[Rdo-list] RDO packages for Marconi and Barbican

Dmitri Pal dpal at redhat.com
Fri Dec 13 18:54:43 UTC 2013 

On 12/13/2013 01:37 PM, Perry Myers wrote:
> On 12/13/2013 01:29 PM, Dmitri Pal wrote:
>> On 12/13/2013 01:19 PM, Perry Myers wrote:
>>> On 12/13/2013 12:53 PM, Tim Bell wrote:
>>>> Is there a plan to package Marconi and Barbican as RDO packages ?
>>> Hi Tim,
>>>
>>> Good questions :)
>>>
>>> I don't know what the concrete timelines are, but certainly I think
>>> Marconi (being already incubated) should be packaged for RDO Icehouse in
>>> the near future.
>>>
>>> Flavio, do you have more specific/concrete plans around when that would
>>> get done?
>>>
>>> As for Barbican, I'm a little less certain of that.  Mainly because at
>>> this point it has not gone up for incubation yet (at least from what I
>>> recall).
>>>
>>> Our general rule of thumb has been to wait for a project to be incubated
>>> before packaging.  We could certainly make an exception if we feel the
>>> need though.
>>>
>>> Dmitri/Adam, what are your guys' thoughts on Barbican?
>>>
>>> Perry
>> We are not directly involved in Barbican. To the best of my knowledge
>> its primary focus is to provide certificate issuance to the cervices and
>> applications running in the cloud. We have been focusing more on the
>> certificates for the cloud infra itself.
>> The short term plan is to leverage certmonger on the client side
>> (leverading Linux platform under OpenStack) to fetch certs from
>> Certmaster/FreeIPA/Dogtag to bootstrap the undercloud and overcloud and
>> then provide FreeIPA/Dogtag as a back end for Barbican.
>> But for it to be a viable solution upstream Dogtag should be usable in
>> the upstream dev environment so we are workign on making FreeIPA/Dogtag
>> available in Debian for dev purposes. Once it is done we would be able
>> to get in touch with Barbican team again. Absence of Debian availability
>> was a showstopper for a conversation about Barbican.
> All valid points Dmitri, but not relevant to whether or not we package
> up Barbican for use by the RDO community.
>
> My take is that once a project is incubated, we need to put someone on
> that project to at the least help package it.  Barbican isn't there yet,
> but we'll have to watch and when it's ready we'll do that work.
>
> We should not gate RDO packaging of Barbican on whether or not it can
> use FreeIPA/Dogtag as a backend.

True. I was just providing context and our thinking about the project.
Barbican is an interface to a CA. It is unclear what kind of CA would be
supported as a back end out of box.
If it is just an API without any back end yet even if it is incubated it
might not make much sense to package yet until it becomes possible to
use some (not necessarily FreeIPA/Dogtag) publicly available CA project
as a backend.

We will look at it when it is incubated.


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the dev mailing list