[openstack-dev] [nova] global or per-project specific ssl config options, or both?

Davanum Srinivas davanum at gmail.com
Thu Dec 4 12:02:17 UTC 2014


+1 to @markmc's "default is global value and override for project
specific key" suggestion.

-- dims



On Wed, Dec 3, 2014 at 11:57 PM, Matt Riedemann
<mriedem at linux.vnet.ibm.com> wrote:
> I've posted this to the 12/4 nova meeting agenda but figured I'd socialize
> it here also.
>
> SSL options - do we make them per-project or global, or both? Neutron and
> Cinder have config-group specific SSL options in nova, Glance is using oslo
> sslutils global options since Juno which was contentious for a time in a
> separate review in Icehouse [1].
>
> Now [2] wants to break that out for Glance, but we also have a patch [3] for
> Keystone to use the global oslo SSL options, we should be consistent, but
> does that require a blueprint now?
>
> In the Icehouse patch, markmc suggested using a DictOpt where the default
> value is the global value, which could be coming from the oslo [ssl] group
> and then you could override that with a project-specific key, e.g. cinder,
> neutron, glance, keystone.
>
> [1] https://review.openstack.org/#/c/84522/
> [2] https://review.openstack.org/#/c/131066/
> [3] https://review.openstack.org/#/c/124296/
>
> --
>
> Thanks,
>
> Matt Riedemann
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: https://twitter.com/dims



More information about the OpenStack-dev mailing list