fuel-ccp

  1. Bug #1651392
  2. Comment #7

Comment 7 for bug 1651392

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-ccp-keystone (master)

Reviewed: https://review.openstack.org/426092
Committed: https://git.openstack.org/cgit/openstack/fuel-ccp-keystone/commit/?id=f6a75158c2dd32720ed178d91ef2b6df40c6984a
Submitter: Jenkins
Branch: master

commit f6a75158c2dd32720ed178d91ef2b6df40c6984a
Author: Dmitry Klenov <email address hidden>
Date: Tue Jan 17 09:05:11 2017 +0000

    Fernet keys rotation action

    Mechanism to rotate fernet keys is added. CCP operator can use one
    of two ways to rotate keys:

    1. Manual rotation.
    Pre-generate keys manually and distribute them to keystone pod(s).
    To do it, operator needs to put generated keys to the ccp config file
    in the following format:

    configs:
        keystone:
            fernet_keys:
                "0": <key-0>
                "2": <key-2>
                "3": <key-3>

    Then, execute custom action 'fernet-rotate'. The keys will be placed
    to the k8s secret.

    2. Automatic rotation.
    Do not put keys to config, just execute 'fernet-rotate'. Keys will be
    automatically rotated and put to proper secret.

    Partial-Bug: #1651392
    Partial-Bug: #1651394
    Change-Id: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37