<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta content="text/html; charset=utf-8">
</head>
<body>
To be clear the IRC discussion is for Thursday 2015-07-09 at 23:30 UTC.<br>
<br>
-------- Original message --------<br>
From: Madhuri <madhuri.rai07@gmail.com> <br>
Date: 07/08/2015 6:18 PM (GMT-08:00) <br>
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org>
<br>
Subject: [openstack-dev] [Magnum][Anchor][Barbican] Magnum as a CA <br>
<br>
<div>
<div dir="ltr">
<div>Hi All,<br>
<br>
Magnum as a CA mainly aims at how certificates and keys for both client(magnum-conductor)<br>
and server(kube-apiserver) will be generated and who will be the CA.<br>
<br>
Blueprint Link: <a href="https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca">
https://blueprints.launchpad.net/magnum/+spec/magnum-as-a-ca</a><br>
<br>
Currently we have 3 options to generate certificates.<br>
<br>
<b>1. Write our own tool.</b><br>
In this approach, we will have our own tool to generate certificate signed by CA.<br>
A review has been submitted for it:<br>
<a href="https://review.openstack.org/#/c/199493/">https://review.openstack.org/#/c/199493/</a><br>
<br>
<br>
<b>2. Using Anchor.</b><br>
Anchor is an stackforge project that automates the verification of CSRs and signs certificates for clients.<br>
<a href="https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=https%3a%2f%2fgithub.com%2fstackforge%2fanchor" target="_blank">https://github.com/stackforge/anchor</a><br>
<br>
Anchor can be used to generate signed certificate.<br>
<br>
<b>3. Using Barbican.<br>
</b>Barbican can also be used for generating certificate signed by some CA plugins.<br>
<a href="https://mail.nectechnologies.in/owa/redir.aspx?C=WbmDv-KJVUmq2sEu4MFC0e-k5uFujdIIs7jarFb-BEGxx7iEgSFPZtTZ41n6FXvt-LMt_E0Efho.&URL=http%3a%2f%2fdocs.openstack.org%2fdeveloper%2fbarbican%2fplugin%2fcertificate.html" target="_blank">http://docs.openstack.org/developer/barbican/plugin/certificate.html</a><br>
<br>
Moreover it can also be used to store certificates securely.<br>
<br>
Folks, please provide your views on which is the most suitable option for adding TLS support in Magnum.<br>
<br>
</div>
Also, we will have a meeting on <b>#openstack-containers</b> at <b>23:30 UTC</b> to discuss the same. Request Barbican and Anchor developers also to join.<br>
<div><br>
<br>
<font face="Arial" color="000000" size="2">Regards<br>
Madhur<font color="000000">i</font><br>
</font></div>
</div>
</div>
</body>
</html>