5d47236c89
The fernet token rotation is subject to a race condition when using
aggressive rotation in a high volume, high traffic, high capacity cloud.
This change addresses the potential race condition by converting our
fernet token sync method from rsync to scp and by sorting the fernet
keys in reverse version ordering. This will ensure that the key with
the highest index is always synchronized first and will ensure that
the underlying file structure of a given target node always remains
intact during a sync operation.
Related-Bug: 1816927
Change-Id: I9087d953f7dabe04a2ad19af6121dae71544e5b2
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
(cherry picked from commit
|
||
---|---|---|
defaults | ||
doc | ||
examples | ||
handlers | ||
library | ||
meta | ||
releasenotes | ||
tasks | ||
templates | ||
tests | ||
vars | ||
zuul.d | ||
.gitignore | ||
.gitreview | ||
CONTRIBUTING.rst | ||
LICENSE | ||
README.rst | ||
Vagrantfile | ||
bindep.txt | ||
manual-test.rc | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
OpenStack-Ansible keystone
Ansible role that installs and configures OpenStack Keystone. Keystone is installed behind the Apache webserver listening on port 5000 and port 35357 by default.
Documentation for the project can be found at: https://docs.openstack.org/openstack-ansible-os_keystone/latest/ The project home is at: http://launchpad.net/openstack-ansible