openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Make fernet max active keys configurable"

Browse Source
This commit is contained in:
Jenkins 2017-06-16 16:34:53 +00:00 committed by Gerrit Code Review
commit d10741e526
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
puppet/services/keystone.yaml
View File

@ -122,6 +122,10 @@ parameters:
KeystoneFernetKeys: KeystoneFernetKeys:
type: json type: json
description: Mapping containing keystone's fernet keys and their paths. description: Mapping containing keystone's fernet keys and their paths.
KeystoneFernetMaxActiveKeys:
type: number
description: The maximum active keys in the keystone fernet key repository.
default: 5
ManageKeystoneFernetKeys: ManageKeystoneFernetKeys:
type: boolean type: boolean
default: true default: true
@ -258,6 +262,7 @@ outputs:
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::token_provider: {get_param: KeystoneTokenProvider} keystone::token_provider: {get_param: KeystoneTokenProvider}
keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]} keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}
keystone::enable_proxy_headers_parsing: true keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true keystone::enable_credential_setup: true
keystone::credential_keys: keystone::credential_keys:

5
releasenotes/notes/max-active-fernet-keys-f960f08838a75eee.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- KeystoneFernetMaxActiveKeys was introduced as a parameter to the keystone
profile. It sets the max_active_keys value of the keystone.conf file and
will subsequently be used by mistral to purge the keys in a mistral task.