Hey Steve, On Thu, Nov 3, 2016 at 8:11 AM, Steve Martinelli <s.martinelli at gmail.com> wrote: > As a heads up to some of keystone's consuming projects, we will be changing > the default token format from UUID to Fernet. Many patches have merged to > make this possible [1]. The last 2 that you probably want to look at are [2] > and [3]. The first flips a switch in devstack to make fernet the selected > token format, the second makes it default in Keystone itself. > > [1] https://review.openstack.org/#/q/topic:make-fernet-default > [2] DevStack patch: https://review.openstack.org/#/c/367052/ > [3] Keystone patch: https://review.openstack.org/#/c/345688/ > Thanks for the heads up. In puppet openstack we had already anticipated this and attempted to do the same for the puppet-keystone[0] module as well. Unfortunately after merging it, we found that tripleo wasn't yet prepared to handle the HA implementation of fernet tokens so we had to revert it[1]. This shouldn't impact anyone currently consuming puppet-keystone as we define uuid as the default for now. Our goal is to do something similar this cycle but there needs to be some further work in the downstream consumers to either define their expected default (of uuid) or support fernet key generation correctly. Thanks, -Alex [0] https://review.openstack.org/#/c/389322/ [1] https://review.openstack.org/#/c/392332/ > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >