I've made an attempt at mapping out exactly how Neutron Advanced Services will 
communicate with Barbican to retrieve Certificate/Key info for TLS purposes. 
These diagrams have gone through several revisions, but are still an early 
draft of the interactions: http://imgur.com/a/4u6Oz

Note that these diagrams use Neutron-LBaaS as the example use-case, but the 
flow would be essentially the same for any service (FWaaS, VPNaaS, etc). The 
code that handles this will be in neutron/common/ so that it can be used by any 
extension. There is a WIP CR here (though right now it doesn't look anything 
like the final version, including very badly named and organized functions): 

Hopefully this is not a new concept, as I believe we agreed during the Atlanta 
summit that using Barbican to store TLS cert/key data was the appropriate path 
forward for Neutron (and other OpenStack projects).

I assume there may be other teams investigating very similar integration 
schemes as well, so if anyone has comments or suggestions, I'd love to hear 

--Adam Harwell


OpenStack-dev mailing list

Reply via email to