Comment 0 for bug 1796494
Revision history for this message
| Dmitrii Shcherbakov (dmitriis) wrote feature: per-unit passwords for rolling password updates of control plane services | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
A common security requirement is an ability to change passwords for database users over time in a controlled manner.
Highly-available control plane setups need to be taken down completely if one username and password is used for all units of a control plane service.
This could be done in a form of an action:
1) an operator decides that a password for keystone-0 unit used to access the "keystone" database must be changed because the unit has been compromised in some way;
2) the operator executes an action on the percona-cluster leader unit to generate a new random password for the keystone/0 unit which also propagates that information to keystone/0 over the relation;
3) keystone/0 unit restarts the keystone service which only results in a downtime for a single unit while user requests are forwarded to other units (via pacemaker + VIP-based HA, DNS-HA etc.)
This way an operator would be able to change passwords for the whole control plane one unit at a time.