Excerpts from Clayton O'Neill's message of 2016-04-13 07:37:16 -0700: > On Wed, Apr 13, 2016 at 10:26 AM, rezroo <openst...@roodsari.us> wrote: > > Hi Kevin, > > > > I understand that this is how it is now. My question is how bad would it be > > to wrap the Barbican client library calls in another class and claim, for > > all practical purposes, that Magnum has no direct dependency on Barbican? > > What is the negative of doing that? > > > > Anyone who wants to use another mechanism should be able to do that with a > > simple change to the Magnum conf file. Nothing more complicated. That's the > > essence of my question. > > For us, the main reason we’d want to be able to deploy without > Barbican is mostly to lower the initial barrier of entry. We’re not > running anything else that would require Barbican for a multi-node > deployment, so for us to do a realistic evaluation of Magnum, we’d > have to get two “new to us” services up and running in a development > environment. Since we’re not running Barbican or Magnum, that’s a big > time commitment for something we don’t really know if we’d end up > using. From that perspective, something that’s less secure might be > just fine in the short term. For example, I’d be completely fine with > storing certificates in the Magnum database as part of an evaluation, > knowing I had to switch from that before going to production. >
I'd say there's a perfectly reasonable option already for evaluation purposes, and that is the existing file based backend. For multiple nodes, I wonder how poorly an evaluation will go if one simply rsyncs that directory every few minutes. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev