diff options
| author |   Steven Hardy <shardy@redhat.com> | 2016-08-03 13:39:39 +0100 |
|---|---|---|
| committer | Steven Hardy <shardy@redhat.com> | 2016-08-05 16:40:58 +0100 |
| commit | 12b356b6875dbf0ac192fe52f4711aa746ed9eb9 (patch) | |
| tree | bfe5ca2002bd14516a21c08b32830011b402ad30 /puppet | |
| parent | 73656aac0dbf1e0bbc8ee10cf5f282c93af4174b (diff) | |
Remove keystone PKI related parameters
These interfaces have all been deprecated by keystone, and we don't
offer any parameter interface to select PKI token format anyway,
so remove these to align with keystone reccomendations.
The keystone.conf.sample says these values may be silently ignored or
removed, so it seems reasonable to do the same here (parameter_defaults
should be ignored from old stacks).
Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e
Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/services/keystone.yaml | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index abc738d9..d45ed86e 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -105,9 +92,6 @@ outputs: - '/keystone' keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone::enable_proxy_headers_parsing: true |