On 08/11/2016 06:25 AM, Steven Hardy wrote:
On Wed, Aug 10, 2016 at 11:31:29AM -0400, Zane Bitter wrote:
On 09/08/16 21:21, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. no
On Wed, Aug 10, 2016 at 11:31:29AM -0400, Zane Bitter wrote:
> On 09/08/16 21:21, Adam Young wrote:
> > On 08/09/2016 06:00 PM, Zane Bitter wrote:
> > >
> > > In either case a good mechanism might be to use a Heat Software
> > > Deployment via the Heat API directly (i.e. not as part of a stack) to
On 09/08/16 21:21, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's more a case of
making the dat
On 09/08/16 18:28, Fox, Kevin M wrote:
It needs to work in a distributed way...
What happens if the one node you have cron running on doesn't work for a while.
Keystone breaks?
IIUC it wouldn't break, but your keys wouldn't get rotated so you'd end
up using the same key until such time as yo
On 08/09/2016 05:11 PM, Adam Young wrote:
The Fernet token format uses a symmetric key to sign tokens. In order
to check the signature, these keys need to be synchronized across all
of the Keystone servers.
I don't want to pass around nake symmetric keys. The right way to do
this is to put
On 08/09/2016 09:21 PM, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's more a case of
making
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's more a case of
making the data available for os-collect-config t
Kevin
From: Zane Bitter [zbit...@redhat.com]
Sent: Tuesday, August 09, 2016 3:00 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [tripleo] Fernet Key rotation
On 09/08/16 17:11, Adam Young wrote:
> The Fernet token format uses a symmetric key to sign tok
On 09/08/16 17:11, Adam Young wrote:
The Fernet token format uses a symmetric key to sign tokens. In order
to check the signature, these keys need to be synchronized across all of
the Keystone servers.
I don't want to pass around nake symmetric keys. The right way to do
this is to put them in
The Fernet token format uses a symmetric key to sign tokens. In order
to check the signature, these keys need to be synchronized across all of
the Keystone servers.
I don't want to pass around nake symmetric keys. The right way to do
this is to put them into a PKCS 11 Envelope. Roughly, th
10 matches
Mail list logo
