Drop support for uuid token provider
In keystone, uuid token provider and sql token driver was already removed since Stein release[1] . Drop uuid token provider from available options, and also drop configurations related to token flush job because it is used only when we use uuid token provider. Note that KeystoneTokenProvider still remains, so that we can implement some other token providers like jws provider. [1] I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce Change-Id: Icfa753ef0b31123a592439ca2cb158f64d33554b
This commit is contained in:
parent
3bc6e43fbe
commit
d81e9db545
|
@ -45,15 +45,10 @@ parameters:
|
|||
type: string
|
||||
default: 'fernet'
|
||||
constraints:
|
||||
- allowed_values: ['uuid', 'fernet']
|
||||
- allowed_values: ['fernet']
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
KeystoneEnableDBPurge:
|
||||
default: true
|
||||
description: |
|
||||
Whether to create cron job for purging soft deleted rows in Keystone database.
|
||||
type: boolean
|
||||
KeystoneSSLCertificate:
|
||||
default: ''
|
||||
description: Keystone certificate for verifying token validity.
|
||||
|
@ -158,51 +153,6 @@ parameters:
|
|||
default:
|
||||
tag: openstack.keystone.wsgi.main.error
|
||||
file: /var/log/containers/httpd/keystone/keystone_wsgi_main_error.log
|
||||
KeystoneCronTokenFlushEnsure:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - Ensure
|
||||
default: 'present'
|
||||
KeystoneCronTokenFlushMinute:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Minute
|
||||
default: '1'
|
||||
KeystoneCronTokenFlushHour:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Hour
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMonthday:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Month Day
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMonth:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Month
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushWeekday:
|
||||
type: comma_delimited_list
|
||||
description: >
|
||||
Cron to purge expired tokens - Week Day
|
||||
default: '*'
|
||||
KeystoneCronTokenFlushMaxDelay:
|
||||
type: number
|
||||
description: >
|
||||
Cron to purge expired tokens - Max Delay
|
||||
default: 0
|
||||
KeystoneCronTokenFlushDestination:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - Log destination
|
||||
default: '/var/log/keystone/keystone-tokenflush.log'
|
||||
KeystoneCronTokenFlushUser:
|
||||
type: string
|
||||
description: >
|
||||
Cron to purge expired tokens - User
|
||||
default: 'keystone'
|
||||
KeystonePolicies:
|
||||
description: |
|
||||
A hash of policies to configure for Keystone.
|
||||
|
@ -508,22 +458,6 @@ outputs:
|
|||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
-
|
||||
if:
|
||||
- keystone_fernet_tokens
|
||||
- {}
|
||||
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
|
||||
keystone::cron::token_flush::maxdelay: 3600
|
||||
keystone::cron::token_flush::destination: '/var/log/keystone/keystone-tokenflush.log'
|
||||
keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure}
|
||||
keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute}
|
||||
keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour}
|
||||
keystone::cron::token_flush::monthday: {get_param: KeystoneCronTokenFlushMonthday}
|
||||
keystone::cron::token_flush::month: {get_param: KeystoneCronTokenFlushMonth}
|
||||
keystone::cron::token_flush::weekday: {get_param: KeystoneCronTokenFlushWeekday}
|
||||
keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay}
|
||||
keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination}
|
||||
keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser}
|
||||
-
|
||||
if:
|
||||
- keystone_federation_enabled
|
||||
|
@ -659,8 +593,7 @@ outputs:
|
|||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: &keystone_config_image {get_param: ContainerKeystoneConfigImage}
|
||||
kolla_config:
|
||||
map_merge:
|
||||
- /var/lib/kolla/config_files/keystone.json:
|
||||
/var/lib/kolla/config_files/keystone.json:
|
||||
command: /usr/sbin/httpd
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/etc/keystone/fernet-keys"
|
||||
|
@ -675,30 +608,12 @@ outputs:
|
|||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
-
|
||||
if:
|
||||
- keystone_fernet_tokens
|
||||
- {}
|
||||
- /var/lib/kolla/config_files/keystone_cron.json:
|
||||
# FIXME(dprince): this is unused ATM because Kolla hardcodes the
|
||||
# args for the keystone container to -DFOREGROUND
|
||||
command: /usr/sbin/crond -n
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/keystone
|
||||
owner: keystone:keystone
|
||||
recurse: true
|
||||
docker_config:
|
||||
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
|
||||
step_2:
|
||||
get_attr: [KeystoneLogging, docker_config, step_2]
|
||||
step_3:
|
||||
map_merge:
|
||||
- keystone_db_sync:
|
||||
keystone_db_sync:
|
||||
image: &keystone_image {get_param: ContainerKeystoneImage}
|
||||
net: host
|
||||
user: root
|
||||
|
@ -746,29 +661,6 @@ outputs:
|
|||
[ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ]
|
||||
environment:
|
||||
- KOLLA_BOOTSTRAP=True
|
||||
-
|
||||
if:
|
||||
- keystone_fernet_tokens
|
||||
- {}
|
||||
- keystone_cron:
|
||||
start_order: 4
|
||||
image: *keystone_image
|
||||
user: root
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: '/usr/share/openstack-tripleo-common/healthcheck/cron keystone'
|
||||
command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [KeystoneLogging, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
step_4:
|
||||
# There are cases where we need to refresh keystone after the resource provisioning,
|
||||
# such as the case of using LDAP backends for domains. So we trigger a graceful
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
Support for uuid token provider in keystone wes dropped, as its
|
||||
implementation was already removed from Keystone.
|
||||
Options related to db purging and token flushing in keystone were also
|
||||
removed because these are necessory only when uuid token provider is used.
|
Loading…
Reference in New Issue