Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Luke, Yes, please - that would be great! best, Pino On Wed, Feb 28, 2018 at 3:25 AM, Luke Hindswrote: > Hi Pino, > > Thank you for your time demonstrating Tatu. > > If you like we could incubate Tatu into the security SIG. This would mean > no change to project structure / governance etc, its more the project gains > a regular slot on our weekly meetings to help get patches reviewed and > encourage other contributors / feedback etc. We did this with projects such > as Bandit before, until it found its own legs and momentum. > > Cheers, > > Luke > > > On Mon, Feb 12, 2018 at 8:45 AM, Luke Hinds wrote: > >> >> >> On Sun, Feb 11, 2018 at 4:01 PM, Pino de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it >>> from the slides. >>> >> >> Thanks Pino , i added these to the agenda: >> >> https://etherpad.openstack.org/p/security-ptg-rocky >> >> Please let me know before the PTG, if it will be your colleague or if we >> need to find a projector to conference you in. >> >> >>> On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candia < >>> giuseppe.decan...@gmail.com> wrote: >>> Hi Folks, here are the slides for the Tatu presentation: https://docs.goo gle.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM I meant to record the demo video as well but I haven't gotten around to editing all the bits. Please stay tuned. thanks, Pino On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < giuseppe.decan...@gmail.com> wrote: > Hi Luke, > > Fantastic! An hour would be great if the schedule allows - there are > lots of different aspects we can dive into and potential future directions > the project can take. > > thanks! > Pino > > > > On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote: > >> >> >> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> Hi Folks, >>> >>> I know the request is very late, but I wasn't aware of this SIG >>> until recently. Would it be possible to present a new project to the >>> Security SIG at the PTG? I need about 30 minutes. I'm hoping to drum up >>> interest in the project, sign on users and contributors and get >>> feedback. >>> >>> For the past few months I have been working on a new project - Tatu >>> [1]- to automate the management of SSH certificates (for both users and >>> hosts) in OpenStack. Tatu allows users to generate SSH certificates with >>> principals based on their Project role assignments, and VMs >>> automatically >>> set up their SSH host certificate (and related config) via Nova vendor >>> data. The project also manages bastions and DNS entries so that users >>> don't >>> have to assign Floating IPs for SSH nor remember IP addresses. >>> >>> I have a working demo (including Horizon panels [2] and OpenStack >>> CLI [3]), but am still working on the devstack script and patches [4] to >>> get Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to >>> post a demo video in the next few days. >>> >>> best regards, >>> Pino >>> >>> >>> References: >>> >>>1. https://github.com/pinodeca/tatu (Please note this is still >>>very much a work in progress, lots of TODOs in the code, very little >>>testing and documentation doesn't reflect the latest design). >>>2. https://github.com/pinodeca/tatu-dashboard >>>3. https://github.com/pinodeca/python-tatuclient >>>4. https://review.openstack.org/#/q/tatu >>> >>> >>> >>> >> Hi Giuseppe, of course you can! I will add you to the agenda. We >> could get your an hour if it allows more time for presenting and post >> discussion? >> >> We will be meeting in an allocated room on Monday (details to follow). >> >> https://etherpad.openstack.org/p/security-ptg-rocky >> >> Luke >> >> >> >> >>> >>> >>> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds >>> wrote: >>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: > Bug 968696 and System Roles. Needs to be addressed across the > Service catalog. > Thanks Adam, will add it to the list. I see it's been open since 2012! > > On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds > wrote: > >> Just a reminder as we have not had many uptakes yet.. >> >> Are there any projects (new and old) that would like to make use >> of the security SIG for either gaining another perspective on >> security
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Pino, Thank you for your time demonstrating Tatu. If you like we could incubate Tatu into the security SIG. This would mean no change to project structure / governance etc, its more the project gains a regular slot on our weekly meetings to help get patches reviewed and encourage other contributors / feedback etc. We did this with projects such as Bandit before, until it found its own legs and momentum. Cheers, Luke On Mon, Feb 12, 2018 at 8:45 AM, Luke Hindswrote: > > > On Sun, Feb 11, 2018 at 4:01 PM, Pino de Candia < > giuseppe.decan...