[Openstack-operators] Sharing fernet tokens

Matt Fischer matt at mattfischer.com
Thu Feb 9 15:19:23 UTC 2017


Please reply all to the list rather than emailing me directly.

Key rotation is done with a keystone-manage command or we just end up
effectively renumbering the keys with our deploy process.

I'd recommend you watch our presentation from the Austin summit or read my
blog posts on this.

http://www.mattfischer.com/blog/?p=648
https://www.youtube.com/watch?v=702SRZHdNW8


On Wed, Feb 8, 2017 at 8:14 AM, Matt Fischer <matt at mattfischer.com> wrote:

> I think that you just replied to me directly. But you are asking about
> sharing keys.
>
> Since keys do not need to be in-sync on all nodes at the same time you can
> use any number of sharing mechanisms. We used puppet + ansible (our normal
> deploy process). Key rotation allows them to be out of sync which
> simplifies the problem for you.
>
> On Tue, Feb 7, 2017 at 9:25 PM, Matt Fischer <matt at mattfischer.com> wrote:
>
>> Do you mean sharing tokens or keys?
>>
>> On Feb 7, 2017 11:34 AM, "Ignazio Cassano" <ignaziocassano at gmail.com>
>> wrote:
>>
>>> Hi everybody,
>>> Can anyone talk me about Sebring fernet tokens in an openstack with more
>>> than one controller?
>>> Regards
>>> Ignazio
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170209/caf039a1/attachment.html>


More information about the OpenStack-operators mailing list