Add documentation for fernet key rotation

bp keystone-fernet-rotation

Change-Id: I5682acb72db34818bbefd051bc42c7e83e432581

doc/source/install/post_deployment/fernet_key_rotation.rst

@@ -0,0 +1,23 @@
+.. _fernet_key_rotation:
+
+Rotation Keystone Fernet Keys from the Overcloud
+================================================
+
+Like most passwords in your overcloud deployment, keystone fernet keys are also
+stored as part of the deployment plan in mistral. The overcloud deplotment's
+fernet keys can be rotated with the following command::
+
+    mistral execution-create tripleo.fernet_keys.v1.rotate_fernet_keys \
+        '{"container": "overcloud"}
+
+Where the value for "container" is the name of the plan (which defaults to
+"overcloud").
+
+After waiting some time you can verify the output by taking the execution ID
+from that was the output of the previous command, and issuing the following
+command::
+
+    mistral execution-get-output EXECUTION_UUID
+
+Please note that there must be an overcloud deployment ready and accessible in
+order to execute this action.

doc/source/install/post_deployment/post_deployment.rst

@@ -18,3 +18,4 @@ In this chapter you will find advanced management of various |project| areas.
    upload_single_image
    backup_restore_undercloud
    update_undercloud_ssh_keys
+   fernet_key_rotation