Browse Source

Tacker uses OpenStack Barbican for secret keys

Use the OpenStack Barbican component instead of OpenStack Keystone
as secret key handler.
The reason behind is the way that Tacker handles the secret keys of
complex scenarios (specially the scenarios with HA) and how they are
stored or retrieved between different VMs or Blades.

Change-Id: I63d40c5239d2585e8bb7ac3b9338252c9e28c4c6
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>
changes/84/605784/4
Panagiotis Karalis 7 months ago
parent
commit
dc536599f8
2 changed files with 3 additions and 0 deletions
  1. 2
    0
      defaults/main.yml
  2. 1
    0
      templates/tacker.conf.j2

+ 2
- 0
defaults/main.yml View File

@@ -129,6 +129,8 @@ tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(
129 129
 tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}"
130 130
 tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}"
131 131
 
132
+## Barbican service
133
+barbican_keys_backend: false
132 134
 
133 135
 #NOTE:  move password to tests/test-vars.yml
134 136
 tacker_service_password: password

+ 1
- 0
templates/tacker.conf.j2 View File

@@ -103,6 +103,7 @@ mgmt_driver = noop,openwrt
103 103
 monitor_driver = ping, http_ping
104 104
 
105 105
 [vim_keys]
106
+use_barbican = {{ barbican_keys_backend | bool }}
106 107
 openstack = {{ tacker_etc_dir }}/vim/fernet_keys
107 108
 
108 109
 [oslo_messaging_rabbit]

Loading…
Cancel
Save