[openstack-dev] [Neutron] Barbican Integration for Advanced Services
Adam Harwell
adam.harwell at RACKSPACE.COM
Fri Oct 3 22:11:36 UTC 2014
I've made an attempt at mapping out exactly how Neutron Advanced Services will communicate with Barbican to retrieve Certificate/Key info for TLS purposes. These diagrams have gone through several revisions, but are still an early draft of the interactions: http://imgur.com/a/4u6Oz
Note that these diagrams use Neutron-LBaaS as the example use-case, but the flow would be essentially the same for any service (FWaaS, VPNaaS, etc). The code that handles this will be in neutron/common/ so that it can be used by any extension. There is a WIP CR here (though right now it doesn't look anything like the final version, including very badly named and organized functions): https://review.openstack.org/#/c/123492/
Hopefully this is not a new concept, as I believe we agreed during the Atlanta summit that using Barbican to store TLS cert/key data was the appropriate path forward for Neutron (and other OpenStack projects).
I assume there may be other teams investigating very similar integration schemes as well, so if anyone has comments or suggestions, I'd love to hear them.
Thanks,
--Adam Harwell
https://keybase.io/rm_you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141003/f238ab1b/attachment.html>
More information about the OpenStack-dev
mailing list