Remove pki support
Change-Id: I13f6b84d14ee316653aad013fadd45978f30f0a4 Implements: blueprint remove-pki
This commit is contained in:
parent
c568e8f73a
commit
a502f70cf6
|
@ -44,7 +44,6 @@ connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_
|
|||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_type = {{ glance_keystone_auth_plugin }}
|
||||
signing_dir = {{ glance_system_user_home }}/cache/api
|
||||
auth_url = {{ keystone_service_adminurl }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
project_domain_id = {{ glance_service_project_domain_id }}
|
||||
|
@ -57,15 +56,11 @@ region_name = {{ keystone_service_region }}
|
|||
memcached_servers = {{ memcached_servers }}
|
||||
|
||||
token_cache_time = 300
|
||||
revocation_cache_time = 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcached_encryption_key }}
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = False
|
||||
|
||||
[oslo_policy]
|
||||
policy_file = {{ glance_policy_file }}
|
||||
policy_default_rule = {{ glance_policy_default_rule }}
|
||||
|
|
|
@ -26,7 +26,6 @@ connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_
|
|||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_type = {{ glance_keystone_auth_plugin }}
|
||||
signing_dir = {{ glance_system_user_home }}/cache/registry/
|
||||
auth_url = {{ keystone_service_adminurl }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
project_domain_id = {{ glance_service_project_domain_id }}
|
||||
|
@ -39,15 +38,11 @@ region_name = {{ keystone_service_region }}
|
|||
memcached_servers = {{ memcached_servers }}
|
||||
|
||||
token_cache_time = 300
|
||||
revocation_cache_time = 60
|
||||
|
||||
# if your memcached server is shared, use these settings to avoid cache poisoning
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcached_encryption_key }}
|
||||
|
||||
# if your keystone deployment uses PKI, and you value security over performance:
|
||||
check_revocations_for_cached = False
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_use_ssl = {{ glance_rabbitmq_use_ssl }}
|
||||
rabbit_notification_exchange = glance
|
||||
|
|
Loading…
Reference in New Issue