@gmail.com> wrote: > >> I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it >> from the slides. >> > > Thanks Pino , i added these to the agenda: > > https://etherpad.openstack.org/p/security-ptg-rocky > > Please let me know before the PTG, if it will be your colleague or if we > need to find a projector to conference you in. > > >> On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> Hi Folks, >>> >>> here are the slides for the Tatu presentation: https://docs.goo >>> gle.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM >>> >>> I meant to record the demo video as well but I haven't gotten around to >>> editing all the bits. Please stay tuned. >>> >>> thanks, >>> Pino >>> >>> >>> On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < >>> giuseppe.decan...@gmail.com> wrote: >>> Hi Luke, Fantastic! An hour would be great if the schedule allows - there are lots of different aspects we can dive into and potential future directions the project can take. thanks! Pino On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote: > > > On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < > giuseppe.decan...@gmail.com> wrote: > >> Hi Folks, >> >> I know the request is very late, but I wasn't aware of this SIG until >> recently. Would it be possible to present a new project to the Security >> SIG >> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in >> the >> project, sign on users and contributors and get feedback. >> >> For the past few months I have been working on a new project - Tatu >> [1]- to automate the management of SSH certificates (for both users and >> hosts) in OpenStack. Tatu allows users to generate SSH certificates with >> principals based on their Project role assignments, and VMs automatically >> set up their SSH host certificate (and related config) via Nova vendor >> data. The project also manages bastions and DNS entries so that users >> don't >> have to assign Floating IPs for SSH nor remember IP addresses. >> >> I have a working demo (including Horizon panels [2] and OpenStack CLI >> [3]), but am still working on the devstack script and patches [4] to get >> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post >> a >> demo video in the next few days. >> >> best regards, >> Pino >> >> >> References: >> >>1. https://github.com/pinodeca/tatu (Please note this is still >>very much a work in progress, lots of TODOs in the code, very little >>testing and documentation doesn't reflect the latest design). >>2. https://github.com/pinodeca/tatu-dashboard >>3. https://github.com/pinodeca/python-tatuclient >>4. https://review.openstack.org/#/q/tatu >> >> >> >> > Hi Giuseppe, of course you can! I will add you to the agenda. We could > get your an hour if it allows more time for presenting and post > discussion? > > We will be meeting in an allocated room on Monday (details to follow). > > https://etherpad.openstack.org/p/security-ptg-rocky > > Luke > > > > >> >> >> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds >> wrote: >> >>> >>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young >>> wrote: >>> Bug 968696 and System Roles. Needs to be addressed across the Service catalog. >>> >>> Thanks Adam, will add it to the list. I see it's been open since >>> 2012! >>> >>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: > Just a reminder as we have not had many uptakes yet.. > > Are there any projects (new and old) that would like to make use > of the security SIG for either gaining another perspective on security > challenges / blueprints etc or for help gaining some cross project > collaboration? > > On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds > wrote: > >> Hello All, >> >> I am seeking topics for the PTG from
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Luke, Omer (in CC) has confirmed that he can stand in for me if needed, but my preference would be that you conference me in. If you won't know until the very day whether conference equipment is available, that's fine, we can figure it out last minute. A projector will be useful either way. thanks! Pino On Mon, Feb 12, 2018 at 2:45 AM, Luke Hindswrote: > > > On Sun, Feb 11, 2018 at 4:01 PM, Pino de Candia < > giuseppe.decan...@gmail.com> wrote: > >> I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it >> from the slides. >> > > Thanks Pino , i added these to the agenda: > > https://etherpad.openstack.org/p/security-ptg-rocky > > Please let me know before the PTG, if it will be your colleague or if we > need to find a projector to conference you in. > > >> On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> Hi Folks, >>> >>> here are the slides for the Tatu presentation: https://docs.goo >>> gle.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM >>> >>> I meant to record the demo video as well but I haven't gotten around to >>> editing all the bits. Please stay tuned. >>> >>> thanks, >>> Pino >>> >>> >>> On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < >>> giuseppe.decan...