Fine, then this simple bash based solution proposed by Boris [1] LGTM and is not over thinked. Maybe add kind of md5 or sha1 checksum functionality to confirm if keys were rotated correctly and are in sync. [1] http://paste.openstack.org/show/406674/ Regards, Adam On Mon, Aug 3, 2015 at 2:03 PM, David Stanek <dstanek at dstanek.com> wrote: > > On Mon, Aug 3, 2015 at 7:14 AM, Davanum Srinivas <davanum at gmail.com> > wrote: > >> agree. "Native HA solution" was already ruled out in several email >> threads by keystone cores already (if i remember right). This is a >> devops issue and should be handled as such was the feedback. >> > > I'm sure you are right. I'm not sure why we would want to add that much > complexity into Keystone. > > > -- > David > blog: http://www.traceback.org > twitter: http://twitter.com/dstanek > www: http://dstanek.com > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150803/964962ec/attachment.html>