[openstack-dev] [Nova][Neutron] Using Barbican to share metadata_proxy_shared_secret ?

Sean M. Collins sean at coreitpro.com
Wed Jul 29 12:41:30 UTC 2015


I recently nitpicked the following DevStack review https://review.openstack.org/#/c/205901/3/lib/neutron-legacy,cm

Since this setting is shared between Neutron and Nova, and currently it
requires an operator to populate two config files, it sounds like a good
candidate for using Barbican to store the secret and have Nova and
Neutron use Barbican's API to get it. One less thing to configure.

Obviously the fallback would be to use the config files, but we should
try Barbican first and fallback to the config file if Barbican is not
available or there is a failure.

This was at least my thoughts over a cup of coffee - someone shoot holes
in my thinking :)

-- 
Sean M. Collins



More information about the OpenStack-dev mailing list