On 09/08/16 18:28, Fox, Kevin M wrote:
It needs to work in a distributed way...
What happens if the one node you have cron running on doesn't work for a while.
Keystone breaks?
IIUC it wouldn't break, but your keys wouldn't get rotated so you'd end
up using the same key until such time as your machine running cron comes
back again. Adam was suggesting once a month, which honestly ought to be
enough time to replace the server with the cron job (which, to be clear,
would also be the undercloud server). The bigger danger is probably in
forgetting that something is supposed to be running it and never
rotating the keys. (Maybe keystone should log a warning when the keys
get too old, if it doesn't already.)
If the undercloud deploys a timed workfow where the workflow can fail over from
machine to machine, that would work.
Indeed, but note that this depends on an HA undercloud, which isn't a
thing yet in TripleO. (Mainly because deploying and maintaining an HA
undercloud is as big of a problem - in fact it's the exact same problem
- as deploying the overcloud.)
You're correct however that the Mistral approach would get HA for free
as soon as we have an HA undercloud, whereas the cron approach just
presents another problem that has to be solved in order to get to an HA
undercloud (i.e. how to make sure that exactly one machine runs the cron
job).
cheers,
Zane.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
