x/packstack
Code Issues Proposed changes
627e2f77cd
packstack/releasenotes/notes/Replace-keystone-token-flush-cron-job-with-fernet-rotation-5b1fccf2bc6add91.yaml
Javier Pena 1b7a931fd1 Replace keystone db flush cron job with a Fernet key rotation job 
Previously, we had a cron job to flush removed keystone tokens. Since
[1] this is not required anymore, but we need to add a cron job to
rotate Fernet keys.

[1] - https://review.openstack.org/544547

Change-Id: I331788ea08322a6f982c87eb195a619bab1c4d2e
2018-08-21 09:55:18 +00:00

13 lines
425 B
YAML
Raw Blame History

---
upgrade:
- |
A new CONFIG_KEYSTONE_FERNET_TOKEN_ROTATE_ENABLE option has been added to
the answer file. When enabled (default), it will create a cron job to
rotate Fernet keys.
deprecations:
- |
Since Keystone has deprecated token formats requiring storage in the DB,
the CONFIG_KEYSTONE_DB_PURGE_ENABLE option has been removed. Instead, we
are implementing a cron job to rotate Fernet keys.
View Git Blame Copy Permalink