Open Stack

On 09/08/16 18:28, Fox, Kevin M wrote:
> It needs to work in a distributed way...
>
> What happens if the one node you have cron running on doesn't work for a while. Keystone breaks?

IIUC it wouldn't break, but your keys wouldn't get rotated so you'd end 
up using the same key until such time as your machine running cron comes 
back again. Adam was suggesting once a month, which honestly ought to be 
enough time to replace the server with the cron job (which, to be clear, 
would also be the undercloud server). The bigger danger is probably in 
forgetting that something is supposed to be running it and never 
rotating the keys. (Maybe keystone should log a warning when the keys 
get too old, if it doesn't already.)

> If the undercloud deploys a timed workfow where the workflow can fail over from machine to machine, that would work.

Indeed, but note that this depends on an HA undercloud, which isn't a 
thing yet in TripleO. (Mainly because deploying and maintaining an HA 
undercloud is as big of a problem - in fact it's the exact same problem 
- as deploying the overcloud.)

You're correct however that the Mistral approach would get HA for free 
as soon as we have an HA undercloud, whereas the cron approach just 
presents another problem that has to be solved in order to get to an HA 
undercloud (i.e. how to make sure that exactly one machine runs the cron 
job).

cheers,
Zane.