Hi Jarret IMO, Zang point is the issue saving plain private key in the filesystem for OpenVPN. Isn't this same even if we use Barbican?
2014-05-01 2:56 GMT-07:00 Jarret Raim <jarret.r...@rackspace.com>: > Zang mentioned that part of the issue is that the private key has to be > stored in the OpenVPN config file. If the config files are generated and > can be stored, then storing the whole config file in Barbican protects the > private key (and any other settings) without having to try to deliver the > key to the OpenVPN endpoint in some non-standard way. > > > Jarret > > On 4/30/14, 6:08 PM, "Nachi Ueno" <na...@ntti3.com> wrote: > >>> Jarret >> >>Thanks! >>Currently, the config will be generated on demand by the agent. >>What's merit storing entire config in the Barbican? >> >>> Kyle >>Thanks! >> >>2014-04-30 7:05 GMT-07:00 Kyle Mestery <mest...@noironetworks.com>: >>> On Tue, Apr 29, 2014 at 6:11 PM, Nachi Ueno <na...@ntti3.com> wrote: >>>> Hi Clint >>>> >>>> Thank you for your suggestion. Your point get taken :) >>>> >>>>> Kyle >>>> This is also a same discussion for LBaaS >>>> Can we discuss this in advanced service meeting? >>>> >>> Yes! I think we should definitely discuss this in the advanced >>> services meeting today. I've added it to the agenda [1]. >>> >>> Thanks, >>> Kyle >>> >>> [1] >>>https://wiki.openstack.org/wiki/Meetings/AdvancedServices#Agenda_for_next >>>_meeting >>> >>>>> Zang >>>> Could you join the discussion? >>>> >>>> >>>> >>>> 2014-04-29 15:48 GMT-07:00 Clint Byrum <cl...@fewbar.com>: >>>>> Excerpts from Nachi Ueno's message of 2014-04-29 10:58:53 -0700: >>>>>> Hi Kyle >>>>>> >>>>>> 2014-04-29 10:52 GMT-07:00 Kyle Mestery <mest...@noironetworks.com>: >>>>>> > On Tue, Apr 29, 2014 at 12:42 PM, Nachi Ueno <na...@ntti3.com> >>>>>>wrote: >>>>>> >> Hi Zang >>>>>> >> >>>>>> >> Thank you for your contribution on this! >>>>>> >> The private key management is what I want to discuss in the >>>>>>summit. >>>>>> >> >>>>>> > Has the idea of using Barbican been discussed before? There are >>>>>>many >>>>>> > reasons why using Barbican for this may be better than developing >>>>>>key >>>>>> > management ourselves. >>>>>> >>>>>> No, however I'm +1 for using Barbican. Let's discuss this in >>>>>> certificate management topic in advanced service session. >>>>>> >>>>> >>>>> Just a suggestion: Don't defer that until the summit. Sounds like >>>>>you've >>>>> already got some consensus, so you don't need the summit just to >>>>>rubber >>>>> stamp it. I suggest discussing as much as you can right now on the >>>>>mailing >>>>> list, and using the time at the summit to resolve any complicated >>>>>issues >>>>> including any "a or b" things that need crowd-sourced idea making. You >>>>> can also use the summit time to communicate your requirements to the >>>>> Barbican developers. >>>>> >>>>> Point is: just because you'll have face time, doesn't mean you should >>>>> use it for what can be done via the mailing list. >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> OpenStack-dev@lists.openstack.org >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>> >>>> _______________________________________________ >>>> OpenStack-dev mailing list >>>> OpenStack-dev@lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>_______________________________________________ >>OpenStack-dev mailing list >>OpenStack-dev@lists.openstack.org >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
