[openstack-dev] Key Manager blueprint updated

Jarret Raim jarret.raim at RACKSPACE.COM
Wed Apr 24 21:58:02 UTC 2013

As far as I know, the only actual implementation is CloudKeep. So far, the Intel effort has been mostly focused on the blueprint generation. I don't think there have been any APIs nailed down, just placeholders for resources and functionality. Malini can correct me if I'm wrong on that.

CloudKeep's goal is to have our blueprints updated and out this week / next. These will include some coarse grained API documentation, then we'll start refining that with feedback from everyone on the list as well as the existing blueprint that Malini has been working on. As our first customer, we're entirely focused on what Cinder needs to support volume encryption. Our feeling right now is that just getting that use case fleshed out and implemented in a production system is a good goal for Havana. 

As to the SSH key support for Nova, it's on our list. I'd love to have it done for Havana, but my current plan is to push hard to get support out for Cinder to integrate, then if we still have time in this cycle, to look at other OpenStack use cases like Nova, Swift, etc. If we can't make it for Havana, then those features would be in the I release. 

This all assumes that my devs continue to be the only code contributors. If there are folks from Intel or Cisco or wherever that want to join forces, we could get stuff out faster. 


-----Original Message-----
From: Nate Reller [mailto:rellerreller at yahoo.com] 
Sent: Wednesday, April 24, 2013 4:16 PM
To: Openstack-Dev
Subject: Re: [openstack-dev] Key Manager blueprint updated

Are there differences in the API between the two efforts?  When do you think you will have an API available for comment?  I saw the intel API on the blueprint specification, but I am not sure if that is going to change or not. 

> The Intel Key Manager effort (developed on the Openstack mailing list 
> with
> blueprints) and the Rackspace effort announced last week back  are 
> getting to know each other and collaborate. Early stages.

The volume encryption team is obviously very interested in the key manager.
Please keep us informed of the effort. We would like to know the APIs as soon as possible, so we can begin coding to an interface. That will make it easy for us to transition to a real key manager in future.

> Also need a close partner for using the keys from the Key Manager, the 
> volume encryption folks. Or a simpler first use, saving the Nova 
> public certificates that are injected into VMs to support ssh.

Any timeline on when this would happen?

> The only published blueprint is mine, and as good a placeholder for 
> your comments/feedback as any other, or this mailing list.
> A first successful Intel/Rackspace co-operation would be a revised 
> blueprint, and sub-blueprints (representing feature coding chunks) and 
> publishing a git repository for code and community contributions.


OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org

More information about the OpenStack-dev mailing list