@gmail.com> wrote: >>> Hi Luke, Fantastic! An hour would be great if the schedule allows - there are lots of different aspects we can dive into and potential future directions the project can take. thanks! Pino On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote: > > > On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < > giuseppe.decan...@gmail.com> wrote: > >> Hi Folks, >> >> I know the request is very late, but I wasn't aware of this SIG until >> recently. Would it be possible to present a new project to the Security >> SIG >> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in >> the >> project, sign on users and contributors and get feedback. >> >> For the past few months I have been working on a new project - Tatu >> [1]- to automate the management of SSH certificates (for both users and >> hosts) in OpenStack. Tatu allows users to generate SSH certificates with >> principals based on their Project role assignments, and VMs automatically >> set up their SSH host certificate (and related config) via Nova vendor >> data. The project also manages bastions and DNS entries so that users >> don't >> have to assign Floating IPs for SSH nor remember IP addresses. >> >> I have a working demo (including Horizon panels [2] and OpenStack CLI >> [3]), but am still working on the devstack script and patches [4] to get >> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post >> a >> demo video in the next few days. >> >> best regards, >> Pino >> >> >> References: >> >>1. https://github.com/pinodeca/tatu (Please note this is still >>very much a work in progress, lots of TODOs in the code, very little >>testing and documentation doesn't reflect the latest design). >>2. https://github.com/pinodeca/tatu-dashboard >>3. https://github.com/pinodeca/python-tatuclient >>4. https://review.openstack.org/#/q/tatu >> >> >> >> > Hi Giuseppe, of course you can! I will add you to the agenda. We could > get your an hour if it allows more time for presenting and post > discussion? > > We will be meeting in an allocated room on Monday (details to follow). > > https://etherpad.openstack.org/p/security-ptg-rocky > > Luke > > > > >> >> >> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds >> wrote: >> >>> >>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young >>> wrote: >>> Bug 968696 and System Roles. Needs to be addressed across the Service catalog. >>> >>> Thanks Adam, will add it to the list. I see it's been open since >>> 2012! >>> >>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: > Just a reminder as we have not had many uptakes yet.. > > Are there any projects (new and old) that would like to make use > of the security SIG for either gaining another perspective on security > challenges / blueprints etc or for help gaining some cross project > collaboration? > > On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds > wrote: > >> Hello All, >> >> I am seeking topics for the PTG from all projects, as this will >> be where we try out are new form of being a SIG. >> >> For
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
On Sun, Feb 11, 2018 at 4:01 PM, Pino de Candiawrote: > I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it > from the slides. > Thanks Pino , i added these to the agenda: https://etherpad.openstack.org/p/security-ptg-rocky Please let me know before the PTG, if it will be your colleague or if we need to find a projector to conference you in. > On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candia < > giuseppe.decan...@gmail.com> wrote: > >> Hi Folks, >> >> here are the slides for the Tatu presentation: https://docs.goo >> gle.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM >> >> I meant to record the demo video as well but I haven't gotten around to >> editing all the bits. Please stay tuned. >> >> thanks, >> Pino >> >> >> On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> Hi Luke, >>> >>> Fantastic! An hour would be great if the schedule allows - there are >>> lots of different aspects we can dive into and potential future directions >>> the project can take. >>> >>> thanks! >>> Pino >>> >>> >>> >>> On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote: >>> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < giuseppe.decan...@gmail.com> wrote: > Hi Folks, > > I know the request is very late, but I wasn't aware of this SIG until > recently. Would it be possible to present a new project to the Security > SIG > at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the > project, sign on users and contributors and get feedback. > > For the past few months I have been working on a new project - Tatu > [1]- to automate the management of SSH certificates (for both users and > hosts) in OpenStack. Tatu allows users to generate SSH certificates with > principals based on their Project role assignments, and VMs automatically > set up their SSH host certificate (and related config) via Nova vendor > data. The project also manages bastions and DNS entries so that users > don't > have to assign Floating IPs for SSH nor remember IP addresses. > > I have a working demo (including Horizon panels [2] and OpenStack CLI > [3]), but am still working on the devstack script and patches [4] to get > Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a > demo video in the next few days. > > best regards, > Pino > > > References: > >1. https://github.com/pinodeca/tatu (Please note this is still >very much a work in progress, lots of TODOs in the code, very little >testing and documentation doesn't reflect the latest design). >2. https://github.com/pinodeca/tatu-dashboard >3. https://github.com/pinodeca/python-tatuclient >4. https://review.openstack.org/#/q/tatu > > > > Hi Giuseppe, of course you can! I will add you to the agenda. We could get your an hour if it allows more time for presenting and post discussion? We will be meeting in an allocated room on Monday (details to follow). https://etherpad.openstack.org/p/security-ptg-rocky Luke > > > On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds > wrote: > >> >> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young >> wrote: >> >>> Bug 968696 and System Roles. Needs to be addressed across the >>> Service catalog. >>> >> >> Thanks Adam, will add it to the list. I see it's been open since 2012! >> >> >>> >>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds >>> wrote: >>> Just a reminder as we have not had many uptakes yet.. Are there any projects (new and old) that would like to make use of the security SIG for either gaining another perspective on security challenges / blueprints etc or for help gaining some cross project collaboration? On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: > Hello All, > > I am seeking topics for the PTG from all projects, as this will be > where we try out are new form of being a SIG. > > For this PTG, we hope to facilitate more cross project > collaboration topics now that we are a SIG, so if your project has a > security need / problem / proposal than please do use the security > SIG room > where a larger audience may be present to help solve problems and gain > x-project consensus. > > Please see our PTG planning pad [0] where I encourage you to add > to the topics. > > [0] https://etherpad.openstack.org/p/security-ptg-rocky > > -- > Luke Hinds
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
I uploaded the demo video (https://youtu.be/y6ICCPO08d8) and linked it from the slides. On Fri, Feb 9, 2018 at 5:51 PM, Pino de Candiawrote: > Hi Folks, > > here are the slides for the Tatu presentation: https://docs. > google.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM > > I meant to record the demo video as well but I haven't gotten around to > editing all the bits. Please stay tuned. > > thanks, > Pino > > > On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < > giuseppe.decan...@gmail.com> wrote: > >> Hi Luke, >> >> Fantastic! An hour would be great if the schedule allows - there are lots >> of different aspects we can dive into and potential future directions the >> project can take. >> >> thanks! >> Pino >> >> >> >> On Tue, Feb 6, 2018 at 10:36 AM, Luke Hinds wrote: >> >>> >>> >>> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < >>> giuseppe.decan...@gmail.com> wrote: >>> Hi Folks, I know the request is very late, but I wasn't aware of this SIG until recently. Would it be possible to present a new project to the Security SIG at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the project, sign on users and contributors and get feedback. For the past few months I have been working on a new project - Tatu [1]- to automate the management of SSH certificates (for both users and hosts) in OpenStack. Tatu allows users to generate SSH certificates with principals based on their Project role assignments, and VMs automatically set up their SSH host certificate (and related config) via Nova vendor data. The project also manages bastions and DNS entries so that users don't have to assign Floating IPs for SSH nor remember IP addresses. I have a working demo (including Horizon panels [2] and OpenStack CLI [3]), but am still working on the devstack script and patches [4] to get Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a demo video in the next few days. best regards, Pino References: 1. https://github.com/pinodeca/tatu (Please note this is still very much a work in progress, lots of TODOs in the code, very little testing and documentation doesn't reflect the latest design). 