On 07/27/2015 04:52 AM, Alexander Makarov wrote:
I've filed a ticket to test Fernet token on the scale lab:
https://mirantis.jira.com/browse/MOSS-235
This is good, but keep in mind that the broader community does not have
access to the Mirantis JIRA :) Probably better to just mention you have
Actually Fernet token IS the best bet on stability and quality.
On Mon, Jul 27, 2015 at 3:23 PM, Sergii Golovatiuk wrote:
> Guys, I object of merging Fernet tokens. I set -2 for any Fernet related
> activities. Firstly, there are some ongoing discussions how we should
> distribute, revoke, rotat
Guys, I object of merging Fernet tokens. I set -2 for any Fernet related
activities. Firstly, there are some ongoing discussions how we should
distribute, revoke, rotate SSL keys for Fernet. Secondly, there some
discussion in community about potential security concerns where user may
renew token in
I agree. Configuration with memcache made by Fuel now has issues which badly
affect overall OpenStack experience.
On Monday 27 July 2015 14:34:59 Vladimir Kuklin wrote:
> Folks
>
> We saw several High issues with how keystone manages regular memcached
> tokens. I know, this is not the perfect ti
I've filed a ticket to test Fernet token on the scale lab:
https://mirantis.jira.com/browse/MOSS-235
If this feature is not granted FFE we still can configure it manually by
changing keystone config.
So I think internal how-to document backed-up with scale and bvt testing
will allow our deployers
Folks
We saw several High issues with how keystone manages regular memcached
tokens. I know, this is not the perfect time as you already decided to push
it from 7.0, but I would reconsider declaring it as FFE as it affects HA
and UX poorly. If we can enable tokens simply by altering configuration,
Mike,
Thanks! +1 to "Let's polish this work before the next release, merge
changes to upstream puppet-openstack, and then just use librarian in
the next release."
-- dims
On Fri, Jul 24, 2015 at 1:39 PM, Mike Scherbakov
wrote:
> Thanks guys. Feature Freeze exception request is declined then. Le
Thanks guys. Feature Freeze exception request is declined then. Let's
polish this work before the next release, merge changes to upstream
puppet-openstack, and then just use librarian in the next release.
I'd like to comment Bogdan's email -
unless we fully switch to librarian, I don't agree with:
Hi,
we were not able to get a working deployment with fernet token support
patches, mostly due to issues with keys generation and deployment
mechanism. I've also spend some time debugging problems with this and I
think it's too risky to land it in 7.0. So I vote for postponing it till
8.0.
Regard
> Fuel Library team, I expect your immediate reply here.
>
> I'd like upgrades team to take a look at this one, as well as at the one
> which moves Keystone under Apache, in order to check that there are no
> issues here.
>
> -1 from me for this time in the cycle. I'm concerned about:
>
>1.
Fuel Library team, I expect your immediate reply here.
I'd like upgrades team to take a look at this one, as well as at the one
which moves Keystone under Apache, in order to check that there are no
issues here.
-1 from me for this time in the cycle. I'm concerned about:
1. I don't see any re
Colleagues,
I would like to request an exception from the Feature Freeze for Fernet
tokens support added to the fuel-library in the following CR:
https://review.openstack.org/#/c/201029/
Keystone part of the feature is implemented in the upstream and the change
impacts setup configuration only.
12 matches
Mail list logo