From dc536599f80ba29255e744463c0e1e896fd8a206 Mon Sep 17 00:00:00 2001 From: Panagiotis Karalis Date: Thu, 27 Sep 2018 18:29:31 +0300 Subject: [PATCH] Tacker uses OpenStack Barbican for secret keys Use the OpenStack Barbican component instead of OpenStack Keystone as secret key handler. The reason behind is the way that Tacker handles the secret keys of complex scenarios (specially the scenarios with HA) and how they are stored or retrieved between different VMs or Blades. Change-Id: I63d40c5239d2585e8bb7ac3b9338252c9e28c4c6 Signed-off-by: Panagiotis Karalis --- defaults/main.yml | 2 ++ templates/tacker.conf.j2 | 1 + 2 files changed, 3 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 29730e6..1e64baa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -129,6 +129,8 @@ tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default( tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}" tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}" +## Barbican service +barbican_keys_backend: false #NOTE: move password to tests/test-vars.yml tacker_service_password: password diff --git a/templates/tacker.conf.j2 b/templates/tacker.conf.j2 index 9bc54dc..892b367 100644 --- a/templates/tacker.conf.j2 +++ b/templates/tacker.conf.j2 @@ -103,6 +103,7 @@ mgmt_driver = noop,openwrt monitor_driver = ping, http_ping [vim_keys] +use_barbican = {{ barbican_keys_backend | bool }} openstack = {{ tacker_etc_dir }}/vim/fernet_keys [oslo_messaging_rabbit]