Re: [openstack-dev] Regarding cache-based cross-VM side channel attacks in OpenStack

> OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/li

Re: [openstack-dev] [freezer] PTG planning Etherpad

questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc. __ Op

Re: [openstack-dev] [keystone] Upcoming Deadlines

penstack.org/#/c/512505/ > > [2] https://review.openstack.org/#/c/464763/ > > [3] https://review.openstack.org/#/c/500207/ > > > ______ > OpenStack Developmen

Re: [openstack-dev] [keystone] multiple federated keystones with single Identity Provider

> > Without replicating revocation events, or syncing the assignment table, > > this will lead to security concerns. > > There is also cache invalidation issue. And that would make tokens of > various scope behave in a different manner. A year ago i was -2 on this, > and i sti

Re: [openstack-dev] [all] [tc] Policy Goal Queens-2 Update

> > >> ___ > > >>> OpenStack Development Mailing List (not for usage questions) > > >>> Unsubscribe: > > >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > >>> http://list

Re: [openstack-dev] [hyper-v] Hyper-V Support Will be Removed Forever ?

ge questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc. ___

Re: [openstack-dev] [security] [api] Script injection issue

Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject: > unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > -- > Davanum Srinivas :: https://twitter.com/dims > > ______ &

Re: [openstack-dev] [policy] AWS IAM session

gt; >> > >> > >> __ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mai

Re: [openstack-dev] Security of Meta-Data

-dev-requ...@lists.openstack.org?subject: > unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscrib

Re: [openstack-dev] [Glance][Security] Secure Hash Algorithm Spec

_ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security En

Re: [openstack-dev] [api-wg][glance] call for comments on Glance spec for Queens

List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> >> > > __ > OpenStack Development Mailing List (not for usa

Re: [openstack-dev] Janney 2.0 "Data Protection in OpenStack" Summary Presentation

Pages/JanneyTalks_KaitlineFarr.aspx > > Thanks! > > Kaitlin > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://li

Re: [openstack-dev] [Glare][TC][All] Past, Present and Future of Glare project

z (ttx) > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/

Re: [openstack-dev] [all] Policy rules for APIs based on "domain_id"

; __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://list

Re: [openstack-dev] [tc][appcat] The future of the App Catalog

n a VM provisioned by Nova. > > > > +1 for "apps that know they're in the cloud", and further apps that know > how to talk to their cloud. > > And also +1 for listening to folks who want a little more help in > interacting with their cloud from inside their VMs. If I've squelched > anyone in t

Re: [openstack-dev] [tc][appcat] The future of the App Catalog

elopment Mailing List (not for usage questions) > > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject: > unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ > Op

Re: [openstack-dev] [tc][appcat][murano][app-catalog] The future of the App Catalog

already deployed Murano and are counting on finding > the apps in the app catalog. > > -Christopher > > > > > -- > > Thierry Carrez (ttx) > > > > ____

Re: [openstack-dev] [chef] Making the Kitchen Great Again: A Retrospective on OpenStack & Chef

> OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _

Re: [openstack-dev] [openstack-ansible] Ocata deployed on CentOS 7!

Major, thanks for sharing this! On Thu, Jan 19, 2017 at 5:24 PM, Major Hayden wrote: > On 01/19/2017 10:04 AM, Adam Heczko wrote: > > BTW are you implying that Ubuntu LTS is unstable or not stable enough to > run OpenStack? > > I think that it would be valuable if you could

Re: [openstack-dev] [openstack-ansible] Ocata deployed on CentOS 7!

bject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Adam Heczko Security Engineer @ Mirantis Inc. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-d

Re: [openstack-dev] [security] [telemetry] How to handle security bugs

oftware hacker >https://julien.danjou.info */ > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/open

Re: [openstack-dev] [Fuel] - Nominate Maksim Malchuk to Fuel Library Core

; >>> __ >>> >> OpenStack Development Mailing List (not for usage questions) >>> >> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> >> http://lists.openstack.org/cgi-bin/mailman/

Re: [openstack-dev] [Fuel] [Shotgun] Decoupling Shotgun from Fuel

gt;> > > OpenStack Development Mailing List (not for usage questions) > >>>> > > Unsubscribe: > >>>> > > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > >>>> > > http://lists.openstack.org/cgi-bin/

Re: [openstack-dev] [Fuel] [Plugins] Netconfig tasks changes

odes won't even have > "Public" network on node interface configuration UI. > > Regards, > Alex > > On Wed, May 25, 2016 at 9:43 AM, Adam Heczko wrote: > >> Hello Alex, >> I have a question about the proposed changes. >> Is it possible to introduce

Re: [openstack-dev] [Fuel] [Plugins] Netconfig tasks changes

w.openstack.org/#/q/I229957b60c85ed94c2d0ba829642dd6e465e9eca,n,z >> > > > ______ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe &

Re: [openstack-dev] [Fuel] [Shotgun] Decoupling Shotgun from Fuel

_ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> __

Re: [openstack-dev] [Fuel] [Openstack] Problem after reboot fuel-master VM

y fuel > > Thanks in advance. > > > > > ______ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http:

