From e18f4e665df1e9d43eaee8a1b72ac8a21c232be3 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 26 Jul 2017 16:46:23 +0300 Subject: [PATCH] Add documentation for fernet key rotation bp keystone-fernet-rotation Change-Id: I5682acb72db34818bbefd051bc42c7e83e432581 --- .../post_deployment/fernet_key_rotation.rst | 23 +++++++++++++++++++ .../post_deployment/post_deployment.rst | 1 + 2 files changed, 24 insertions(+) create mode 100644 doc/source/install/post_deployment/fernet_key_rotation.rst diff --git a/doc/source/install/post_deployment/fernet_key_rotation.rst b/doc/source/install/post_deployment/fernet_key_rotation.rst new file mode 100644 index 00000000..dea8c06d --- /dev/null +++ b/doc/source/install/post_deployment/fernet_key_rotation.rst @@ -0,0 +1,23 @@ +.. _fernet_key_rotation: + +Rotation Keystone Fernet Keys from the Overcloud +================================================ + +Like most passwords in your overcloud deployment, keystone fernet keys are also +stored as part of the deployment plan in mistral. The overcloud deplotment's +fernet keys can be rotated with the following command:: + + mistral execution-create tripleo.fernet_keys.v1.rotate_fernet_keys \ + '{"container": "overcloud"} + +Where the value for "container" is the name of the plan (which defaults to +"overcloud"). + +After waiting some time you can verify the output by taking the execution ID +from that was the output of the previous command, and issuing the following +command:: + + mistral execution-get-output EXECUTION_UUID + +Please note that there must be an overcloud deployment ready and accessible in +order to execute this action. diff --git a/doc/source/install/post_deployment/post_deployment.rst b/doc/source/install/post_deployment/post_deployment.rst index 8208c5d3..c099e324 100644 --- a/doc/source/install/post_deployment/post_deployment.rst +++ b/doc/source/install/post_deployment/post_deployment.rst @@ -18,3 +18,4 @@ In this chapter you will find advanced management of various |project| areas. upload_single_image backup_restore_undercloud update_undercloud_ssh_keys + fernet_key_rotation