API access to Openstack for WFAs *and* controller
Both the WFAs and controller need some kind of API access to Openstack to support real reset (that reboots a VM), and createVM. Think carefully about relationship between capabilities and the Openstack security mechanisms. We should consider if we can just wrap and proxy full API access to any service in a reasonable way, or if we have to special-case everything. Obviously the former is ideal... but proxying all API calls over the capability protocol isn't going to be super nice. We'll certainly need protocol support for ack'd packet fragments, because the raw cap proto can't do more than an MTU right now. Sigh...