Has there been much discussion on how to ensure that keys are
recoverable in the event that Barbican has some sort of horrific
failure?
I suppose a HA frontend, Redundant Keystore Databases and HA paired HSMs
would be the most obvious non-code-writing path but this feels pretty
clunky, I was
Excerpts from Clark, Robert Graham's message of 2014-03-19 07:41:35 -0700:
Has there been much discussion on how to ensure that keys are
recoverable in the event that Barbican has some sort of horrific
failure?
I suppose a HA frontend, Redundant Keystore Databases and HA paired HSMs
would
Our plan for deployment is exactly as Clark described:
* Several API nodes behind a load balancer
* PostgreSQL master/slave replication
* HSMs in HA paired mode
* Several Worker nodes
I’m also curios as to why this would be considered “clunky”?
-Doug
On 3/19/14, 1:21 PM, Clint Byrum
-Original Message-
From: Clint Byrum [mailto:cl...@fewbar.com]
Sent: 19 March 2014 18:22
To: openstack
Subject: Re: [Openstack] [Barbican] Key Recovery / Availability
Excerpts from Clark, Robert Graham's message of 2014-03-19 07:41:35 -
0700:
Has there been much discussion
As the services I described were the first things that came into my mind with
regards to high availability in Barbican I assumed that there was probably a
better strategy.
If the strategy is as you've described then that's great - even I can
understand that!
-Rob
Our plan for deployment