2. https://github.com/pinodeca/tatu-dashboard 3. https://github.com/pinodeca/python-tatuclient 4. https://review.openstack.org/#/q/tatu >>> Hi Giuseppe, of course you can! I will add you to the agenda. We could >>> get your an hour if it allows more time for presenting and post discussion? >>> >>> We will be meeting in an allocated room on Monday (details to follow). >>> >>> https://etherpad.openstack.org/p/security-ptg-rocky >>> >>> Luke >>> >>> >>> >>> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds wrote: > > On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: > >> Bug 968696 and System Roles. Needs to be addressed across the >> Service catalog. >> > > Thanks Adam, will add it to the list. I see it's been open since 2012! > > >> >> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds >> wrote: >> >>> Just a reminder as we have not had many uptakes yet.. >>> >>> Are there any projects (new and old) that would like to make use of >>> the security SIG for either gaining another perspective on security >>> challenges / blueprints etc or for help gaining some cross project >>> collaboration? >>> >>> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds >>> wrote: >>> Hello All, I am seeking topics for the PTG from all projects, as this will be where we try out are new form of being a SIG. For this PTG, we hope to facilitate more cross project collaboration topics now that we are a SIG, so if your project has a security need / problem / proposal than please do use the security SIG room where a larger audience may be present to help solve problems and gain x-project consensus. Please see our PTG planning pad [0] where I encourage you to add to the topics. [0] https://etherpad.openstack.org/p/security-ptg-rocky -- Luke Hinds Security Project PTL >>> >>> >>> >>> __ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >>
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Folks, here are the slides for the Tatu presentation: https://docs.google.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM I meant to record the demo video as well but I haven't gotten around to editing all the bits. Please stay tuned. thanks, Pino On Tue, Feb 6, 2018 at 10:52 AM, Giuseppe de Candia < giuseppe.decan...@gmail.com> wrote: > Hi Luke, > > Fantastic! An hour would be great if the schedule allows - there are lots > of different aspects we can dive into and potential future directions the > project can take. > > thanks! > Pino > > > > On Tue, Feb 6, 2018 at 10:36 AM, Luke Hindswrote: > >> >> >> On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < >> giuseppe.decan...@gmail.com> wrote: >> >>> Hi Folks, >>> >>> I know the request is very late, but I wasn't aware of this SIG until >>> recently. Would it be possible to present a new project to the Security SIG >>> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the >>> project, sign on users and contributors and get feedback. >>> >>> For the past few months I have been working on a new project - Tatu [1]- >>> to automate the management of SSH certificates (for both users and hosts) >>> in OpenStack. Tatu allows users to generate SSH certificates with >>> principals based on their Project role assignments, and VMs automatically >>> set up their SSH host certificate (and related config) via Nova vendor >>> data. The project also manages bastions and DNS entries so that users don't >>> have to assign Floating IPs for SSH nor remember IP addresses. >>> >>> I have a working demo (including Horizon panels [2] and OpenStack CLI >>> [3]), but am still working on the devstack script and patches [4] to get >>> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a >>> demo video in the next few days. >>> >>> best regards, >>> Pino >>> >>> >>> References: >>> >>>1. https://github.com/pinodeca/tatu (Please note this is still very >>>much a work in progress, lots of TODOs in the code, very little testing >>> and >>>documentation doesn't reflect the latest design). >>>2. https://github.com/pinodeca/tatu-dashboard >>>3. https://github.com/pinodeca/python-tatuclient >>>4. https://review.openstack.org/#/q/tatu >>> >>> >>> >>> >> Hi Giuseppe, of course you can! I will add you to the agenda. We could >> get your an hour if it allows more time for presenting and post discussion? >> >> We will be meeting in an allocated room on Monday (details to follow). >> >> https://etherpad.openstack.org/p/security-ptg-rocky >> >> Luke >> >> >> >> >>> >>> >>> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds wrote: >>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: > Bug 968696 and System Roles. Needs to be addressed across the > Service catalog. > Thanks Adam, will add it to the list. I see it's been open since 2012! > > On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: > >> Just a reminder as we have not had many uptakes yet.. >> >> Are there any projects (new and old) that would like to make use of >> the security SIG for either gaining another perspective on security >> challenges / blueprints etc or for help gaining some cross project >> collaboration? >> >> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds >> wrote: >> >>> Hello All, >>> >>> I am seeking topics for the PTG from all projects, as this will be >>> where we try out are new form of being a SIG. >>> >>> For this PTG, we hope to facilitate more cross project collaboration >>> topics now that we are a SIG, so if your project has a security need / >>> problem / proposal than please do use the security SIG room where a >>> larger >>> audience may be present to help solve problems and gain x-project >>> consensus. >>> >>> Please see our PTG planning pad [0] where I encourage you to add to >>> the topics. >>> >>> [0] https://etherpad.openstack.org/p/security-ptg-rocky >>> >>> -- >>> Luke Hinds >>> Security Project PTL >>> >> >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.op >> enstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.op > enstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Luke Hinds | NFV Partner Engineering | CTO
