c39915e729
This rotates the fernet keys by using an ansible playbook. bp keystone-fernet-rotation Change-Id: Ief09eb7432359391c07c12b1c352152990e22eaf
20 lines
415 B
YAML
20 lines
415 B
YAML
---
|
|
- hosts: keystone
|
|
tasks:
|
|
- name: Remove previous fernet keys
|
|
shell: rm -rf /etc/keystone/fernet-keys/*
|
|
|
|
- name: Persist fernet keys to repository
|
|
copy:
|
|
dest: "{{ item.key }}"
|
|
content: "{{ item.value.content }}"
|
|
mode: 0600
|
|
owner: keystone
|
|
group: keystone
|
|
with_dict: "{{ fernet_keys }}"
|
|
|
|
- name: Reload apache
|
|
service:
|
|
name: httpd
|
|
state: reloaded
|