def initialise_pki():
"""Create certs and keys required for token signing.
Used for PKI and signing token revocation list.
NOTE: keystone.conf [signing] section must be up-to-date prior to
executing this.
"""
ensure_pki_cert_paths()
if not peer_units() or is_ssl_cert_master():
log("Ensuring PKI token certs created", level=DEBUG)
cmd = [
'keystone-manage', 'pki_setup', '--keystone-user', 'keystone',
'--keystone-group', 'keystone'
]
check_call(cmd)
# Ensure logfile has keystone perms since we may have just created it
# with root.
ensure_permissions('/var/log/keystone',
user='******',
group='keystone',
perms=0o744)
ensure_permissions('/var/log/keystone/keystone.log',
user='******',
group='keystone',
perms=0o644)
ensure_pki_dir_permissions()
def initialise_pki():
"""Create certs and keys required for token signing.
Used for PKI and signing token revocation list.
NOTE: keystone.conf [signing] section must be up-to-date prior to
executing this.
"""
if CompareOpenStackReleases(os_release('keystone-common')) >= 'pike':
# pike dropped support for PKI token; skip function
return
ensure_pki_cert_paths()
if not peer_units() or is_ssl_cert_master():
log("Ensuring PKI token certs created", level=DEBUG)
if snap_install_requested():
cmd = ['/snap/bin/keystone-manage', 'pki_setup',
'--keystone-user', KEYSTONE_USER,
'--keystone-group', KEYSTONE_USER]
_log_dir = '/var/snap/keystone/common/log'
else:
cmd = ['keystone-manage', 'pki_setup',
'--keystone-user', KEYSTONE_USER,
'--keystone-group', KEYSTONE_USER]
_log_dir = '/var/log/keystone'
check_call(cmd)
# Ensure logfile has keystone perms since we may have just created it
# with root.
ensure_permissions(_log_dir, user=KEYSTONE_USER,
group=KEYSTONE_USER, perms=0o744)
ensure_permissions('{}/keystone.log'.format(_log_dir),
user=KEYSTONE_USER, group=KEYSTONE_USER,
perms=0o644)
ensure_pki_dir_permissions()
def initialise_pki():
"""Create certs and keys required for PKI token signing.
NOTE: keystone.conf [signing] section must be up-to-date prior to
executing this.
"""
if not peer_units() or is_ssl_cert_master():
log("Ensuring PKI token certs created", level=DEBUG)
cmd = ['keystone-manage', 'pki_setup', '--keystone-user', 'keystone',
'--keystone-group', 'keystone']
check_call(cmd)
# Ensure logfile has keystone perms since we may have just created it
# with root.
ensure_permissions('/var/log/keystone', user='******',
group='keystone', perms=0o744)
ensure_permissions('/var/log/keystone/keystone.log', user='******',
group='keystone', perms=0o644)
ensure_pki_dir_permissions()
def initialise_pki():
"""Create certs and keys required for token signing.
Used for PKI and signing token revocation list.
NOTE: keystone.conf [signing] section must be up-to-date prior to
executing this.
"""
ensure_pki_cert_paths()
if not peer_units() or is_ssl_cert_master():
log("Ensuring PKI token certs created", level=DEBUG)
cmd = ["keystone-manage", "pki_setup", "--keystone-user", "keystone", "--keystone-group", "keystone"]
check_call(cmd)
# Ensure logfile has keystone perms since we may have just created it
# with root.
ensure_permissions("/var/log/keystone", user="******", group="keystone", perms=0o744)
ensure_permissions("/var/log/keystone/keystone.log", user="******", group="keystone", perms=0o644)
ensure_pki_dir_permissions()