On Fri, Mar 27, 2015 at 10:14 AM, Boris Bobrov <[email protected]> wrote:
> As you know, keystone introduced non-persistent tokens in kilo -- Fernet > tokens. These tokens use Fernet keys, that are rotated from time to time. A > great description of key rotation and replication can be found on [0] and > [1] > (thanks, lbragstad). In HA setup there are multiple nodes with Keystone and > that requires key replication. How do we do that with new Fernet tokens? > > Please keep in mind that the solution should be HA -- there should not be > any > "master" server, pushing keys to slave servers, because master server > might go > down. > In my test environment I was using ansible to sync the keys across multiple nodes. Keystone should probably provide some guidance around this process, but I don't think it should deal with the actual syncing. I think that's better left to an installation's existing configuration management tools. -- David blog: http://www.traceback.org twitter: http://twitter.com/dstanek www: http://dstanek.com
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
