On 06/09/2017 11:12 AM, Lance Bragstad wrote:
I should have clarified. The idea was to put the keys used to encrypt
and decrypt the tokens in etcd so that synchronizing the repository
across a cluster for keystone nodes is easier for operators (but not
without other operator pain as Kevin
On Fri, Jun 9, 2017 at 11:17 AM, Clint Byrum wrote:
> Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500:
> > On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi
> wrote:
> >
> > > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad
Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500:
> On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi wrote:
>
> > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad
> > wrote:
> > > After digging into etcd a bit, one place this might be help
On Fri, Jun 9, 2017 at 9:57 AM, Mike Bayer wrote:
>
>
> On 06/08/2017 01:34 PM, Lance Bragstad wrote:
>
>> After digging into etcd a bit, one place this might be help deployer
>> experience would be the handling of fernet keys for token encryption in
>> keystone. Currently,
On 09/06/17 10:57 AM, Mike Bayer wrote:
> Interesting, I had the mis-conception that "fernet" keys no longer
> required any server-side storage (how is "kept-on-disk" now
> implemented?) . We've had continuous issues with the pre-fernet
> Keystone tokens filling up databases, even when
On 06/08/2017 04:24 PM, Julien Danjou wrote:
On Thu, Jun 08 2017, Mike Bayer wrote:
So I wouldn't be surprised if new / existing openstack applications
express some gravitational pull towards using it as their own
datastore as well. I'll be trying to hang onto the etcd3 track as much
as
On 06/08/2017 01:34 PM, Lance Bragstad wrote:
After digging into etcd a bit, one place this might be help deployer
experience would be the handling of fernet keys for token encryption in
keystone. Currently, all keys used to encrypt and decrypt tokens are
kept on disk for each keystone node
On 09/06/17 12:37 AM, Joshua Harlow wrote:
> My thinking is that people should look over https://raft.github.io/ or
> http://thesecretlivesofdata.com/raft/ (or both or others...)
>
this was really useful. thanks for this! love how they described it so
simply with visuals. spend a few minutes
Julien Danjou wrote:
On Thu, Jun 08 2017, Mike Bayer wrote:
So far I've seen a proposal of etcd3 as a replacement for memcached in
keystone, and a new dogpile connector was added to oslo.cache to handle
referring to etcd3 as a cache backend. This is a really simplistic / minimal
kind of use
On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi wrote:
> On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad
> wrote:
> > After digging into etcd a bit, one place this might be help deployer
> > experience would be the handling of fernet keys for token
On Thu, Jun 8, 2017 at 4:07 PM, Drew Fisher wrote:
>
>
> On 6/7/17 4:47 AM, Davanum Srinivas wrote:
>> Team,
>>
>> Here's the update to the base services resolution from the TC:
>> https://governance.openstack.org/tc/reference/base-services.html
>>
>> First request is to
See the footer at the bottom of this email.
From: jimi olugboyega [jimiolugboy...@gmail.com]
Sent: Thursday, June 08, 2017 1:19 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [all] etcd3 as base service - update
hmm... a very interesting question
I would think control plane only.
Thanks,
Kevin
From: Drew Fisher [drew.fis...@oracle.com]
Sent: Thursday, June 08, 2017 1:07 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [all] etcd3 as base
On Thu, Jun 08 2017, Mike Bayer wrote:
> So far I've seen a proposal of etcd3 as a replacement for memcached in
> keystone, and a new dogpile connector was added to oslo.cache to handle
> referring to etcd3 as a cache backend. This is a really simplistic / minimal
> kind of use case for a
On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad wrote:
> After digging into etcd a bit, one place this might be help deployer
> experience would be the handling of fernet keys for token encryption in
> keystone. Currently, all keys used to encrypt and decrypt tokens are kept
Hello all,
I am wondering how I can unsubscribe from this mailing list.
Regards,
Olujimi Olugboyega.
On Wed, Jun 7, 2017 at 3:47 AM, Davanum Srinivas wrote:
> Team,
>
> Here's the update to the base services resolution from the TC:
>
On 6/7/17 4:47 AM, Davanum Srinivas wrote:
> Team,
>
> Here's the update to the base services resolution from the TC:
> https://governance.openstack.org/tc/reference/base-services.html
>
> First request is to Distros, Packagers, Deployers, anyone who
> installs/configures OpenStack:
> Please
to install/maintain.
From: Lance Bragstad [lbrags...@gmail.com]
Sent: Thursday, June 08, 2017 10:34 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [all] etcd3 as base service - update
After digging into etcd a bit, one
After digging into etcd a bit, one place this might be help deployer
experience would be the handling of fernet keys for token encryption in
keystone. Currently, all keys used to encrypt and decrypt tokens are kept
on disk for each keystone node in the deployment. While simple, it requires
On 06/08/2017 12:47 AM, Joshua Harlow wrote:
So just out of curiosity, but do people really even know what etcd is
good for? I am thinking that there should be some guidance from folks in
the community as to where etcd should be used and where it shouldn't
(otherwise we just all end up in a
Josh,
Of the initial targets, we have covered the use of tooz and oslo.cache
with etcd already. One thing that remains is Jay's os-lively PoC [1].
So +1 to more knowledgeable folks chiming in with stuff that can be
done and other scenarios. I'll let nature take its course here :)
Thanks,
Dims
Joshua Harlow wrote:
> So just out of curiosity, but do people really even know what etcd is
> good for? I am thinking that there should be some guidance from folks in
> the community as to where etcd should be used and where it shouldn't
> (otherwise we just all end up in a mess).
>
> Perhaps a
So just out of curiosity, but do people really even know what etcd is
good for? I am thinking that there should be some guidance from folks in
the community as to where etcd should be used and where it shouldn't
(otherwise we just all end up in a mess).
Perhaps a good idea to actually give
One clarification: Since https://pypi.python.org/pypi/etcd3gw just
uses the HTTP API (/v3alpha) it will work under both eventlet and
non-eventlet environments.
Thanks,
Dims
On Wed, Jun 7, 2017 at 6:47 AM, Davanum Srinivas wrote:
> Team,
>
> Here's the update to the base
Team,
Here's the update to the base services resolution from the TC:
https://governance.openstack.org/tc/reference/base-services.html
First request is to Distros, Packagers, Deployers, anyone who
installs/configures OpenStack:
Please make sure you have latest etcd 3.x available in your
25 matches
Mail list logo