diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-06-14 16:26:57 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-06-14 16:26:57 +0000 |
| commit | 12aaefa939974fe9970cff4e3f933d8411a9fa91 (patch) | |
| tree | 0046b0d7b06d858a7e3029f3db3a650b0e466a81 /puppet | |
| parent | dfdfc00312a60413daec62aa9cf7442db52605d9 (diff) | |
| parent | 350e1a81dd559581bcf643e5a87ad89d6a9c0e5d (diff) | |
Merge "Enable heat/puppet to manage the fernet keys and make it configurable"
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/keystone.yaml | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 57e3286a..af494016 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -122,6 +122,14 @@ parameters: KeystoneFernetKeys: type: json description: Mapping containing keystone's fernet keys and their paths. + ManageKeystoneFernetKeys: + type: boolean + default: true + description: Whether TripleO should manage the keystone fernet keys or not. + If set to true, the fernet keys will get the values from the + saved keys repository in mistral (the KeystoneFernetKeys + variable). If set to false, only the stack creation + initializes the keys, but subsequent updates won't touch them. KeystoneLoggingSource: type: json default: @@ -258,7 +266,7 @@ outputs: '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} keystone::fernet_keys: {get_param: KeystoneFernetKeys} - keystone::fernet_replace_keys: false + keystone::fernet_replace_keys: {get_param: ManageKeystoneFernetKeys} keystone::debug: if: - service_debug_unset |