Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 3b31b4d9e761796458ebc58f642538428d70ad5f^! / .
commit3b31b4d9e761796458ebc58f642538428d70ad5f[log] [tgz]
authorOleksii Grudev <ogrudev@mirantis.com>Fri Aug 17 11:19:11 2018 +0300
committerOleksii Grudev <ogrudev@mirantis.com>Fri Aug 17 11:19:11 2018 +0300
tree34c55afb2a7e39b5962443a90e32bb279db93928
parentedd134f94a064f23b71825fd38e615420fb7a788 [diff]
Add metadata for credential key rsync rotate

This commit adds metadata for credential keys rsync
rotate mechanism such as: list of secondary nodes to sync to,
crontab jobs

Change-Id: Iabe142142762adbba8a14d368a544bde55cefb3f
Related-PROD: PROD-22304

diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index e09b8e9..ac1f481 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml

@@ -10,11 +10,26 @@
             name: ${_param:openstack_control_node03_hostname}
             enabled: True
         fernet_rotation_driver: rsync
+      credential:
+        credential_sync_nodes_list:
+          sync_node01:
+            name: ${_param:openstack_control_node02_hostname}
+            enabled: True
+          sync_node02:
+            name: ${_param:openstack_control_node03_hostname}
+            enabled: True
+        credential_rotation_driver: rsync
   linux:
     system:
       job:
         keystone_fernet_rotate_rsync:
-          command: '/var/lib/keystone/fernet_keys_rotate.sh -rs >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+          command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
           enabled: true
           user: keystone
           minute: 0
+        keystone_credential_rotate_rsync:
+          command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+          enabled: true
+          user: keystone
+          hour: 0
+          minute: 0

diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index 3aa2add..88a7f8b 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml

@@ -3,11 +3,19 @@
     server:
       tokens:
         fernet_rotation_driver: rsync
+      credential:
+        credential_rotation_driver: rsync
   linux:
     system:
       job:
         keystone_fernet_rotate_rsync:
-          command: '/var/lib/keystone/fernet_keys_rotate.sh -r >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+          command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
           enabled: true
           user: keystone
           minute: 0
+        keystone_credential_rotate_rsync:
+          command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+          enabled: true
+          user: keystone
+          hour: 0
+          minute: 0