88fe59f04d
This change makes the use of fernet tokens production ready. The changes are
as follows:
* Ensures that the keys are rotated on every playbook execution
* Removes the need to sync keys back to a deployment host when distributing
them to other keystone hosts.
* Creates an autonomous key rotation process that can rotate on the following
intervals [reboot, yearly, annually, monthly, weekly, daily, hourly] to all
hosts from any keystone fernet host.
* Fixes the section in `keystone.conf` which was named "fernet_key" instead
of "fernet_token".
Change-Id: I50f6a852930728631f5c681a8aa0f1321d7424ac
Related-Bug: #1463569
Closes-Bug: #1468256
|
||
|---|---|---|
| .. | ||
| keystone-fernet-rotate.sh.j2 | ||
| keystone-httpd.conf.j2 | ||
| keystone-ports.conf.j2 | ||
| keystone.conf.j2 | ||
| keystone.Default.conf.j2 | ||