Fernet key rotation is easy.

1) You don't need a maintenance window
2) You can do one node at a time even with a long delay between
3) You don't need to restart anything
We rotate approximately weekly.

On Wed, Mar 16, 2016 at 3:44 PM, Ajay Kalambur (akalambu) <
akala...@cisco.com> wrote:

> Hi
> In a multi node HA deployment for production does key rotate need a
> keystone process reboot or should we just run the fernet rotate on one node
> and distribute it without restarting any process
> I presume keystone can handle the rotation without a restart?
>
> I also assume this key rotation can happen without a maintenance window
>
> What do folks typically do in production and how often do you rotate keys
>
> Ajay
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Reply via email to