Re: [openstack-dev] [tc][keystone][tacker]

[yanxingan]

Thanks, Shake Chen.
Seems barbican is a better way.

On 2017/3/12 22:59, Shake Chen wrote:

Hi
why not use barbican?

On Sun, Mar 12, 2017 at 10:33 PM, yanxin...@cmss.chinamobile.com
 > wrote:


Hi, folks:


Currently tacker server node stores fernet keys for vim password decryption 
on local root file system.
If Tacker service serves API requests through a load balancer, then the 
operation will fail if the request
is not fulfilled by the server node which created and stored the fernet key.

So we need a possible solution for syncing the keys across multiple server 
nodes. Currently we
are
thinking about storing the fernet keys via ceph or swift.
  Do you have any suggestions
on this approach, or does other project has already
dealt with this problem?

Thanks.


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev





--
Shake Chen



__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev





__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [tc][keystone][tacker]

[Shake Chen]

Hi
why not use barbican?

On Sun, Mar 12, 2017 at 10:33 PM, yanxin...@cmss.chinamobile.com <
yanxin...@cmss.chinamobile.com> wrote:

>
> Hi, folks:
>
> Currently tacker server node stores fernet keys for vim
> password decryption on local root file system.
> If Tacker service serves API requests through a load balancer,
> then the operation will fail if the request
> is not fulfilled by the server node which created and
> stored the fernet key.
> So we need a possible solution for syncing the keys
> across multiple server nodes. Currently we are
> thinking about storing the fernet keys via ceph or swift.
>   Do you have any suggestions on this approach, or does other project has
> already dealt with this problem?
>
> Thanks.
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Shake Chen
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [tc][keystone][tacker]

[yanxin...@cmss.chinamobile.com]

Hi, folks:

Currently tacker server node stores fernet keys for vim password decryption 
on local root file system. 
If Tacker service serves API requests through a load balancer, then the 
operation will fail if the request 
is not fulfilled by the server node which created and stored the fernet key.
So we need a possible solution for syncing the keys across multiple server 
nodes. Currently we are 
thinking about storing the fernet keys via ceph or swift. 
  Do you have any suggestions on this approach, or does other project has 
already dealt with this problem?

Thanks.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev