Difference between revisions of "Tatu"
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
− | [[File: | + | [[File:Project_Tatu_Logo.png|center]] |
== Overview == | == Overview == | ||
+ | |||
+ | Named in honor of Tatu Ylönen, the inventor of SSH, Tatu is an OpenStack service that manages SSH user and host certificates. Tatu can also start and manage bastion servers so that you don't have to (and you don't have to give every SSH server a public IPv4 address). | ||
+ | |||
+ | Tatu provides APIs, Horizon Dashboard Panels and OpenStack CLI that allow: | ||
+ | * Users to obtain SSH user-type certificates (per project) for their public key, with permissions corresponding to their roles in the project. | ||
+ | * OpenStack VM (or bare metal) instances to obtain a host SSH certificate for their public key, and to configure user accounts corresponding to Keystone roles. | ||
+ | |||
+ | == More Information == | ||
+ | |||
+ | * [https://docs.google.com/presentation/d/1HI5RR3SNUu1If-A5Zi4EMvjl-3TKsBW20xEUyYHapfM Slides] (February 2018) | ||
+ | * [https://www.youtube.com/watch?v=y6ICCPO08d8&feature=youtu.be Feb. 2018 full demo video] (without Keystone role integration, 11 minutes) | ||
+ | * [https://www.youtube.com/watch?v=yjwWdYJRTM0&feature=youtu.be Single-feature demo video] of integration with Uber's pam-ussh module (Mar. 2018, 4 minutes). | ||
+ | |||
+ | == Get Involved == | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | | Launchpad Projects || [http://launchpad.net/tatu Tatu] | ||
+ | |- | ||
+ | | Code Repositories || [http://git.openstack.org/cgit/openstack/tatu Tatu] [http://git.openstack.org/cgit/openstack/python-tatuclient TatuClient] [http://git.openstack.org/cgit/openstack/tatu-dashboard TatuDashboard] | ||
+ | |- | ||
+ | | Blueprints || [http://blueprints.launchpad.net/tatu Tatu Blueprints] | ||
+ | |- | ||
+ | | Code Review || [http://review.openstack.org/#/q/project:openstack/tatu,n,z Tatu] [http://review.openstack.org/#/q/project:openstack/python-tatuclient,n,z TatuClient] [http://review.openstack.org/#/q/project:openstack/tatu-dashboard,n,z TatuDashboard] | ||
+ | |- | ||
+ | | Bug Tracking || [http://bugs.launchpad.net/tatu Tatu] | ||
+ | |- | ||
+ | | IRC Channel || <code>#openstack-tatu</code> on freenode.net | ||
+ | |- | ||
+ | | Mailinglist || Drop emails to [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev openstack-dev] with tag <code>[Tatu]</code> in the subject. | ||
+ | |- | ||
+ | | Weekly Meetings || We have a regular slot in the Security SIG's [http://eavesdrop.openstack.org/#Security_meeting weekly meeting] starting March 8, 2018 (until we reach critical mass). | ||
+ | |} |
Latest revision as of 20:25, 6 March 2018
Overview
Named in honor of Tatu Ylönen, the inventor of SSH, Tatu is an OpenStack service that manages SSH user and host certificates. Tatu can also start and manage bastion servers so that you don't have to (and you don't have to give every SSH server a public IPv4 address).
Tatu provides APIs, Horizon Dashboard Panels and OpenStack CLI that allow:
- Users to obtain SSH user-type certificates (per project) for their public key, with permissions corresponding to their roles in the project.
- OpenStack VM (or bare metal) instances to obtain a host SSH certificate for their public key, and to configure user accounts corresponding to Keystone roles.
More Information
- Slides (February 2018)
- Feb. 2018 full demo video (without Keystone role integration, 11 minutes)
- Single-feature demo video of integration with Uber's pam-ussh module (Mar. 2018, 4 minutes).
Get Involved
Launchpad Projects | Tatu |
Code Repositories | Tatu TatuClient TatuDashboard |
Blueprints | Tatu Blueprints |
Code Review | Tatu TatuClient TatuDashboard |
Bug Tracking | Tatu |
IRC Channel | #openstack-tatu on freenode.net
|
Mailinglist | Drop emails to openstack-dev with tag [Tatu] in the subject.
|
Weekly Meetings | We have a regular slot in the Security SIG's weekly meeting starting March 8, 2018 (until we reach critical mass). |