Enable memcache protection for keystone

Done accordingly to: * https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#memcache-protection * https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html Change-Id: I91b279e5433569393275ff334d63b43b211a014d
2017-02-22 11:13:42 +01:00 · 2017-02-22 11:13:42 +01:00 · d4f3cec629
parent b05b455502
commit d4f3cec629
2 changed files with 8 additions and 0 deletions
--- a/exports/keystone_authtoken.j2
+++ b/exports/keystone_authtoken.j2
@ -12,4 +12,8 @@ memcached_servers = {{ address("memcached", memcached.port) }}
 {% if keystone.tls.enabled %}
 cafile = /opt/ccp/etc/tls/ca.pem
 {% endif %}
+{% if keystone.encrypt_tokens_in_memcached.enabled %}
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ keystone.encrypt_tokens_in_memcached.secret_key }}
+{% endif %}
 {%- endmacro %}
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@ -27,6 +27,10 @@ configs:
      # format can be basic or cadf:
      format: cadf

+    encrypt_tokens_in_memcached:
+      enabled: true
+      secret_key: password
+
  openstack:
    user_password: password
    user_name: admin