diff --git a/README.rst b/README.rst index b0a0323..8e539d3 100644 --- a/README.rst +++ b/README.rst @@ -167,6 +167,7 @@ Keystone fernet tokens for OpenStack Kilo release ... tokens: engine: fernet + max_active_keys: 3 ... Keystone domain with LDAP backend, using SQL for role/project assignment diff --git a/keystone/files/kilo/keystone.conf.Debian b/keystone/files/kilo/keystone.conf.Debian index 11ae0f2..263c70a 100644 --- a/keystone/files/kilo/keystone.conf.Debian +++ b/keystone/files/kilo/keystone.conf.Debian @@ -697,7 +697,7 @@ key_repository = {{ server.tokens.location }} # key. Increasing this value means that additional secondary keys will be kept # in the rotation. (integer value) #max_active_keys = 3 - +max_active_keys={{ server.tokens.get('max_active_keys', '3') }} [identity] diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian index 80c1ed6..159e082 100644 --- a/keystone/files/liberty/keystone.conf.Debian +++ b/keystone/files/liberty/keystone.conf.Debian @@ -823,7 +823,7 @@ key_repository = {{ server.tokens.location }} # key. Increasing this value means that additional secondary keys will be kept # in the rotation. (integer value) #max_active_keys = 3 - +max_active_keys={{ server.tokens.get('max_active_keys', '3') }} [identity] diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian index 9f80fd9..d21cc89 100644 --- a/keystone/files/mitaka/keystone.conf.Debian +++ b/keystone/files/mitaka/keystone.conf.Debian @@ -877,7 +877,7 @@ key_repository = {{ server.tokens.location }} # key. Increasing this value means that additional secondary keys will be kept # in the rotation. (integer value) #max_active_keys = 3 - +max_active_keys={{ server.tokens.get('max_active_keys', '3') }} [identity] diff --git a/tests/pillar/single_fernet.sls b/tests/pillar/single_fernet.sls index 15f61f3..e9f90eb 100644 --- a/tests/pillar/single_fernet.sls +++ b/tests/pillar/single_fernet.sls @@ -25,6 +25,7 @@ keystone: engine: fernet expiration: 86400 location: /etc/keystone/fernet-keys/ + max_active_keys: 4 cache: engine: memcached members: