Hi Jamie Thanks for sharing Keystone's v3 credential api. ( I didn't know this..) Neutron VPN can use this api ! :)
Best Nachi 2013/7/1 Jamie Lennox <jlen...@redhat.com>: > On Mon, 2013-07-01 at 14:09 -0700, Nachi Ueno wrote: >> Hi folks >> >> I'm interested in it too. >> I'm working on VPN support for Neutron. >> Public key authentication is one of feature milestone in the IPsec >> implementation. >> But I believe key-pair management api and the implementation will be >> quite similar in Key for IPsec and Nova. >> >> so I'm +1 for moving key management for Keystone. >> >> Best >> Nachi > > I don't know how nova's keypair management works but i assume we are > talking about keys for ssh-ing into new virtual machines rather than > keys for authentication against nova. > > Keystone's v3 api has credentials storage (see > https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md > ), is this sufficient on behalf of keystone? There is some support in the > current master of keystoneclient for working with these credentials. > > Otherwise would the upcoming barbican be a more appropriate place? > > If i've got this wrong and we are using these keys to actually > authenticate against nova then if someone can point me to the code i'll > see how hard it is to transfer to keystone. > >> >> >> 2013/7/1 Thierry Carrez <thie...@openstack.org>: >> > Russell Bryant wrote: >> >> On 07/01/2013 01:10 PM, Jay Pipes wrote: >> >>> On 07/01/2013 12:23 PM, Mauro S M Rodrigues wrote: >> >>>> +1.. make sense to me, I always thought that was weird hehe >> >>>> Say the word and we will remove it from v3. >> >>> >> >>> Well, it's not weird, per-se... I mean I understand why it is the way it >> >>> is. Nova, of course, preceded Keystone. >> >>> >> >>> But, it sounds like this would be something to put on the Icehouse >> >>> horizon? Can the Nova and Keystone PTLs comment if there is interest in >> >>> this? >> >> >> >> There is interest from me. Dolph? >> > >> > Dolph is not around this week, so the answer may take a while :) >> > >> > -- >> > Thierry Carrez (ttx) >> > >> > _______________________________________________ >> > OpenStack-dev mailing list >> > OpenStack-dev@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
