diff --git a/README.md b/README.md index e9b7cae6e..2fc7e7df2 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ the current matrix of available tests: | - | scenario000 | scenario001 | scenario002 | scenario003 | |:--------------:|:-----------:|:-----------:|:-----------:|:------------: -| keystone | FERNET | FERNET | UUID | FERNET | +| keystone | FERNET | FERNET | FERNET | FERNET | | glance | | file | swift | file | | nova | X | X | X | X | | neutron | X | X | X | X | diff --git a/docs/packstack.rst b/docs/packstack.rst index e50a56269..0eab1b04f 100755 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -333,7 +333,7 @@ Keystone Config parameters Identity service API version string. ['v2.0', 'v3'] **CONFIG_KEYSTONE_TOKEN_FORMAT** - Identity service token format (UUID, PKI or FERNET). The recommended format for new deployments is FERNET. ['UUID', 'PKI', 'FERNET'] + Identity service token format (FERNET). Since Rocky, only FERNET is supported. ['FERNET'] **CONFIG_KEYSTONE_IDENTITY_BACKEND** Type of Identity service backend (sql or ldap). ['sql', 'ldap'] diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index 55aa799b6..76c7fd609 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -151,7 +151,7 @@ def initConfig(controller): {"CMD_OPTION": "keystone-token-format", "PROMPT": "Enter the Keystone token format.", - "OPTION_LIST": ['UUID', 'PKI', 'FERNET'], + "OPTION_LIST": ['FERNET'], "VALIDATORS": [validators.validate_options], "DEFAULT_VALUE": 'FERNET', "MASK_INPUT": False, diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp index c71b820a8..2c561281c 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -6,11 +6,6 @@ class packstack::keystone () $keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') $keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL') $keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT')) - if $keystone_token_provider_str == 'fernet' { - $enable_fernet_setup = true - } else { - $enable_fernet_setup = false - } $keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','') $keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL') @@ -39,7 +34,7 @@ class packstack::keystone () admin_password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", token_provider => "${keystone_token_provider_str}", - enable_fernet_setup => $enable_fernet_setup, + enable_fernet_setup => true, debug => hiera('CONFIG_DEBUG_MODE'), service_name => 'httpd', enable_ssl => $keystone_use_ssl, diff --git a/releasenotes/notes/Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml b/releasenotes/notes/Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml new file mode 100644 index 000000000..f564c1fd9 --- /dev/null +++ b/releasenotes/notes/Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + Keystone has removed support for token formats other than Fernet in + https://review.openstack.org/543060. Thus, support for those token + formats has been removed from Packstack. diff --git a/tests/scenario002.sh b/tests/scenario002.sh index 48ccc67c7..4e6397d9f 100755 --- a/tests/scenario002.sh +++ b/tests/scenario002.sh @@ -40,7 +40,6 @@ $SUDO packstack ${ADDITIONAL_ARGS} \ --os-neutron-vpnaas-install=n \ --os-sahara-install=y \ --os-trove-install=y \ - --keystone-token-format=UUID \ --provision-uec-kernel-url="/tmp/cirros/cirros-0.3.5-x86_64-vmlinuz" \ --provision-uec-ramdisk-url="/tmp/cirros/cirros-0.3.5-x86_64-initrd" \ --provision-uec-disk-url="/tmp/cirros/cirros-0.3.5-x86_64-disk.img" \