mirror of
https://github.com/optim-enterprises-bv/openstack-helm.git
synced 2025-12-25 09:17:18 +00:00
73531436e9
Current implementation of Keystone prints a warning message if the directory containing the fernet keys is world readable (o+r). As OSH uses a volumeMount to handle fernet keys and is by default readonly, there is no meaningful way to make the directory (not the keys) world unreadable. Consequently, keystone just keep logging that warning, adding no particular value besides flooding the log. Rather than disabling the log message in keystone (as that warning is meaningful from a security standpoint), this patch set changes the way we deal with the secret volume so the directory is no longer world readable, so keystone will stop issuing that warning message. Signed-off-by: Tin Lam <t@lam.wtf> Change-Id: Id29abe667f5ef0b61da3d3825b5bf795f2d98865
============== OpenStack-Helm ============== Mission ------- The goal of OpenStack-Helm is to provide a collection of Helm charts that simply, resiliently, and flexibly deploy OpenStack and related services on Kubernetes. Communication ------------- * Join us on `IRC <irc://chat.oftc.net/openstack-helm>`_: #openstack-helm on oftc * Community `IRC Meetings <http://eavesdrop.openstack.org/#OpenStack-Helm_Team_Meeting>`_: [Every Tuesday @ 3PM UTC], #openstack-meeting-alt on oftc * Meeting Agenda Items: `Agenda <https://etherpad.openstack.org/p/openstack-helm-meeting-agenda>`_ * Join us on `Slack <https://kubernetes.slack.com/messages/C3WERB7DE/>`_ - #openstack-helm Storyboard ---------- Bugs and enhancements are tracked via OpenStack-Helm's `Storyboard <https://storyboard.openstack.org/#!/project_group/64>`_. Installation and Development ---------------------------- Please review our `documentation <https://docs.openstack.org/openstack-helm/latest/>`_. For quick installation, evaluation, and convenience, we have a kubeadm based all-in-one solution that runs in a Docker container. The Kubeadm-AIO set up can be found `here <https://docs.openstack.org/openstack-helm/latest/install/developer/index.html>`_. This project is under active development. We encourage anyone interested in OpenStack-Helm to review our `Installation <https://docs.openstack.org/openstack-helm/latest/install/index.html>`_ documentation. Feel free to ask questions or check out our current `Storyboard backlog <https://storyboard.openstack.org/#!/project_group/64>`_. To evaluate a multinode installation, follow the `Bare Metal <https://docs.openstack.org/openstack-helm/latest/install/multinode.html>`_ install guide. Repository ---------- Developers wishing to work on the OpenStack-Helm project should always base their work on the latest code, available from the OpenStack-Helm git repository. `OpenStack-Helm git repository <https://opendev.org/openstack/openstack-helm/>`_ Contributing ------------ We welcome contributions. Check out `this <CONTRIBUTING.rst>`_ document if you would like to get involved.