Re: [openstack-dev] [Fuel] Nominate Alexey Stepanov for fuel-qa and fuel-devops core

2016-07-21 Thread Alexander Kurenyshev 
+1

On Wed, Jul 20, 2016 at 10:47 AM, Vladimir Khlyunev 
wrote:

> +1
>
> On Mon, Jul 18, 2016 at 3:14 PM, Dmitry Tyzhnenko  > wrote:
>
>> +1
>>
>> On Fri, Jul 15, 2016 at 4:41 PM, Artem Panchenko > > wrote:
>>
>>> +1
>>>
>>>
>>> On 15.07.16 16:25, Tatyana Leontovich wrote:
>>>
>>> +1
>>>
>>> On Fri, Jul 15, 2016 at 4:08 PM, Anastasia Urlapova <
>>> aurlap...@mirantis.com> wrote:
>>>
 +1

 On Fri, Jul 15, 2016 at 4:02 PM, Andrey Sledzinskiy <
 asledzins...@mirantis.com> wrote:

> Hi,
> I'd like to nominate Alexey Stepanov for fuel-qa [0] and fuel-devops
> [1] core.
>
> Alexey is doing great job improving fuel-qa and fuel-devops projects.
> He's become an expert in code base in very short terms so I think he
> deserves to be a part of fuel-qa/fuel-devops core team.
>
> Please, vote for Alexey!
>
> [0]
> http://stackalytics.com/?release=all=fuel-qa_id=astepanov-m=marks
> [1]
> http://stackalytics.com/?release=all=fuel-devops_id=astepanov-m=marks
>
> --
> Thanks,
> Andrey Sledzinskiy
> QA Engineer,
> Mirantis, Kharkiv
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


 __
 OpenStack Development Mailing List (not for usage questions)
 Unsubscribe:
 openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


>>>
>>>
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: 
>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribehttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>> --
>>> Artem Panchenko
>>> QA Engineer
>>>
>>>
>>>
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>>
>> --
>> WBR,
>> Dmitry T.
>> Fuel QA Engineer
>> http://www.mirantis.com
>>
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Best regards,
> Vladimir Khlyunev
> QA engineer,
> Mirantis Inc.
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Best Regards,

Alex
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Fuel] SSL keys saving

2015-08-21 Thread Alexander Kurenyshev 
Hi,
I absolutely agree with all points mentioned below. Especially about
security, because for now, as I know,  we have not any mechanisms to cut
out certs and keys from snapshots.
And as OSTF developer I'll be very grateful if there will be one way to get
certificates from the container.

On Fri, Aug 21, 2015 at 12:10 PM, Stanislaw Bogatkin sbogat...@mirantis.com
 wrote:

 Hi folks.

 Today I want to discuss the way we save SSL keys for Fuel environments. As
 you maybe know we have 2 ways to get a key:
 a. Generate it by Fuel (self-signed certificate will be created in this
 case). In this case we will generate private key, csr and crt in a
 pre-deployment hook on master node and then copy keypair to the nodes which
 needed it.

 b. Get a pre-generated keypair from user. In this case user should create
 keypair by himself and then upload it through Fuel UI settings tab. In this
 case keypair will be saved in nailgun database and then will serialized
 into astute.yaml on cluster nodes, pulled from it by puppet and saved into
 a file.

 Second way has some flaws:
 1. We already have some keys for nodes and we store them on master node.
 Store keys in different places is bad, cause:
 1.1. User experience - user should remember that in some cases keys will
 be store in FS and in some other cases - in DB.
 1.2. It brings problems for implementation in other different places - for
 example, we need to get certificate for properly run OSTF tests and now we
 should implement two different ways to deliver that certificate to OSTF
 container. The same for fuel-cli - we should somehow get certificate from
 DB and place it in FS to use it.
 2. astute.yaml is similar for all nodes. Not all of nodes needs to have
 private key, but now we cannot control this.
 3. If keypair data serializes into astute.yaml it means than that data
 automatically will be fetched when diagnostic snapshot will created. So in
 some cases in can lead to security vulnerability, or we will must to write
 another crutch to cut it out of diagnostic snapshot.


 So I propose to get rid of saving keypair in nailgun database and
 implement a way to always saving it to local FS on master node. We need to
 implement next items:

 - Change UI logic that saving keypair into DB to logic that will save it
 to local FS
 - Implement according fixes in fuel-library

 __
 OpenStack Development Mailing List (not for usage questions)
 Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Best Regards,

Alex
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev