On 12/4/2014 6:02 AM, Davanum Srinivas wrote:
+1 to @markmc's "default is global value and override for project
specific key" suggestion.

-- dims



On Wed, Dec 3, 2014 at 11:57 PM, Matt Riedemann
<mrie...@linux.vnet.ibm.com> wrote:
I've posted this to the 12/4 nova meeting agenda but figured I'd socialize
it here also.

SSL options - do we make them per-project or global, or both? Neutron and
Cinder have config-group specific SSL options in nova, Glance is using oslo
sslutils global options since Juno which was contentious for a time in a
separate review in Icehouse [1].

Now [2] wants to break that out for Glance, but we also have a patch [3] for
Keystone to use the global oslo SSL options, we should be consistent, but
does that require a blueprint now?

In the Icehouse patch, markmc suggested using a DictOpt where the default
value is the global value, which could be coming from the oslo [ssl] group
and then you could override that with a project-specific key, e.g. cinder,
neutron, glance, keystone.

[1] https://review.openstack.org/#/c/84522/
[2] https://review.openstack.org/#/c/131066/
[3] https://review.openstack.org/#/c/124296/

--

Thanks,

Matt Riedemann


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




The consensus in the nova meeting today, I think, was that we generally like the idea of the DictOpt with global oslo ssl as the default and then be able to configure that per-service if needed.

Does anyone want to put up a POC on how that would work to see how ugly and/or usable that would be? I haven't dug into the DictOpt stuff yet and am kind of time-constrained at the moment.

--

Thanks,

Matt Riedemann


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to