[Rdo-list] Default keystone token provider in Juno packages
Nathan Kinder
nkinder at redhat.com
Tue Oct 14 23:16:30 UTC 2014
On 10/14/2014 03:51 PM, Alan Pevec wrote:
>> So all good for RDO Juno!
>
> Please note later -1 review from Nathan, I jumped to the conclusion!
>
> "We still need to perform the PKI certificate setup, even if UUID
> tokens are being used. The reason is that the token revocation list is
> signed regardless of the token format. If the keys/cert are not
> created, then an attempt to fetch the revocation list will result in
> signing errors due to an underlying ENOENT."
The puppet-keystone module handles this properly now too, so things will
be set up correctly when using packstack.
The documentation should still mention that PKI setup is needed even
when using the UUID token format. This is true for all
platforms/distributions, not just RDO.
Thanks,
-NGK
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
>
>
More information about the dev
mailing list