commit 614facd343238cf80737330093b9ae8fe9b784ea
author Oleksii Grudev <ogrudev@mirantis.com> Mon Aug 20 13:20:29 2018 +0300
committer Oleksii Grudev <ogrudev@mirantis.com> Mon Aug 20 14:26:34 2018 +0300
tree 2c87e3628dece79ac1fa936afa27eeed4a584bc9
parent 079dfa7b80b386a69f203f0167d56b47d38fabaf

Enable rsync fernet rotation by default

Change-Id: I6a082f5488f50c87f4d08db9298eeab8e5825f05
Related-PROD: PROD-22285

keystone/server/cluster.yml

diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 4c24975..c9642bd 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -4,6 +4,7 @@
 - system.haproxy.proxy.listen.openstack.keystone
 - system.haproxy.proxy.listen.openstack.keystone.standalone
 - system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.cluster
 parameters:
   _param:
     keystone_tokens_expiration: 3600

keystone/server/fernet_rotation/cluster.yml

diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index ac1f481..a4aad33 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -1,24 +1,27 @@
 parameters:
+  _param:
+    fernet_rotation_driver: 'rsync'
+    credential_rotation_driver: 'rsync'
   keystone:
     server:
       tokens:
         fernet_sync_nodes_list:
           sync_node01:
-            name: ${_param:openstack_control_node02_hostname}
+            name: ${_param:cluster_node02_hostname}
             enabled: True
           sync_node02:
-            name: ${_param:openstack_control_node03_hostname}
+            name: ${_param:cluster_node03_hostname}
             enabled: True
-        fernet_rotation_driver: rsync
+        fernet_rotation_driver: ${_param:fernet_rotation_driver}
       credential:
         credential_sync_nodes_list:
           sync_node01:
-            name: ${_param:openstack_control_node02_hostname}
+            name: ${_param:cluster_node02_hostname}
             enabled: True
           sync_node02:
-            name: ${_param:openstack_control_node03_hostname}
+            name: ${_param:cluster_node03_hostname}
             enabled: True
-        credential_rotation_driver: rsync
+        credential_rotation_driver: ${_param:credential_rotation_driver}
   linux:
     system:
       job:

keystone/server/fernet_rotation/single.yml

diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index 88a7f8b..de5ca6a 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml
@@ -1,10 +1,13 @@
 parameters:
+  _param:
+    fernet_rotation_driver: 'rsync'
+    credential_rotation_driver: 'rsync'
   keystone:
     server:
       tokens:
-        fernet_rotation_driver: rsync
+        fernet_rotation_driver: ${_param:fernet_rotation_driver}
       credential:
-        credential_rotation_driver: rsync
+        credential_rotation_driver: ${_param:credential_rotation_driver}
   linux:
     system:
       job:

keystone/server/single.yml

diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 68a29a7..e1131c0 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,6 +1,7 @@
 classes:
 - service.keystone.server.single
 - system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.single
 parameters:
   _param:
     keystone_service_token: token