[openstack-dev] [security] Security PTG Planning, x-project request for topics.

Giuseppe de Candia giuseppe.decandia at gmail.com
Tue Feb 6 16:21:46 UTC 2018 

Hi Folks,

I know the request is very late, but I wasn't aware of this SIG until
recently. Would it be possible to present a new project to the Security SIG
at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the
project, sign on users and contributors and get feedback.

For the past few months I have been working on a new project - Tatu [1]- to
automate the management of SSH certificates (for both users and hosts) in
OpenStack. Tatu allows users to generate SSH certificates with principals
based on their Project role assignments, and VMs automatically set up their
SSH host certificate (and related config) via Nova vendor data. The project
also manages bastions and DNS entries so that users don't have to assign
Floating IPs for SSH nor remember IP addresses.

I have a working demo (including Horizon panels [2] and OpenStack CLI [3]),
but am still working on the devstack script and patches [4] to get Tatu's
repositories into OpenStack's GitHub and Gerrit. I'll try to post a demo
video in the next few days.

best regards,
Pino


References:

   1. https://github.com/pinodeca/tatu (Please note this is still very much
   a work in progress, lots of TODOs in the code, very little testing and
   documentation doesn't reflect the latest design).
   2. https://github.com/pinodeca/tatu-dashboard
   3. https://github.com/pinodeca/python-tatuclient
   4. https://review.openstack.org/#/q/tatu





On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds <lhinds at redhat.com> wrote:

>
> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young <ayoung at redhat.com> wrote:
>
>> Bug 968696 and System Roles.   Needs to be addressed across the Service
>> catalog.
>>
>
> Thanks Adam, will add it to the list. I see it's been open since 2012!
>
>
>>
>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds <lhinds at redhat.com> wrote:
>>
>>> Just a reminder as we have not had many uptakes yet..
>>>
>>> Are there any projects (new and old) that would like to make use of the
>>> security SIG for either gaining another perspective on security challenges
>>> / blueprints etc or for help gaining some cross project collaboration?
>>>
>>> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds <lhinds at redhat.com> wrote:
>>>
>>>> Hello All,
>>>>
>>>> I am seeking topics for the PTG from all projects, as this will be
>>>> where we try out are new form of being a SIG.
>>>>
>>>> For this PTG, we hope to facilitate more cross project collaboration
>>>> topics now that we are a SIG, so if your project has a security need /
>>>> problem / proposal than please do use the security SIG room where a larger
>>>> audience may be present to help solve problems and gain x-project consensus.
>>>>
>>>> Please see our PTG planning pad [0] where I encourage you to add to the
>>>> topics.
>>>>
>>>> [0] https://etherpad.openstack.org/p/security-ptg-rocky
>>>>
>>>> --
>>>> Luke Hinds
>>>> Security Project PTL
>>>>
>>>
>>>
>>> ____________________________________________________________
>>> ______________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: OpenStack-dev-request at lists.op
>>> enstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> ____________________________________________________________
>> ______________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180206/d55cf14b/attachment.html>

More information about the OpenStack-dev mailing list