Thought I should share this as core stuff needs changing to make debops work in the environment I am putting together. 

This is for IPv6 only Open stack (control plane), and DNS management system development, as well as firewalling

Features are:

1) IPv6 only systems

2) Strongswan IPSEC for sustained connection security.  With predefined end points such as between servers, much more efficient as SSL Encryption session does not have to be negotiated per TCP connection, far more secure than SSL as all key material in kernel not user space, not withstanding better protocol design.

3) netscript IP address and interface managerment

4) netscript IP tables combined with ferm

5) Open vswitch set up

6) Samba as AD controller and kerberos server

7) kerberos client set up

8) Set up and configuration of DMS

9) Set up and configuration of openstack

10) 'Thin' cloud mode for quickly deploying short-lived cloud systems on demand.  Won't need all the security bells and whistles, just an ssh-keyed admin account

11) integrating with cloud-init

12) site local role for all those things that stroke an individual admins fancy like /etc/skel shell mode support...

The thin mode and the work on ferm/netscript iptables are core functionality changes.  If you think all this will make debops far too top heavy let me know.

At the moment my needs for Opens stack dev are for quickly deploying common platform initialisation as I am bringing up 10-20 systems quickly (Apt, user accounts, ssh keys, NTP, sudo, dns common stuff), and then manually configuring each platform and using backup to store those details.  

In my set up there is quite a bit of netscript involved due to Jessie ifupdowns inability/refusal to up network interfaces with NO addressing on them ;-(  (Needed for firing up and connecting open vswitch as I use a lot of VLAN trunking, and soon VXLAN).

I can understand if you don't want me to push all this stuff onto debops, as there is quite a lot of complexity in it already. Please let me know if this architecture here is too far different from the depops hosting platform model to try blending it in.

Thank you so much

Best Regards,

Matt Grant

Debian Developer