UNCLASSIFIED

Skip to content
Snippets Groups Projects

Mine

Closed Mine
mine into master
Closed Kyle Jefferson requested to merge mine into master

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Kyle Jefferson
    Kyle Jefferson @kyle.w.jefferson ·
    Author Reporter

    The following are some changes that I made as a solution for the issue of automatically updating fernet-keys on keystone. This uses some configuration changes on master and implements the event and reactor system.

    1.apps/openstack/keystone/files/beacons.conf

    • This file adds the beacons.conf file on keystone that instructs the keystone minion to send a beacon to the master anytime /etc/keystone/fernet-keys directory is modified. Whenever keystone changes its fernet-keys then master should be notified
    1. apps/openstack/keystone/files/hash
    • contains the beacons.conf hash
    1. apps/public/nacl/configure-nacl.sls
    • Renamed the sync_grains.conf file to reactor.conf and pointed it to the reactor.conf file. I also added more configurations in the /etc/salt/master.d directory on nacl
    1. apps/public/nacl/files/file_recv.conf
    • Added this configuration on master so that it can receive pushed files from minions. This option is default off on master config
    1. apps/public/nacl/files/fileserver_backend.conf
    • Added minion to the fileserver backend in order to receive files from minions
    1. ../hash
    • Updated hash
    1. apps/public/nacl/files/minionfs_blacklist.conf
    • Added configuration file to master that states all minions other than keystone are able to push/access files on the master
    1. apps/public/nacl/files/minionfs_mountpoint.conf
    • Add mount point for minion files so a new directory wouldn't have to be created on master. All minion files pushed will have the path of salt://minionfs//path/of/file
    1. apps/public/nacl/files/minionfs_whitelist.conf
    • Add keystone minion to whitelist of files on the master that can be accessed via cp.push
    1. apps/public/nacl/files/reactor.conf
    • Added reactor file on master that contains reactions to events that occur on minions. So far there are only 2 reactions and that is when a minion starts then sync_grains.sls state is automatically run. Next if a beacon is received from keystone-0 then the fernet-keys.sls state is run
    1. ../sync_grains.conf
    • deleted legacy file from master
    1. pillar/apps/openstack/keystone/configuration.sls
    • Added inotify package to keystone that installs beacons
    1. reactor/fernet-keys.sls
    • This file states that if the master gets a beacon notification from keystone-0 then do a cp.push_dir of that file to all other minions. This is so that all the kernet-keys on the keystone minions will be in sync.
    1. /apps/openstack/keystone/configure-keystone.sls
    • This is a state file added to push the fernet keys directory to master if there are any changes to that file.
  • Christopher Apsey
    Christopher Apsey @bitskrieg ·
    Contributor

    @kyle.w.jefferson Ok this is good work - as soon as you run some basic tests to make sure there is not broken syntax, etc. let me know and I will merge.

  • John Ward
    John Ward @john.p.ward123 ·
    Contributor

    Closing out this MR as we are no longer updating the saltstack repo.

  • John Ward closed

    closed

Please register or sign in to reply

This GitLab instance is accredited for unclassified information without any handling caveats (releasable content only)