All,
Does anyone have experience deploying Magnum in a highly-available fashion? If
so, I'm interested in learning from your experience. My biggest unknown is the
Conductor service. Any insight you can provide is greatly appreciated.
Regards,
Daneyon Hansen
_
> On Mar 17, 2016, at 11:41 AM, Ricardo Rocha wrote:
>
> Hi.
>
> We're on the way, the API is using haproxy load balancing in the same
> way all openstack services do here - this part seems to work fine
I expected the API to work. Thanks for the confirmation.
>
> For the conductor we're sto
/heat-specs/specs/juno/encrypt-hidden-parameters.html
Best regards,
Hongbin
From: David Stanek [mailto:dsta...@dstanek.com]
Sent: March-18-16 4:12 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
On Fri, Mar 18, 2016 at 4
@lists.openstack.org
Subject: Re: [openstack-dev] [magnum] High Availability
Hongbin,
I think Adrian makes some excellent points regarding the adoption of Barbican.
As the PTL for Barbican, it's frustrating to me to constantly hear from other
projects that securing their sensitive data is a requiremen
ks,
Adrian
Best regards,
Hongbin
-Original Message-
From: Adrian Otto [mailto:adrian.o...@rackspace.com]
Sent: March-17-16 4:32 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
I have trouble understanding that
: [openstack-dev] [magnum] High Availability
Hongbin,
I tweaked the blueprint in accordance with this approach, and approved it for
Newton:
https://blueprints.launchpad.net/magnum/+spec/barbican-alternative-store
I think this is something we can all agree on as a middle ground, If not, I’m
open to
-dev] [magnum] High Availability
Hi.
We're on the way, the API is using haproxy load balancing in the same way all
openstack services do here - this part seems to work fine.
For the conductor we're stopped due to bay certificates - we don't currently
have barbican so local was
rbican-alternative-store
>
> Best regards,
> Hongbin
>
> -Original Message-
> From: Ricardo Rocha [mailto:rocha.po...@gmail.com]
> Sent: March-17-16 2:39 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [magnu
regards,
Hongbin
-Original Message-
From: Adrian Otto [mailto:adrian.o...@rackspace.com]
Sent: March-17-16 4:32 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
I have trouble understanding that blueprint. I
lternative implementation has been raised
>>> several times by different people. IMO, this is a very serious issue that
>>> will hurt Magnum adoption. I created a blueprint for that [1] and set the
>>> PTL as approver. It will be picked up by a contributor once it is approv
ons)"
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [magnum] High Availability
...
If you disagree, I would request you to justify why this approach works for
Heat but not for Magnum. Also, I also wonder if Heat has a plan to set a hard
dependency on Barbican for
-Original Message-
From: Hongbin Lu
Reply: OpenStack Development Mailing List (not for usage questions)
Date: March 17, 2016 at 20:48:59
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
> Thanks Adr
riginal Message-
From: Adrian Otto [mailto:adrian.o...@rackspace.com]
Sent: March-17-16 4:32 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
I have trouble understanding that blueprint. I will put some remarks on the
w
OpenStack not to replace it.
>>>
>>> Now, with all that said, I do recognize that not all clouds are motivated
>>> to use all available security best practices. They may be operating in
>>> environments that they believe are already secure (because of a secure
enStack Development Mailing List (not for usage questions)"
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [magnum] High Availability
OK. If using Keystone is not acceptable, I am going to propose a new approach:
· Store data in Magnum DB
·
I thought that a big part of the use case with Magnum + Barbican was
Certificate management for Bays?
-Rob
From: "Dave McCowan (dmccowan)"
Reply-To: OpenStack List
Date: Saturday, 19 March 2016 14:56
To: OpenStack List
Subject: Re: [openstack-dev] [magnum] High Availability
The
;
> Best regards,
> Hongbin
>
> -Original Message-
> From: Douglas Mendizábal [mailto:douglas.mendiza...@rackspace.com]
> Sent: March-18-16 9:45 AM
> To: openstack-dev@lists.openstack.org
> Subject: Re: [openstack-dev] [magnum] High Availability
>
> Hongbin,
>
9:28 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [magnum] High Availability
>
>
>
> Hongbin,
>
>
>
> I tweaked the blueprint in accordance with this approach, and approved
> it for Newton:
>
>
uglas.mendiza...@rackspace.com]
> Sent: March-18-16 9:45 AM
> To: openstack-dev@lists.openstack.org
> Subject: Re: [openstack-dev] [magnum] High Availability
>
> Hongbin,
>
> I think Adrian makes some excellent points regarding the adoption of
> Barbican. As the PTL fo
its a totally understandable, but unreasonable request.
