+1 on moving away from Riak and using postgres instead. Riak can be a
> > > pain(atleast for new users) to set up and debug.
> > >
> > > --Srijeet
> > >
> > > From: John Rushford
> > > Date: Monday, December 7, 2020 at 8:07 PM
> > > To: de
2020 at 9:48 PM Chatterjee, Srijeet
> wrote:
> >
> > +1 on moving away from Riak and using postgres instead. Riak can be a
> > pain(atleast for new users) to set up and debug.
> >
> > --Srijeet
> >
> > From: John Rushford
> > Date: Monday, December 7
ijeet
>
> From: John Rushford
> Date: Monday, December 7, 2020 at 8:07 PM
> To: dev@trafficcontrol.apache.org
> Subject: Re: [EXTERNAL] Re: Replace Riak w/ PostgreSQL
> +1 on using Postgres. I’ve played around with Postgres and pgcrypto.
> Keeping certs and sig keys encr
+1 on moving away from Riak and using postgres instead. Riak can be a
pain(atleast for new users) to set up and debug.
--Srijeet
From: John Rushford
Date: Monday, December 7, 2020 at 8:07 PM
To: dev@trafficcontrol.apache.org
Subject: Re: [EXTERNAL] Re: Replace Riak w/ PostgreSQL
+1 on using
+1 on using Postgres. I’ve played around with Postgres and pgcrypto. Keeping
certs and sig keys encrypted is easily done in postgres. I used asymmetric
public private key encryption with pgcrypto where I stored the public key to
encrypt in a database table. The private key was stored apart
Agreed. I raised it as an option because we've contemplated them before in
past iterations of this conversation and didn't want it to be completely
one-sided. If riak or its replacement went down, it wouldn't be any worse than
losing TODB. Both pieces have to work for the application stack to
We should offer a simple solution like Postgres as the default option and
allow people to get more elaborate if they want.
If we are being honest with ourselves, Riak is not really a secure keystore
either.
On Mon, Dec 7, 2020 at 5:34 PM Resino, Robert
wrote:
>
> As Jonathan said, Hashicorp Vaul
As Jonathan said, Hashicorp Vault on top of Consul replication handles this
well.
Not sure PostgreSQL is a secure replacement for an actual system designed to
store/serve secrets.
Bob
On 12/7/20, 4:25 PM, "Villa, Joseph" wrote:
Question.. If you’re replacing Riak with Postgresql and l
Question.. If you’re replacing Riak with Postgresql and logical replication
doesn’t have a method touchless failover, don’t you leave Traffic Control open
to have a single point of failure?
On 12/7/20, 4:10 PM, "Derek Gelinas" wrote:
+1
On Dec 7, 2020, 5:58 PM -0500, Rawlin Peters , w
+1 on PostgreSQL so we can stop coding around Riak bugs. We can work out
the logistics later, but there are definitely secure ways to do it.
-Zach
On Mon, Dec 7, 2020 at 4:00 PM Gray, Jonathan
wrote:
> HashiCorp Vault and/or Consul is the only other primary contender I think
> we've had propose
HashiCorp Vault and/or Consul is the only other primary contender I think we've
had proposed, but I'm +1/+1 as well.
Jonathan G
On 12/7/20, 3:58 PM, "Rawlin Peters" wrote:
Yes, I agree with the plugin interface as well, but that is what I was
hoping to defer to a follow-up thread, pre
11 matches
Mail list logo