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Luke, Fantastic! An hour would be great if the schedule allows - there are lots of different aspects we can dive into and potential future directions the project can take. thanks! Pino On Tue, Feb 6, 2018 at 10:36 AM, Luke Hindswrote: > > > On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < > giuseppe.decan...@gmail.com> wrote: > >> Hi Folks, >> >> I know the request is very late, but I wasn't aware of this SIG until >> recently. Would it be possible to present a new project to the Security SIG >> at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the >> project, sign on users and contributors and get feedback. >> >> For the past few months I have been working on a new project - Tatu [1]- >> to automate the management of SSH certificates (for both users and hosts) >> in OpenStack. Tatu allows users to generate SSH certificates with >> principals based on their Project role assignments, and VMs automatically >> set up their SSH host certificate (and related config) via Nova vendor >> data. The project also manages bastions and DNS entries so that users don't >> have to assign Floating IPs for SSH nor remember IP addresses. >> >> I have a working demo (including Horizon panels [2] and OpenStack CLI >> [3]), but am still working on the devstack script and patches [4] to get >> Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a >> demo video in the next few days. >> >> best regards, >> Pino >> >> >> References: >> >>1. https://github.com/pinodeca/tatu (Please note this is still very >>much a work in progress, lots of TODOs in the code, very little testing >> and >>documentation doesn't reflect the latest design). >>2. https://github.com/pinodeca/tatu-dashboard >>3. https://github.com/pinodeca/python-tatuclient >>4. https://review.openstack.org/#/q/tatu >> >> >> >> > Hi Giuseppe, of course you can! I will add you to the agenda. We could get > your an hour if it allows more time for presenting and post discussion? > > We will be meeting in an allocated room on Monday (details to follow). > > https://etherpad.openstack.org/p/security-ptg-rocky > > Luke > > > > >> >> >> On Wed, Jan 31, 2018 at 12:03 PM, Luke Hinds wrote: >> >>> >>> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: >>> Bug 968696 and System Roles. Needs to be addressed across the Service catalog. >>> >>> Thanks Adam, will add it to the list. I see it's been open since 2012! >>> >>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: > Just a reminder as we have not had many uptakes yet.. > > Are there any projects (new and old) that would like to make use of > the security SIG for either gaining another perspective on security > challenges / blueprints etc or for help gaining some cross project > collaboration? > > On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: > >> Hello All, >> >> I am seeking topics for the PTG from all projects, as this will be >> where we try out are new form of being a SIG. >> >> For this PTG, we hope to facilitate more cross project collaboration >> topics now that we are a SIG, so if your project has a security need / >> problem / proposal than please do use the security SIG room where a >> larger >> audience may be present to help solve problems and gain x-project >> consensus. >> >> Please see our PTG planning pad [0] where I encourage you to add to >> the topics. >> >> [0] https://etherpad.openstack.org/p/security-ptg-rocky >> >> -- >> Luke Hinds >> Security Project PTL >> > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.op > enstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.op enstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> -- >>> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat >>> e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 >>> >>> >>> __ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> __ >> OpenStack Development
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
