<div dir="ltr"><div>Hi</div>why not use barbican?</div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 12, 2017 at 10:33 PM, <a href="mailto:yanxingan@cmss.chinamobile.com">yanxingan@cmss.chinamobile.com</a> <span dir="ltr"><<a href="mailto:yanxingan@cmss.chinamobile.com" target="_blank">yanxingan@cmss.chinamobile.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
<div><span></span><br></div>
<div><span style="background-color:rgba(0,0,0,0);font-size:10.5pt;line-height:1.5">Hi, folks:</span></div><div><span style="color:rgb(0,0,0);background-color:rgba(0,0,0,0)"><br>    Currently tacker server node <wbr>stores fernet keys for vim <wbr>password decryption on local <wbr>root file system. </span></div><div><span style="color:rgb(0,0,0);background-color:rgba(0,0,0,0)">If Tacker service serves API <wbr>requests through a load <wbr>balancer, </span><span style="background-color:rgba(0,0,0,0);font-size:10.5pt;line-height:1.5">then the operation <wbr>will fail if the request </span></div><div><span style="background-color:rgba(0,0,0,0);font-size:10.5pt;line-height:1.5">is not fulfilled by the <wbr>server node which created and <wbr>stored the fernet key.</span></div><div><span style="color:rgb(0,0,0);background-color:rgba(0,0,0,0)">    So we need a possible <wbr>solution for syncing the keys <wbr>across multiple server nodes. <wbr>Currently we are </span></div><div><span style="color:rgb(0,0,0);background-color:rgba(0,0,0,0)">thinking about storing the <wbr>fernet keys via ceph or swift.<wbr> <br><span style="white-space:pre-wrap">    </span>Do you have any suggestions on this approach, or does <wbr>other project has already dealt with this problem?</span></div><div><br></div><div>Thanks.</div><div><br></div></div><br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Shake Chen<br><br></div>
</div>