Update keystone.conf to use new provider config
This change uses the [token] provider configuration rather than the deprecated [signing] token_format to select between PKI and UUID tokens. Closes-Bug: #1273946 Change-Id: Ia03c2375326c14d4783df3c0774599c795b25cf2
This commit is contained in:
parent
63b9342999
commit
e1a8f62618
|
@ -65,7 +65,7 @@ default['openstack']['identity']['users'] = {
|
|||
}
|
||||
|
||||
# PKI signing. Corresponds to the [signing] section of keystone.conf
|
||||
# Note this section is only written if node['openstack']['auth']['straegy'] == 'pki'
|
||||
# Note this section is only written if node['openstack']['auth']['strategy'] == 'pki'
|
||||
default['openstack']['identity']['signing']['basedir'] = '/etc/keystone/ssl'
|
||||
default['openstack']['identity']['signing']['certfile'] = '/etc/keystone/ssl/certs/signing_cert.pem'
|
||||
default['openstack']['identity']['signing']['keyfile'] = '/etc/keystone/ssl/private/signing_key.pem'
|
||||
|
|
|
@ -169,7 +169,7 @@ template_file = /etc/keystone/default_catalog.templates
|
|||
|
||||
[token]
|
||||
driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token
|
||||
|
||||
provider = keystone.token.providers.<%= node["openstack"]["auth"]["strategy"] %>.Provider
|
||||
# Amount of time a token should remain valid (in seconds)
|
||||
expiration = 86400
|
||||
|
||||
|
@ -188,15 +188,12 @@ driver = keystone.contrib.ec2.backends.sql.Ec2
|
|||
|
||||
[signing]
|
||||
<% if node["openstack"]["auth"]["strategy"] == "pki" -%>
|
||||
token_format = PKI
|
||||
certfile = <%= node["openstack"]["identity"]["signing"]["certfile"] %>
|
||||
keyfile = <%= node["openstack"]["identity"]["signing"]["keyfile"] %>
|
||||
ca_certs = <%= node["openstack"]["identity"]["signing"]["ca_certs"] %>
|
||||
key_size = <%= node["openstack"]["identity"]["signing"]["key_size"] %>
|
||||
valid_days = <%= node["openstack"]["identity"]["signing"]["valid_days"] %>
|
||||
ca_password = <%= node["openstack"]["identity"]["signing"]["ca_password"] %>
|
||||
<% else -%>
|
||||
token_format = UUID
|
||||
<% end -%>
|
||||
|
||||
[auth]
|
||||
|
|
Loading…
Reference in New Issue