Sheena, We may turn off SSL right before the release. However, to test it better, I would turn it on. In this case every CI run will be helping to test it better.
-- Best regards, Sergii Golovatiuk, Skype #golserge IRC #holser On Wed, Jul 22, 2015 at 5:51 AM, Sheena Gregson <[email protected]> wrote: > I believe the last time we discussed this, the majority of people were in > favor of enabling SSL by default for all public endpoints, which would be > my recommendation. > > > > As a reminder, this will mean that users will see a certificate warning > the first time they access the Fuel UI. We should document this as a known > user experience and provide instructions for users to swap out the > self-signed certificates that are enabled by default for their own internal > CA certificates/3rd party certificates. > > > > *From:* Mike Scherbakov [mailto:[email protected]] > *Sent:* Wednesday, July 22, 2015 1:12 AM > *To:* Stanislaw Bogatkin; Sheena Gregson > *Cc:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [Fuel] SSL feature status > > > > Thanks Stas. My opinion is that it has to be enabled by default. I'd like > product management to shine in here. Sheena? > > > > > > On Tue, Jul 21, 2015 at 11:06 PM Stanislaw Bogatkin < > [email protected]> wrote: > > Hi, > > > > we have a spec that says we disable SSL by default and it was successfully > merged with that, no one was against such decision. So, if we want to > enable it by default now - we can. It should be done as a part of our usual > process, I think - I'll create a bug for it and fix it. > > > > Current status of feature is next: > > 1. All codebase for SSL is merged > > 2. Some tests for it writing my QA - not all of them are done yet. > > > > I'll update blueprints as soon as possible. Sorry for inconvenience. > > > > On Mon, Jul 20, 2015 at 8:44 PM, Mike Scherbakov <[email protected]> > wrote: > > Hi guys, > > did we enable SSL for Fuel Master node and OpenStack REST API endpoints by > default? If not, let's enable it by default. I don't know why we should not. > > > > Looks like we need to update blueprints as well [1], [2], as they don't > seem to reflect current status of the feature. > > > > [1] https://blueprints.launchpad.net/fuel/+spec/ssl-endpoints > > [2] https://blueprints.launchpad.net/fuel/+spec/fuel-ssl-endpoints > > > > Stas, as you've been working on it, can you please provide current status? > > > > Thanks, > > > > -- > > Mike Scherbakov > #mihgen > > > > -- > > Mike Scherbakov > #mihgen > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
