Merge "Switch to fernet tokens by default"
This commit is contained in:
commit
06e1ed2477
|
@ -187,7 +187,7 @@ This is the current matrix of available tests:
|
|||
|
||||
| - | scenario001 | scenario002 | scenario003 |
|
||||
|:----------:|:-----------:|:-----------:|:------------:
|
||||
| keystone | X | X | X |
|
||||
| keystone | FERNET | UUID | FERNET |
|
||||
| glance | file | swift | file |
|
||||
| nova | X | X | X |
|
||||
| neutron | X | X | X |
|
||||
|
|
|
@ -335,7 +335,7 @@ Keystone Config parameters
|
|||
Identity service API version string. ['v2.0', 'v3']
|
||||
|
||||
**CONFIG_KEYSTONE_TOKEN_FORMAT**
|
||||
Identity service token format (UUID or PKI). The recommended format for new deployments is UUID. ['UUID', 'PKI']
|
||||
Identity service token format (UUID, PKI or FERNET). The recommended format for new deployments is FERNET. ['UUID', 'PKI', 'FERNET']
|
||||
|
||||
**CONFIG_KEYSTONE_IDENTITY_BACKEND**
|
||||
Type of Identity service backend (sql or ldap). ['sql', 'ldap']
|
||||
|
|
|
@ -151,13 +151,13 @@ def initConfig(controller):
|
|||
|
||||
{"CMD_OPTION": "keystone-token-format",
|
||||
"PROMPT": "Enter the Keystone token format.",
|
||||
"OPTION_LIST": ['UUID', 'PKI'],
|
||||
"OPTION_LIST": ['UUID', 'PKI', 'FERNET'],
|
||||
"VALIDATORS": [validators.validate_options],
|
||||
"DEFAULT_VALUE": 'UUID',
|
||||
"DEFAULT_VALUE": 'FERNET',
|
||||
"MASK_INPUT": False,
|
||||
"LOOSE_VALIDATION": False,
|
||||
"CONF_NAME": 'CONFIG_KEYSTONE_TOKEN_FORMAT',
|
||||
"USE_DEFAULT": True,
|
||||
"USE_DEFAULT": False,
|
||||
"NEED_CONFIRM": False,
|
||||
"CONDITION": False},
|
||||
|
||||
|
|
|
@ -6,6 +6,11 @@ class packstack::keystone ()
|
|||
$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
|
||||
$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
|
||||
$keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'))
|
||||
if $keystone_token_provider_str == 'fernet' {
|
||||
$enable_fernet_setup = true
|
||||
} else {
|
||||
$enable_fernet_setup = false
|
||||
}
|
||||
$keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','')
|
||||
$keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL')
|
||||
|
||||
|
@ -33,6 +38,7 @@ class packstack::keystone ()
|
|||
admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
|
||||
database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
|
||||
token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider",
|
||||
enable_fernet_setup => $enable_fernet_setup,
|
||||
debug => hiera('CONFIG_DEBUG_MODE'),
|
||||
service_name => 'httpd',
|
||||
enable_ssl => $keystone_use_ssl,
|
||||
|
|
|
@ -31,6 +31,7 @@ $SUDO packstack ${ADDITIONAL_ARGS} \
|
|||
--os-neutron-lbaas-install=y \
|
||||
--os-sahara-install=y \
|
||||
--os-trove-install=y \
|
||||
--keystone-token-format=UUID \
|
||||
--provision-uec-kernel-url="/tmp/cirros/cirros-0.3.4-x86_64-vmlinuz" \
|
||||
--provision-uec-ramdisk-url="/tmp/cirros/cirros-0.3.4-x86_64-initrd" \
|
||||
--provision-uec-disk-url="/tmp/cirros/cirros-0.3.4-x86_64-disk.img" \
|
||||
|
|
Loading…
Reference in New Issue