[openstack-dev] [Fuel] SSL feature status
Mike Scherbakov
mscherbakov at mirantis.com
Wed Jul 22 21:21:11 UTC 2015
Sergii - I hope there will be no need to turn it off. Let's just enable it
asap and tests against it.
Thanks,
On Wed, Jul 22, 2015 at 8:28 AM Sergii Golovatiuk <sgolovatiuk at mirantis.com>
wrote:
> Sheena,
>
> We may turn off SSL right before the release. However, to test it better,
> I would turn it on. In this case every CI run will be helping to test it
> better.
>
> --
> Best regards,
> Sergii Golovatiuk,
> Skype #golserge
> IRC #holser
>
> On Wed, Jul 22, 2015 at 5:51 AM, Sheena Gregson <sgregson at mirantis.com>
> wrote:
>
>> I believe the last time we discussed this, the majority of people were in
>> favor of enabling SSL by default for all public endpoints, which would be
>> my recommendation.
>>
>>
>>
>> As a reminder, this will mean that users will see a certificate warning
>> the first time they access the Fuel UI. We should document this as a known
>> user experience and provide instructions for users to swap out the
>> self-signed certificates that are enabled by default for their own internal
>> CA certificates/3rd party certificates.
>>
>>
>>
>> *From:* Mike Scherbakov [mailto:mscherbakov at mirantis.com]
>> *Sent:* Wednesday, July 22, 2015 1:12 AM
>> *To:* Stanislaw Bogatkin; Sheena Gregson
>> *Cc:* OpenStack Development Mailing List (not for usage questions)
>> *Subject:* Re: [Fuel] SSL feature status
>>
>>
>>
>> Thanks Stas. My opinion is that it has to be enabled by default. I'd like
>> product management to shine in here. Sheena?
>>
>>
>>
>>
>>
>> On Tue, Jul 21, 2015 at 11:06 PM Stanislaw Bogatkin <
>> sbogatkin at mirantis.com> wrote:
>>
>> Hi,
>>
>>
>>
>> we have a spec that says we disable SSL by default and it was
>> successfully merged with that, no one was against such decision. So, if we
>> want to enable it by default now - we can. It should be done as a part of
>> our usual process, I think - I'll create a bug for it and fix it.
>>
>>
>>
>> Current status of feature is next:
>>
>> 1. All codebase for SSL is merged
>>
>> 2. Some tests for it writing my QA - not all of them are done yet.
>>
>>
>>
>> I'll update blueprints as soon as possible. Sorry for inconvenience.
>>
>>
>>
>> On Mon, Jul 20, 2015 at 8:44 PM, Mike Scherbakov <
>> mscherbakov at mirantis.com> wrote:
>>
>> Hi guys,
>>
>> did we enable SSL for Fuel Master node and OpenStack REST API endpoints
>> by default? If not, let's enable it by default. I don't know why we should
>> not.
>>
>>
>>
>> Looks like we need to update blueprints as well [1], [2], as they don't
>> seem to reflect current status of the feature.
>>
>>
>>
>> [1] https://blueprints.launchpad.net/fuel/+spec/ssl-endpoints
>>
>> [2] https://blueprints.launchpad.net/fuel/+spec/fuel-ssl-endpoints
>>
>>
>>
>> Stas, as you've been working on it, can you please provide current status?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> --
>>
>> Mike Scherbakov
>> #mihgen
>>
>>
>>
>> --
>>
>> Mike Scherbakov
>> #mihgen
>>
>> __________________________________________________________________________
>
>
>> OpenStack Development Mailing List (not for usage questions)
>>
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Mike Scherbakov
#mihgen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150722/5fd9ed69/attachment.html>
More information about the OpenStack-dev
mailing list