From a502f70cf662d51d6d456c44187bb6b93ae0b7d1 Mon Sep 17 00:00:00 2001
From: ZhongShengping <chdzsp@163.com>
Date: Thu, 29 Dec 2016 11:17:40 +0800
Subject: [PATCH] Remove pki support

Change-Id: I13f6b84d14ee316653aad013fadd45978f30f0a4
Implements: blueprint remove-pki
---
 templates/glance-api.conf.j2      | 5 -----
 templates/glance-registry.conf.j2 | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/templates/glance-api.conf.j2 b/templates/glance-api.conf.j2
index 595e9b4e..1c01a122 100644
--- a/templates/glance-api.conf.j2
+++ b/templates/glance-api.conf.j2
@@ -44,7 +44,6 @@ connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
 auth_type = {{ glance_keystone_auth_plugin }}
-signing_dir = {{ glance_system_user_home }}/cache/api
 auth_url = {{ keystone_service_adminurl }}
 auth_uri = {{ keystone_service_internaluri }}
 project_domain_id = {{ glance_service_project_domain_id }}
@@ -57,15 +56,11 @@ region_name = {{ keystone_service_region }}
 memcached_servers = {{ memcached_servers }}
 
 token_cache_time = 300
-revocation_cache_time = 60
 
 # if your memcached server is shared, use these settings to avoid cache poisoning
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
 
-# if your keystone deployment uses PKI, and you value security over performance:
-check_revocations_for_cached = False
-
 [oslo_policy]
 policy_file = {{ glance_policy_file }}
 policy_default_rule = {{ glance_policy_default_rule }}
diff --git a/templates/glance-registry.conf.j2 b/templates/glance-registry.conf.j2
index 472c6c20..77b00200 100644
--- a/templates/glance-registry.conf.j2
+++ b/templates/glance-registry.conf.j2
@@ -26,7 +26,6 @@ connection = mysql+pymysql://{{ glance_galera_user }}:{{ glance_container_mysql_
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
 auth_type = {{ glance_keystone_auth_plugin }}
-signing_dir = {{ glance_system_user_home }}/cache/registry/
 auth_url = {{ keystone_service_adminurl }}
 auth_uri = {{ keystone_service_internaluri }}
 project_domain_id = {{ glance_service_project_domain_id }}
@@ -39,15 +38,11 @@ region_name = {{ keystone_service_region }}
 memcached_servers = {{ memcached_servers }}
 
 token_cache_time = 300
-revocation_cache_time = 60
 
 # if your memcached server is shared, use these settings to avoid cache poisoning
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcached_encryption_key }}
 
-# if your keystone deployment uses PKI, and you value security over performance:
-check_revocations_for_cached = False
-
 [oslo_messaging_rabbit]
 rabbit_use_ssl = {{ glance_rabbitmq_use_ssl }}
 rabbit_notification_exchange = glance