Re: [Openstack-operators] Sharing fernet tokens

+1 for watching the presentation, it was excellent (I was there!). Chris On Thu, Feb 9, 2017 at 10:19 AM, Matt Fischer wrote: > Please reply all to the list rather than emailing me directly. > > Key rotation is done with a keystone-manage command or we just end up >

Re: [Openstack-operators] Sharing fernet tokens

Please reply all to the list rather than emailing me directly. Key rotation is done with a keystone-manage command or we just end up effectively renumbering the keys with our deploy process. I'd recommend you watch our presentation from the Austin summit or read my blog posts on this.

Re: [Openstack-operators] Sharing fernet tokens

I think that you just replied to me directly. But you are asking about sharing keys. Since keys do not need to be in-sync on all nodes at the same time you can use any number of sharing mechanisms. We used puppet + ansible (our normal deploy process). Key rotation allows them to be out of sync

Re: [Openstack-operators] Sharing fernet tokens

Do you mean sharing tokens or keys? On Feb 7, 2017 11:34 AM, "Ignazio Cassano" wrote: > Hi everybody, > Can anyone talk me about Sebring fernet tokens in an openstack with more > than one controller? > Regards > Ignazio > > > >

Re: [Openstack-operators] Sharing fernet tokens

We have 6 keystone servers on 2 datacenters on 6 different servers behind 2 Load Balancers. One server rotates the tokens and then send the files to the rest of the servers via rsync --delete. Cheers. P.D: We use kolla with docker so this works even with docker volumes. El mar., 7 feb. 2017 a

[Openstack-operators] Sharing fernet tokens

Hi everybody, Can anyone talk me about Sebring fernet tokens in an openstack with more than one controller? Regards Ignazio ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org