Browse code
Switch fernet to be the default token provider
Use the fernet token provider as the default for keystone.
The Keystone token provider of choice is changing from UUID to Fernet.
However, due the the need for multi-site keystone deploys to have keys
kept in sync, we cannot change the default in upstream Keystone
without breaking existing deployments. Fernet requires a deliberate
setup step like what is done in devstack. Making the change in
devstack documents the expected setup.
Change-Id: I8c0db244634b0861b0eb3c48fe6ede153f7f04f2
Brant Knudson authored on 2015/06/26 07:58:51Showing 1 changed files
| ... | ... |
@@ -89,7 +89,7 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
|
| 89 | 89 |
|
| 90 | 90 |
# Select Keystone's token provider (and format) |
| 91 | 91 |
# Choose from 'uuid', 'pki', 'pkiz', or 'fernet' |
| 92 |
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
|
|
| 92 |
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
|
|
| 93 | 93 |
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
|
| 94 | 94 |
|
| 95 | 95 |
# Set Keystone interface configuration |