[keystone] set ownership on fernet and credential directories
In some storage providers, the ownership of fernet and credential keys directory is root. Change this to keystone:keystone. In some storage providers, the fernet and credential key directory has lost+foind directory. Ignore them while reading the fernet keys. Change-Id: I329bd268afb3caf088937d06b106811632fc5417
This commit is contained in:
Hemanth Nakkina
parent
2e085afb26
commit
6dfdf18c9f
@ -195,7 +195,12 @@ class KeystoneManager(framework.Object):
|
||||
"""Pull the fernet keys from the on-disk repository."""
|
||||
container = self.charm.unit.get_container(self.container_name)
|
||||
files = container.list_files(key_repository)
|
||||
return {file.name: container.pull(file.path).read() for file in files}
|
||||
# Ignore file type directory. This is to ignore lost+found directory
|
||||
return {
|
||||
file.name: container.pull(file.path).read()
|
||||
for file in files
|
||||
if file.type == ops.pebble.FileType.FILE
|
||||
}
|
||||
|
||||
def write_keys(self, key_repository: str, keys: Mapping[str, str]) -> None:
|
||||
"""Update the local fernet key repository with the provided keys."""
|
||||
@ -274,6 +279,14 @@ class KeystoneManager(framework.Object):
|
||||
try:
|
||||
self._set_status("Setting up fernet tokens")
|
||||
logger.info("Setting up fernet tokens...")
|
||||
self.run_cmd(
|
||||
[
|
||||
"sudo",
|
||||
"chown",
|
||||
"keystone:keystone",
|
||||
"/etc/keystone/fernet-keys",
|
||||
]
|
||||
)
|
||||
self.run_cmd(
|
||||
[
|
||||
"sudo",
|
||||
@ -296,6 +309,14 @@ class KeystoneManager(framework.Object):
|
||||
try:
|
||||
self._set_status("Setting up credentials")
|
||||
logger.info("Setting up credentials...")
|
||||
self.run_cmd(
|
||||
[
|
||||
"sudo",
|
||||
"chown",
|
||||
"keystone:keystone",
|
||||
"/etc/keystone/credential-keys",
|
||||
]
|
||||
)
|
||||
self.run_cmd(
|
||||
[
|
||||
"sudo",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user