On 04/05/2016 11:42 AM, Fox, Kevin M wrote:
Yeah, and they just deprecated vendor data plugins too, which
eliminates my other workaround. :/
We need to really discuss this problem at the summit and get a viable
path forward. Its just getting worse. :/
Thanks,
Kevin
------------------------------------------------------------------------
*From:* Juan Antonio Osorio [jaosor...@gmail.com]
*Sent:* Tuesday, April 05, 2016 5:16 AM
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [TripleO] FreeIPA integration
On Tue, Apr 5, 2016 at 2:45 PM, Fox, Kevin M <kevin....@pnnl.gov
<mailto:kevin....@pnnl.gov>> wrote:
This sounds suspiciously like, "how do you get a secret to the
instance to get a secret from the secret store" issue.... :)
Yeah, sounds pretty familiar. We were using the nova hooks mechanism
for this means, but it was deprecated recently. So bummer :/
Nova instance user spec again?
Thanks,
Kevin
Yep, and we need a solution. I think the right solution is a keypair
generated on the instance, public key posted by the instace to the
hypervisor and stored with the instance data in the database. I wrote
that to the mailing list earlier today.
A basic rule of a private key is that it never leaves the machine on
which it is generated. The rest falls out from there.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
