Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-11 Thread Sebastian Kalinowski
I have some topics for [1] that I want to discuss: 1) Should we allow users to turn SSL on/off for Fuel master? I think we should since some users may don't care about SSL and enabling it will just make them unhappy (like warnings in browsers, expiring certs). 2) Will we allow users (in

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-11 Thread Simon Pasquier
Hi, On Thu, Sep 11, 2014 at 1:03 PM, Sebastian Kalinowski skalinow...@mirantis.com wrote: I have some topics for [1] that I want to discuss: 1) Should we allow users to turn SSL on/off for Fuel master? I think we should since some users may don't care about SSL and enabling it will

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-10 Thread Sebastian Kalinowski
On Tue, Sep 9, 2014 at 5:53 PM, Stanislaw Bogatkin sbogat...@mirantis.com wrote: So I think that we need to start on [3]. As this is required for OSt public endpoint SSL and also for Fuel SSL it can be quicker to make a first stage where a self-signed certificate is managed from nailgun and a

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-10 Thread Simon Pasquier
Hello, Thanks for the detailed email, Stanislaw. Your suggestion of deploying a CA container is really interesting. Especially for OSTF and other testing since the tools only need to know about the root CA. Lets back up a bit and list the different options for Fuel users: 0/ The user is happy

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-10 Thread Tomasz Napierala
On 10 Sep 2014, at 12:54, Simon Pasquier spasqu...@mirantis.com wrote: Hello, Lets back up a bit and list the different options for Fuel users: 0/ The user is happy with plain HTTP. = Already supported :) 1/ The user wants HTTPS but doesn't want the burden associated with certificate

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-10 Thread Sergii Golovatiuk
Hi, Tomasz is right. Let's try not to complicate the things. For 6.0 we'll allow just upload key, csr, certificate (like 3 edit boxes), or these edit boxes will be greyed if customer allows to generate self-signed certificates. -- Best regards, Sergii Golovatiuk, Skype #golserge IRC #holser

Re: [openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-10 Thread Guillaume Thouvenin
On Wed, Sep 10, 2014 at 2:40 PM, Tomasz Napierala tnapier...@mirantis.com wrote: Regarding After careful consideration, I think that for 6.0 we will only be able to implement [2] with limited functionality. In terms of certificate management, we could offer uploading customer generated cert

[openstack-dev] [FUEL] Re: SSL in Fuel.

2014-09-09 Thread Stanislaw Bogatkin
I think that if we have 3 blueprints that realises some SSL stuff around themselves then we can discuss it here. My vision about SSL in Fuel split into 3 parts: A) We need to implement [1] blueprint, cause it is only one way to generate certificates. How i see that: 1.0 We sync puppet-openssl