On Tue, Feb 6, 2018 at 4:21 PM, Giuseppe de Candia < giuseppe.decan...@gmail.com> wrote: > Hi Folks, > > I know the request is very late, but I wasn't aware of this SIG until > recently. Would it be possible to present a new project to the Security SIG > at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the > project, sign on users and contributors and get feedback. > > For the past few months I have been working on a new project - Tatu [1]- > to automate the management of SSH certificates (for both users and hosts) > in OpenStack. Tatu allows users to generate SSH certificates with > principals based on their Project role assignments, and VMs automatically > set up their SSH host certificate (and related config) via Nova vendor > data. The project also manages bastions and DNS entries so that users don't > have to assign Floating IPs for SSH nor remember IP addresses. > > I have a working demo (including Horizon panels [2] and OpenStack CLI > [3]), but am still working on the devstack script and patches [4] to get > Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a > demo video in the next few days. > > best regards, > Pino > > > References: > >1. https://github.com/pinodeca/tatu (Please note this is still very >much a work in progress, lots of TODOs in the code, very little testing and >documentation doesn't reflect the latest design). >2. https://github.com/pinodeca/tatu-dashboard >3. https://github.com/pinodeca/python-tatuclient >4. https://review.openstack.org/#/q/tatu > > > > Hi Giuseppe, of course you can! I will add you to the agenda. We could get your an hour if it allows more time for presenting and post discussion? We will be meeting in an allocated room on Monday (details to follow). https://etherpad.openstack.org/p/security-ptg-rocky Luke > > > On Wed, Jan 31, 2018 at 12:03 PM, Luke Hindswrote: > >> >> On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: >> >>> Bug 968696 and System Roles. Needs to be addressed across the Service >>> catalog. >>> >> >> Thanks Adam, will add it to the list. I see it's been open since 2012! >> >> >>> >>> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: >>> Just a reminder as we have not had many uptakes yet.. Are there any projects (new and old) that would like to make use of the security SIG for either gaining another perspective on security challenges / blueprints etc or for help gaining some cross project collaboration? On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: > Hello All, > > I am seeking topics for the PTG from all projects, as this will be > where we try out are new form of being a SIG. > > For this PTG, we hope to facilitate more cross project collaboration > topics now that we are a SIG, so if your project has a security need / > problem / proposal than please do use the security SIG room where a larger > audience may be present to help solve problems and gain x-project > consensus. > > Please see our PTG planning pad [0] where I encourage you to add to > the topics. > > [0] https://etherpad.openstack.org/p/security-ptg-rocky > > -- > Luke Hinds > Security Project PTL > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.op enstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> __ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> -- >> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat >> e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 __ OpenStack Development Mailing
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hi Folks, I know the request is very late, but I wasn't aware of this SIG until recently. Would it be possible to present a new project to the Security SIG at the PTG? I need about 30 minutes. I'm hoping to drum up interest in the project, sign on users and contributors and get feedback. For the past few months I have been working on a new project - Tatu [1]- to automate the management of SSH certificates (for both users and hosts) in OpenStack. Tatu allows users to generate SSH certificates with principals based on their Project role assignments, and VMs automatically set up their SSH host certificate (and related config) via Nova vendor data. The project also manages bastions and DNS entries so that users don't have to assign Floating IPs for SSH nor remember IP addresses. I have a working demo (including Horizon panels [2] and OpenStack CLI [3]), but am still working on the devstack script and patches [4] to get Tatu's repositories into OpenStack's GitHub and Gerrit. I'll try to post a demo video in the next few days. best regards, Pino References: 1. https://github.com/pinodeca/tatu (Please note this is still very much a work in progress, lots of TODOs in the code, very little testing and documentation doesn't reflect the latest design). 2. https://github.com/pinodeca/tatu-dashboard 3. https://github.com/pinodeca/python-tatuclient 4. https://review.openstack.org/#/q/tatu On Wed, Jan 31, 2018 at 12:03 PM, Luke Hindswrote: > > On Mon, Jan 29, 2018 at 2:29 PM, Adam Young wrote: > >> Bug 968696 and System Roles. Needs to be addressed across the Service >> catalog. >> > > Thanks Adam, will add it to the list. I see it's been open since 2012! > > >> >> On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: >> >>> Just a reminder as we have not had many uptakes yet.. >>> >>> Are there any projects (new and old) that would like to make use of the >>> security SIG for either gaining another perspective on security challenges >>> / blueprints etc or for help gaining some cross project collaboration? >>> >>> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: >>> Hello All, I am seeking topics for the PTG from all projects, as this will be where we try out are new form of being a SIG. For this PTG, we hope to facilitate more cross project collaboration topics now that we are a SIG, so if your project has a security need / problem / proposal than please do use the security SIG room where a larger audience may be present to help solve problems and gain x-project consensus. Please see our PTG planning pad [0] where I encourage you to add to the topics. [0] https://etherpad.openstack.org/p/security-ptg-rocky -- Luke Hinds Security Project PTL >>> >>> >>> >>> __ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.op >>> enstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat > e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
