7547548a6b
THT incorporated a change so that the keystone_cron container deploys only if a persistent token format is used (e.g, `uuid`, `pki`): https://review.opendev.org/#/c/682265/ This is because `fernet` and `jws` tokens are completely non-persistent by way of authenticated encryption and the keystone_cron container only runs a cron job to execute `keystone-manage token_flush`, which prunes expired tokens from keystone's token table. This cron job is useful for deployments relying on `uuid`, `pki`, or some other out-of-tree provider that requires tokens to be recorded for keystone's token validation process. This commit updates the validation to check for the token format and only performs the validation if the token format isn't `fernet` or `jws`. Change-Id: Ib4d0a505021568975b79400d67fd709dd74e9acf
42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
---
|
|
# Copyright 2020 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
- name: Prepare
|
|
hosts: all
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: install hiera
|
|
package:
|
|
name: hiera
|
|
|
|
- name: create hiera tree
|
|
file:
|
|
path: /etc/puppet/
|
|
state: directory
|
|
|
|
- name: lay down hiera data files
|
|
copy:
|
|
dest: /etc/puppet/hiera.yaml
|
|
content: |
|
|
:backends:
|
|
- yaml
|
|
:yaml:
|
|
:datadir: "/etc/puppet/"
|
|
:hierarchy:
|
|
- "service_configs"
|