[openstack-ansible] Re: plain text config parameters encryption feature

Jonathan Rosser jonathan.rosser at rd.bbc.co.uk
Mon Apr 4 14:45:15 UTC 2022 

Hello,


I think these messages have gone un-noticed by the openstack-ansible 
team due to the missing tags in the topic line of these messages, see 
https://docs.openstack.org/project-team-guide/open-community.html#mailing-lists.


In general stable branches only have bugfixes backported, not new 
features. The openstack stable branches are described here 
https://docs.openstack.org/project-team-guide/stable-branches.html#appropriate-fixes.


Regarding the patch sets you have created, review of those should happen 
in the gerrit comments, as Dimitry has already started. The changes 
would need to be appropriate in the wider context of openstack-ansible. 
Please join the IRC channel #openstack-ansible if you'd like to discuss 
more in real-time.


Regards,
Jonathan.


On 04/04/2022 14:40, Kelsi Parenteau wrote:
> Good morning Openstack,
>
> I hope this message finds you well. I wanted to follow up from Alex's 
> last email below to help to clarify our questions here. We're reaching 
> out to ask your reviewers for their feedback on what had changed on 
> your side during our course of work. 
> https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865
>
> We had been working with your team over many months, and had been 
> tracking to commit the code upstream. We were not sure why the 
> Openstack reviewers had not brought up this potential concern for us 
> earlier on in our discussions to be addressed.
>
> Can you please advise us why that particular comment regarding the 
> requirement for this to be an ansible plugin stops us from being able 
> to commit the code?
>
> We look forward to your feedback here, and would be happy to schedule 
> a call as well to talk this through. Please let us know if you have 
> any questions.
>
> Thank you,
>
> *
> *
>
>
> *Kelsi Parenteau, PMP, PMI-ACP, CSM*
>
> Senior Project Manager
>
> d: 586.473.1230 I m: 313.404.3214//
>
> //
>
> <https://www.linkedin.com/company/wsm-international>
>
>
> ------------------------------------------------------------------------
> *From:* Alexander Yeremko <a.yeremko at connectria.com>
> *Sent:* Tuesday, March 29, 2022 4:10 PM
> *To:* openstack-discuss at lists.openstack.org 
> <openstack-discuss at lists.openstack.org>
> *Cc:* Tina Wisbiski <t.wisbiski at connectria.com>; Kelsi Parenteau 
> <k.parenteau at connectria.com>; Yuliia Romanova <y.romanova at connectria.com>
> *Subject:* plain text config parameters encryption feature
> Dear OpenStack community,
>
> we are developingplaintextconfigsecretsencryptionfeatureaccording to 
> the next specification:
>
> https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/protecting-plaintext-configs.html
>
> We started from Glance OS service and submitted two patchsets already:
>
> https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865
>
> Now we have two questions that we need to clarify to proceed our work 
> on thatfeatureand finish our development:
>
> 1. Is it correct that we need to develop more patchsets to rework some 
> logic ofencryptionmechanism according
> to comment to 'files/encypt_secrets.py' script that arised at the 
> second patchset (PatchSet 2) dated Nov/30/2021 ?
> Comment is by Dmitry Rabotyagov: "We _really_ should make it as an 
> ansible plugin and re-work logic"
>
> 2. We wish to have suchfeaturein previous releases also, not just in 
> upcoming Yoga or Zed.
> Stein, Train and Victoria - it would be excellent to 
> haveplaintextsecretsencryptionwith these releases also.
> So question is how is it possible to use ourfeaturein those releases 
> also? Can we push some backports to those releases openstack-ansible repo?
>
> Could someone be so kind and give us answers?
>
> Best regards and wishes,
> Alex Yeremko
> This E-Mail (including any attachments) may contain privileged or 
> confidential information. It is intended only for the addressee(s) 
> indicated above. The sender does not waive any of its rights, 
> privileges or other protections respecting this information. Any 
> distribution, copying or other use of this E-Mail or the information 
> it contains, by other than an intended recipient, is not sanctioned 
> and is prohibited. If you received this E-Mail in error, please delete 
> it and advise the sender (by return E-Mail or otherwise) immediately. 
> Any calls held by you with Connectria may be recorded by an automated 
> note taking system to ensure prompt follow up and for information 
> collection purposes, and your attendance on any calls with Connectria 
> confirms your consent to this. Any E-mail received by or sent from 
> Connectria is subject to review by Connectria supervisory personnel. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220404/16b794b4/attachment.htm>

More information about the openstack-discuss mailing list