[openstack-dev] Glance Image signing and verification
All, Here are operations guide instructions currently in review to add signed images and configure Nova to automatically check the signature prior to conditionally booting an image. https://review.openstack.org/#/c/245886/. These instructions are more up to date than the ones on the etherpad. Please take a look. Thanks. Bruce > On 2/11/16 13:51:08 UTC 2016 Nikhil Komawar wrote: > Hi Pankaj, > > Here's a example instruction set for that feature. > > https://etherpad.openstack.org/p/liberty-glance-image-signing-instructions > > Hope it helps. > >>On 2/11/16 8:45 AM, Pankaj Mishra wrote: >> >> Hi, >> >> >> >> I am new in OpenStack and I want to create image through glance CLI >> and I am referring blueprint >> https://blueprints.launchpad.net/glance/+spec/image-signing-and-verification-support >> and I am using below mentioned command to create the image. So what >> is the step for Glance Image signing and verification by using glance >> cli. >> >> >> >> glance --os-image-api-version 2 image-create [--architecture >> >] >> [--protected [True|False]] [--name ] >> [--instance-uuid ] >> [--min-disk ] [--visibility ] >> [--kernel-id ] >> [--tags [ ...]] >> [--os-version ] >> [--disk-format ] [--self ] >> [--os-distro ] [--id ] >> [--owner ] [--ramdisk-id ] >> [--min-ram ] >> [--container-format ] >> [--property
[openstack-dev] [Barbican] KMIP support
All, I'm researching a bunch of HSM applications and I'm struggling to find much info. I was wondering about the progress of KMIP support in Barbican? Is this waiting on an open python KMIP support? Just for a bit more clarification, APL is supporting a KMIP implementation as a backend to Barbican via the following activities: - Update to Barbican, called 'Create Secret Store Resource' https://wiki.openstack.org/wiki/Barbican/Blueprints/create-secret-store, allows many different secret store backend implementations to be supported, including PKCS#11, PKCS#12, and KMIP - Backend plug-in interface to Barbican called 'Implement KMIP Secret Store' that specifically supports a KMIP server (HSM) as a backend. https://github.com/cloudkeep/barbican/wiki/Blueprint:-Implement-KMIP-Secret-Store - New Python library, which will probably be called PyKMIP, will support an open source implementation of KMIP client and server (not yet posted - will probably reside in github.) Bruce ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes
We request that volume encryption [1] be granted an exception to the feature freeze for Havana-3. Volume encryption [2] provides a usable layer of protection to user data as it is transmitted through a network and when it is stored on disk. The main patch [2] has been under review since the end of May and had received two +2s in mid-August. Subsequently, support was requested for booting from encrypted volumes and integrating a working key manager [3][4] as a stipulation for acceptance, and both these requests have been satisfied within the past week. The risk of disruption to deployments from this exception is minimal because the volume encryption feature is unused by default. Note that the corresponding Cinder support for this feature has already been approved, so acceptance into Nova will keep this code from becoming abandoned. Thank you for your consideration. The APL Development Team [1] https://blueprints.launchpad.net/nova/+spec/encrypt-cinder-volumes [2] https://review.openstack.org/#/c/30976/ [3] https://review.openstack.org/#/c/45103/ [4] https://review.openstack.org/#/c/45123/ ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev