commit 09e29d0db9b895b97470c9c8a60442b980a3eb3c
Author: Mark Goddard <email address hidden>
Date: Fri Jun 21 16:52:18 2019 +0100
Don't rotate keystone fernet keys during deploy
When running deploy or reconfigure for Keystone,
ansible/roles/keystone/tasks/deploy.yml calls init_fernet.yml,
which runs /usr/bin/fernet-rotate.sh, which calls keystone-manage
fernet_rotate.
This means that a token can become invalid if the operator runs
deploy or reconfigure too often.
This change splits out fernet-push.sh from the fernet-rotate.sh
script, then calls fernet-push.sh after the fernet bootstrap
performed in deploy.
Reviewed: https:/ /review. opendev. org/666882 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=09e29d0db9b 895b97470c9c8a6 0442b980a3eb3c
Committed: https:/
Submitter: Zuul
Branch: master
commit 09e29d0db9b895b 97470c9c8a60442 b980a3eb3c
Author: Mark Goddard <email address hidden>
Date: Fri Jun 21 16:52:18 2019 +0100
Don't rotate keystone fernet keys during deploy
When running deploy or reconfigure for Keystone, roles/keystone/ tasks/deploy. yml calls init_fernet.yml, fernet- rotate. sh, which calls keystone-manage
ansible/
which runs /usr/bin/
fernet_rotate.
This means that a token can become invalid if the operator runs
deploy or reconfigure too often.
This change splits out fernet-push.sh from the fernet-rotate.sh
script, then calls fernet-push.sh after the fernet bootstrap
performed in deploy.
Change-Id: I824857ddfb1dd0 26f93994a4ac8db 8f80e64072e
Closes-Bug: #1833729