9e4a02482d
This change adds a number of new tasks that are dependent on the value of the Keystone token provider (keystone_token_provider) user variable. If the keystone_token_provider user_variable is set to keystone.token.providers.fernet.Provider then the playbooks will appropriately create the fernet keys and distribute them to the rest of the keystone containers. This also implements key rotation for generated fernet keys similar to how the os_nova roles implement key rotation. Finally, we also need to build cryptography from master for now. Currently, 0.8.x and 0.9.x use versions of cffi<1.0 which causes a bug when used with mod_wsgi and Apache. This is fixed in cryptography master and will be released in 1.0. Closes-bug: 1463569 Change-Id: I8605e0490a8889d57c6b1b7e03e078fb0da978ab
25 lines
799 B
YAML
25 lines
799 B
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Fetch the fernet key repository
|
|
synchronize:
|
|
src: "{{ keystone_fernet_tokens_key_repository }}"
|
|
dest: /tmp/
|
|
recursive: yes
|
|
mode: pull
|
|
tags:
|
|
- keystone-setup
|
|
- keystone-fernet
|