Merge "Add hint for order of keys during distribution"
This commit is contained in:
commit
2c7bb275f9
@ -87,8 +87,8 @@ The :command:`keystone-manage` command line utility includes a key rotation
|
|||||||
mechanism. This mechanism will initialize and rotate keys but does not make
|
mechanism. This mechanism will initialize and rotate keys but does not make
|
||||||
an effort to distribute keys across keystone nodes. The distribution of keys
|
an effort to distribute keys across keystone nodes. The distribution of keys
|
||||||
across a keystone deployment is best handled through configuration management
|
across a keystone deployment is best handled through configuration management
|
||||||
tooling. Use :command:`keystone-manage fernet_rotate` to rotate the key
|
tooling, however ensure that the new primary key is distributed first.
|
||||||
repository.
|
Use :command:`keystone-manage fernet_rotate` to rotate the key repository.
|
||||||
|
|
||||||
Do fernet tokens still expire?
|
Do fernet tokens still expire?
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
8
releasenotes/notes/bug-1816927-e17f4e596e611380.yaml
Normal file
8
releasenotes/notes/bug-1816927-e17f4e596e611380.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1816927 <https://bugs.launchpad.net/keystone/+bug/1816927>`_]
|
||||||
|
It was discovered that the order in which fernet keys are distributed
|
||||||
|
after fernet key rotation has impact on keystone service.
|
||||||
|
All operators are advised to ensure that during fernet key distribution
|
||||||
|
the new primary fernet key (with largest number) is distributed first.
|
Loading…
Reference in New Issue
Block a user