• Zero downtime password rotation
    • False
    • Hide

      None

      Show
      None
    • False
    • OSPRH-9554Zero downtime password rotation
    • Not Selected
    • Proposed
    • Proposed
    • To Do
    • OSPRH-9554 - Zero downtime password rotation
    • Proposed
    • Proposed
    • 100% To Do, 0% In Progress, 0% Done

      It should be possible to rotate passwords in the control plane and compute nodes, without experiencing any downtime.

      The only way to do this is to have at least two credentials (old and new) that are valid at the same time - either using multiple users (A and B user, as is already implemented for the database-operator), or - for keystone authorized service users, using application credentials. Otherwise, with just one credential , we would expect disruption when 1) passwords are updated in keystone but not elsewhere (or visa versa) 2) passwords are updated on the control plane - but not on the compute nodes because a dataplane deployment has not yet been initiated or completed.

              Unassigned Unassigned
              rhn-gps-alee Ade Lee
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: