From 4402f059e7152cbcf2c2718c23bde433cc34430c Mon Sep 17 00:00:00 2001 From: Carlos Camacho Date: Wed, 6 Jun 2018 17:03:17 +0200 Subject: [PATCH] Add keystone credential-keys and fernet-keys clarification when restoring the Undercloud We need to be sure that when puppet configures the Undercloud we reuse the keys in the folders credential-keys and fernet-keys. Otherwise we will have keystone issues. Change-Id: Ib9274f28e9163753821abd7b430b2b1117aac622 --- .../03_undercloud_restore.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/source/install/controlplane_backup_restore/03_undercloud_restore.rst b/doc/source/install/controlplane_backup_restore/03_undercloud_restore.rst index 395e1db8..0d27ab7e 100644 --- a/doc/source/install/controlplane_backup_restore/03_undercloud_restore.rst +++ b/doc/source/install/controlplane_backup_restore/03_undercloud_restore.rst @@ -101,6 +101,18 @@ certificates and hieradata with the backup content: sudo rsync -a /var/tmp/test_bk_down/srv/node/ /srv/node/ sudo rsync -a /var/tmp/test_bk_down/var/lib/glance/ /var/lib/glance/ +The Keystone configuration files need to be synchronized +before reinstalling the Undercloud node. This is needed +because we need to have the same keys in the folders +`credential-keys` and `fernet-keys` so they don't get regenerated +when running the puppet Undercloud configuration. +Take into account that the package `openstack-keystone` needs to be installed +before synchronizing its configuration data: + +:: + + sudo rsync -a /var/tmp/test_bk_down/etc/keystone/ /etc/keystone/ + If the user is using SSL, you need to refresh the CA certificate: ::