<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-text-html" lang="x-unicode"> Thanks Brandon<br>
<br>
<div class="moz-cite-prefix">On 05/20/15 22:58, Brandon Logan
wrote:<br>
</div>
<blockquote cite="mid:1432187894561.41638@RACKSPACE.COM"
type="cite">
<p>Just to add a few things,<br>
</p>
<p>Barbican is not yet implemented in Octavia, though the code
is there, we just need to spend a few hours hooking it all up
and testing it out.<br>
</p>
<p><br>
</p>
<p>Also, the security groups are used by octavia right now so
that only the ports on the listener are accessible. Basically
if a loadbalancer has listeners on ports 80 and 443, the vip
ports will only allow traffic on those ports. It shouldn't
allow other traffic.<br>
</p>
</blockquote>
That is great to hear. I assume that if we are using security
groups we will also be able to define rules regarding which
networks the listeners are allowed to accept traffic from? <br>
<br>
Is that assumption correct? <br>
<blockquote cite="mid:1432187894561.41638@RACKSPACE.COM"
type="cite">
<p> </p>
<p><br>
</p>
<p>Thanks,<br>
</p>
<p>Brandon<br>
</p>
<div style="word-wrap:break-word">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
color="#000000" face="Calibri, sans-serif"><b>From:</b>
Doug Wiegley <a class="moz-txt-link-rfc2396E"
href="mailto:dougwig@parksidesoftware.com"><dougwig@parksidesoftware.com></a><br>
<b>Sent:</b> Thursday, May 21, 2015 12:49 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated"
href="mailto:maishsk+openstack@maishsk.com">maishsk+openstack@maishsk.com</a>;
OpenStack Development Mailing List (not for usage
questions); Maish Saidel-Keesing<br>
<b>Subject:</b> Re: [openstack-dev] [lbaas] [octavia]
[barbican] Relationship between Octavia and Barbican and
Octavia 1.0 questions</font>
<div> </div>
</div>
<div>Hi Maish,
<div class=""><br class="">
</div>
<div class="">Thanks for the feedback, some answers below.
Please also be aware of the lbaas use cases session
tomorrow at 9am (yuck, I know), <a moz-do-not-send="true"
href="https://etherpad.openstack.org/p/YVR-neutron-lbaas-use-cases"
class="">https://etherpad.openstack.org/p/YVR-neutron-lbaas-use-cases</a></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On May 19, 2015, at 12:05 AM, Maish
Saidel-Keesing <<a moz-do-not-send="true"
href="mailto:maishsk@maishsk.com" class="">maishsk@maishsk.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div bgcolor="#FFFFFF" class="">Hello all,<br
class="">
<br class="">
Going over today's presentation "Load Balancing as
a Service, Kilo and Beyond"[1] (great
presentation!!) - there are a few questions I have
regarding the future release:<br class="">
<br class="">
For Octavia 1.0:<br class="">
<br class="">
1. Can someone explain to me how the flow would
work for spinning up a a new Amphora with regards
to interaction between Neutron, LBaaS and
Barbican?<br class="">
Same question as well regarding how the standby is
created and its relationship with Barbican.<br
class="">
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>The lbaas API runs inside neutron-server. The
general flow is:</div>
<div><br class="">
</div>
<div>- User interacts with neutron CLI/API or horizon
(in liberty), and creates an LB.</div>
<div>- Lbaas plugin in neutron creates logical models,
fetches cert data from barbican, and calls the backend
lbaas driver.</div>
<div>- The backend driver does what it needs to to
instantiate the LB. Today this is a synchronous call
that waits for the nova boot, but by Liberty, it will
likely be an async call to the octavia controller to
finish the job.</div>
<div><br class="">
</div>
<div>Once Octavia has control, it is doing:</div>
<div><br class="">
</div>
<div>- Get REST calls for objects,</div>
<div>- Talk to nova, spin up an amphora image,</div>
<div>- Talk to neutron, plumb in the networks,</div>
<div>- Send the amphora its config.</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF" class=""><br class="">
2. Will the orchestration (Heat) also be
implemented when Octavia 1.0 is released or only
further down the line?<br class="">
If not what would you suggest be the way to
orchestrate LBaaS until this is ready?<br class="">
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>We need to talk to the Heat folks and coordinate
this, which we are planning to do soon.</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF" class=""><br class="">
3. Is there some kind of hook into Security groups
also planned for the Amphora to also protect the
Load Balancer?<br class="">
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>Not at present, but I recorded this in the feature
list on the etherpad above.</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div bgcolor="#FFFFFF" class=""><br class="">
I think that based on the answers to these
questions above - additional questions will
follow.<br class="">
<br class="">
Thanks<br class="">
<br class="">
[1] <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://www.youtube.com/watch?v=-eAKur8lErU">
https://www.youtube.com/watch?v=-eAKur8lErU</a><br
class="">
<div class="moz-signature">-- <br class="">
Best Regards,<br class="">
Maish Saidel-Keesing</div>
</div>
__________________________________________________________________________<br
class="">
OpenStack Development Mailing List (not for usage
questions)<br class="">
Unsubscribe: <a moz-do-not-send="true"
href="mailto:OpenStack-dev-request@lists.openstack.org"
class="">
OpenStack-dev-request@lists.openstack.org</a>?subject:unsubscribe<br
class="">
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
Best Regards,<br>
Maish Saidel-Keesing</div>
</div>
</body>
</html>