j2
Michal Arbet 90fd9152a4 Use Docker healthchecks for keystone-fernet container 
This change enables the use of Docker healthchecks for
keystone-fernet container. It checks if "key 0" has
right permissions, and if rsync is able to distribute
keys to other keystones.

Implements: blueprint container-health-check
Change-Id: I17bea723d4109e869cd05d211f6f8e4653f46e17
2021-08-17 15:07:01 +02:00

27 lines
1.1 KiB
Django/Jinja
Raw Blame History

#!/bin/bash
set -o errexit
set -o pipefail
if [ ! -z "$1" ] && [ "$1" == "--check" ]; then
{% if groups['keystone'] | length > 1 %}
{% for host in groups['keystone'] %}
{% if inventory_hostname != host %}
/usr/bin/rsync --dry-run -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/fernet-keys
{% endif %}
{% endfor %}
{% else %}
echo "No additional keystone-server where fernet keys could be rsynced."
{% endif %}
else
{% if groups['keystone'] | length > 1 %}
{% for host in groups['keystone'] %}
{% if inventory_hostname != host %}
/usr/bin/rsync -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/fernet-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/fernet-keys
{% endif %}
{% endfor %}
{% else %}
echo "No additional keystone-server where fernet keys could be rsynced."
{% endif %}
fi
View Git Blame Copy Permalink