[OpenStack-Infra] Problems setting up my own OpenStack Infrastructure
Jeremy Stanley
fungi at yuggoth.org
Fri Mar 30 13:54:38 UTC 2018
On 2018-03-30 11:27:25 +0900 (+0900), Bernd Bausch wrote:
[...]
> Regarding the hiera: That makes sense to me. Certificates count as
> private data, I guess.
[...]
To be fair, certificates and chains are public data published from
the servers onto which they're installed. The reason they're in
hiera is mostly out of laziness/convenience since we _do_ need to
keep the corresponding keys private, and if we replace the keys we
need to replace the certs at the exact same time. The inherent
asynchronicity we'd end up with by splitting them between private
hiera on our management system and public hiera through code review
would make that task much harder.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20180330/a28617a9/attachment.sig>
More information about the OpenStack-Infra
mailing list