[openstack-dev] [Fuel] SSL feature status

Sheena Gregson sgregson at mirantis.com
Wed Jul 22 12:51:53 UTC 2015

I believe the last time we discussed this, the majority of people were in
favor of enabling SSL by default for all public endpoints, which would be
my recommendation.

As a reminder, this will mean that users will see a certificate warning the
first time they access the Fuel UI.  We should document this as a known
user experience and provide instructions for users to swap out the
self-signed certificates that are enabled by default for their own internal
CA certificates/3rd party certificates.

*From:* Mike Scherbakov [mailto:mscherbakov at mirantis.com]
*Sent:* Wednesday, July 22, 2015 1:12 AM
*To:* Stanislaw Bogatkin; Sheena Gregson
*Cc:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [Fuel] SSL feature status

Thanks Stas. My opinion is that it has to be enabled by default. I'd like
product management to shine in here. Sheena?

On Tue, Jul 21, 2015 at 11:06 PM Stanislaw Bogatkin <sbogatkin at mirantis.com>


we have a spec that says we disable SSL by default and it was successfully
merged with that, no one was against such decision. So, if we want to
enable it by default now - we can. It should be done as a part of our usual
process, I think - I'll create a bug for it and fix it.

Current status of feature is next:

1. All codebase for SSL is merged

2. Some tests for it writing my QA - not all of them are done yet.

I'll update blueprints as soon as possible. Sorry for inconvenience.

On Mon, Jul 20, 2015 at 8:44 PM, Mike Scherbakov <mscherbakov at mirantis.com>

Hi guys,

did we enable SSL for Fuel Master node and OpenStack REST API endpoints by
default? If not, let's enable it by default. I don't know why we should not.

Looks like we need to update blueprints as well [1], [2], as they don't
seem to reflect current status of the feature.

[1] https://blueprints.launchpad.net/fuel/+spec/ssl-endpoints

[2] https://blueprints.launchpad.net/fuel/+spec/fuel-ssl-endpoints

Stas, as you've been working on it, can you please provide current status?



Mike Scherbakov


Mike Scherbakov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150722/5cb607d8/attachment.html>

More information about the OpenStack-dev mailing list