max active keys for fernet

Change-Id: I4fafaee9c6203139f276b68c21904ec400133003

README.rst

@@ -167,6 +167,7 @@ Keystone fernet tokens for OpenStack Kilo release
         ...
         tokens:
           engine: fernet
+          max_active_keys: 3
         ...
 
 Keystone domain with LDAP backend, using SQL for role/project assignment

keystone/files/kilo/keystone.conf.Debian

@@ -697,7 +697,7 @@ key_repository = {{ server.tokens.location }}
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

keystone/files/liberty/keystone.conf.Debian

@@ -823,7 +823,7 @@ key_repository = {{ server.tokens.location }}
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

keystone/files/mitaka/keystone.conf.Debian

@@ -877,7 +877,7 @@ key_repository = {{ server.tokens.location }}
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

tests/pillar/single_fernet.sls

@@ -25,6 +25,7 @@ keystone:
       engine: fernet
       expiration: 86400
       location: /etc/keystone/fernet-keys/
+      max_active_keys: 4
     cache:
       engine: memcached
       members: