From 8957bacb4aa8aab0d4547e285eff49b18b4de41f Mon Sep 17 00:00:00 2001
From: Andrey Volkov <avolkov@mirantis.com>
Date: Fri, 6 Dec 2019 13:38:22 +0300
Subject: [PATCH] Do no recreate fernet tokens on setup

In case of keystone-fernet-setup job rerun (delete and create),
fernet tokens are recreated. Which leads to ongoing openstack request
fail.

keystone-manage fernet_setup is idempotent, let's make the
keystone-fernet-setup job idempotent as well.

Change-Id: I62e741fe5192b7a0018bc84ccdac1ea5311a1e03
---
 keystone/templates/bin/_fernet-manage.py.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/keystone/templates/bin/_fernet-manage.py.tpl b/keystone/templates/bin/_fernet-manage.py.tpl
index 6fc16921ff..2e3b410b47 100644
--- a/keystone/templates/bin/_fernet-manage.py.tpl
+++ b/keystone/templates/bin/_fernet-manage.py.tpl
@@ -152,9 +152,9 @@ def main():
                  FERNET_DIR)
         write_to_files(secret['data'])
 
-    if args.command == 'credential_setup':
+    if args.command in ('credential_setup', 'fernet_setup'):
         if secret.get('data', False):
-            LOG.info('Credential keys already exist, skipping setup...')
+            LOG.info('Keys already exist, skipping setup...')
             sys.exit(0)
 
     execute_command(args.command)