On Fri, May 27, 2016 at 12:08 PM, Ryan Hallisey <rhall...@redhat.com> wrote:
Theses changes do not all happen at the same times for an OpenStack installation. > - Create the service's users and add a password into the databse Should only happen once during installation. > - Sync the service with the database Should happen during installation and for every upgrade. > - Start the service > > I was wondering if for some services they could be aware of whether or not > they need > to sync with the database at startup. Or maybe the service runs a db_sync > every time > is starts? I figured I would start a thread about this because Keystone has > some > flexibility when running N+1 in a cluster of N. If Keystone could have that > that ability maybe Keystone could db_sync each time it starts without harming > the > cluster? This isn't something I would want to see for a few reasons. The most important one is that I think the decision to run db_sync needs to be explicit. An operator should run it when they are ready (maybe they need to shut something down, ensure up-to-date backups, etc.). Another issue is database modification permissions. The user running the application, as well as the DB user the application uses, shouldn't have access to DML for security reasons. Little Bobby Tables' mom found this out the hard way[1]. 1. https://xkcd.com/327/ -- David blog: http://www.traceback.org twitter: http://twitter.com/dstanek www: http://dstanek.com __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
