Merge "Delete keystone_token_provider variable"

This commit is contained in:
Zuul 2022-05-18 10:20:47 +00:00 committed by Gerrit Code Review
commit 1aa13614d8
10 changed files with 9 additions and 23 deletions

View File

@ -857,8 +857,6 @@ default_project_domain_id: "default"
default_user_domain_name: "Default"
default_user_domain_id: "default"
# Valid options are [ fernet ]
keystone_token_provider: "fernet"
# Keystone fernet token expiry in seconds. Default is 1 day.
fernet_token_expiry: 86400
# Keystone window to allow expired fernet tokens. Default is 2 days.

View File

@ -35,7 +35,7 @@ keystone_services:
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"
enabled: "{{ keystone_token_provider == 'fernet' }}"
enabled: true
image: "{{ keystone_ssh_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
@ -48,7 +48,7 @@ keystone_services:
keystone-fernet:
container_name: "keystone_fernet"
group: "keystone"
enabled: "{{ keystone_token_provider == 'fernet' }}"
enabled: true
image: "{{ keystone_fernet_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
@ -140,7 +140,7 @@ keystone_default_volumes:
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "{{ kolla_dev_repos_directory ~ '/keystone/keystone:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/keystone' if keystone_dev_mode | bool else '' }}"
- "kolla_logs:/var/log/kolla/"
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
keystone_extra_volumes: "{{ default_extra_volumes }}"

View File

@ -71,5 +71,4 @@
run_once: True
delegate_to: "{{ groups['keystone'][0] }}"
when:
- keystone_token_provider == 'fernet'
- groups['keystone_fernet_running'] is not defined

View File

@ -200,14 +200,12 @@
-n {{ (groups['keystone'] | length) }}
changed_when: false
register: cron_jobs_json
when: keystone_token_provider == 'fernet'
delegate_to: localhost
- name: Set fact with the generated cron jobs for building the crontab later
set_fact:
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
ignore_errors: "{{ ansible_check_mode }}"
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
vars:

View File

@ -13,8 +13,6 @@
meta: flush_handlers
- include_tasks: distribute_fernet.yml
when:
- keystone_token_provider == 'fernet'
- import_tasks: register.yml

View File

@ -67,5 +67,3 @@
120, 240, 480, 720, 1440, 3600, 7200, 10800, 14400, 21600, 43200, 60480,
120960, 151200, 201600, 302400, 604800. These values ensure an evenly-spaced
run schedule as they divide 7 days without remainder.
when:
- keystone_token_provider == 'fernet'

View File

@ -29,7 +29,7 @@ domain_config_dir = /etc/keystone/domains
[token]
revoke_by_id = False
provider = {{ keystone_token_provider }}
provider = fernet
expiration = {{ fernet_token_expiry }}
allow_expired_window = {{ fernet_token_allow_expired_window }}

View File

@ -4,14 +4,8 @@
Keystone - Identity service
===========================
Tokens
------
The Keystone token provider is configured via ``keystone_token_provider``. The
default value for this is ``fernet``.
Fernet Tokens
~~~~~~~~~~~~~
-------------
Fernet tokens require the use of keys that must be synchronised between
Keystone servers. Kolla Ansible deploys two containers to handle this -

View File

@ -455,9 +455,6 @@ workaround_ansible_issue_8743: yes
# Keystone - Identity Options
#############################
# Valid options are [ fernet ]
#keystone_token_provider: 'fernet'
#keystone_admin_user: "admin"
#keystone_admin_project: "admin"

View File

@ -0,0 +1,4 @@
---
upgrade:
- The variable keystone_token_provider does not exist anymore,
because there is no alternative.