Comment 4 for bug 1809469
Revision history for this message
| John Garbutt (johngarbutt) wrote Re: keystone_fernet container runs token rotate on multiple hosts | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Actually it is more complicated, due to:
# This controls the number of seconds that a token can be retrieved for beyond
# the built-in expiry time. This allows long running operations to succeed.
# Defaults to two days. (integer value)
#allow_
So we have three days of needing to read the tokens.
In that time we have 9 key rotations with three controllers, plus we want a staging key out there, plus one for wiggle room.