keystone: Stop syncing signing keys (SCRD-781)#1204
Merged
Conversation
stefannica
previously approved these changes
Aug 29, 2017
PKI tokens have been removed from keystone, and the pki_setup command that used to generate the initial signing key pair has been removed from the keystone package[1]. Since there is no longer an initial signing key pair at the point where the keystone barclamp is supposed to try to synchronize them, the keystone barclamp fails on pike with "No such file or directory". If a key pair is needed to HTTPS, the barclamp will generate it, but it is no longer needed for token functionality, so we can just remove the synchronization steps. [1] https://build.opensuse.org/package/rdiff/Cloud:OpenStack:Master/openstack-keystone?linkrev=base&rev=1001
Contributor
Author
|
Updated, I think the sync marks can go away too |
stefannica
approved these changes
Aug 29, 2017
stefannica
left a comment
stefannica
left a comment
Contributor
There was a problem hiding this comment.
Good point, I was just about to suggest that you remove the crowbar sync too 👍
toabctl
approved these changes
Aug 29, 2017
nicolasbock
approved these changes
Aug 29, 2017
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PKI tokens have been removed from keystone, and the pki_setup command
that used to generate the initial signing key pair has been removed from
the keystone package[1]. Since there is no longer an initial signing key
pair at the point where the keystone barclamp is supposed to try to
synchronize them, the keystone barclamp fails on pike with "No such file
or directory". If a key pair is needed to HTTPS, the barclamp will
generate it, but it is no longer needed for token functionality, so we
can just remove the synchronization steps.
[1] https://build.opensuse.org/package/rdiff/Cloud:OpenStack:Master/openstack-keystone?linkrev=base&rev=1001