Sorry, I wrote partially german in my last mail. Here is the english version ;)
> Go ahead and post WIP reviews and we can look at it further. To merge > I'll want all of the usual tests, docs, release notes, etc but don't > wait if that is not all done up front. Here are the two WIP reviews: cursive: https://review.openstack.org/#/c/578767/ osc: https://review.openstack.org/#/c/578769/ On our setup the following tests succeeded: 1.A) Generate Private and Public Key without password openssl genrsa -out image_signing_key.pem 4096 openssl rsa -pubout -in image_signing_key.pem -out image_signing_pubkey.pem 1.B) Generate Private and Public Key with password export PASSWORD="my-little-secret" openssl genrsa -aes256 -passout pass:$PASSWORD -out image_signing_key.pem 4096 openssl rsa -pubout -in image_signing_key.pem -passin pass:$PASSWORD -out image_signing_pubkey.pem 2.) generate Public Key certificate openssl rsa -pubout -in image_signing_key.pem -out image_signing_pubkey.pem openssl req -new -key image_signing_key.pem -out image_signing_cert_req.csr openssl x509 -req -days 365 -in image_signing_cert_req.csr -signkey image_signing_key.pem -out image_signing_cert.crt 3.) upload certificate to Barbican openstack secret store --name image-signing-cert --algorithm RSA --expiration 2020-01-01 --secret-type certificate --payload-content-type "application/octet-stream" --payload-content-encoding base64 --payload "$(base64 image_signing_cert.crt)" 4.) sign & upload image to Glance openstack image create --sign key-path=image_signing_key.pem,cert-id=$CERT_UUID --container-format bare --disk-format raw --file $IMAGE_FILE $IMAGE_NAME __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev