[Openstack-operators] [openstack-operators] Fernet key rotation

2016-03-19 Thread Ajay Kalambur (akalambu)
Hi In a multi node HA deployment for production does key rotate need a keystone process reboot or should we just run the fernet rotate on one node and distribute it without restarting any process I presume keystone can handle the rotation without a restart? I also assume this key rotation can ha

Re: [Openstack-operators] [openstack-operators] Fernet key rotation

2016-03-19 Thread Matt Fischer
Fernet key rotation is easy. 1) You don't need a maintenance window 2) You can do one node at a time even with a long delay between 3) You don't need to restart anything We rotate approximately weekly. On Wed, Mar 16, 2016 at 3:44 PM, Ajay Kalambur (akalambu) < akala...@cisco.com> wrote: > Hi >

Re: [Openstack-operators] [openstack-operators] Fernet key rotation

2016-03-18 Thread Fox, Kevin M
ambur (akalambu) [akala...@cisco.com] Sent: Wednesday, March 16, 2016 2:44 PM To: OpenStack Operators Subject: [Openstack-operators] [openstack-operators] Fernet key rotation Hi In a multi node HA deployment for production does key rotate need a keystone process reboot or should we just run the f