+1 for watching the presentation, it was excellent (I was there!).
Chris
On Thu, Feb 9, 2017 at 10:19 AM, Matt Fischer wrote:
> Please reply all to the list rather than emailing me directly.
>
> Key rotation is done with a keystone-manage command or we just end up
>
Please reply all to the list rather than emailing me directly.
Key rotation is done with a keystone-manage command or we just end up
effectively renumbering the keys with our deploy process.
I'd recommend you watch our presentation from the Austin summit or read my
blog posts on this.
I think that you just replied to me directly. But you are asking about
sharing keys.
Since keys do not need to be in-sync on all nodes at the same time you can
use any number of sharing mechanisms. We used puppet + ansible (our normal
deploy process). Key rotation allows them to be out of sync
Do you mean sharing tokens or keys?
On Feb 7, 2017 11:34 AM, "Ignazio Cassano" wrote:
> Hi everybody,
> Can anyone talk me about Sebring fernet tokens in an openstack with more
> than one controller?
> Regards
> Ignazio
>
>
>
>
We have 6 keystone servers on 2 datacenters on 6 different servers behind 2
Load Balancers.
One server rotates the tokens and then send the files to the rest of the
servers via rsync --delete.
Cheers.
P.D: We use kolla with docker so this works even with docker volumes.
El mar., 7 feb. 2017 a
Hi everybody,
Can anyone talk me about Sebring fernet tokens in an openstack with more
than one controller?
Regards
Ignazio
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org