Open Stack

+1 for watching the presentation, it was excellent (I was there!).

Chris

On Thu, Feb 9, 2017 at 10:19 AM, Matt Fischer <matt at mattfischer.com> wrote:

> Please reply all to the list rather than emailing me directly.
>
> Key rotation is done with a keystone-manage command or we just end up
> effectively renumbering the keys with our deploy process.
>
> I'd recommend you watch our presentation from the Austin summit or read my
> blog posts on this.
>
> http://www.mattfischer.com/blog/?p=648
> https://www.youtube.com/watch?v=702SRZHdNW8
>
>
> On Wed, Feb 8, 2017 at 8:14 AM, Matt Fischer <matt at mattfischer.com> wrote:
>
>> I think that you just replied to me directly. But you are asking about
>> sharing keys.
>>
>> Since keys do not need to be in-sync on all nodes at the same time you
>> can use any number of sharing mechanisms. We used puppet + ansible (our
>> normal deploy process). Key rotation allows them to be out of sync which
>> simplifies the problem for you.
>>
>> On Tue, Feb 7, 2017 at 9:25 PM, Matt Fischer <matt at mattfischer.com>
>> wrote:
>>
>>> Do you mean sharing tokens or keys?
>>>
>>> On Feb 7, 2017 11:34 AM, "Ignazio Cassano" <ignaziocassano at gmail.com>
>>> wrote:
>>>
>>>> Hi everybody,
>>>> Can anyone talk me about Sebring fernet tokens in an openstack with
>>>> more than one controller?
>>>> Regards
>>>> Ignazio
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-operators mailing list
>>>> OpenStack-operators at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>
>>>>
>>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>


-- 
Chris Morgan <mihalis68 at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170213/970c2a6c/attachment.html>