Hello everyone,
One of the goals of this iteration is Encryption.
What do we have at disposal right now ?
=========================
- We're using Public Key Infrastructure(PKI), where now we store SSL
cert of Conductor (it's self-signed).
- We generate SSL cert/key for Conductor in puppet recipe.
- We can generate certs for other parts in the same way.
- Conductor run on HTTPS by default in production environment.
What would we like to achieve in this iteration ?
=============================
* encrypt traffic between IWHD, Conductor, DC-API:
We expect that IWHD and DC-API will run on remote machines, so we
need to encrypt communication between those machines.
Is it need to add some gem(s) ?
====================
No it isn't. After discussion we don't assume that we need to add some
gem(s). Maybe it will be good to check Dmitri Pal suggestions (his
e-mail as reply to mmorsi's one w/ subject 'Iteration 4 Features')
What would we do to complete this goal ?
==========================
For Conductor side:
--------------------------
- revise the codes of communication with IWHD and DC-API.
For IWHD should be easy, now we are using hardcoded URL of this
service, thus we will fix it for HTTPS. We use RestClient for
communication with DC-API, so we will check how is possible (and it's
possible) to wrap RestClient request to secured mode.
For Infrastructure team:
--------------------------------
- generate SSL certs/keys for IWDH and DC-API,
- decide how to change off public certificates between services that
will run on remote machines.
Other notices
=========
- Michal Fojtik will handle option for 'deltacloudd', when we want to
run DC-API on HTTPS.
Please check if I mentioned all services, that we need to run them on
HTTPS and encrypt the traffic between them.
--
Jozef