| 2018-10-06 15:03:03 |
Dmitrii Shcherbakov |
description |
A common security requirement is an ability to change passwords for database users over time in a controlled manner.
Highly-available control plane setups need to be taken down completely if one username and password is used for all units of a control plane service.
This could be done in a form of an action:
1) an operator decides that a password for keystone-0 unit used to access the "keystone" database must be changed because the unit has been compromised in some way;
2) the operator executes an action on the percona-cluster leader unit to generate a new random password for the keystone/0 unit which also propagates that information to keystone/0 over the relation;
3) keystone/0 unit restarts the keystone service which only results in a downtime for a single unit while user requests are forwarded to other units (via pacemaker + VIP-based HA, DNS-HA etc.)
This way an operator would be able to change passwords for the whole control plane one unit at a time. |
A common security requirement is an ability to change passwords for database users over time in a controlled manner.
Highly-available control plane setups need to be taken down completely if one username and password is used for all units of a control plane service.
The per-unit approach could be done in a form of an action:
1) an operator decides that a password for keystone-0 unit used to access the "keystone" database must be changed because the unit has been compromised in some way;
2) the operator executes an action on the percona-cluster leader unit to generate a new random password for the keystone/0 unit which also propagates that information to keystone/0 over the relation;
3) keystone/0 unit restarts the keystone service which only results in a downtime for a single unit while user requests are forwarded to other units (via pacemaker + VIP-based HA, DNS-HA etc.)
This way an operator would be able to change passwords for the whole control plane one unit at a time. |
|
