OpenStack Identity (keystone)

  1. Bug #1816927
  2. Comment #10

Comment 10 for bug 1816927

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to openstack-ansible-os_keystone (stable/queens)

Reviewed: https://review.openstack.org/639235
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=e476286de2b5a3c402b00ad1550e579b7a5c6882
Submitter: Zuul
Branch: stable/queens

commit e476286de2b5a3c402b00ad1550e579b7a5c6882
Author: Kevin Carter <email address hidden>
Date: Wed Feb 20 21:43:35 2019 -0600

    Correct fernet token sync race condition

    The fernet token rotation is subject to a race condition when using
    aggressive rotation in a high volume, high traffic, high capacity cloud.
    This change addresses the potential race condition by converting our
    fernet token sync method from rsync to scp and by sorting the fernet
    keys in reverse version ordering. This will ensure that the key with
    the highest index is always synchronized first and will ensure that
    the underlying file structure of a given target node always remains
    intact during a sync operation.

    Related-Bug: 1816927
    Change-Id: I9087d953f7dabe04a2ad19af6121dae71544e5b2
    Signed-off-by: Kevin Carter <email address hidden>
    (cherry picked from commit 28a0c5abbf654ff8b625edc0c12af50a3def2429)