Fine, then this simple bash based solution proposed by Boris [1] LGTM and is not over thinked. Maybe add kind of md5 or sha1 checksum functionality to confirm if keys were rotated correctly and are in sync.
[1] http://paste.openstack.org/show/406674/ Regards, Adam On Mon, Aug 3, 2015 at 2:03 PM, David Stanek <dsta...@dstanek.com> wrote: > > On Mon, Aug 3, 2015 at 7:14 AM, Davanum Srinivas <dava...@gmail.com> > wrote: > >> agree. "Native HA solution" was already ruled out in several email >> threads by keystone cores already (if i remember right). This is a >> devops issue and should be handled as such was the feedback. >> > > I'm sure you are right. I'm not sure why we would want to add that much > complexity into Keystone. > > > -- > David > blog: http://www.traceback.org > twitter: http://twitter.com/dstanek > www: http://dstanek.com > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
