diff --git a/README.md b/README.md index 5ae02a8e7..b02b9364c 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ This is the current matrix of available tests: | - | scenario001 | scenario002 | scenario003 | |:----------:|:-----------:|:-----------:|:------------: -| keystone | X | X | X | +| keystone | FERNET | UUID | FERNET | | glance | file | swift | file | | nova | X | X | X | | neutron | X | X | X | diff --git a/docs/packstack.rst b/docs/packstack.rst index 08fa6e25c..9507a9ef6 100644 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -335,7 +335,7 @@ Keystone Config parameters Identity service API version string. ['v2.0', 'v3'] **CONFIG_KEYSTONE_TOKEN_FORMAT** - Identity service token format (UUID or PKI). The recommended format for new deployments is UUID. ['UUID', 'PKI'] + Identity service token format (UUID, PKI or FERNET). The recommended format for new deployments is FERNET. ['UUID', 'PKI', 'FERNET'] **CONFIG_KEYSTONE_IDENTITY_BACKEND** Type of Identity service backend (sql or ldap). ['sql', 'ldap'] diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index 3e30b242f..55aa799b6 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -151,13 +151,13 @@ def initConfig(controller): {"CMD_OPTION": "keystone-token-format", "PROMPT": "Enter the Keystone token format.", - "OPTION_LIST": ['UUID', 'PKI'], + "OPTION_LIST": ['UUID', 'PKI', 'FERNET'], "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'UUID', + "DEFAULT_VALUE": 'FERNET', "MASK_INPUT": False, "LOOSE_VALIDATION": False, "CONF_NAME": 'CONFIG_KEYSTONE_TOKEN_FORMAT', - "USE_DEFAULT": True, + "USE_DEFAULT": False, "NEED_CONFIRM": False, "CONDITION": False}, diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp index fa4967897..ae4ced5ed 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -6,6 +6,11 @@ class packstack::keystone () $keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') $keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') $keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT')) + if $keystone_token_provider_str == 'fernet' { + $enable_fernet_setup = true + } else { + $enable_fernet_setup = false + } $keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') $keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') @@ -33,6 +38,7 @@ class packstack::keystone () admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'), database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", token_provider => "keystone.token.providers.${keystone_token_provider_str}.Provider", + enable_fernet_setup => $enable_fernet_setup, debug => hiera('CONFIG_DEBUG_MODE'), service_name => 'httpd', enable_ssl => $keystone_use_ssl, diff --git a/tests/scenario002.sh b/tests/scenario002.sh index 029e06513..b322185db 100755 --- a/tests/scenario002.sh +++ b/tests/scenario002.sh @@ -31,6 +31,7 @@ $SUDO packstack ${ADDITIONAL_ARGS} \ --os-neutron-lbaas-install=y \ --os-sahara-install=y \ --os-trove-install=y \ + --keystone-token-format=UUID \ --provision-uec-kernel-url="/tmp/cirros/cirros-0.3.4-x86_64-vmlinuz" \ --provision-uec-ramdisk-url="/tmp/cirros/cirros-0.3.4-x86_64-initrd" \ --provision-uec-disk-url="/tmp/cirros/cirros-0.3.4-x86_64-disk.img" \