On Mon, Jan 29, 2018 at 2:29 PM, Adam Youngwrote: > Bug 968696 and System Roles. Needs to be addressed across the Service > catalog. > Thanks Adam, will add it to the list. I see it's been open since 2012! > > On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote: > >> Just a reminder as we have not had many uptakes yet.. >> >> Are there any projects (new and old) that would like to make use of the >> security SIG for either gaining another perspective on security challenges >> / blueprints etc or for help gaining some cross project collaboration? >> >> On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: >> >>> Hello All, >>> >>> I am seeking topics for the PTG from all projects, as this will be where >>> we try out are new form of being a SIG. >>> >>> For this PTG, we hope to facilitate more cross project collaboration >>> topics now that we are a SIG, so if your project has a security need / >>> problem / proposal than please do use the security SIG room where a larger >>> audience may be present to help solve problems and gain x-project consensus. >>> >>> Please see our PTG planning pad [0] where I encourage you to add to the >>> topics. >>> >>> [0] https://etherpad.openstack.org/p/security-ptg-rocky >>> >>> -- >>> Luke Hinds >>> Security Project PTL >>> >> >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Bug 968696 and System Roles. Needs to be addressed across the Service catalog. On Mon, Jan 29, 2018 at 7:38 AM, Luke Hindswrote: > Just a reminder as we have not had many uptakes yet.. > > Are there any projects (new and old) that would like to make use of the > security SIG for either gaining another perspective on security challenges > / blueprints etc or for help gaining some cross project collaboration? > > On Thu, Jan 11, 2018 at 3:33 PM, Luke Hinds wrote: > >> Hello All, >> >> I am seeking topics for the PTG from all projects, as this will be where >> we try out are new form of being a SIG. >> >> For this PTG, we hope to facilitate more cross project collaboration >> topics now that we are a SIG, so if your project has a security need / >> problem / proposal than please do use the security SIG room where a larger >> audience may be present to help solve problems and gain x-project consensus. >> >> Please see our PTG planning pad [0] where I encourage you to add to the >> topics. >> >> [0] https://etherpad.openstack.org/p/security-ptg-rocky >> >> -- >> Luke Hinds >> Security Project PTL >> > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [security] Security PTG Planning, x-project request for topics.
Just a reminder as we have not had many uptakes yet.. Are there any projects (new and old) that would like to make use of the security SIG for either gaining another perspective on security challenges / blueprints etc or for help gaining some cross project collaboration? On Thu, Jan 11, 2018 at 3:33 PM, Luke Hindswrote: > Hello All, > > I am seeking topics for the PTG from all projects, as this will be where > we try out are new form of being a SIG. > > For this PTG, we hope to facilitate more cross project collaboration > topics now that we are a SIG, so if your project has a security need / > problem / proposal than please do use the security SIG room where a larger > audience may be present to help solve problems and gain x-project consensus. > > Please see our PTG planning pad [0] where I encourage you to add to the > topics. > > [0] https://etherpad.openstack.org/p/security-ptg-rocky > > -- > Luke Hinds > Security Project PTL > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [security] Security PTG Planning, x-project request for topics.
Hello All, I am seeking topics for the PTG from all projects, as this will be where we try out are new form of being a SIG. For this PTG, we hope to facilitate more cross project collaboration topics now that we are a SIG, so if your project has a security need / problem / proposal than please do use the security SIG room where a larger audience may be present to help solve problems and gain x-project consensus. Please see our PTG planning pad [0] where I encourage you to add to the topics. [0] https://etherpad.openstack.org/p/security-ptg-rocky -- Luke Hinds Security Project PTL __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev