261eeaa19b
If the new primary key is not the first to be distributed after fernet key rotation, there may be a small time window during the key distribution when tokens issued by the node where fernet rotation was performed can not be validated on the node where keys are being distributed to. Change-Id: I34b5cadd12815ee95c71d8c163504390a9e5e343 Closes-Bug: #1816927
9 lines
376 B
YAML
9 lines
376 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1816927 <https://bugs.launchpad.net/keystone/+bug/1816927>`_]
|
|
It was discovered that the order in which fernet keys are distributed
|
|
after fernet key rotation has impact on keystone service.
|
|
All operators are advised to ensure that during fernet key distribution
|
|
the new primary fernet key (with largest number) is distributed first.
|