You can just rotate without restarting services. We're rotating currently only once a day.
We rotate on one machine, then rsync the data to the others in a cron job. Has been working well for a couple of months now. Thanks, Kevin ________________________________________ From: Ajay Kalambur (akalambu) [akala...@cisco.com] Sent: Wednesday, March 16, 2016 2:44 PM To: OpenStack Operators Subject: [Openstack-operators] [openstack-operators] Fernet key rotation Hi In a multi node HA deployment for production does key rotate need a keystone process reboot or should we just run the fernet rotate on one node and distribute it without restarting any process I presume keystone can handle the rotation without a restart? I also assume this key rotation can happen without a maintenance window What do folks typically do in production and how often do you rotate keys Ajay _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators