diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-06-14 16:24:11 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-06-14 16:24:11 +0000 |
commit | dfdfc00312a60413daec62aa9cf7442db52605d9 (patch) | |
tree | d8ffd329e0094743d4200dd758c3dbf515b5432b /puppet/services | |
parent | 50ce7453d6b79caad94d932926e41b1403446d78 (diff) | |
parent | 490e237f09d2c685903b173d3fd94efc450a9cb2 (diff) |
Merge "Use KeystoneFernetKeys instead of individual parameters"
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/keystone.yaml | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index f3a9cbc4..57e3286a 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -113,10 +113,15 @@ parameters: description: The second Keystone credential key. Must be a valid key. KeystoneFernetKey0: type: string - description: The first Keystone fernet key. Must be a valid key. + default: '' + description: (DEPRECATED) The first Keystone fernet key. Must be a valid key. KeystoneFernetKey1: type: string - description: The second Keystone fernet key. Must be a valid key. + default: '' + description: (DEPRECATED) The second Keystone fernet key. Must be a valid key. + KeystoneFernetKeys: + type: json + description: Mapping containing keystone's fernet keys and their paths. KeystoneLoggingSource: type: json default: @@ -187,6 +192,17 @@ parameters: default: {} hidden: true +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. If you have concerns regarding deprecated + parameters, please contact the TripleO development team on IRC or the + OpenStack mailing list. + parameters: + - KeystoneFernetKey0 + - KeystoneFernetKey1 + resources: ApacheServiceBase: @@ -241,11 +257,7 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} - keystone::fernet_keys: - '/etc/keystone/fernet-keys/0': - content: {get_param: KeystoneFernetKey0} - '/etc/keystone/fernet-keys/1': - content: {get_param: KeystoneFernetKey1} + keystone::fernet_keys: {get_param: KeystoneFernetKeys} keystone::fernet_replace_keys: false keystone::debug: if: |