Merge "Delete keystone_token_provider variable"
This commit is contained in:
Zuul
Gerrit Code Review
commit
1aa13614d8
@ -857,8 +857,6 @@ default_project_domain_id: "default"
|
|||||||
default_user_domain_name: "Default"
|
default_user_domain_name: "Default"
|
||||||
default_user_domain_id: "default"
|
default_user_domain_id: "default"
|
||||||
|
|
||||||
# Valid options are [ fernet ]
|
|
||||||
keystone_token_provider: "fernet"
|
|
||||||
# Keystone fernet token expiry in seconds. Default is 1 day.
|
# Keystone fernet token expiry in seconds. Default is 1 day.
|
||||||
fernet_token_expiry: 86400
|
fernet_token_expiry: 86400
|
||||||
# Keystone window to allow expired fernet tokens. Default is 2 days.
|
# Keystone window to allow expired fernet tokens. Default is 2 days.
|
||||||
|
|||||||
@ -35,7 +35,7 @@ keystone_services:
|
|||||||
keystone-ssh:
|
keystone-ssh:
|
||||||
container_name: "keystone_ssh"
|
container_name: "keystone_ssh"
|
||||||
group: "keystone"
|
group: "keystone"
|
||||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
enabled: true
|
||||||
image: "{{ keystone_ssh_image_full }}"
|
image: "{{ keystone_ssh_image_full }}"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
|
||||||
@ -48,7 +48,7 @@ keystone_services:
|
|||||||
keystone-fernet:
|
keystone-fernet:
|
||||||
container_name: "keystone_fernet"
|
container_name: "keystone_fernet"
|
||||||
group: "keystone"
|
group: "keystone"
|
||||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
enabled: true
|
||||||
image: "{{ keystone_fernet_image_full }}"
|
image: "{{ keystone_fernet_image_full }}"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
|
||||||
@ -140,7 +140,7 @@ keystone_default_volumes:
|
|||||||
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/keystone/keystone:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/keystone' if keystone_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/keystone/keystone:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/keystone' if keystone_dev_mode | bool else '' }}"
|
||||||
- "kolla_logs:/var/log/kolla/"
|
- "kolla_logs:/var/log/kolla/"
|
||||||
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
|
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||||
|
|
||||||
keystone_extra_volumes: "{{ default_extra_volumes }}"
|
keystone_extra_volumes: "{{ default_extra_volumes }}"
|
||||||
|
|
||||||
|
|||||||
@ -71,5 +71,4 @@
|
|||||||
run_once: True
|
run_once: True
|
||||||
delegate_to: "{{ groups['keystone'][0] }}"
|
delegate_to: "{{ groups['keystone'][0] }}"
|
||||||
when:
|
when:
|
||||||
- keystone_token_provider == 'fernet'
|
|
||||||
- groups['keystone_fernet_running'] is not defined
|
- groups['keystone_fernet_running'] is not defined
|
||||||
|
|||||||
@ -200,14 +200,12 @@
|
|||||||
-n {{ (groups['keystone'] | length) }}
|
-n {{ (groups['keystone'] | length) }}
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: cron_jobs_json
|
register: cron_jobs_json
|
||||||
when: keystone_token_provider == 'fernet'
|
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: Set fact with the generated cron jobs for building the crontab later
|
- name: Set fact with the generated cron jobs for building the crontab later
|
||||||
set_fact:
|
set_fact:
|
||||||
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
|
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
|
||||||
ignore_errors: "{{ ansible_check_mode }}"
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
when: keystone_token_provider == 'fernet'
|
|
||||||
|
|
||||||
- name: Copying files for keystone-fernet
|
- name: Copying files for keystone-fernet
|
||||||
vars:
|
vars:
|
||||||
|
|||||||
@ -13,8 +13,6 @@
|
|||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
||||||
- include_tasks: distribute_fernet.yml
|
- include_tasks: distribute_fernet.yml
|
||||||
when:
|
|
||||||
- keystone_token_provider == 'fernet'
|
|
||||||
|
|
||||||
- import_tasks: register.yml
|
- import_tasks: register.yml
|
||||||
|
|
||||||
|
|||||||
@ -67,5 +67,3 @@
|
|||||||
120, 240, 480, 720, 1440, 3600, 7200, 10800, 14400, 21600, 43200, 60480,
|
120, 240, 480, 720, 1440, 3600, 7200, 10800, 14400, 21600, 43200, 60480,
|
||||||
120960, 151200, 201600, 302400, 604800. These values ensure an evenly-spaced
|
120960, 151200, 201600, 302400, 604800. These values ensure an evenly-spaced
|
||||||
run schedule as they divide 7 days without remainder.
|
run schedule as they divide 7 days without remainder.
|
||||||
when:
|
|
||||||
- keystone_token_provider == 'fernet'
|
|
||||||
|
|||||||
@ -29,7 +29,7 @@ domain_config_dir = /etc/keystone/domains
|
|||||||
|
|
||||||
[token]
|
[token]
|
||||||
revoke_by_id = False
|
revoke_by_id = False
|
||||||
provider = {{ keystone_token_provider }}
|
provider = fernet
|
||||||
expiration = {{ fernet_token_expiry }}
|
expiration = {{ fernet_token_expiry }}
|
||||||
allow_expired_window = {{ fernet_token_allow_expired_window }}
|
allow_expired_window = {{ fernet_token_allow_expired_window }}
|
||||||
|
|
||||||
|
|||||||
@ -4,14 +4,8 @@
|
|||||||
Keystone - Identity service
|
Keystone - Identity service
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
Tokens
|
|
||||||
------
|
|
||||||
|
|
||||||
The Keystone token provider is configured via ``keystone_token_provider``. The
|
|
||||||
default value for this is ``fernet``.
|
|
||||||
|
|
||||||
Fernet Tokens
|
Fernet Tokens
|
||||||
~~~~~~~~~~~~~
|
-------------
|
||||||
|
|
||||||
Fernet tokens require the use of keys that must be synchronised between
|
Fernet tokens require the use of keys that must be synchronised between
|
||||||
Keystone servers. Kolla Ansible deploys two containers to handle this -
|
Keystone servers. Kolla Ansible deploys two containers to handle this -
|
||||||
|
|||||||
@ -455,9 +455,6 @@ workaround_ansible_issue_8743: yes
|
|||||||
# Keystone - Identity Options
|
# Keystone - Identity Options
|
||||||
#############################
|
#############################
|
||||||
|
|
||||||
# Valid options are [ fernet ]
|
|
||||||
#keystone_token_provider: 'fernet'
|
|
||||||
|
|
||||||
#keystone_admin_user: "admin"
|
#keystone_admin_user: "admin"
|
||||||
|
|
||||||
#keystone_admin_project: "admin"
|
#keystone_admin_project: "admin"
|
||||||
|
|||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- The variable keystone_token_provider does not exist anymore,
|
||||||
|
because there is no alternative.
|
||||||
Loading…
Reference in New Issue
Block a user