Excerpts from Jiří Stránský's message of 2014-05-05 01:54:11 -0700: > On 30.4.2014 09:02, Steve Kowalik wrote: > > Hi, > > > > I'm looking at moving init-keystone from tripleo-incubator to > > os-cloud-config, and I've drafted a spec at > > https://etherpad.openstack.org/p/tripleo-init-keystone-os-cloud-config . > > > > Feedback welcome. > > > > Cheers, > > > > Hi Steve, > > that looks good :) Just to clarify -- should the long-term plan for > Keystone PKI initialization still be to generate the key+certs on > undercloud and push it to overcloud via Heat? (Likewise for > seed->undercloud.)
Long term I'd like to see us generate keys locally and have Barbican store the keys. It is still not quite far enough on the incubation path to be something we rely on directly, but we should consider that a very temporary situation. Short term we'll have to push things around via Heat. That behooves us to ensure SSL is working for metadata fetching btw. I've not checked on that in a very long time, and I'm not sure any of our CI enables it. _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
