From d43b95a1526bf9a9626185c3141f683a0d372516 Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Thu, 12 Jan 2017 15:23:09 -0800 Subject: [PATCH] Allow specifying the keystone token provider The new default for mitaka+ is fernet tokens which not all container images support. This allows the operator to specify the token provider, allowing uuid token usage in images which is required until the infrastructure to setup and distribute fernet keys is created. --- keystone/templates/etc/_keystone.conf.tpl | 5 ++++- keystone/values.yaml | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl index a503b4a0e5..573eba9e0e 100644 --- a/keystone/templates/etc/_keystone.conf.tpl +++ b/keystone/templates/etc/_keystone.conf.tpl @@ -1,5 +1,5 @@ [DEFAULT] -debug = {{ .Values.misc.debug }} +debug = {{ .Values.api.default.debug }} use_syslog = False use_stderr = True @@ -10,6 +10,9 @@ max_retries = -1 [memcache] servers = {{ include "memcached_host" . }}:11211 +[token] +provider = {{ .Values.api.token.provider }} + [cache] backend = dogpile.cache.memcached memcache_servers = {{ include "memcached_host" . }}:11211 diff --git a/keystone/values.yaml b/keystone/values.yaml index e6ead52acc..a4a84a67bf 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -31,6 +31,12 @@ keystone: admin_password: password admin_project_name: admin +api: + default: + debug: false + token: + provider: uuid + network: port: admin: 35357 @@ -52,9 +58,6 @@ database: keystone_password: password keystone_user: keystone -misc: - debug: false - dependencies: api: jobs: