This session will primarily focus on merging rootwrap into openstack-common and further improvements to it. Time at the end of the session will be assigned to discuss incorporating keyring usage into the service infrastructure and any further service security infrastructure ideas.
This session will include the following subject(s):
Towards a unified and more featureful rootwrap:
Multiple projects (Nova, Cinder, Quantum) have adopted nova-rootwrap, so moving it to openstack-common sounds like a good idea to avoid code duplication and painful sync.
In this session we will discuss the plan to push rootwrap into openstack-common, as well as additional features for rootwrap (path searching, logging, Python code execution).
All your passwords belong to keyrings?:
Clients are starting to use python-keyring for passwords. It would seem to make sense to have other sensitive passwords also use a similar mechanism (for example in nova.conf, or in keystone.conf or in paste api ini files and so on). These places shouldn't have clear text passwords even though they do right now (eck). But I'd like to get input on what people think about that and possibly any issues they see.