Mechanism to rotate fernet keys is added. CCP operator can use one
of two ways to rotate keys:
1. Manual rotation.
Pre-generate keys manually and distribute them to keystone pod(s).
To do it, operator needs to put generated keys to the ccp config file
in the following format:
Reviewed: https:/ /review. openstack. org/426092 /git.openstack. org/cgit/ openstack/ fuel-ccp- keystone/ commit/ ?id=f6a75158c2d d32720ed178d91e f2b6df40c6984a
Committed: https:/
Submitter: Jenkins
Branch: master
commit f6a75158c2dd327 20ed178d91ef2b6 df40c6984a
Author: Dmitry Klenov <email address hidden>
Date: Tue Jan 17 09:05:11 2017 +0000
Fernet keys rotation action
Mechanism to rotate fernet keys is added. CCP operator can use one
of two ways to rotate keys:
1. Manual rotation.
Pre-generate keys manually and distribute them to keystone pod(s).
To do it, operator needs to put generated keys to the ccp config file
in the following format:
configs:
fernet_ keys:
"0": <key-0>
"2": <key-2>
"3": <key-3>
keystone:
Then, execute custom action 'fernet-rotate'. The keys will be placed
to the k8s secret.
2. Automatic rotation.
Do not put keys to config, just execute 'fernet-rotate'. Keys will be
automatically rotated and put to proper secret.
Partial-Bug: #1651392 b4b5d546d9633d4 629eb5d8a37
Partial-Bug: #1651394
Change-Id: I577b3f36a12d14