Hello, yeah, solution number 1 is harder to implement and during implementation it's easy to miss some edge scenario.
Solution nr 2 is nice and easy. Actually, I don't consider asking for password as a cons. Some extra protection against accidental upgrade run is ok for me. On Fri, Oct 3, 2014 at 12:15 PM, Evgeniy L <e...@mirantis.com> wrote: > Hi guys, > > I would like to discuss this topic again, because it looks like we have > some misunderstanding of the problem. > > Let me describe the problematic use case: > > 1. user has 5.1 master node > 2. he changes his password in keystone > 3. he wants to upgrade his master node to 6.0 > 4. it fails, because right now, upgrade system uses credentials from > `/etc/fuel/astute.yaml` file > > During the upgrade procedure, upgrade system uses API for > current containers (5.1), and on some stage it starts to use > new containers (6.0). > > Also I would like describe proposed solutions of the problem: > > use service user > > Pros: > > we will be able to take this credentials from some config > > Cons: > > there will be credentials in plane text on the master node, afaik Lukasz had > some concerns about it > we will have to add hacks in upgrade script > > check that it's 5.1 release > check that there is no such user in keystone (can we do that without > authentication?) > create user (can we create user with admin_token?) > use it for authentication > handle cases when keystone/nailgun are not running, we can get such state, > if first upgrade/rollback fails > > ask user for credentials before upgrade > > Pros: > > it will not require to add some new hacks in upgrade system > > Cons: > > user will have to type his credentials in console (or pass env variables > with credentials) > > > Thanks, > > > -- > Mailing list: https://launchpad.net/~fuel-dev > Post to : fuel-dev@lists.launchpad.net > Unsubscribe : https://launchpad.net/~fuel-dev > More help : https://help.launchpad.net/ListHelp > -- Łukasz Oleś -- Mailing list: https://launchpad.net/~fuel-dev Post to : fuel-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~fuel-dev More help : https://help.launchpad.net/ListHelp
