aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-15 13:10:15 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-16 07:26:34 +0000
commit4ec13cc91bd9003b3baf7af140c80d517c88f868 (patch)
treed6dc801d2f73cd4ddb4562cd5b9fd1974a883050 /puppet/services
parent24d552ae33adfbbbeb7a1b51b2fe09263c8e9a95 (diff)
Make fernet max active keys configurable
This will set the max_active_keys setting in keystone.conf, and furtherly we'll read this value from tripleo-common to do purging of keys if necessary. bp keystone-fernet-rotation Change-Id: I9c6b0708c2c03ad9918222599f8b6aad397d8089
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/keystone.yaml5
1 files changed, 5 insertions, 0 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index af494016..60d194bc 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -122,6 +122,10 @@ parameters:
KeystoneFernetKeys:
type: json
description: Mapping containing keystone's fernet keys and their paths.
+ KeystoneFernetMaxActiveKeys:
+ type: number
+ description: The maximum active keys in the keystone fernet key repository.
+ default: 5
ManageKeystoneFernetKeys:
type: boolean
default: true
@@ -258,6 +262,7 @@ outputs:
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::token_provider: {get_param: KeystoneTokenProvider}
keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
+ keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}
keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true
keystone::credential_keys: