[openstack-tc] Having a conversation about Barbican as a required platform element
Sean Dague
sean at dague.net
Wed Aug 17 12:00:23 UTC 2016
The only thing we've really decided is non Optional for OpenStack is
keystone up until this point. So, I'm not even sure how we start this
next conversation, which is why I'm starting it on the tc list to figure
out next steps.
Over the past many cycles, Nova / Cinder have been bringing in
encryption facilities. Volumes encryption (which needs coordination
between the 2) is the first bit of this. Non volume disks at rest is
definitely another thing that is desired by folks investing in Barbican.
This is one of the best ways to secure tenants against each other, so
that when you boot up you can't just run 'strings /dev/sda' and pull out
content about people that were on the machine before you.
However, in the current state of the world, Barbican remains optional.
It came in too late to be in defcore by default, and it has a low
deployment rate.
That optionality is slowing down these security features. And making
everything have to go through awkward layers of building fake key
managers that ship as default with projects -
https://github.com/openstack/nova/blob/6a5e36f52ce29a1cc1825ab751c5c5008efe1cbf/nova/keymgr/conf_key_mgr.py#L49.
Plus, building a secure key manager is hard. Doing it multiple times
poorly, even for testing, really takes a hit on the security front.
It feels like we should consider making Barbican non optional, as these
kinds of security features feel like good things to be available out of
the box with sane defaults. But, given the current structure I'm not
sure what conversation we need to have to do that. Is this just a TC
agenda item? Is this a giant ML thread in which 5 other projects want to
become non optional (and thus the whole effort dies out)? What are the
defcore implications? Does the Nova/Cinder team have the ability to make
it non optional and everyone else just has to accept that?
So, this is more about what is the next way to have this conversation,
as I think this kind of state transition is one we haven't had in a
while. And I'd like to get this percolating far enough in advance of
Barcelona, that we provide space for the conversation there if we need it.
-Sean
--
Sean Dague
http://dague.net
More information about the OpenStack-TC
mailing list