Re: [openstack-dev] [tripleo] Encrypted swift volumes by default in the undercloud

[Dmitry Tantsur]

Hi,

On 05/15/2018 09:19 PM, Juan Antonio Osorio wrote:

Hello!

As part of the work from the Security Squad, we added the ability for the 
containerized undercloud to encrypt the overcloud plans. This is done by 
enabling Swift's encrypted volumes, which require barbican. Right now it's 
turned off, but I would like to enable it by default [1]. What do you folks think?


I like the idea, but I'm a bit skeptical about adding a new service to already 
quite bloated undercloud. Why is barbican a hard requirement here?




[1] https://review.openstack.org/#/c/567200/

BR

--
Juan Antonio Osorio R.
e-mail: jaosor...@gmail.com 



__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [tripleo] Encrypted swift volumes by default in the undercloud

[Juan Antonio Osorio]

Hello!

As part of the work from the Security Squad, we added the ability for the
containerized undercloud to encrypt the overcloud plans. This is done by
enabling Swift's encrypted volumes, which require barbican. Right now it's
turned off, but I would like to enable it by default [1]. What do you folks
think?

[1] https://review.openstack.org/#/c/567200/

BR

-- 
Juan Antonio Osorio R.
e-mail: jaosor...@gmail.com
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev