keystone/containers: Add support for fernet keys
Since the 'file' resource is included in the tags that puppet takes into account, we already generate the fernet keys if it's enabled as a token provider. This merely adds the keys to the container. However, if fernet is not the provider, we make this file addition optional. Change-Id: Id92039b3bad9ecda169323e01de7bebae70f2ba0
This commit is contained in:
parent
88a3edfde1
commit
ee09ed67b9
@ -30,6 +30,12 @@ parameters:
|
||||
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
||||
type: string
|
||||
hidden: true
|
||||
KeystoneTokenProvider:
|
||||
description: The keystone token format
|
||||
type: string
|
||||
default: 'uuid'
|
||||
constraints:
|
||||
- allowed_values: ['uuid', 'fernet']
|
||||
|
||||
resources:
|
||||
|
||||
@ -40,6 +46,9 @@ resources:
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
|
||||
conditions:
|
||||
keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Keystone API role.
|
||||
@ -80,6 +89,16 @@ outputs:
|
||||
owner: keystone
|
||||
perm: '0600'
|
||||
source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
|
||||
- dest: /etc/keystone/fernet-keys/0
|
||||
owner: keystone
|
||||
perm: '0600'
|
||||
source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0
|
||||
optional: {if: [keystone_fernet_tokens, false, true]}
|
||||
- dest: /etc/keystone/fernet-keys/1
|
||||
owner: keystone
|
||||
perm: '0600'
|
||||
source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1
|
||||
optional: {if: [keystone_fernet_tokens, false, true]}
|
||||
- dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
|
||||
owner: root
|
||||
perm: '0644'
|
||||
|
Loading…
x
Reference in New Issue
Block a user