I just put up a quick pre-weekend POC at https://review.openstack.org/#/c/139672/ - comments welcome on that patch.
Thanks :) On Fri, Dec 5, 2014 at 10:07 AM, Matthew Gilliard <[email protected]> wrote: > Hi Matt, Nova, > > I'll look into this. > > Gilliard > > On Thu, Dec 4, 2014 at 9:51 PM, Matt Riedemann > <[email protected]> wrote: >> >> >> On 12/4/2014 6:02 AM, Davanum Srinivas wrote: >>> >>> +1 to @markmc's "default is global value and override for project >>> specific key" suggestion. >>> >>> -- dims >>> >>> >>> >>> On Wed, Dec 3, 2014 at 11:57 PM, Matt Riedemann >>> <[email protected]> wrote: >>>> >>>> I've posted this to the 12/4 nova meeting agenda but figured I'd >>>> socialize >>>> it here also. >>>> >>>> SSL options - do we make them per-project or global, or both? Neutron and >>>> Cinder have config-group specific SSL options in nova, Glance is using >>>> oslo >>>> sslutils global options since Juno which was contentious for a time in a >>>> separate review in Icehouse [1]. >>>> >>>> Now [2] wants to break that out for Glance, but we also have a patch [3] >>>> for >>>> Keystone to use the global oslo SSL options, we should be consistent, but >>>> does that require a blueprint now? >>>> >>>> In the Icehouse patch, markmc suggested using a DictOpt where the default >>>> value is the global value, which could be coming from the oslo [ssl] >>>> group >>>> and then you could override that with a project-specific key, e.g. >>>> cinder, >>>> neutron, glance, keystone. >>>> >>>> [1] https://review.openstack.org/#/c/84522/ >>>> [2] https://review.openstack.org/#/c/131066/ >>>> [3] https://review.openstack.org/#/c/124296/ >>>> >>>> -- >>>> >>>> Thanks, >>>> >>>> Matt Riedemann >>>> >>>> >>>> _______________________________________________ >>>> OpenStack-dev mailing list >>>> [email protected] >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> >>> >> >> The consensus in the nova meeting today, I think, was that we generally like >> the idea of the DictOpt with global oslo ssl as the default and then be able >> to configure that per-service if needed. >> >> Does anyone want to put up a POC on how that would work to see how ugly >> and/or usable that would be? I haven't dug into the DictOpt stuff yet and >> am kind of time-constrained at the moment. >> >> >> -- >> >> Thanks, >> >> Matt Riedemann >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
