Thanks Alex and Emilien for the quick answer. This was brought up at the summit by Adam, but I don't think we have to prevent keystone from changing the default. TripleO and Puppet can still specify UUID as their desired token format; it is not deprecated or slated for removal. Agreed?
On Thu, Nov 3, 2016 at 10:23 AM, Alex Schultz <[email protected]> wrote: > Hey Steve, > > On Thu, Nov 3, 2016 at 8:11 AM, Steve Martinelli <[email protected]> > wrote: > > As a heads up to some of keystone's consuming projects, we will be > changing > > the default token format from UUID to Fernet. Many patches have merged to > > make this possible [1]. The last 2 that you probably want to look at are > [2] > > and [3]. The first flips a switch in devstack to make fernet the selected > > token format, the second makes it default in Keystone itself. > > > > [1] https://review.openstack.org/#/q/topic:make-fernet-default > > [2] DevStack patch: https://review.openstack.org/#/c/367052/ > > [3] Keystone patch: https://review.openstack.org/#/c/345688/ > > > > Thanks for the heads up. In puppet openstack we had already > anticipated this and attempted to do the same for the > puppet-keystone[0] module as well. Unfortunately after merging it, we > found that tripleo wasn't yet prepared to handle the HA implementation > of fernet tokens so we had to revert it[1]. This shouldn't impact > anyone currently consuming puppet-keystone as we define uuid as the > default for now. Our goal is to do something similar this cycle but > there needs to be some further work in the downstream consumers to > either define their expected default (of uuid) or support fernet key > generation correctly. > > Thanks, > -Alex > > [0] https://review.openstack.org/#/c/389322/ > [1] https://review.openstack.org/#/c/392332/ > > > ____________________________________________________________ > ______________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: [email protected]?subject: > unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
