[openstack-dev] [security] Security PTG Planning, x-project request for topics.

Giuseppe de Candia giuseppe.decandia at gmail.com
Tue Feb 6 16:52:59 UTC 2018


Hi Luke,

Fantastic! An hour would be great if the schedule allows - there are lots
of different aspects we can dive into and potential future directions the
project can take.

thanks!
Pino



On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds <lhinds at redhat.com> wrote:

>
>
> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia <
> giuseppe.decandia at gmail.com> wrote:
>
>> Hi Folks,
>>
>> I know the request is very late, but I wasn't aware of this SIG until
>> recently. Would it be possible to present a new project to the Security SIG
>> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the
>> project, sign on users and contributors and get feedback.
>>
>> For the past few months I have been working on a new project - Tatu [1]-
>> to automate the management of SSH certificates (for both users and hosts)
>> in OpenStack. Tatu allows users to generate SSH certificates with
>> principals based on their Project role assignments, and VMs automatically
>> set up their SSH host certificate (and related config) via Nova vendor
>> data. The project also manages bastions and DNS entries so that users don't
>> have to assign Floating IPs for SSH nor remember IP addresses.
>>
>> I have a working demo (including Horizon panels [2] and OpenStack CLI
>> [3]), but am still working on the devstack script and patches [4] to get
>> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a
>> demo video in the next few days.
>>
>> best regards,
>> Pino
>>
>>
>> References:
>>
>>    1. https://github.com/pinodeca/tatu (Please note this is still very
>>    much a work in progress, lots of TODOs in the code, very little testing and
>>    documentation doesn't reflect the latest design).
>>    2. https://github.com/pinodeca/tatu-dashboard
>>    3. https://github.com/pinodeca/python-tatuclient
>>    4. https://review.openstack.org/#/q/tatu
>>
>>
>>
>>
> Hi Giuseppe, of course you can! I will add you to the agenda. We could get
> your an hour if it allows more time for presenting and post discussion?
>
> We will be meeting in an allocated room on Monday (details to follow).
>
> https://etherpad.openstack.org/p/security-ptg-rocky
>
> Luke
>
>
>
>
>>
>>
>> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds <lhinds at redhat.com> wrote:
>>
>>>
>>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young <ayoung at redhat.com> wrote:
>>>
>>>> Bug 968696 and System Roles.   Needs to be addressed across the Service
>>>> catalog.
>>>>
>>>
>>> Thanks Adam, will add it to the list. I see it's been open since 2012!
>>>
>>>
>>>>
>>>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds <lhinds at redhat.com> wrote:
>>>>
>>>>> Just a reminder as we have not had many uptakes yet..
>>>>>
>>>>> Are there any projects (new and old) that would like to make use of
>>>>> the security SIG for either gaining another perspective on security
>>>>> challenges / blueprints etc or for help gaining some cross project
>>>>> collaboration?
>>>>>
>>>>> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds <lhinds at redhat.com> wrote:
>>>>>
>>>>>> Hello All,
>>>>>>
>>>>>> I am seeking topics for the PTG from all projects, as this will be
>>>>>> where we try out are new form of being a SIG.
>>>>>>
>>>>>> For this PTG, we hope to facilitate more cross project collaboration
>>>>>> topics now that we are a SIG, so if your project has a security need /
>>>>>> problem / proposal than please do use the security SIG room where a larger
>>>>>> audience may be present to help solve problems and gain x-project consensus.
>>>>>>
>>>>>> Please see our PTG planning pad [0] where I encourage you to add to
>>>>>> the topics.
>>>>>>
>>>>>> [0] https://etherpad.openstack.org/p/security-ptg-rocky
>>>>>>
>>>>>> --
>>>>>> Luke Hinds
>>>>>> Security Project PTL
>>>>>>
>>>>>
>>>>>
>>>>> ____________________________________________________________
>>>>> ______________
>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>> enstack.org?subject:unsubscribe
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>
>>>> ____________________________________________________________
>>>> ______________
>>>> OpenStack Development Mailing List (not for usage questions)
>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>> enstack.org?subject:unsubscribe
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
>>> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>>>
>>> ____________________________________________________________
>>> ______________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: OpenStack-dev-request at lists.op
>>> enstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> ____________________________________________________________
>> ______________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib
>> e
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180206/71af81a5/attachment.html>


More information about the OpenStack-dev mailing list