Open Stack

Sheena,

We may turn off SSL right before the release. However, to test it better, I
would turn it on. In this case every CI run will be helping to test it
better.

--
Best regards,
Sergii Golovatiuk,
Skype #golserge
IRC #holser

On Wed, Jul 22, 2015 at 5:51 AM, Sheena Gregson <sgregson at mirantis.com>
wrote:

> I believe the last time we discussed this, the majority of people were in
> favor of enabling SSL by default for all public endpoints, which would be
> my recommendation.
>
>
>
> As a reminder, this will mean that users will see a certificate warning
> the first time they access the Fuel UI.  We should document this as a known
> user experience and provide instructions for users to swap out the
> self-signed certificates that are enabled by default for their own internal
> CA certificates/3rd party certificates.
>
>
>
> *From:* Mike Scherbakov [mailto:mscherbakov at mirantis.com]
> *Sent:* Wednesday, July 22, 2015 1:12 AM
> *To:* Stanislaw Bogatkin; Sheena Gregson
> *Cc:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [Fuel] SSL feature status
>
>
>
> Thanks Stas. My opinion is that it has to be enabled by default. I'd like
> product management to shine in here. Sheena?
>
>
>
>
>
> On Tue, Jul 21, 2015 at 11:06 PM Stanislaw Bogatkin <
> sbogatkin at mirantis.com> wrote:
>
> Hi,
>
>
>
> we have a spec that says we disable SSL by default and it was successfully
> merged with that, no one was against such decision. So, if we want to
> enable it by default now - we can. It should be done as a part of our usual
> process, I think - I'll create a bug for it and fix it.
>
>
>
> Current status of feature is next:
>
> 1. All codebase for SSL is merged
>
> 2. Some tests for it writing my QA - not all of them are done yet.
>
>
>
> I'll update blueprints as soon as possible. Sorry for inconvenience.
>
>
>
> On Mon, Jul 20, 2015 at 8:44 PM, Mike Scherbakov <mscherbakov at mirantis.com>
> wrote:
>
> Hi guys,
>
> did we enable SSL for Fuel Master node and OpenStack REST API endpoints by
> default? If not, let's enable it by default. I don't know why we should not.
>
>
>
> Looks like we need to update blueprints as well [1], [2], as they don't
> seem to reflect current status of the feature.
>
>
>
> [1] https://blueprints.launchpad.net/fuel/+spec/ssl-endpoints
>
> [2] https://blueprints.launchpad.net/fuel/+spec/fuel-ssl-endpoints
>
>
>
> Stas, as you've been working on it, can you please provide current status?
>
>
>
> Thanks,
>
>
>
> --
>
> Mike Scherbakov
> #mihgen
>
>
>
> --
>
> Mike Scherbakov
> #mihgen
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150722/477d87d3/attachment.html>