[Openstack] [Barbican] Mitaka RC1 available

Hi everyone, Last of the releaseteam-managed projects to issue a RC1 for the end of the Mitaka cycle is Barbican! You can find the RC1 source code tarball at: https://tarballs.openstack.org/barbican/barbican-2.0.0.0rc1.tar.gz Unless release-critical issues are found that warrant a release ca

Re: [Openstack] SSL cert issue on openstack client

On Tue, Mar 22, 2016 at 7:41 PM, Jagga Soorma wrote: > However my mac os x desktop does that without any issues. I was able > to get around this on my CentOS server by downloading the > GeoTrust_CA_Bundle.crt locally and using "export > OS_CACERT=/var/tmp/GeoTrust_CA_Bundle.crt". However, I don

Re: [Openstack] SSL cert issue on openstack client

You may want to try updating the system CA certs. Download both the root and current intermediate certificate from Geotrust and copy them to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had some issues with newer GoDaddy certificates and this fixed me up. You'd need to do this on a

[Openstack] password in clear text

Hi Guys, Currently when using the openstack api I have to save my password in clear text in the OS_PASSWORD environment variable. Is there a more secure way to use the openstack api without having to either store this password in clear text or enter the password manually every time I run a openst

Re: [Openstack] SSL cert issue on openstack client

Erik McCormick wrote: You may want to try updating the system CA certs. Download both the root and current intermediate certificate from Geotrust and copy them to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust. I had some issues with newer GoDaddy certificates and this fixed me up. Yo

Re: [Openstack] password in clear text

Piggybacking on this question, I also would like to know if there is a solution to prevent storing passwords in the various service config files. We store our configs in subversion, and I hate that I have those passwords in there. Mike Smith Lead Cloud Systems Architect Overstock.com

Re: [Openstack] password in clear text

Jagga Soorma wrote: >Currently when using the openstack api I have to save my password in clear >text in >the OS_PASSWORD environment variable.  Is there a more secure way to use the >openstack api without having to either store this password in clear text or >enter the >password manually every

Re: [Openstack] password in clear text

We use Kerberos and X.509 in Keystone V3 for the end users. It works very nicely (although the python client-* CLIs often do not support it so you have to use the openstack OSC CLI) Tim From: Mike Smith mailto:mism...@overstock.com>> Date: Wednesday 23 March 2016 at 16:28 To: openstack mailto:

Re: [Openstack] password in clear text

The difficulty with the environment variables is that the administrator of the box you are logged into can read the environment using ps aux. There has been some work done to support storing all the variables in a file (which would be an environment variable) such that the CLIs read from th

[Openstack] Monasca web hooks

Hi Guys, I need to push out all alerts in Monasca to a external logfile on a linux server. Not very familiar with webhooks and was wondering if someone has already done something similar that I can get a starting point with. Thanks. ___ Mailing list: h

Re: [Openstack] password in clear text

Thanks for your response Tim. I do have our openstack environment integrated into AD. I basically am trying to see if there is a alternative to storing the password in clear text in a environment variable. With kerberos or AD are you saying that we would just get a ticket by authenticating once

Re: [Openstack] password in clear text

We use OpenStack as follows for most interactive use cases * Our Kerberos server is provided by AD * We kinit/klog to get a Kerberos ticket * Our openrc definitions are set up to use a Keystone authentication with Kerberos This uses the OS_AUTH_TYPE=v3kerberos environment. An old

Re: [Openstack] password in clear text

Excerpts from Tim Bell's message of 2016-03-23 09:17:20 -0700: > > The difficulty with the environment variables is that the administrator of > the box you are logged into can read the environment using ps aux. > > There has been some work done to support storing all the variables in a file

Re: [Openstack] password in clear text

Excerpts from CARVER, PAUL's message of 2016-03-23 08:40:43 -0700: > Jagga Soorma wrote: > > >Currently when using the openstack api I have to save my password in clear > >text in > >the OS_PASSWORD environment variable.  Is there a more secure way to use the > >openstack api without having to ei

Re: [Openstack] password in clear text

On 23/03/16 18:41, "Clint Byrum" wrote: >Excerpts from Tim Bell's message of 2016-03-23 09:17:20 -0700: >> >> The difficulty with the environment variables is that the administrator of >> the box you are logged into can read the environment using ps aux. >> >> There has been some work don

Re: [Openstack] password in clear text

Excerpts from Tim Bell's message of 2016-03-23 11:53:38 -0700: > > On 23/03/16 18:41, "Clint Byrum" wrote: > > >Excerpts from Tim Bell's message of 2016-03-23 09:17:20 -0700: > >> > >> The difficulty with the environment variables is that the administrator of > >> the box you are logged into c

Re: [Openstack] password in clear text

On 03/23/2016 11:46 AM, Tim Bell wrote: We use Kerberos and X.509 in Keystone V3 for the end users. It works very nicely (although the python client-* CLIs often do not support it so you have to use the openstack OSC CLI) I'm personally in favor of moving toward a Federated approach using Ke

[Openstack] OpenStack OSAD and Horizon policy updates

Hello, I have a quick question around Horizon policy files and corresponding service policy files. I am using OpenStack OSAD ( http://docs.openstack.org/developer/openstack-ansible/liberty/install-guide/configure-openstack.html) to deploy an AIO setup from 12.0.8 I am using keystone_policy_o

Re: [Openstack] OpenStack OSAD and Horizon policy updates

There's currently no built in automation for Horizon to pull the policy file, so you'll have to update it yourself on the Horizon instances. Thanks, Brad From: Michael Gale mailto:gale.mich...@gmail.com>> Date: Wednesday, March 23, 2016 at 2:31 PM To: "openstack@lists.openstack.org

Re: [Openstack] OpenStack OSAD and Horizon policy updates

On 03/23/2016 05:42 PM, Brad Pokorny wrote: There's currently no built in automation for Horizon to pull the policy file, so you'll have to update it yourself on the Horizon instances. This is essentially true of all the policy files. Managing them is left to the discretion of the install/manag

[Openstack] [release][security] Anchor 0.4.0

Security team is pleased to announce the release of Anchor 0.4.0. Anchor is a lightweight PKI service which provides automated certificate verification and signing. It is a new approach for managing private community PKI deployments such as internal infrastructure, by using short-lived certific

Re: [Openstack] [release][security] Anchor 0.4.0

[with links this time] Security team is pleased to announce the release of Anchor 0.4.0. Anchor is a lightweight PKI service which provides automated certificate verification and signing. It is a new approach for managing private community PKI deployments such as internal infrastructure, by usi

Re: [Openstack] Monasca web hooks

I do not know if using Logstash ( https://www.elastic.co/webinars/logstash-0-60-in-60) you can able to do it directly getting it from the Alarm DB in Monasca. Otherwise you may look at this ( https://github.com/openstack/monasca-api/blob/master/docs/monasca-api-spec.md#alarms). You can write a ap