Comment 2 for bug 1833729

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/666882
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=09e29d0db9b895b97470c9c8a60442b980a3eb3c
Submitter: Zuul
Branch: master

commit 09e29d0db9b895b97470c9c8a60442b980a3eb3c
Author: Mark Goddard <email address hidden>
Date: Fri Jun 21 16:52:18 2019 +0100

    Don't rotate keystone fernet keys during deploy

    When running deploy or reconfigure for Keystone,
    ansible/roles/keystone/tasks/deploy.yml calls init_fernet.yml,
    which runs /usr/bin/fernet-rotate.sh, which calls keystone-manage
    fernet_rotate.

    This means that a token can become invalid if the operator runs
    deploy or reconfigure too often.

    This change splits out fernet-push.sh from the fernet-rotate.sh
    script, then calls fernet-push.sh after the fernet bootstrap
    performed in deploy.

    Change-Id: I824857ddfb1dd026f93994a4ac8db8f80e64072e
    Closes-Bug: #1833729