openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes
1,001 Commits 9 Branches 16 Tags 11 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov bb62cf36c6 Cleanup upgrade to ssh_keypairs step 
We have migrated to usage of ssh_keypairs role a while ago and we
can remove old migration clean-up task.

Change-Id: I2c73f087b48fd3e664e0b339f2fb2b77b208f6c5
 2023-10-19 10:43:21 +02:00
Dmitriy Rabotyagov eea1a4853f Fix linters and metadata 
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Id92330b3c709201a74612c8353cefa75778eac0c
 2023-07-14 20:44:53 +02:00
Jonathan Rosser 19af9dabc8 Use ssh_keypairs role to generate fernet sync ssh keys 
This uses ssh signed certificates so there is no longer the need
to distribute the keystone public key from each keystone host to all
other keystone hosts.

The legacy scripts and authorized key files are removed as a
migration step.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/836377
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/825292
Change-Id: If39df0cc80860576abac1830d5cfc66ca50fc655
 2022-04-04 15:59:10 +00:00
Major Hayden b7b9db7bb4
Change include: to include_tasks: 
This removes warnings in Ansible 2.4+.

The patch also removes "static:" from the playbooks since that
argument is no longer used by Ansible.

Change-Id: I6e5fcbccd4239db73de20e640a3423d1a2333bbe
 2018-02-15 10:24:39 -06:00
Travis Truman 8797fc707a Cleanup/standardize usage of tags 
The numerous tags within the role have been condensed
to two tags: keystone-install and keystone-config

These tags have been chosen as they are namespaced
and cover the two major functions of the role.

Documentation has been updated to inform how each tag
influences the function of the role.

Change-Id: Iea4bff944ce0a35a4b1bc044171472ea44eda323
 2016-05-24 15:51:03 -04:00
Andy McCrae 1ee26028ee Adjust SSH key creation method for Keystone 
This patch ensures that the authorized_keys ansible module, as well as
the built in "generate_ssh_keys" flag for user creation, so that we can
avoid using shell out commands.

Additionally, this moves the key synchronisation to use ansible
variables instead of the memcache server.

Change-Id: I0072b8d0977ab9aea10dd95080756f6864612013
Closes-Bug: #1477512
 2015-07-23 14:15:40 +01:00
kevin 88fe59f04d Updated default fernet key usage 
This change makes the use of fernet tokens production ready. The changes are
as follows:
  * Ensures that the keys are rotated on every playbook execution
  * Removes the need to sync keys back to a deployment host when distributing
    them to other keystone hosts.
  * Creates an autonomous key rotation process that can rotate on the following
    intervals [reboot, yearly, annually, monthly, weekly, daily, hourly] to all
    hosts from any keystone fernet host.
  * Fixes the section in `keystone.conf` which was named "fernet_key" instead
    of "fernet_token".

Change-Id: I50f6a852930728631f5c681a8aa0f1321d7424ac
Related-Bug: #1463569
Closes-Bug: #1468256
 2015-06-30 09:54:31 -05:00