<br><br>On Monday, July 1, 2013, Jamie Lennox wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Mon, 2013-07-01 at 14:09 -0700, Nachi Ueno wrote:<br>
> Hi folks<br>
><br>
> I'm interested in it too.<br>
> I'm working on VPN support for Neutron.<br>
> Public key authentication is one of feature milestone in the IPsec<br>
> implementation.<br>
> But I believe key-pair management api and the implementation will be<br>
> quite similar in Key for IPsec and Nova.<br>
><br>
> so I'm +1 for moving key management for Keystone.<br>
><br>
> Best<br>
> Nachi<br>
<br>
I don't know how nova's keypair management works but i assume we are<br>
talking about keys for ssh-ing into new virtual machines rather than<br>
keys for authentication against nova.<br>
<br>
Keystone's v3 api has credentials storage (see<br>
<a href="https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md" target="_blank">https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md</a> ), is this sufficient on behalf of keystone? There is some support in the current master of keystoneclient for working with these credentials.</blockquote>
<div><br></div><div><span style>+1; I'd like to know what the gap is from Iden</span><span style>tity API v3's /credentials to nova key pair API, if any. The credential API was </span><span style>intended to avoid making too many </span><span style>assumptions about how it would be used</span><span style>, so hopefully it can be adopted</span><span style></span><span style> as it is for EC2 creds</span><span style> today.</span><br>
</div><div><span></span> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Otherwise would the upcoming barbican be a more appropriate place?<br>
<br>
If i've got this wrong and we are using these keys to actually<br>
authenticate against nova then if someone can point me to the code i'll<br>
see how hard it is to transfer to keystone.<br>
<br>
><br>
><br>
> 2013/7/1 Thierry Carrez <<a href="javascript:;" onclick="_e(event, 'cvml', 'thierry@openstack.org')">thierry@openstack.org</a>>:<br>
> > Russell Bryant wrote:<br>
> >> On 07/01/2013 01:10 PM, Jay Pipes wrote:<br>
> >>> On 07/01/2013 12:23 PM, Mauro S M Rodrigues wrote:<br>
> >>>> +1.. make sense to me, I always thought that was weird hehe<br>
> >>>> Say the word and we will remove it from v3.<br>
> >>><br>
> >>> Well, it's not weird, per-se... I mean I understand why it is the way it<br>
> >>> is. Nova, of course, preceded Keystone.<br>
> >>><br>
> >>> But, it sounds like this would be something to put on the Icehouse<br>
> >>> horizon? Can the Nova and Keystone PTLs comment if there is interest in<br>
> >>> this?<br>
> >><br>
> >> There is interest from me. Dolph?<br>
> ><br>
> > Dolph is not around this week, so the answer may take a while :)<br>
> ><br>
> > --<br>
> > Thierry Carrez (ttx)<br>
> ><br>
> > _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > <a href="javascript:;" onclick="_e(event, 'cvml', 'OpenStack-dev@lists.openstack.org')">OpenStack-dev@lists.openstack.org</a><br>
> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="javascript:;" onclick="_e(event, 'cvml', 'OpenStack-dev@lists.openstack.org')">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="javascript:;" onclick="_e(event, 'cvml', 'OpenStack-dev@lists.openstack.org')">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote><br><br>-- <br><div><br></div>-Dolph<br>