Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-06 Thread Stanislaw Bogatkin
Hello again, I heard a questions from team how exactly we will implement SSL for master node. There is a way how I look it: 1. We implement ability to use SSL in fuel-nailgun-agent (I already created a patch, it is on review now) and merge it in 7.0 release cycle. Also we will need to implement SS

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Stanislaw Bogatkin
Seems that second solution is okay. Sebastian, I'll try to fix it before SCF. On Tue, Aug 4, 2015 at 4:25 PM, Sebastian Kalinowski < skalinow...@mirantis.com> wrote: > +1 for option 2) > > But I have a question: how do we fit with this into the scope of Feature > Freeze and Soft Code Freeze this

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Sebastian Kalinowski
+1 for option 2) But I have a question: how do we fit with this into the scope of Feature Freeze and Soft Code Freeze this week? Any ETAs? 2015-08-04 15:06 GMT+02:00 Vitaly Kramskikh : > FYI: There is Strict-Transport-Security > head

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Vitaly Kramskikh
FYI: There is Strict-Transport-Security header which can also be useful here (unless we want to make SSL for master node optional) 2015-08-04 15:07 GMT+03:00 Vladimir Sharshov : > Hi, > > +1 to 2nd solution too. > > On Tue, Aug 4, 201

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Sheena Gregson
+1 to #2 *From:* Vladimir Kuklin [mailto:vkuk...@mirantis.com] *Sent:* Tuesday, August 04, 2015 6:25 AM *To:* OpenStack Development Mailing List (not for usage questions) < openstack-dev@lists.openstack.org> *Subject:* Re: [openstack-dev] [Fuel] SSL for master node API I am for 2nd

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Vladimir Sharshov
Hi, +1 to 2nd solution too. On Tue, Aug 4, 2015 at 1:45 PM, Evgeniy L wrote: > Hi, > > +1 to 2nd solution, in this case old environments will work without > additional > actions. Agents for new environments, CLI and UI will use SSL. > But probably for UI we will have to perform redirect on JS l

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Vladimir Kuklin
I am for 2nd option for 7.0 and for 3rd for 8.0 But I would suggest that we add an option to astute.yaml that a user can set to true to force ssl and then he will need to install updated nailgun-agent for older environments. In this case user will do this concisely, knowing about potential caveats

Re: [openstack-dev] [Fuel] SSL for master node API

2015-08-04 Thread Evgeniy L
Hi, +1 to 2nd solution, in this case old environments will work without additional actions. Agents for new environments, CLI and UI will use SSL. But probably for UI we will have to perform redirect on JS level. Thanks, On Tue, Aug 4, 2015 at 1:32 PM, Stanislaw Bogatkin wrote: > Hi guys, > in