22 lines
1.1 KiB
YAML
22 lines
1.1 KiB
YAML
---
|
|
upgrade:
|
|
- The default token provider has switched from UUID
|
|
to Fernet. Please note that Fernet requires a
|
|
key repository to be in place prior to running Ocata.
|
|
This can be done using ``keystone-manage fernet_setup``.
|
|
Documentation can be found `here <http://docs.openstack.org/developer/keystone/man/keystone-manage.html>`_.
|
|
In addition, for multi-node deployments, it is imperative that
|
|
a key distribution process be in use before upgrading. Once
|
|
a key repository has been created it should be distributed
|
|
to all keystone nodes in the deployment. This ensures that
|
|
each keystone node will be able to validate tokens issued
|
|
across the deployment. If you do not wish to switch token
|
|
formats, you will need to explicitly set UUID as the token
|
|
provider for each node in the deployment using
|
|
``[token] provider = uuid`` in your ``keystone.conf``.
|
|
critical:
|
|
- If upgrading to Fernet tokens, you must have a key
|
|
repository and key distribution mechanism in place.
|
|
Otherwise token validation may not work. Please see
|
|
the upgrade section for more details.
|