Re: [openstack-dev] [keystone] Single Sign On integration research

s, Kseniya >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac

Re: [openstack-dev] [kolla][security] Obtaining the vulnerability:managed tag

ng List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc. _

Re: [openstack-dev] [Fuel][Fuel-Library] Nominating Matthew Mosesohn for Fuel Library Core

daev >> >> >> ______ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http:/

Re: [openstack-dev] [Fuel] Extend FFE for "Disable queue mirroring for RPC queues in RabbitMQ"

equ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc. __ OpenStack Development Mailing List (not for

Re: [openstack-dev] [fuel][plugins]Security problem in Fuel 7.0

penstack.org?subject:unsubscribehttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >>> -- >>> Eugene Korekin >>> Partner Enablement Team Deployment Engineer >>> >>> >>> ______ &

[openstack-dev] [Fuel] API services available on public VIP

uel. Thank you, -- Adam Heczko Security Engineer @ Mirantis Inc. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/

Re: [openstack-dev] [Fuel] Running Fuel node as non-superuser

t; > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev &g

Re: [openstack-dev] [Product] [fuel] Life cycle management use cases

g List (not for usage questions) >> > Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> ___ >> Product-wg mailing list >> product...@lists.openstack.org &

Re: [openstack-dev] FW: [Fuel] 8.0 Region name support / Multi-DC

> >> >> Thanks >> >> >> >> -- >> >> Roman Sokolkov, >> >> Deployment Engineer, >> >> Mirantis, Inc. >> Skype rsokolkov, >> rsokol...@mirantis.com >> >> -- >> >> Chris Clason >> >> Director of Architecture >> >&

Re: [openstack-dev] Apache2 vs uWSGI vs ...

OK, sorry I mixed up nginx and uwsgi :) A. On Fri, Sep 25, 2015 at 2:54 PM, David Stanek wrote: > > On Fri, Sep 25, 2015 at 8:25 AM Adam Heczko wrote: > >> Are we discussing mod_wsgi and Keystone or OpenStack as a general? >> If Keystone specific use case, then pro

Re: [openstack-dev] Apache2 vs uWSGI vs ...

_ >> >> OpenStack Development Mailing List (not for usage questions) >> >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> >> http://lists.ope

Re: [openstack-dev] [Fuel] Bugs which we should accept in 7.0 after Hard Code Freeze

> -- > Mike Scherbakov > #mihgen > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/c

Re: [openstack-dev] [Fuel] Remove MOS DEB repo from master node

;> >> >>> This thread is not about internet connectivity, it is about aligning >> >>> things. >> >>> >> >> >> >> You are correct in that this thread

Re: [openstack-dev] [Fuel] Remove MOS DEB repo from master node

rect in that this thread is not explicitly about internet > >> connectivity, but they are related. Any changes to remove a local > repository > >> and only provide an internet based solution makes internet connectivity > >> something that needs to be incl

Re: [openstack-dev] [Fuel] SSL keys saving

;s > certificates we work in > absolutely different way and store them in absolutely different place. > And this > way leads to huge problems. > > Thanks, > > On Fri, Aug 21, 2015 at 1:33 PM, Adam Heczko wrote: > >> Hi Evgeniy, >> what you've proposed is all rig

Re: [openstack-dev] [Fuel] SSL keys saving

ement according fixes in fuel-library >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/li

Re: [openstack-dev] [Fuel] SSL keys saving

items: > > - Change UI logic that saving keypair into DB to logic that will save it > to local FS > - Implement according fixes in fuel-library > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-req

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

t; > Right. Here is the fixed version (please don't use it anyway): > http://paste.openstack.org/show/406862/ > > > > Note, this doesn't take into account the initial key repository creation, > does it? > > > > Here is a similar version that relies on rs

Re: [openstack-dev] Would people see a value in the cve-check-tool?

> OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Miranti

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

ww.traceback.org > twitter: http://twitter.com/dstanek > www: http://dstanek.com > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openst

Re: [openstack-dev] [Keystone][Fernet] HA SQL backend for Fernet keys

main simple. >>>> >>>> >>>> ______ >>>> OpenStack Development Mailing List (not for usage questions) >>>> Unsubscribe: >>>> openstack-dev-requ...@lists.openstack.org?su

Re: [openstack-dev] [Cinder] encryption is not supported in ceph volume

should we prohibit to create a Ceph volume with encrypted > volume type. > > Best wishes > Lisa > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subj

Re: [openstack-dev] [fuel] OS_SERVICE_TOKEN usage in Fuel

t;>>>> Unsubscribe: >> >>>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >>>> >> >>>> -- >> >>>

[openstack-dev] [Fuel] Add support for Keystone's Fernet encryption keys management: initialization, rotation

ilities will be implemented in Fuel by related blueprint [1]. [1] https://blueprints.launchpad.net/fuel/+spec/fernet-tokens-support [2] http://www.eetimes.com/document.asp?doc_id=1279619 Regards, -- Adam Heczko Security Engineer