14 lines
747 B
YAML
14 lines
747 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The keystone installation now uses ansible-role-pki to create and install
|
|
a server certificate for Apache when keystone_ssl is true. The same role
|
|
is also used to create a CA certificate and key for SAML federation when
|
|
keystone_idp is populated by the deployer. For an existing keystone SAML
|
|
setup the certificate and key will be re-created which may be undesirable,
|
|
unless the existing ones are first copied to the relevant directories in
|
|
``/etc/openstack_deploy/pki/roots`` on the deploy host. The variables
|
|
``keystone_ssl_self_signed_regen`` and ``keystone_ssl_self_signed_subject``
|
|
are removed and are replaced with equivalent functionality via the new
|
|
``keystone_pki_*`` variables.
|