commit 61406fe9251f63c05c5423511a8d480c8d7d6433
Author: Mark Goddard <email address hidden>
Date: Fri Jun 21 16:52:18 2019 +0100
Don't rotate keystone fernet keys during deploy
When running deploy or reconfigure for Keystone,
ansible/roles/keystone/tasks/deploy.yml calls init_fernet.yml,
which runs /usr/bin/fernet-rotate.sh, which calls keystone-manage
fernet_rotate.
This means that a token can become invalid if the operator runs
deploy or reconfigure too often.
This change splits out fernet-push.sh from the fernet-rotate.sh
script, then calls fernet-push.sh after the fernet bootstrap
performed in deploy.
Change-Id: I824857ddfb1dd026f93994a4ac8db8f80e64072e
Closes-Bug: #1833729
(cherry picked from commit 09e29d0db9b895b97470c9c8a60442b980a3eb3c)
Reviewed: https:/ /review. opendev. org/669132 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=61406fe9251 f63c05c5423511a 8d480c8d7d6433
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit 61406fe9251f63c 05c5423511a8d48 0c8d7d6433
Author: Mark Goddard <email address hidden>
Date: Fri Jun 21 16:52:18 2019 +0100
Don't rotate keystone fernet keys during deploy
When running deploy or reconfigure for Keystone, roles/keystone/ tasks/deploy. yml calls init_fernet.yml, fernet- rotate. sh, which calls keystone-manage
ansible/
which runs /usr/bin/
fernet_rotate.
This means that a token can become invalid if the operator runs
deploy or reconfigure too often.
This change splits out fernet-push.sh from the fernet-rotate.sh
script, then calls fernet-push.sh after the fernet bootstrap
performed in deploy.
Change-Id: I824857ddfb1dd0 26f93994a4ac8db 8f80e64072e 97470c9c8a60442 b980a3eb3c)
Closes-Bug: #1833729
(cherry picked from commit 09e29d0db9b895b