openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes
openstack-ansible-os_keystone/templates
History
Kevin Carter 28a0c5abbf Correct fernet token sync race condition 
The fernet token rotation is subject to a race condition when using
aggressive rotation in a high volume, high traffic, high capacity cloud.
This change addresses the potential race condition by converting our
fernet token sync method from rsync to scp and by sorting the fernet
keys in reverse version ordering. This will ensure that the key with
the highest index is always synchronized first and will ensure that
the underlying file structure of a given target node always remains
intact during a sync operation.

Related-Bug: 1816927
Change-Id: I9087d953f7dabe04a2ad19af6121dae71544e5b2
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
 		2019-02-21 15:36:57 +00:00
..
keystone-credential-rotate.sh.j2 Address ansible_ssh_* var deprecation 2016-09-17 17:50:47 -04:00
keystone-fernet-rotate.sh.j2 Correct fernet token sync race condition 2019-02-21 15:36:57 +00:00
keystone-httpd-mpm.conf.j2 Add support to tune the keystone apache MPM settings 2016-05-04 11:50:06 -04:00
keystone-httpd.conf.j2 Drop Admin API from Keystone 2018-09-14 11:44:40 -06:00
keystone-ports.conf.j2 Allow Apache ports to be specified per VHost 2017-01-09 14:55:39 +00:00
keystone-uwsgi.ini.j2 Add support for using distribution packages for OpenStack services 2018-05-14 13:13:41 +01:00
keystone.conf.j2 Correct notification driver 2019-02-07 22:38:05 +00:00
keystone.domain.conf.j2 Implement multi-domain LDAP configuration for Keystone 2016-01-26 13:08:57 +00:00
keystone_nginx.conf.j2 Add systemd journal logging to the service config 2018-07-26 16:01:29 +00:00
shibboleth-attribute-map.xml.j2 Keystone Federation Service Provider Configuration 2015-08-07 08:44:51 +00:00
shibboleth2.xml.j2 Add memcache setup to shibboleth2.xml 2018-03-14 13:31:51 +00:00