X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=docker%2Fservices%2Fkeystone.yaml;h=6371367745624b82071e3210442a995dea1e5d24;hb=e0bd63c826e687d9019b76297e9375f3b0608c2e;hp=bd3a010e8b9f1a9c5f7165549bcbb4bed6c52e87;hpb=03b3fd7fe967694000939048c14fe8793c451b5c;p=apex-tripleo-heat-templates.git

diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index bd3a010e..63713677 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -30,6 +30,12 @@ parameters:
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     type: string
     hidden: true
+  KeystoneTokenProvider:
+    description: The keystone token format
+    type: string
+    default: 'uuid'
+    constraints:
+      - allowed_values: ['uuid', 'fernet']
 
 resources:
 
@@ -40,6 +46,9 @@ resources:
       ServiceNetMap: {get_param: ServiceNetMap}
       DefaultPasswords: {get_param: DefaultPasswords}
 
+conditions:
+  keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
 outputs:
   role_data:
     description: Role data for the Keystone API role.
@@ -80,6 +89,16 @@ outputs:
              owner: keystone
              perm: '0600'
              source: /var/lib/kolla/config_files/src/etc/keystone/credential-keys/1
+           - dest: /etc/keystone/fernet-keys/0
+             owner: keystone
+             perm: '0600'
+             source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/0
+             optional: {if: [keystone_fernet_tokens, false, true]}
+           - dest: /etc/keystone/fernet-keys/1
+             owner: keystone
+             perm: '0600'
+             source: /var/lib/kolla/config_files/src/etc/keystone/fernet-keys/1
+             optional: {if: [keystone_fernet_tokens, false, true]}
            - dest: /etc/httpd/conf.d/10-keystone_wsgi_admin.conf
              owner: root
              perm: '0644'
@@ -149,11 +168,10 @@ outputs:
           config_volume: 'keystone_init_tasks'
           puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain'
           step_config: 'include ::tripleo::profile::base::keystone'
-          config_image:
-            list_join:
-            - '/'
-            - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ]
+          config_image: *keystone_image
       upgrade_tasks:
         - name: Stop and disable keystone service (running under httpd)
           tags: step2
           service: name=httpd state=stopped enabled=no
+      metadata_settings:
+        get_attr: [KeystoneBase, role_data, metadata_settings]