Allow upgrade to create fernet keys for credentials

With the addition of encrypted credentials, keystone needs the ability to read encryption keys from a repository in order to create credentials. This commit makes it so that when keystone is upgraded from Mitaka to Newton, we run `keystone-manage credential_setup` to ensure a directory exists on the system. Depends-On: Ib06c86a17e585f43bfa8aedf3d5e89d3163cc9da Change-Id: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe partially-implements: credential-encryption
2016-08-29 21:13:49 +00:00 · 2016-08-29 21:13:49 +00:00 · 7326ffbe6b
commit 7326ffbe6b
parent da7ac3eb0b
1 changed files with 16 additions and 0 deletions
--- a/projects/10_keystone/from-mitaka/upgrade-keystone
+++ b/projects/10_keystone/from-mitaka/upgrade-keystone
@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# ``upgrade-keystone``
+
+function configure_keystone_upgrade {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set -o xtrace
+
+    # Run `keysetone-manage credential_setup` to ensure keystone has a fernet
+    # key repository to encrypt and decrypt credentials.
+    $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF credential_setup
+
+    # reset to previous state
+    $xtrace
+}