Tacker uses OpenStack Barbican for secret keys

Use the OpenStack Barbican component instead of OpenStack Keystone
as secret key handler.
The reason behind is the way that Tacker handles the secret keys of
complex scenarios (specially the scenarios with HA) and how they are
stored or retrieved between different VMs or Blades.

Change-Id: I63d40c5239d2585e8bb7ac3b9338252c9e28c4c6
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>
This commit is contained in:
Panagiotis Karalis 2018-09-27 18:29:31 +03:00
parent 8ddb25da3f
commit dc536599f8
2 changed files with 3 additions and 0 deletions

View File

@ -129,6 +129,8 @@ tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(
tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}"
tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}"
## Barbican service
barbican_keys_backend: false
#NOTE: move password to tests/test-vars.yml
tacker_service_password: password

View File

@ -103,6 +103,7 @@ mgmt_driver = noop,openwrt
monitor_driver = ping, http_ping
[vim_keys]
use_barbican = {{ barbican_keys_backend | bool }}
openstack = {{ tacker_etc_dir }}/vim/fernet_keys
[oslo_messaging_rabbit]