[openstack-dev] [FUEL] Re: SSL in Fuel.
Sebastian Kalinowski
skalinowski at mirantis.com
Thu Sep 11 11:03:41 UTC 2014
I have some topics for [1] that I want to discuss:
1) Should we allow users to turn SSL on/off for Fuel master?
I think we should since some users may don't care about SSL and
enabling it will just make them unhappy (like warnings in browsers,
expiring certs).
2) Will we allow users (in first iteration) to use their own certs?
If we will (which I think we should and other people aslo seems to
share this point of view), we have some options for that:
A) Add informations to docs where to upload your own certificate on
master node (no UI) - less work, but requires a little more action from
users
B) Simple form in UI where user will be able to paste his certs -
little bit more work, user friendly
Are there any reasons we shouldn't do that?
3) How we will manage cert expiration?
Stanislaw proposed that we should show user a notification that will
tell user about cert expiration. We could check that in cron job.
I think that we should also allow user to generate a new cert in Fuel
if the old one will expire.
I'll also remove part about adding cert validation in fuel agent since it
would require a significant amount of work and it's not essential for first
iteration.
Best,
Sebastian
[1] https://blueprints.launchpad.net/fuel/+spec/fuel-ssl-endpoints
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140911/1fd56328/attachment.html>
More information about the OpenStack-dev
mailing list