Iteration 4 Feature: Encryption

Hello everyone, One of the goals of this iteration is Encryption. What do we have at disposal right now ? ========================= - We're using Public Key Infrastructure(PKI), where now we store SSL cert of Conductor (it's self-signed). - We generate SSL cert/key for Conductor in puppet recipe. - We can generate certs for other parts in the same way. - Conductor run on HTTPS by default in production environment. What would we like to achieve in this iteration ? ============================= * encrypt traffic between IWHD, Conductor, DC-API: We expect that IWHD and DC-API will run on remote machines, so we need to encrypt communication between those machines. Is it need to add some gem(s) ? ==================== No it isn't. After discussion we don't assume that we need to add some gem(s). Maybe it will be good to check Dmitri Pal suggestions (his e-mail as reply to mmorsi's one w/ subject 'Iteration 4 Features') What would we do to complete this goal ? ========================== For Conductor side: -------------------------- - revise the codes of communication with IWHD and DC-API. For IWHD should be easy, now we are using hardcoded URL of this service, thus we will fix it for HTTPS. We use RestClient for communication with DC-API, so we will check how is possible (and it's possible) to wrap RestClient request to secured mode. For Infrastructure team: -------------------------------- - generate SSL certs/keys for IWDH and DC-API, - decide how to change off public certificates between services that will run on remote machines. Other notices ========= - Michal Fojtik will handle option for 'deltacloudd', when we want to run DC-API on HTTPS. Please check if I mentioned all services, that we need to run them on HTTPS and encrypt the traffic between them. -- Jozef