Enable heat/puppet to manage the fernet keys and make it configurable

With the addition of the KeystoneFernetKeys parameter, it's now possible to do fernet key rotations using mistral, by modifying the KeystoneFernetKeys variable in mistral; subsequently a rotation could happen when doing a stack update. So this re-enables the managing of the key files by puppet. However, this is left configurable, as folks might want to manage those files out-of-band. bp keystone-fernet-rotation Change-Id: Ic82fb8b8a76481a6e588047acf33a036cf444d7d
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-06-12 15:24:32 +0300
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2017-06-14 10:04:06 +0300
commit: 350e1a81dd559581bcf643e5a87ad89d6a9c0e5d (patch)
tree: 7d28c6dc8848da3563f0f447bf25252583cdd829 /releasenotes
parent: 490e237f09d2c685903b173d3fd94efc450a9cb2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
new file mode 100644
index 00000000..64a4d7e7
--- /dev/null
+++ b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - This introduces the ManageKeystoneFernetKeys parameter, which tells
+    heat/puppet if it should replace the existing fernet keys on a stack
+    deployment or not. This is useful if the deployer wants to do key rotations
+    out of band.
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-06-12 15:24:32 +0300
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2017-06-14 10:04:06 +0300
commit	350e1a81dd559581bcf643e5a87ad89d6a9c0e5d (patch)
tree	7d28c6dc8848da3563f0f447bf25252583cdd829 /releasenotes
parent	490e237f09d2c685903b173d3fd94efc450a9cb2 (diff)