Bug 1325541

Summary: [RFE][keystone] Fernet Token Support
Product: Red Hat OpenStack Reporter: Adam Young <ayoung>
Component: openstack-keystoneAssignee: Adam Young <ayoung>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: high    
Version: 9.0 (Mitaka)CC: jdennis, jschluet, markmc, nkinder, rduartes, scohen, srevivo
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 10.0 (Newton)   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-keystone-10.0.0-1.el7ost Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1382799 1382803 (view as bug list) Environment:
Last Closed: 2016-12-14 15:32:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1336533, 1382799, 1382803    

Description Adam Young 2016-04-09 20:20:55 UTC
Description of problem:

Fernet tokens are not default in upstream Mitaka due to several unit tests failing.  Once these have been resolved, the changes required should be backported to ship with OSP 8.

Comment 2 Adam Young 2016-09-02 17:43:00 UTC
This needs a spec for Tripleo, as there is no support for deploying and syncing keys.

it might be possible to do in a manual process, but will not be default, or managed, by openstack overcloud deploy.

Comment 3 Mark McLoughlin 2016-09-05 12:29:00 UTC
Upstream discussion on key rotation: http://lists.openstack.org/pipermail/openstack-dev/2016-August/101262.html

Comment 4 Adam Young 2016-09-07 22:34:04 UTC
A series of reviews in Puppet, Heat, and Tripleo look likely to make this a reality, or at least much closer.

https://review.openstack.org/#/q/topic:keystone/credentials

Comment 5 Nathan Kinder 2016-09-22 19:39:39 UTC
(In reply to Adam Young from comment #4)
> A series of reviews in Puppet, Heat, and Tripleo look likely to make this a
> reality, or at least much closer.
> 
> https://review.openstack.org/#/q/topic:keystone/credentials

These did not actually implement Fernet support, so more work is needed here.

Comment 13 errata-xmlrpc 2016-12-14 15:32:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html