Difference between revisions of "X509-proposal"
| Line 8: | Line 8: | ||
Overview: | Overview: | ||
| − | * move x509 into a ''nova-manager'' | + | * move x509 into a ''nova-manager'', run from a host that manages the CA directory |
| − | * openstack extension for management | + | * openstack (admin-only?) extension for management |
* use rpc to communicate between API and x509 manager | * use rpc to communicate between API and x509 manager | ||
| + | * api is a wrapper around most of the nova/crypto.py interface | ||
| + | * there is some usage in the ec2/admin.py (deprecated) that will need to be considered. | ||
Revision as of 22:11, 17 January 2012
X509 Certs
Nova has an x509 cert store that it uses for the ec2 bundling image process and the cloudpipe vpn system. Currently the code runs inside the API server - which leads to issues if you want to want to run the api server on multiple boxes.
STATUS: DRAFT
Overview:
- move x509 into a nova-manager, run from a host that manages the CA directory
- openstack (admin-only?) extension for management
- use rpc to communicate between API and x509 manager
- api is a wrapper around most of the nova/crypto.py interface
- there is some usage in the ec2/admin.py (deprecated) that will need to be considered.
