Comment 11 for bug 1863643

Hello
My files and script templates changes:

additional lines:

/usr/local/share/kolla-ansible/ansible/roles/keystone/defaults/main.yml
[...]
  keystone-ssh:
    volumes:
      - "keystone_credential_tokens:/etc/keystone/credential-keys"
  keystone-fernet:
    volumes:
      - "keystone_credential_tokens:/etc/keystone/credential-keys"
keystone_default_volumes:
  - "{% if keystone_token_provider == 'fernet' %}keystone_credential_tokens:/etc/keystone/credential-keys{% endif %}"

additional lines in two scripts regarding to credential-keys. Also commenting: set -o errexit, set -o pipefail.

/usr/local/share/kolla-ansible/ansible/roles/keystone/templates/fernet-push.sh.j2
#set -o errexit
#set -o pipefail
[...]
/usr/bin/rsync --dry-run -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/credential-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/credential-keys
[...]
/usr/bin/rsync -az -e 'ssh -i /var/lib/keystone/.ssh/id_rsa -p {{ hostvars[host]['keystone_ssh_port'] }} -F /var/lib/keystone/.ssh/config' --delete /etc/keystone/credential-keys/ keystone@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:/etc/keystone/credential-keys
[...]

/usr/local/share/kolla-ansible/ansible/roles/keystone/templates/fernet-rotate.sh.j2
#set -o errexit
#set -o pipefail
[...]
keystone-manage --config-file /etc/keystone/keystone.conf fernet_rotate --keystone-user {{ keystone_username }} --keystone-group {{ keystone_groupname }}
keystone-manage --config-file /etc/keystone/keystone.conf credential_migrate --keystone-user {{ keystone_username }} --keystone-group {{ keystone_groupname }}
keystone-manage --config-file /etc/keystone/keystone.conf credential_rotate --keystone-user {{ keystone_username }} --keystone-group {{ keystone_groupname }}
[...]