From f9b2a2207269dd571db40664d71a8b56637b593c Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 14 Nov 2016 14:54:25 -0500 Subject: Configure Keystone Fernet Keys Provision the Keystone Fernet Token provider by installing 2 keys with dynamic content generated by python-tripleoclient. Note that this only sets up the necessary keys to use fernet as a token provider, however, this does not intend to set it up as the default provider; This will be discussed and will come as part of another commit. Co-Authored-By: Juan Antonio Osorio Robles Depends-On: Ic070d160b519b8637997dbde165dbf15275e0dfe Change-Id: Iaa5499614417000c1b9ba42a776a50cb22c1bb30 --- puppet/services/keystone.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'puppet') diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index d819e043..fe023a6a 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -99,6 +99,12 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneFernetKey0: + type: string + description: The first Keystone fernet key. Must be a valid key. + KeystoneFernetKey1: + type: string + description: The second Keystone fernet key. Must be a valid key. KeystoneLoggingSource: type: json default: @@ -156,6 +162,11 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} + keystone::fernet_keys: + '/etc/keystone/fernet-keys/0': + content: {get_param: KeystoneFernetKey0} + '/etc/keystone/fernet-keys/1': + content: {get_param: KeystoneFernetKey1} keystone::debug: {get_param: Debug} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} -- cgit 1.2.3-korg