Fernet key rotation is easy. 1) You don't need a maintenance window 2) You can do one node at a time even with a long delay between 3) You don't need to restart anything
We rotate approximately weekly. On Wed, Mar 16, 2016 at 3:44 PM, Ajay Kalambur (akalambu) < akala...@cisco.com> wrote: > Hi > In a multi node HA deployment for production does key rotate need a > keystone process reboot or should we just run the fernet rotate on one node > and distribute it without restarting any process > I presume keystone can handle the rotation without a restart? > > I also assume this key rotation can happen without a maintenance window > > What do folks typically do in production and how often do you rotate keys > > Ajay > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators