On Mon, Aug 3, 2015 at 7:03 AM, David Stanek <dsta...@dstanek.com> wrote:

>
> On Mon, Aug 3, 2015 at 7:14 AM, Davanum Srinivas <dava...@gmail.com>
> wrote:
>
>> agree. "Native HA solution" was already ruled out in several email
>> threads by keystone cores already (if i remember right). This is a
>> devops issue and should be handled as such was the feedback.
>>
>
> I'm sure you are right. I'm not sure why we would want to add that much
> complexity into Keystone.
>

++, I think the more complicated the tool to distribute the keys, the more
complex it is to troubleshoot issues when things go south. If you have an
issue with a single Keystone node, you have to understand whatever
mechanism that keeps keys in sync, as well as what could go wrong and how
to fix it. This is in comparison to something, or some ansible script, that
is idempotent and can be applied against the whole cluster, or a single
node. The ability of having a staged key buys you time in the key
distribution process.

>
>
>
> --
> David
> blog: http://www.traceback.org
> twitter: http://twitter.com/dstanek
> www: http://dstanek.com
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to