-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To speak to this a bit further both Jessica and I work at places which build out ephemeral infrastructure and you're absolutely correct. There is a bit of nuance here in what each of us means when we say managed configurations. In my case machines have a lifecycle. They come and they go, but if you need to "update" the machine you don't use a tool like Ansible, Puppet, Chef, etc to change the active running state of a host. This isn't to say that they're managed manually. This is truely treating them like the promise of OpenStack of having unicorns and having robots. You completely re-deploy those robots. This is true for bare metal as well as cloud providers.Â
While this presents a challenge due to the level of trust afforded to a node the longer it has been run, I'm looking to walk before running here.
Thinking of it in terms of an affinity group, each member can attest that they're part of the group, but this is more so that members of other federations know the scope of interaction.
"Lets say you are about to deploy 100 relays within the next week." - ÂTake this an order of magnitude greater and we're on the right track with the correct scale. It is a regular occurrence for our users to deploy 500 to 5000 nodes at a time. This is not the scale that everyone uses, obviously, but in that case generating 1000 relay keys and coordinating that key distribution dance across the same number of nodes (more than likely in highly distributed environments) seems to bring more questions than it answers (securing the keys for those nodes, securely distributing them, etc). When compounding you concern about the network cost for "spare" nodes, I would say this turns it into a no-go as the whole point was to be able to deploy these nodes in the most productive, network friendly mechanism possible.
- --redbeard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJW21AJAAoJEJM/VAg9bfVm62UQAJgM5y3iZ7tjrN6S7kmOViIe
VY5yvqYA9nP1QOCVBhERlZ5Qh6Db7igj37qZF1l4wtKnxFz8QizeNgvs2/fL9ZUA
h5r6TOawpiEvRrx7x6TWN3Pkj2/V1wYXRya/KakpKUzdXbjbEZJ9HIUIJL2/6tNv
VWJxVmsrQ8DHAkudn/7ZY6ZcT1nUo4Ai/WrdDzG8j8KLwARmL5LwbzOQBy2dZ9Or
f9b35jyBSkdi8Rf24NZPOAMa7y6N2alnz/EY2knFhn5toxe7ZGnmoGMZ//IOBeoH
rrz8wyqXcDA9dJYm4obQRD9k9Aj+lW4pYLcB1kThxQmtx6XJt/MBm2NpZ6CmKcJp
P+LtJijpfcKhQhFGEVs3dyUoZwq9rDMdtBOEo40OOoEKsEj7rlJlbysLr+eFwXFZ
lscuwx+CcQjJNe6Yu3X2igRiU+mswFQenESpu29K2eYKrNFb2UjSFtZB2wgfWQPq
3P3H5JLGa5VEw00L8SZy7B1oN8jccwDIv/LG/EnkJontafp+dP9kQ6cuH/LhULrt
ugTZ5A2epSP8LtanTP4PyOIUWnWjlVAJB8N+B6nYf7OWwehyDpelqIh051oL7rhg
oFwVcjNx2Rp6sK8jXWmb8rUl3zIRorrSHBFKPvbbM1aK1Y7+tOYAJakBsuAtMFWt
p351VcOnjCZ855dKaDmm
=KZkp
-----END PGP SIGNATURE-----