[openstack-dev] [octavia]redirection and barbican config
johnsomor at gmail.com
Mon Aug 8 15:47:05 UTC 2016
Currently we are only allowing one VIP per amphora.
You can log into the amphora if you specify a ssh keypair loaded into
nova in the octavia.conf file. When that is specified you can log
into the amphora via SSH on the management network interface.
On Mon, Aug 1, 2016 at 5:15 PM, Akshay Kumar Sanghai
<akshaykumarsanghai at gmail.com> wrote:
> Hi Michael,
> Thanks. I have few more queries:
> - Is it possible to create multiple VIPs on one amphora?
> -I created a LB 2 days back. I created all the objects loadbalancer,
> listener, pool and members. The curl was successful for the vip. Today I
> added one more listener listening on port 443 (Terminated https) and added
> pool for it and members for the pool. I have barbican installed and I have
> tried ssl offloading with barbican with haproxy namespace driver. The curl
> for http and https were giving me code 503, but when I did a curl to the
> member, it was working 200 ok. I tried to figure out where its going wrong,
> but could not. I could not find any errors in octavia-api.log and
> octavia-worker.log. So, I deleted everything and recreated again. Now it was
> working. But for a similar future scenario, how should i figure out where
> things went wrong or where the packet is dropped. Is it possible to login to
> the amphora vm?
> On Sat, Jul 30, 2016 at 11:45 PM, Michael Johnson <johnsomor at gmail.com>
>> Hi Akshay,
>> For 80 to 443 redirection, you can accomplish this using the new L7
>> rules capability. You would setup a listener on port 80 that has a
>> redirect rule to the 443 URL.
>> On the barbican question, if you are using the octavia driver, you
>> will need to set the required settings in the octavia.conf file for
>> proper barbican access.
>> Those settings are called out here:
>> On Thu, Jul 28, 2016 at 1:02 PM, Akshay Kumar Sanghai
>> <akshaykumarsanghai at gmail.com> wrote:
>> > Hi,
>> > I have a couple on questions on octavia. Please answer or redirect me to
>> > relevant documentation:
>> > - Assume listener is listening on 443 and client hits the vip on port
>> > 80,
>> > the connection will be refused. Is it possible to configure http to
>> > https
>> > direction?
>> > - For the barbican config, the only config item i can find is
>> > cert_manager_type in neutron_lbaas.conf. How do we configure the
>> > barbican
>> > access for lbaas. I assume since we do the access config for nova and
>> > keystone in neutron.conf, there should be some config file where we
>> > define
>> > the barbican access(username, password, auth_url).
>> > The community has been very helpful to me. Thanks a lot Guys. Appreciate
>> > your efforts.
>> > Thanks
>> > Akshay Sanghai
>> > __________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe:
>> > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev