I've posted this to the 12/4 nova meeting agenda but figured I'd
socialize it here also.
SSL options - do we make them per-project or global, or both? Neutron
and Cinder have config-group specific SSL options in nova, Glance is
using oslo sslutils global options since Juno which was contentious for
a time in a separate review in Icehouse .
Now  wants to break that out for Glance, but we also have a patch 
for Keystone to use the global oslo SSL options, we should be
consistent, but does that require a blueprint now?
In the Icehouse patch, markmc suggested using a DictOpt where the
default value is the global value, which could be coming from the oslo
[ssl] group and then you could override that with a project-specific
key, e.g. cinder, neutron, glance, keystone.
OpenStack-dev mailing list