[openstack-dev] [Fuel] Distribution of keys for environments
Dmitriy Shulyak
dshulyak at mirantis.com
Wed Jan 28 15:44:25 UTC 2015
Hi folks,
I want to discuss the way we are working with generated keys for
nova/ceph/mongo and something else.
Right now we are generating keys on master itself, and then distributing
them by mcollective
transport to all nodes. As you may know we are in the process of making
this process described as
task.
There is a couple of options:
1. Expose keys in rsync server on master, in folder /etc/fuel/keys, and
then copy them with rsync task (but it feels not very secure)
2. Copy keys from /etc/fuel/keys on master, to /var/lib/astute on target
nodes. It will require additional
hook in astute, smth like copy_file, which will copy data from file on
master and put it on the node.
Also there is 3rd option to generate keys right on primary-controller and
then distribute them on all other nodes, and i guess it will be
responsibility of controller to store current keys that are valid for
cluster. Alex please provide more details about 3rd approach.
Maybe there is more options?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150128/91da5483/attachment.html>
More information about the OpenStack-dev
mailing list