If the new primary key is not the first to be distributed after fernet
key rotation, there may be a small time window during the key
distribution when tokens issued by the node where fernet rotation was
performed can not be validated on the node where keys are being
distributed to.
Reviewed: https:/ /review. openstack. org/638397 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=261eeaa19bb 4c9e9ea89fac28e 473fa44c4a55de
Committed: https:/
Submitter: Zuul
Branch: master
commit 261eeaa19bb4c9e 9ea89fac28e473f a44c4a55de
Author: Pavlo Shchelokovskyy <email address hidden>
Date: Thu Feb 21 13:06:10 2019 +0200
Add hint for order of keys during distribution
If the new primary key is not the first to be distributed after fernet
key rotation, there may be a small time window during the key
distribution when tokens issued by the node where fernet rotation was
performed can not be validated on the node where keys are being
distributed to.
Change-Id: I34b5cadd12815e e95c71d8c163504 390a9e5e343
Closes-Bug: #1816927