[openstack-dev] [requirements][kolla][security] pycrypto vs cryptography
email at daviey.com
Tue Nov 8 22:01:47 UTC 2016
All of the credential generation is optional right? I mean, as far as
kolla is concerned - it doesn't *need* to generate the passwords... If
/etc/kolla/passwords.yml is created outside of kolla-genpwd, then kolla
isn't creating any credentials itself and the algorithm, entropy and policy
is transparent to kolla.
On 8 November 2016 at 21:50, Steven Dake (stdake) <stdake at cisco.com> wrote:
> Pavo has told me he has exceptions in place for everything related to
> Kolla. He says as long as we don’t use MD5, he is good to go for a 232
> node deploy with more to follow (assuming Kolla works out of the box at
> that scale - we have only tested 123 node scale).
> We do some basic PRNG to generate passwords, and some PKCS#11 (iirc) algos
> to generate passwords, and we also generate some ssh public/private keys.
> Hope the security context helps.
> Thanks everyone on his thread for providing guidance. RobC++ on article.
> On 11/8/16, 1:46 PM, "Clint Byrum" <clint at fewbar.com> wrote:
> >Excerpts from Ian Cordasco's message of 2016-11-08 16:11:26 -0500:
> >> Can I ask why FIPS compliance is a requirement for Kolla? This seems
> >> like an odd request for a deployment project.
> >Guessing it's for the modules that need to communicate securely with
> >OpenStack itself.
> >OpenStack Development Mailing List (not for usage questions)
> >Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev