Hi folks,

I want to discuss the way we are working with generated keys for
nova/ceph/mongo and something else.

Right now we are generating keys on master itself, and then distributing
them by mcollective
transport to all nodes. As you may know we are in the process of making
this process described as
task.

There is a couple of options:
1. Expose keys in rsync server on master, in folder /etc/fuel/keys, and
then copy them with rsync task (but it feels not very secure)
2. Copy keys from /etc/fuel/keys on master, to /var/lib/astute on target
nodes. It will require additional
hook in astute, smth like copy_file, which will copy data from file on
master and put it on the node.

Also there is 3rd option to generate keys right on primary-controller and
then distribute them on all other nodes, and i guess it will be
responsibility of controller to store current keys that are valid for
cluster. Alex please provide more details about 3rd approach.

Maybe there is more options?
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to