On 11/21/2013 01:55 AM, Russell Bryant wrote:
Greetings,

I'd like to check in on the status of this API addition:

     https://review.openstack.org/#/c/40692/

The last comment is:

    "propose against stackforge as discussed at summit?"

Yes, it was discussed in a small group, and not officially. That comment is just a place holder.

Instead of running it in Keystone, it will run in its own service. There really is nothing in Keystone that related to KDS, nor the other way around. KDS is Undercloud specific functiojnality (for now) and not really appropriate to expose via the Service catalog.

The current thinking is that Pecan (and maybe WSME) and the current code base is the correct way to launch it. Like all our web services, I suggest the production version run via mod_wsgi in Apache HTTPD to allow for TLS and X509 Certificate support.

The service/project will still be under the Keystone program (for now, we can discuss where it will live long term). It should be a relatively short ramp up to get it deployed.

I know the Barbican folks are interested as well, and I expect they will be contributing to make this happen.


I don't see a session about this and from a quick look, don't see notes
related to it in other session etherpads.

When was this discussed?  Can you summarize it?

Last I heard, this was just being deferred to be merged early in
Icehouse [1].

This is blocking one of the most important security features for
OpenStack, IMO (trusted messaging) [2].  We've been talking about it for
years.  Someone has finally made some real progress on it and I feel
like it has been given little to no attention.

I'm not thrilled about the prospect of this going into a new project for
multiple reasons.

  - Given the priority and how long this has been dragging out, having to
wait for a new project to make its way into OpenStack is not very appealing.

  - A new project needs to be able to stand on its own legs.  It needs to
have a reasonably sized development team to make it sustainable.  Is
this big enough for that?

What's the thinking on this?

[1]
http://lists.openstack.org/pipermail/openstack-dev/2013-August/013992.html
[2] https://review.openstack.org/#/c/37913/



_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to