keystone: enable fernet across all CI
The UUID tokens are deprecated as of the Pike release and they will be removed in 2 releases. The deployment choice should be Fernet so we should test that extensively. Change-Id: I7d9f8782afc2cb636e69e8dd1e16c68182c38959
This commit is contained in:
Mohammed Naser
committed by
Alex Schultz
parent
3c8f4ccd85
commit
5aeac6db6f
4 changed files with 12 additions and 21 deletions
@@ -43,7 +43,6 @@ scenario](#all-in-one).
| ssl | yes | yes | yes | yes | no |
| ipv6 | centos7 | centos7 | centos7 | centos7 | no |
| keystone | X | X | X | X | X |
| tokens | uuid | uuid | fernet | fernet | uuid |
| glance | rbd | swift | file | swift+rgw | file |
| nova | rbd | X | X | rbd | X |
| neutron | ovs | ovs | linuxbridge | ovs | ovs |
@@ -56,9 +56,7 @@ include ::openstack_integration::cacert
include::openstack_integration::memcached
include::openstack_integration::rabbitmq
include::openstack_integration::mysql
class{ '::openstack_integration::keystone':
token_provider => 'fernet',
}
include::openstack_integration::keystone
include::openstack_integration::glance
class{ '::openstack_integration::neutron':
driver => 'linuxbridge',
@@ -42,9 +42,7 @@ include ::openstack_integration::cacert
include::openstack_integration::memcached
include::openstack_integration::rabbitmq
include::openstack_integration::mysql
class{ '::openstack_integration::keystone':
token_provider => 'fernet',
}
include::openstack_integration::keystone
class{ '::openstack_integration::glance':
backend => 'swift',
}
@@ -11,10 +11,6 @@
#andtheassociatedconfigurationinkeystone.confissetupright.
#Defaultstofalse
#
#[*token_provider*]
#(optional)Definethetokenprovidertouse.
#Defaultto'uuid'.
#
#[*token_expiration*]
#(optional)Definethetokenexpirationtouse.
#Defaultto'600'.
@@ -23,7 +19,6 @@
classopenstack_integration::keystone(
$default_domain=undef,
$using_domain_config=false,
$token_provider='uuid',
$token_expiration='600',
){
@@ -43,18 +38,20 @@ class openstack_integration::keystone (
Exec['update-ca-certificates']~>Service['httpd']
}
if$token_provider=='fernet'{
$enable_fernet_setup = true
class { '::keystone::cron::fernet_rotate':
hour => '*',
minute => '*/5',
}
#KeystonecredentialsetupisnotpackagedinUCAyet.
#ItshouldbedonewhenNewtonisreleased.
if$::osfamily=='RedHat'{
$enable_credential_setup = true
}else{
$enable_fernet_setup = false
$enable_credential_setup = false
}
class{ '::keystone::client': }
class{ '::keystone::cron::token_flush': }
class{ '::keystone::cron::fernet_rotate':
hour => '*',
minute => '*/5',
}
class{ '::keystone::db::mysql':
password => 'keystone',
}
@@ -71,8 +68,7 @@ class openstack_integration::keystone (
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
enable_credential_setup => $enable_credential_setup,
fernet_max_active_keys => '4',
token_expiration => $token_expiration,
default_transport_url => os_transport_url({
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.