Thanks,
Kevin
From: Douglas Mendizábal [douglas.mendiza...@rackspace.com]
Sent: Friday, March 18, 2016 6:45 AM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [magnum] High Availability
Ho
unchpad.net/magnum/+spec/barbican-alternative-store
>
> Best regards,
> Hongbin
>
> -Original Message-
> From: Ricardo Rocha [mailto:rocha.po...@gmail.com]
> Sent: March-17-16 2:39 PM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re:
ed to
>> use all available security best practices. They may be operating in
>> environments that they believe are already secure (because of a secure
>> perimeter), and that it’s okay to run fundamentally insecure software within
>> those environments. As misguided as this view
usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
On 3/18/16, 12:59 PM, "Fox, Kevin M" wrote:
>+1. We should be encouraging a common way of solving these issues across
>all the openstack projects and security is a really important thing.
>spreading it across
On Fri, Mar 18, 2016 at 4:03 PM Douglas Mendizábal <
douglas.mendiza...@rackspace.com> wrote:
> [snip]
> >
> > Regarding the Keystone solution, I'd like to hear the Keystone team's
> feadback on that. It definitely sounds to me like you're trying to put a
> square peg in a round hole.
> >
>
>
I b
Hi.
We're on the way, the API is using haproxy load balancing in the same
way all openstack services do here - this part seems to work fine.
For the conductor we're stopped due to bay certificates - we don't
currently have barbican so local was the only option. To get them
accessible on all nodes
>
>Thanks,
>Kevin
>
>From: Douglas Mendizábal [douglas.mendiza...@rackspace.com]
>Sent: Friday, March 18, 2016 6:45 AM
>To: openstack-dev@lists.openstack.org
>Subject: Re: [openstack-dev] [magnum] High Availability
>
>Hongbin,
>
>I t
over here:
http://git.openstack.org/cgit/openstack/anchor
Cheers
-Rob
> -Original Message-
> From: Maish Saidel-Keesing [mailto:mais...@maishsk.com]
> Sent: 19 March 2016 18:10
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [mag
gards,
Hongbin
From: Dave McCowan (dmccowan) [mailto:dmcco...@cisco.com]
Sent: March-19-16 10:56 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
The most basic requirement here for Magnum is that it needs a safe pla
> -Original Message-
> From: Clark, Robert Graham [mailto:robert.cl...@hpe.com]
> Sent: March-20-16 1:57 AM
> To: maishsk+openst...@maishsk.com; OpenStack Development Mailing List
> (not for usage questions)
> Subject: Re: [openstack-dev] [magnum] High Availability
&
for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
From: Hongbin Lu mailto:hongbin...@huawei.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)"
mailto:openstack-dev@lists.openstack.org>>
Date: Saturday 19 March 201
-Original Message-
From: Hongbin Lu
Reply: OpenStack Development Mailing List (not for usage questions)
Date: March 21, 2016 at 22:22:01
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [magnum] High Availability
> Tim,
>
&g
ons)"
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [magnum] High Availability
Tim,
Thanks for your advice. I respect your point of view and we will definitely
encourage our users to try Barbican if they see fits. However, for the sake of
Magnum, I think we hav
ing List (not for usage questions)"
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [magnum] High Availability
Tim,
Thanks for your advice. I respect your point of view and we will definitely
encourage our users to try Barbican if they see fits. However, for the
or operation.
>>>>
>>>> I am opposed to the idea that Magnum should re-implement Barbican for
>>>> certificate storage just because operators are reluctant to adopt it. If
>>>> we need to ship a Barbican instance along with each Magnum control plane,
gt; Subject: Re: [openstack-dev] [magnum] High Availability
>
> Hi.
>
> The thread is a month old, but I sent a shorter version of this to
> Daneyon before with some info on the things we dealt with to get Magnum
> deployed successfully. We wrapped it up in a post (there's a video
35 matches
Mail list logo