starlingx
/
upstream
Code Issues Proposed changes
StarlingX Upstream packaging
529 Commits 24 Branches 29 Tags 5.9 MiB
Shell 49.8%
Python 40%
POV-Ray SDL 10.2%
Go to file
Carmen Rata eb557c0450 Set keyring dir group ownership on password change 
This commit changes the group ownership for "/opt/platform/.keyring"
directory, and its subdirectories and files, from "root" to
'sys_protected', when keystone password changes for the admin user.
The 'sys_protected' group ownership is needed to support access
privileges for OpenLDAP/WAD users and is implemented by the ansible
bootstrap configuration.
The group ownership update in this commit is required because after
a keystone and corresponding keyring password change for the admin
user, the group ownership of the "/opt/platform/.keyring" directory
has been reset to "root".
As a consequence, a ldap user loses permission to access files in
that directory.
The group ownership reset is done in the keystone package.
That is why the fix for this bug is delivered as a patch for the
keystone package.

Test Plan:
PASS: Verify the keystone patch install correctly.
PASS: Verify the group ownership was applied correctly
for files in "/opt/platform/.keyring" so are part of the
"sys_protected" group before changing keystone password for the admin
user.
PASS: Verify the group ownership for files in "/opt/platform/.keyring"
remains "sys_protected" after changing keystone password for the admin
user.
PASS: Verify that an openldap user that is part of the "sys_protected"
group can execute command: "source /etc/platform/openrc" after the
keystone password has been changed for the admin user.

Closes-Bug: 2039870

Change-Id: I0360d1f13725cca9900b967c32451fc6f7afe761
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
 		2023-10-20 02:57:36 +00:00
doc Fix tox-docs failing sphinx 2022-05-31 15:04:21 +00:00
openstack Set keyring dir group ownership on password change 2023-10-20 02:57:36 +00:00
releasenotes Switch to newer openstackdocstheme and reno versions 2020-06-04 14:42:03 +02:00
.gitignore [Doc] Release Notes Management 2018-09-25 14:43:18 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:35 +00:00
.yamllint Add .yamllint file 2021-10-14 12:50:16 +03:00
.zuul.yaml Fix github mirroring for this repo 2023-04-28 12:38:53 -04:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:37:19 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:37:19 -07:00
README.rst StarlingX open source release updates 2018-05-31 07:37:19 -07:00
centos_build_layer.cfg Build layering, add layer build config file and srpm lst 2019-10-30 14:26:00 +08:00
centos_dev_docker_images.inc Stop building panko images 2022-03-03 19:03:57 -03:00
centos_helm.inc Infrastructure and Cluster Monitoring 2019-08-21 17:16:37 -04:00
centos_iso_image.inc remove useless clients 2020-04-03 08:19:18 +00:00
centos_pkg_dirs remove useless clients 2020-04-03 08:19:18 +00:00
centos_pkg_dirs_containers Config file changes to remove 'openstack/openstack-helm openstack/openstack-helm-infra ' after relocation to 'openstack-armada-app' 2019-09-04 15:33:15 -04:00
centos_srpms_centos.lst [PATCH 02/16] stx-upstream: upgrade python-keystone for Train 2020-04-02 06:09:30 +00:00
centos_stable_docker_images.inc Stop building panko images 2022-03-03 19:03:57 -03:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:12:42 -04:00
debian_iso_image.inc Debian: upstream: update debian_iso_image.inc 2022-11-30 10:02:20 +08:00
debian_pkg_dirs Update debian_pkg_dirs 2021-11-29 13:10:06 +02:00
debian_stable_docker_images.inc Merge "Port stx-openstack images with WSGI to stx-debian" 2023-01-26 18:24:03 +00:00
debian_stable_wheels.inc Update stx-platformclients debian image 2022-11-11 17:25:05 +00:00
test-requirements.txt Fix pep8 Zuul failure 2022-11-25 13:44:16 +00:00
tox.ini Fix incomplete pop-up message on delete Action 2023-01-02 20:04:36 +00:00

README.rst

stx-upstream

StarlingX Upstream Packages