Hi guys,
I would like to discuss this topic again, because it looks like we have
some misunderstanding of the problem.
Let me describe the problematic use case:
1. user has 5.1 master node
2. he changes his password in keystone
3. he wants to upgrade his master node to 6.0
4. it fails, because right now, upgrade system uses credentials from
`/etc/fuel/astute.yaml` file
During the upgrade procedure, upgrade system uses API for
current containers (5.1), and on some stage it starts to use
new containers (6.0).
Also I would like describe proposed solutions of the problem:
1. use service user
- Pros:
- we will be able to take this credentials from some config
- Cons:
- there will be credentials in plane text on the master node, afaik
Lukasz had some concerns about it
- we will have to add hacks in upgrade script
- check that it's 5.1 release
- check that there is no such user in keystone (can we do that
without authentication?)
- create user (can we create user with admin_token?)
- use it for authentication
- handle cases when keystone/nailgun are not running, we can
get such state, if first upgrade/rollback fails
2. ask user for credentials before upgrade
- Pros:
- it will not require to add some new hacks in upgrade system
- Cons:
- user will have to type his credentials in console (or pass env
variables with credentials)
Thanks,
--
Mailing list: https://launchpad.net/~fuel-dev
Post to : fuel-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~fuel-dev
More help : https://help.launchpad.net/ListHelp
