openstack/openstack-ansible
Code Issues Proposed changes
Files
ff2ed22c90d23e01062b1212137d4e5ca9400d53
openstack-ansible/playbooks/defaults/repo_packages/openstack_other.yml
Ian Cordasco ff2ed22c90 Add support for deploying Keystone with Fernet 
This change adds a number of new tasks that are dependent on the value
of the Keystone token provider (keystone_token_provider) user variable.

If the keystone_token_provider user_variable is set to
keystone.token.providers.fernet.Provider then the playbooks will
appropriately create the fernet keys and distribute them to the rest of
the keystone containers.

This also implements key rotation for generated fernet keys similar to
how the os_nova roles implement key rotation.

Finally, we also need to build cryptography from master for now.
Currently, 0.8.x and 0.9.x use versions of cffi<1.0 which causes a bug
when used with mod_wsgi and Apache. This is fixed in cryptography master
and will be released in 1.0.

Closes-bug: 1463569
Change-Id: I8605e0490a8889d57c6b1b7e03e078fb0da978ab
2015-06-22 08:53:53 -05:00

51 lines
2.4 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## NOTICE on items in this file:
## * If you use anything in the *._git_install_branch field that is not a TAG
## make sure to leave an in-line comment as to "why".
## For the sake of anyone else editing this file:
## * If you add clients to this file please do so in alphabetical order.
## * Every entry should be name spaced with the name of the client followed by an "_"
## * All items with this file should be separated by `name_` note that the name of the
## package should be one long name with no additional `_` separating it.
## Glance store library
glancestore_git_repo: https://github.com/openstack/glance_store
glancestore_git_install_branch: 5277c93e002047d55c521408ee31da1d03825263 # HEAD of "master" as of 08.06.2015
glancestore_git_dest: "/opt/glancestore_{{ glancestore_git_repo | replace('/', '_') }}"
## Global Requirements
requirements_git_repo: https://github.com/openstack/requirements
requirements_git_install_branch: fceaa485414e8872a79b4b3628bc94bcd10e1839 # HEAD of "master" as of 08.06.2015
requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}"
## Tempest Library
tempestlib_git_repo: https://github.com/openstack/tempest-lib
tempestlib_git_install_branch: f93048334cf9f93a823dd42387f76ecddf27d30d # HEAD of "master" as of 08.06.2015
tempestlib_git_dest: "/opt/tempest-lib_{{ requirements_git_install_branch | replace('/', '_') }}"
## Cryptography
# NOTE(sigmavirus24): Fix this when cryptography 1.0 is released and
# global-requirements.txt allows for it. See also:
# https://github.com/pyca/cryptography/issues/1868
cryptography_git_repo: https://github.com/pyca/cryptography
cryptography_git_install_branch: 926f8ac4927bdc9977f2d960c7def3f2927d1198 # HEAD of "master" as of 16.06.2015
cryptography_git_dest: "/opt/cryptography_{{ cryptography_git_install_branch | replace('/', '_') }}"
View Git Blame Copy Permalink