summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Hardy <shardy@redhat.com>2016-08-03 13:39:39 +0100
committerSteven Hardy <shardy@redhat.com>2016-08-05 16:40:58 +0100
commit12b356b6875dbf0ac192fe52f4711aa746ed9eb9 (patch)
treebfe5ca2002bd14516a21c08b32830011b402ad30
parent73656aac0dbf1e0bbc8ee10cf5f282c93af4174b (diff)
Remove keystone PKI related parameters
These interfaces have all been deprecated by keystone, and we don't offer any parameter interface to select PKI token format anyway, so remove these to align with keystone reccomendations. The keystone.conf.sample says these values may be silently ignored or removed, so it seems reasonable to do the same here (parameter_defaults should be ignored from old stacks). Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e
-rw-r--r--puppet/services/keystone.yaml16
1 files changed, 0 insertions, 16 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index abc738d9..d45ed86e 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
OpenStack Keystone service configured with Puppet
parameters:
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
KeystoneEnableDBPurge:
default: true
description: |
Whether to create cron job for purging soft deleted rows in Keystone database.
type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
KeystoneSSLCertificate:
default: ''
description: Keystone certificate for verifying token validity.
@@ -105,9 +92,6 @@ outputs:
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::enable_proxy_headers_parsing: true