Skip to content

Instantly share code, notes, and snippets.

@lbragstad
Last active April 25, 2017 20:43
Show Gist options
  • Save lbragstad/2de85b9dd8c5d550307b01f1b0cddc72 to your computer and use it in GitHub Desktop.
Save lbragstad/2de85b9dd8c5d550307b01f1b0cddc72 to your computer and use it in GitHub Desktop.
Fernet tokens and key distribution
$ git clone https://gist.github.com/02c6d37f49596b3f4298.git
$ cd 02c6d37f49596b3f4298/
$ pip install -r requirements.txt
$ export KEYSTONE_ENDPOINT=http://<keystone-1-ip>:35357
$ python bootstrap.py
# Keystone Endpoint 1
$ export ENDPOINT="http://<keystone-1-ip>:35357/v3"
# Keystone Endpoint 2
$ export ENDPOINT="http://<keystone-2-ip>:35357/v3"
# Keystone Endpoint 3
$ export ENDPOINT="http://<keystone-3-ip>:35357/v3"
$ export ADMIN_TOKEN="ADMIN"
$ export X_AUTH="X-Auth-Token: $ADMIN_TOKEN"
$ export CONTENT_TYPE="Content-Type: application/json"
$ export SUBJECT_TOKEN="gAAAAABVFXYX85YwTqVO7ykzcoukM-bNnKtqH5AU_4b-xSvhIPtiDZ7HpjrM9CgNaOGOB8CXBElgIhkjXV1k7hgLdnTmeHmADLafa8NzedTpUx0CFD9mjH9JUjfWlmg6EwWqqY7MWQt2"
$ export X_SUBJECT="X-Subject-Token: $SUBJECT_TOKEN"
# Validate a token
$ curl -H "$CONTENT_TYPE" -H "$X_AUTH" -H "$X_SUBJECT" -X GET \
"$ENDPOINT/auth/tokens/" | python -m json.tool
[db]
<keystone-1-ip>
[app]
<keystone-1-ip>
<keystone-2-ip>
<keystone-3-ip>
[app:vars]
sql_connection_string=mysql://keystone:keystone@<keystone-1-ip>/keystone
root@keystone-test-1:/etc/keystone/fernet-keys# cat 0
BzDdsfhd0jBr5HehBm4f9JP_f7xcDSo_zpr_nP1XdB8=
root@keystone-test-1:/etc/keystone/fernet-keys# cat 1
4uq5T8MO2T1sfL2HROYKt7VDcWItnaBZz7erCMmdd0g=
root@keystone-test-2:/etc/keystone/fernet-keys# cat 0
BzDdsfhd0jBr5HehBm4f9JP_f7xcDSo_zpr_nP1XdB8=
root@keystone-test-2:/etc/keystone/fernet-keys# cat 1
4uq5T8MO2T1sfL2HROYKt7VDcWItnaBZz7erCMmdd0g=
root@keystone-test--3:/etc/keystone/fernet-keys# cat 0
BzDdsfhd0jBr5HehBm4f9JP_f7xcDSo_zpr_nP1XdB8=
root@keystone-test--3:/etc/keystone/fernet-keys# cat 1
4uq5T8MO2T1sfL2HROYKt7VDcWItnaBZz7erCMmdd0g=
$ git clone https://github.com/lbragstad/revolver.git
$ ansible-playbook -i "<keystone-2-ip>,<keystone-3-ip>," revolve.yaml
{
"token": {
"audit_ids": [
"60J-_VsASsq3eF6aemWRSQ"
],
"expires_at": "2015-03-27T15:39:06.000000Z",
"extras": {},
"issued_at": "2015-03-27T15:24:07.000000Z",
"methods": [
"password"
],
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "71a2cfcda3cb4956ad03a8273e14d099",
"name": "admin"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment