question on plain text config parameters encryption feature
Dear OpenStack community,
we are developing plain text config secrets encryption feature according to the next specification:
https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/pro...
We started from Glance OS service and submitted two patchsets already:
https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865
Now we have two questions that we need to clarify to proceed our work on that feature and finish our development:
1. Is it correct that we need to develop more patchsets to rework some logic of encryption mechanism according to comment to 'files/encypt_secrets.py' script that arised at the second patchset (PatchSet 2) dated Nov/30/2021 ? Comment is by Dmitry Rabotyagov: "We _really_ should make it as an ansible plugin and re-work logic"
2. We wish to have such feature in previous releases also, not just in upcoming Yoga or Zed. Stein, Train and Victoria - it would be excellent to have plain text secrets encryption with these releases also. So question is how is it possible to use our feature in those releases also? Can we push some backports to those releases openstack-ansible repo?
Best regards and wishes, Alex Yeremko This E-Mail (including any attachments) may contain privileged or confidential information. It is intended only for the addressee(s) indicated above. The sender does not waive any of its rights, privileges or other protections respecting this information. Any distribution, copying or other use of this E-Mail or the information it contains, by other than an intended recipient, is not sanctioned and is prohibited. If you received this E-Mail in error, please delete it and advise the sender (by return E-Mail or otherwise) immediately. Any calls held by you with Connectria may be recorded by an automated note taking system to ensure prompt follow up and for information collection purposes, and your attendance on any calls with Connectria confirms your consent to this. Any E-mail received by or sent from Connectria is subject to review by Connectria supervisory personnel.
Happy Monday OpenStack community, I hope everyone is doing well and staying safe.
Coming back to the questions that Alex raised previous week. Did you have a chance to review our request?
Thank you, Yuliia Romanova ________________________________ From: Alexander Yeremko a.yeremko@connectria.com Sent: Tuesday, March 22, 2022 1:11 PM To: openstack-discuss@lists.openstack.org openstack-discuss@lists.openstack.org Cc: Tina Wisbiski t.wisbiski@connectria.com; Kelsi Parenteau k.parenteau@connectria.com; Yuliia Romanova y.romanova@connectria.com Subject: question on plain text config parameters encryption feature
Dear OpenStack community,
we are developing plain text config secrets encryption feature according to the next specification:
https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/pro...
We started from Glance OS service and submitted two patchsets already:
https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865
Now we have two questions that we need to clarify to proceed our work on that feature and finish our development:
1. Is it correct that we need to develop more patchsets to rework some logic of encryption mechanism according to comment to 'files/encypt_secrets.py' script that arised at the second patchset (PatchSet 2) dated Nov/30/2021 ? Comment is by Dmitry Rabotyagov: "We _really_ should make it as an ansible plugin and re-work logic"
2. We wish to have such feature in previous releases also, not just in upcoming Yoga or Zed. Stein, Train and Victoria - it would be excellent to have plain text secrets encryption with these releases also. So question is how is it possible to use our feature in those releases also? Can we push some backports to those releases openstack-ansible repo?
Best regards and wishes, Alex Yeremko This E-Mail (including any attachments) may contain privileged or confidential information. It is intended only for the addressee(s) indicated above. The sender does not waive any of its rights, privileges or other protections respecting this information. Any distribution, copying or other use of this E-Mail or the information it contains, by other than an intended recipient, is not sanctioned and is prohibited. If you received this E-Mail in error, please delete it and advise the sender (by return E-Mail or otherwise) immediately. Any calls held by you with Connectria may be recorded by an automated note taking system to ensure prompt follow up and for information collection purposes, and your attendance on any calls with Connectria confirms your consent to this. Any E-mail received by or sent from Connectria is subject to review by Connectria supervisory personnel.
participants (2)
-
Alexander Yeremko
-
Yuliia Romanova