Rotation Keystone Fernet Keys from the Overcloud

updated: 2018-10-25 17:26

Limit Environment Specific Content

Operating Systems

CentOS
RHEL

Branches

Install from stable branch
Install from Newton branch
Install from Ocata branch

RHEL Registration Types

Portal
Satellite

Environments

Baremetal
Virtual

Features

Validations
Optional

Additional Overcloud Roles

Ceph

Upgrade Version

Upgrading Mitaka to Newton
Upgrading Newton to Ocata
Upgrading Ocata to Pike

Rotation Keystone Fernet Keys from the Overcloud¶

Like most passwords in your overcloud deployment, keystone fernet keys are also stored as part of the deployment plan in mistral. The overcloud deplotment’s fernet keys can be rotated with the following command:

openstack workflow execution create \
    tripleo.fernet_keys.v1.rotate_fernet_keys \
    '{"container": "overcloud"}'

Where the value for “container” is the name of the plan (which defaults to “overcloud”).

After waiting some time you can verify the output by taking the execution ID from that was the output of the previous command, and issuing the following command:

openstack workflow execution output show EXECUTION_UUID

Please note that there must be an overcloud deployment ready and accessible in order to execute this action.

updated: 2018-10-25 17:26

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

Rotation Keystone Fernet Keys from the Overcloud

Rotation Keystone Fernet Keys from the Overcloud¶

tripleo-docs 0.0.1.dev980