OpenStack-Ansible

Bug #1468256
Comment #3

Comment 3 for bug 1468256

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-09: Fix merged to os-ansible-deployment (kilo)

Reviewed: https://review.openstack.org/196499
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=fafcafa4dfff613fd7e591da9bf68aabbbf2553e
Submitter: Jenkins
Branch: kilo

commit fafcafa4dfff613fd7e591da9bf68aabbbf2553e
Author: kevin <email address hidden>
Date: Thu Jun 25 21:15:11 2015 -0500

Updated default fernet key usage

    This change makes the use of fernet tokens production ready. The changes are
    as follows:
      * Ensures that the keys are rotated on every playbook execution
      * Removes the need to sync keys back to a deployment host when distributing
        them to other keystone hosts.
      * Creates an autonomous key rotation process that can rotate on the following
        intervals [reboot, yearly, annually, monthly, weekly, daily, hourly] to all
        hosts from any keystone fernet host.
      * Fixes the section in `keystone.conf` which was named "fernet_key" instead
        of "fernet_token".

    Change-Id: I50f6a852930728631f5c681a8aa0f1321d7424ac
    Related-Bug: #1463569
    Closes-Bug: #1468256
    (cherry picked from commit df3edca7a6def8869479feb98ea815f0bc7d30a4)