17675623f3
Running keystone-manage credential_setup has not been designed for
multinode environment.
Keystone team suggests to run this command on one node, to export the
keys and collect them on every Keystone server.
Most of people don't have this mechanism when deploying OpenStack.
This patch aims to allow to use puppet-keystone to manage credential
files using Puppet file resource. All credentials would be defined in a
hash where file path and content is defined.
Here is an example:
credential_keys:
/etc/keystone/credential-keys/0:
content: t-WdduhORSqoyAykuqWAQSYjg2rSRuJYySgI2xh48CI=
/etc/keystone/credential-keys/1:
content: GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=
To enable this feature, you'll need to set enable_credential_setup to
True and configure credential_keys with a valid hash.
Change-Id: Ic335ea201b58c99e9fd8a0a2c0865b461ff8f672
12 lines
715 B
YAML
12 lines
715 B
YAML
---
|
|
features:
|
|
- keystone-manage can be used to setup Keystone credentials. Disabled by default
|
|
as long as the proper version of keystone is not in UCA.
|
|
It has been a requirement in Keystone upstream so puppet-keystone will support the
|
|
management of credential directory, keystone-manage credential_setup execution (can
|
|
be enabled with enable_credential_setup boolean) and the configuration of
|
|
credential/key_repository in keystone.conf.
|
|
Note, if credential_keys parameter is set to a valid hash, keystone-manage won't
|
|
be used to generate credential keys but Puppet will manage file resources for each
|
|
key in the hash. It allows to generate the same keys in multinode environment.
|