[openstack-dev] [security] Security PTG Planning, x-project request for topics.

Luke Hinds lhinds at redhat.com
Wed Feb 28 09:25:16 UTC 2018


Hi Pino,

Thank you for your time demonstrating Tatu.

If you like we could incubate Tatu into the security SIG. This would mean
no change to project structure / governance etc, its more the project gains
a regular slot on our weekly meetings to help get patches reviewed and
encourage other contributors / feedback etc. We did this with projects such
as Bandit before, until it found its own legs and momentum.

Cheers,

Luke


On Mon, Feb 12, 2018 at 8:45 AM, Luke Hinds <lhinds at redhat.com> wrote:

>
>
> On Sun, Feb 11, 2018 at 4:01 PM, Pino de Candia <
> giuseppe.decandia at gmail.com> wrote:
>
>> I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it
>> from the slides.
>>
>
> Thanks Pino , i added these to the agenda:
>
> https://etherpad.openstack.org/p/security-ptg-rocky
>
> Please let me know before the PTG, if it will be your colleague or if we
> need to find a projector to conference you in.
>
>
>> On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candia <
>> giuseppe.decandia at gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> here are the slides for the Tatu presentation: https://docs.goo
>>> gle.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM
>>>
>>> I meant to record the demo video as well but I haven't gotten around to
>>> editing all the bits. Please stay tuned.
>>>
>>> thanks,
>>> Pino
>>>
>>>
>>> On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia <
>>> giuseppe.decandia at gmail.com> wrote:
>>>
>>>> Hi Luke,
>>>>
>>>> Fantastic! An hour would be great if the schedule allows - there are
>>>> lots of different aspects we can dive into and potential future directions
>>>> the project can take.
>>>>
>>>> thanks!
>>>> Pino
>>>>
>>>>
>>>>
>>>> On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds <lhinds at redhat.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia <
>>>>> giuseppe.decandia at gmail.com> wrote:
>>>>>
>>>>>> Hi Folks,
>>>>>>
>>>>>> I know the request is very late, but I wasn't aware of this SIG until
>>>>>> recently. Would it be possible to present a new project to the Security SIG
>>>>>> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the
>>>>>> project, sign on users and contributors and get feedback.
>>>>>>
>>>>>> For the past few months I have been working on a new project - Tatu
>>>>>> [1]- to automate the management of SSH certificates (for both users and
>>>>>> hosts) in OpenStack. Tatu allows users to generate SSH certificates with
>>>>>> principals based on their Project role assignments, and VMs automatically
>>>>>> set up their SSH host certificate (and related config) via Nova vendor
>>>>>> data. The project also manages bastions and DNS entries so that users don't
>>>>>> have to assign Floating IPs for SSH nor remember IP addresses.
>>>>>>
>>>>>> I have a working demo (including Horizon panels [2] and OpenStack CLI
>>>>>> [3]), but am still working on the devstack script and patches [4] to get
>>>>>> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a
>>>>>> demo video in the next few days.
>>>>>>
>>>>>> best regards,
>>>>>> Pino
>>>>>>
>>>>>>
>>>>>> References:
>>>>>>
>>>>>>    1. https://github.com/pinodeca/tatu (Please note this is still
>>>>>>    very much a work in progress, lots of TODOs in the code, very little
>>>>>>    testing and documentation doesn't reflect the latest design).
>>>>>>    2. https://github.com/pinodeca/tatu-dashboard
>>>>>>    3. https://github.com/pinodeca/python-tatuclient
>>>>>>    4. https://review.openstack.org/#/q/tatu
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Hi Giuseppe, of course you can! I will add you to the agenda. We could
>>>>> get your an hour if it allows more time for presenting and post discussion?
>>>>>
>>>>> We will be meeting in an allocated room on Monday (details to follow).
>>>>>
>>>>> https://etherpad.openstack.org/p/security-ptg-rocky
>>>>>
>>>>> Luke
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds <lhinds at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young <ayoung at redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Bug 968696 and System Roles.   Needs to be addressed across the
>>>>>>>> Service catalog.
>>>>>>>>
>>>>>>>
>>>>>>> Thanks Adam, will add it to the list. I see it's been open since
>>>>>>> 2012!
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds <lhinds at redhat.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Just a reminder as we have not had many uptakes yet..
>>>>>>>>>
>>>>>>>>> Are there any projects (new and old) that would like to make use
>>>>>>>>> of the security SIG for either gaining another perspective on security
>>>>>>>>> challenges / blueprints etc or for help gaining some cross project
>>>>>>>>> collaboration?
>>>>>>>>>
>>>>>>>>> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds <lhinds at redhat.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hello All,
>>>>>>>>>>
>>>>>>>>>> I am seeking topics for the PTG from all projects, as this will
>>>>>>>>>> be where we try out are new form of being a SIG.
>>>>>>>>>>
>>>>>>>>>> For this PTG, we hope to facilitate more cross project
>>>>>>>>>> collaboration topics now that we are a SIG, so if your project has a
>>>>>>>>>> security need / problem / proposal than please do use the security SIG room
>>>>>>>>>> where a larger audience may be present to help solve problems and gain
>>>>>>>>>> x-project consensus.
>>>>>>>>>>
>>>>>>>>>> Please see our PTG planning pad [0] where I encourage you to add
>>>>>>>>>> to the topics.
>>>>>>>>>>
>>>>>>>>>> [0] https://etherpad.openstack.org/p/security-ptg-rocky
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Luke Hinds
>>>>>>>>>> Security Project PTL
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ____________________________________________________________
>>>>>>>>> ______________
>>>>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>>>>>> enstack.org?subject:unsubscribe
>>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> ____________________________________________________________
>>>>>>>> ______________
>>>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>>>>> enstack.org?subject:unsubscribe
>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
>>>>>>> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>>>>>>>
>>>>>>> ____________________________________________________________
>>>>>>> ______________
>>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>>>> enstack.org?subject:unsubscribe
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ____________________________________________________________
>>>>>> ______________
>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>> Unsubscribe: OpenStack-dev-request at lists.op
>>>>>> enstack.org?subject:unsubscribe
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
>>>>> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
>



-- 
Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180228/a173705c/attachment.html>


More information about the OpenStack-dev mailing list