Merge "Add release note for fernet tokens"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
748eb41904
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- The default token provider has switched from UUID
|
||||||
|
to Fernet. Please note that Fernet requires a
|
||||||
|
key repository to be in place prior to running Ocata.
|
||||||
|
This can be done using ``keystone-manage fernet_setup``.
|
||||||
|
Documentation can be found `here <http://docs.openstack.org/developer/keystone/man/keystone-manage.html>`_.
|
||||||
|
In addition, for multi-node deployments, it is imperative that
|
||||||
|
a key distribution process be in use before upgrading. Once
|
||||||
|
a key repository has been created it should be distributed
|
||||||
|
to all keystone nodes in the deployment. This ensures that
|
||||||
|
each keystone node will be able to validate tokens issued
|
||||||
|
across the deployment. If you do not wish to switch token
|
||||||
|
formats, you will need to explicitly set UUID as the token
|
||||||
|
provider for each node in the deployment using
|
||||||
|
``[token] provider = uuid`` in your ``keystone.conf``.
|
||||||
|
critical:
|
||||||
|
- If upgrading to Fernet tokens, you must have a key
|
||||||
|
repository and key distribution mechanism in place.
|
||||||
|
Otherwise token validation may not work. Please see
|
||||||
|
the upgrade section for more details.
|
||||||
Loading…
Reference in New Issue
Block a user