openstack/devstack
Code Issues Proposed changes

Switch fernet to be the default token provider

Browse Source 
this is the first patch in a series to actually make fernet the default
token provider in keystone. the patches for grenade, release notes, and
actually switching the value in keystone all depend on this patch first.

reasons for switching over:

- fernet tokens are the recommended token provider
- the install guide for newton recommends deployers use fernet tokens [0]
- we previously attempted this switch but ran into timing issues [1],
  the timing issues have been resolved [2]

[0] http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html
[1] 153db269705f37d4144ad3fcf26dc67269755d7d
[2] https://review.openstack.org/#/q/topic:make-fernet-default

Change-Id: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1
This commit is contained in:
Steve Martinelli 2016-09-08 02:29:25 +00:00
parent 1f84d45757
commit dc486bc12f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/keystone
View File

@ -88,7 +88,7 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
# Select Keystone's token provider (and format) # Select Keystone's token provider (and format)
# Choose from 'uuid', 'pki', 'pkiz', or 'fernet' # Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-} KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]') KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
# Set Keystone interface configuration # Set Keystone interface configuration