[openstack-dev] [nova][FFE] websocket-proxy-to-host-security

Daniel P. Berrange berrange at redhat.com
Fri Sep 5 12:53:57 UTC 2014


On Thu, Sep 04, 2014 at 12:59:07PM -0400, Solly Ross wrote:
> I would like to request a feature freeze exception for the Websocket Proxy to Host Security.
> The spec [1] was approved for Nova, and the patches [2] are currently sitting there with one
> +2 (courtesy of @danpb), with a +1 from Jenkins.
> 
> For a TL;DR on the spec, essentially this patch series implements a framework for authenticating
> and encrypting communication between the VNC proxy and the actual compute nodes, and then
> implements a TLS/x509 driver using that framework.
> 
> The patches don't touch much, and are enabled optionally, so they should be relatively "safe".

I think this is good work and want to see it in Nova. At the same time
though, the first version of this only got up onto review 2 weeks ago,
and I think other proposed FFEs are higher priority to approve.

So I'd sponsor it only if we have capacity after considering the other
items, specifically serial consols, SRIOV, Ironic and NUMA work.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|



More information about the OpenStack-dev mailing list