Delete keystone_token_provider variable
In the last PTG it was decided to drop the keystone_token_provider variable, because there is no other option anymore. Signed-off-by: Ramona Rautenberg <rautenberg@osism.tech> Change-Id: I1ee2c3f9b7dbbbf4633c5874cdbb3c4f8c09e277
This commit is contained in:
parent
b87e833d91
commit
b3b9dff3cd
@ -864,8 +864,6 @@ default_project_domain_id: "default"
|
||||
default_user_domain_name: "Default"
|
||||
default_user_domain_id: "default"
|
||||
|
||||
# Valid options are [ fernet ]
|
||||
keystone_token_provider: "fernet"
|
||||
# Keystone fernet token expiry in seconds. Default is 1 day.
|
||||
fernet_token_expiry: 86400
|
||||
# Keystone window to allow expired fernet tokens. Default is 2 days.
|
||||
|
@ -35,7 +35,7 @@ keystone_services:
|
||||
keystone-ssh:
|
||||
container_name: "keystone_ssh"
|
||||
group: "keystone"
|
||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
||||
enabled: true
|
||||
image: "{{ keystone_ssh_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
|
||||
@ -48,7 +48,7 @@ keystone_services:
|
||||
keystone-fernet:
|
||||
container_name: "keystone_fernet"
|
||||
group: "keystone"
|
||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
||||
enabled: true
|
||||
image: "{{ keystone_fernet_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
|
||||
@ -140,7 +140,7 @@ keystone_default_volumes:
|
||||
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
||||
- "{{ kolla_dev_repos_directory ~ '/keystone/keystone:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/keystone' if keystone_dev_mode | bool else '' }}"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
|
||||
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||
|
||||
keystone_extra_volumes: "{{ default_extra_volumes }}"
|
||||
|
||||
|
@ -71,5 +71,4 @@
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['keystone'][0] }}"
|
||||
when:
|
||||
- keystone_token_provider == 'fernet'
|
||||
- groups['keystone_fernet_running'] is not defined
|
||||
|
@ -200,14 +200,12 @@
|
||||
-n {{ (groups['keystone'] | length) }}
|
||||
changed_when: false
|
||||
register: cron_jobs_json
|
||||
when: keystone_token_provider == 'fernet'
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Set fact with the generated cron jobs for building the crontab later
|
||||
set_fact:
|
||||
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
|
||||
ignore_errors: "{{ ansible_check_mode }}"
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Copying files for keystone-fernet
|
||||
vars:
|
||||
|
@ -13,8 +13,6 @@
|
||||
meta: flush_handlers
|
||||
|
||||
- include_tasks: distribute_fernet.yml
|
||||
when:
|
||||
- keystone_token_provider == 'fernet'
|
||||
|
||||
- import_tasks: register.yml
|
||||
|
||||
|
@ -67,5 +67,3 @@
|
||||
120, 240, 480, 720, 1440, 3600, 7200, 10800, 14400, 21600, 43200, 60480,
|
||||
120960, 151200, 201600, 302400, 604800. These values ensure an evenly-spaced
|
||||
run schedule as they divide 7 days without remainder.
|
||||
when:
|
||||
- keystone_token_provider == 'fernet'
|
||||
|
@ -29,7 +29,7 @@ domain_config_dir = /etc/keystone/domains
|
||||
|
||||
[token]
|
||||
revoke_by_id = False
|
||||
provider = {{ keystone_token_provider }}
|
||||
provider = fernet
|
||||
expiration = {{ fernet_token_expiry }}
|
||||
allow_expired_window = {{ fernet_token_allow_expired_window }}
|
||||
|
||||
|
@ -4,14 +4,8 @@
|
||||
Keystone - Identity service
|
||||
===========================
|
||||
|
||||
Tokens
|
||||
------
|
||||
|
||||
The Keystone token provider is configured via ``keystone_token_provider``. The
|
||||
default value for this is ``fernet``.
|
||||
|
||||
Fernet Tokens
|
||||
~~~~~~~~~~~~~
|
||||
-------------
|
||||
|
||||
Fernet tokens require the use of keys that must be synchronised between
|
||||
Keystone servers. Kolla Ansible deploys two containers to handle this -
|
||||
|
@ -455,9 +455,6 @@ workaround_ansible_issue_8743: yes
|
||||
# Keystone - Identity Options
|
||||
#############################
|
||||
|
||||
# Valid options are [ fernet ]
|
||||
#keystone_token_provider: 'fernet'
|
||||
|
||||
#keystone_admin_user: "admin"
|
||||
|
||||
#keystone_admin_project: "admin"
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
upgrade:
|
||||
- The variable keystone_token_provider does not exist anymore,
|
||||
because there is no alternative.
|
Loading…
Reference in New Issue
Block a user