Switch to fernet tokens by default
In the upcoming puppet keystone release, the default is being switched to fernet. This change updates packstack to properly handle the fernet provider configuration for keystone and makes it the new default. Since the upstream will be enabling the fernet token setup by default, packstack needs to properly turn off the fernet setup when using uuid. Change-Id: Id9f6d54e7e5190c3a01f60c511d8a470436bff7d
This commit is contained in:
parent
c613d4b5ea
commit
14ee418491
|
@ -187,7 +187,7 @@ This is the current matrix of available tests:
|
|||
|
||||
| - | scenario001 | scenario002 | scenario003 |
|
||||
|:----------:|:-----------:|:-----------:|:------------:
|
||||
| keystone | X | X | X |
|
||||
| keystone | FERNET | UUID | FERNET |
|
||||
| glance | file | swift | file |
|
||||
| nova | X | X | X |
|
||||
| neutron | X | X | X |
|
||||
|
|
|
@ -335,7 +335,7 @@ Keystone Config parameters
|
|||
Identity service API version string. ['v2.0', 'v3']
|
||||
|
||||
**CONFIG_KEYSTONE_TOKEN_FORMAT**
|
||||
Identity service token format (UUID or PKI). The recommended format for new deployments is UUID. ['UUID', 'PKI']
|
||||
Identity service token format (UUID, PKI or FERNET). The recommended format for new deployments is FERNET. ['UUID', 'PKI', 'FERNET']
|
||||
|
||||
**CONFIG_KEYSTONE_IDENTITY_BACKEND**
|
||||
Type of Identity service backend (sql or ldap). ['sql', 'ldap']
|
||||
|
|
|
@ -151,13 +151,13 @@ def initConfig(controller):
|
|||
|
||||
{"CMD_OPTION": "keystone-token-format",
|
||||
"PROMPT": "Enter the Keystone token format.",
|
||||
"OPTION_LIST": ['UUID', 'PKI'],
|
||||
"OPTION_LIST": ['UUID', 'PKI', 'FERNET'],
|
||||
"VALIDATORS": [validators.validate_options],
|
||||
"DEFAULT_VALUE": 'UUID',
|
||||
"DEFAULT_VALUE": 'FERNET',
|
||||
"MASK_INPUT": False,
|
||||
"LOOSE_VALIDATION": False,
|
||||
"CONF_NAME": 'CONFIG_KEYSTONE_TOKEN_FORMAT',
|
||||
"USE_DEFAULT": True,
|
||||
"USE_DEFAULT": False,
|
||||
"NEED_CONFIRM": False,
|
||||
"CONDITION": False},
|
||||
|
||||
|
|
|
@ -6,6 +6,11 @@ class packstack::keystone ()
|
|||
$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
|
||||
$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
|
||||
$keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'))
|
||||
if $keystone_token_provider_str == 'fernet' {
|
||||
$enable_fernet_setup = true
|
||||
} else {
|
||||
$enable_fernet_setup = false
|
||||
}
|
||||
$keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','')
|
||||
$keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL')
|
||||
|
||||
|
@ -33,6 +38,7 @@ class packstack::keystone ()
|
|||
admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'),
|
||||
database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
|
||||
token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider",
|
||||
enable_fernet_setup => $enable_fernet_setup,
|
||||
debug => hiera('CONFIG_DEBUG_MODE'),
|
||||
service_name => 'httpd',
|
||||
enable_ssl => $keystone_use_ssl,
|
||||
|
|
|
@ -31,6 +31,7 @@ $SUDO packstack ${ADDITIONAL_ARGS} \
|
|||
--os-neutron-lbaas-install=y \
|
||||
--os-sahara-install=y \
|
||||
--os-trove-install=y \
|
||||
--keystone-token-format=UUID \
|
||||
--provision-uec-kernel-url="/tmp/cirros/cirros-0.3.4-x86_64-vmlinuz" \
|
||||
--provision-uec-ramdisk-url="/tmp/cirros/cirros-0.3.4-x86_64-initrd" \
|
||||
--provision-uec-disk-url="/tmp/cirros/cirros-0.3.4-x86_64-disk.img" \
|
||||
|
|
Loading…
Reference in New Issue