From c93b1e7482f76861dc9fbf35a8673b29b54e82dc Mon Sep 17 00:00:00 2001
From: Alvaro Vega <alvaro.vegagarcia@telefonica.com>
Date: Wed, 15 Dec 2021 11:42:05 +0100
Subject: [PATCH] set max_active_keys for fernet tokens and receipts to 6

---
 docker/postlaunchconfig.sh        | 4 ++++
 docker/postlaunchconfig_update.sh | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/docker/postlaunchconfig.sh b/docker/postlaunchconfig.sh
index 2977a09..b40315b 100755
--- a/docker/postlaunchconfig.sh
+++ b/docker/postlaunchconfig.sh
@@ -136,6 +136,10 @@ echo "[ postlaunchconfig - fernet_setup ] "
 chown -R keystone:keystone /etc/keystone/fernet-keys
 chmod -R o-rwx /etc/keystone/fernet-keys
 /usr/bin/keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
+openstack-config --set /etc/keystone/keystone.conf \
+                 fernet_receipts max_active_keys 6
+openstack-config --set /etc/keystone/keystone.conf \
+                 fernet_tokens max_active_keys 6
 
 echo "[ postlaunchconfig - bootstrap ] "
 /usr/bin/keystone-manage bootstrap \
diff --git a/docker/postlaunchconfig_update.sh b/docker/postlaunchconfig_update.sh
index 5acbb6f..b0a9b07 100755
--- a/docker/postlaunchconfig_update.sh
+++ b/docker/postlaunchconfig_update.sh
@@ -175,6 +175,10 @@ echo "[ postlaunchconfig_update - fernet_setup ] "
 chown -R keystone:keystone /etc/keystone/fernet-keys
 chmod -R o-rwx /etc/keystone/fernet-keys
 /usr/bin/keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
+openstack-config --set /etc/keystone/keystone.conf \
+                 fernet_receipts max_active_keys 6
+openstack-config --set /etc/keystone/keystone.conf \
+                 fernet_tokens max_active_keys 6
 
 # Create metadata for your keystone IdP
 if [ "${SAML_ENDPOINT}" != "" ] && [ "${SAML_CERTFILE}" != "" ] && [ "${SAML_KEYFILE}" != "" ]; then