On Mon, Mar 6, 2017 at 6:05 PM, Paul Bourke <paul.bou...@oracle.com> wrote:
> Two initial ideas: > > We could create a specific ansible task to rotate the keys, and document > that operator should set up a cron job on the deployment node to run this > periodically. > > We could also look at making use of VRRP (keepalived). Potentially the > cron job could run on every controller, but only take action if it > identifies it's the one with the VIP. > > The second seems preferable to me as it requires no additional effort on > the part of the operator. Maybe there's problems with this though that I'm > not thinking of. > > -Paul > Thanks Paul, second seems better. We can implement a file lock to ensure only one rotate and distribute process is running at the same time. -- Regards, Jeffrey Zhang Blog: http://xcodest.me
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
