summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-14 16:26:57 +0000
committerGerrit Code Review <review@openstack.org>2017-06-14 16:26:57 +0000
commit12aaefa939974fe9970cff4e3f933d8411a9fa91 (patch)
tree0046b0d7b06d858a7e3029f3db3a650b0e466a81 /puppet
parentdfdfc00312a60413daec62aa9cf7442db52605d9 (diff)
parent350e1a81dd559581bcf643e5a87ad89d6a9c0e5d (diff)
Merge "Enable heat/puppet to manage the fernet keys and make it configurable"
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/keystone.yaml10
1 files changed, 9 insertions, 1 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 57e3286a..af494016 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -122,6 +122,14 @@ parameters:
KeystoneFernetKeys:
type: json
description: Mapping containing keystone's fernet keys and their paths.
+ ManageKeystoneFernetKeys:
+ type: boolean
+ default: true
+ description: Whether TripleO should manage the keystone fernet keys or not.
+ If set to true, the fernet keys will get the values from the
+ saved keys repository in mistral (the KeystoneFernetKeys
+ variable). If set to false, only the stack creation
+ initializes the keys, but subsequent updates won't touch them.
KeystoneLoggingSource:
type: json
default:
@@ -258,7 +266,7 @@ outputs:
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
keystone::fernet_keys: {get_param: KeystoneFernetKeys}
- keystone::fernet_replace_keys: false
+ keystone::fernet_replace_keys: {get_param: ManageKeystoneFernetKeys}
keystone::debug:
if:
- service_debug_unset