Service communication encryption with IPSEC

Registered by Juan Antonio Osorio Robles on 2017-11-21

This would enable encryption in the network for service-to-service communication using IPSEC. This work would be based on work already done as part of an ansible role, and would include making it part of the TripleO workflow.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Juan Antonio Osorio Robles
Direction:
Approved
Assignee:
Juan Antonio Osorio Robles
Definition:
Approved
Series goal:
Accepted for queens
Implementation:
Implemented
Milestone target:
milestone icon queens-rc1
Started by
Alex Schultz on 2017-11-27
Completed by
Emilien Macchi on 2018-02-06

Related branches

Sprints

Whiteboard

[2017-12-08] Moving to queens-3 as there is a single patch outstanding. If anything else is needed, we should move this to Rocky.

Gerrit topic: https://review.openstack.org/#q,topic:bp/for,n,z

Addressed by: https://review.openstack.org/521727
    Encryption everywhere with IPSEC

Gerrit topic: https://review.openstack.org/#q,topic:bp/ipsec,n,z

Addressed by: https://review.openstack.org/521728
    Add libreswan (IPSEC management) package to overcloud images

Addressed by: https://review.openstack.org/521731
    Add VipMap to inventory variables

Addressed by: https://review.openstack.org/521863
    Add IPSEC composable service

Addressed by: https://review.openstack.org/522529
    Add network_map entry to dynamic inventory

Gerrit topic: https://review.openstack.org/#q,topic:deploy_steps_tasks,n,z

Gerrit topic: https://review.openstack.org/#q,topic:ipsec,n,z

Addressed by: https://review.openstack.org/534729
    Split IPSEC deployment in two

Addressed by: https://review.openstack.org/535184
    Enable configuring IPSEC's phase 2 algorithm

Addressed by: https://review.openstack.org/538234
    Add documentation for the IPSEC feature

Addressed by: https://review.openstack.org/534731
    Activate ipsec for for featureset042

Addressed by: https://review.openstack.org/539444
    Add release notes for IPSec

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.