[openstack-dev] [Fuel] Enable SSL between client and API exposed via public URL with HAProxy

Mike Scherbakov mscherbakov at mirantis.com
Thu Aug 21 14:02:43 UTC 2014 

Hi all,
HA only mode I believe is covered by
https://blueprints.launchpad.net/fuel/+spec/single-controller-ha.

Andrew, will you work on it in 6.0? What are remaining items there? Also,
it might affect our tests - simple mode runs faster so we use it for smoke
ISO test. Anastasia, please confirm that we can switch smoke to
one-ha-controller model, or even drop smoke at all and use BVT only
(running CentOS 3 HA controllers and same with Ubuntu).

Guillaume, do I understand right that without implementation of
https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support will
not be fully automated? And, consequently, we can not call it as complete
production ready feature for Fuel users?

Thanks,


On Wed, Aug 20, 2014 at 5:38 PM, Vladimir Kuklin <vkuklin at mirantis.com>
wrote:

> Hi, Guillaume. Yes, we are looking forward to removing simple non-HA mode
>
>
> On Wed, Aug 20, 2014 at 5:14 PM, Guillaume Thouvenin <thouveng at gmail.com>
> wrote:
>
>> Hi all,
>>
>>  I wrote a "design" to enable SSL between external client and OpenStack
>> public endpoints that provide APIs on public network. This design is
>> available for reviewing here: https://review.openstack.org/#/c/102273/
>> Of course all comments are welcome :)
>>
>>  I also started to work on puppet manifest [1] and [2] for the
>> deployment. I made the assumption that in the future version of Fuel (6.0
>> and above) all deployments will be done in HA mode. That means that even if
>> you have only one controller, haproxy will be used. Can someone from
>> fuel-core can confirm this (or not)?
>>
>> Best regards,
>> Guillaume
>>
>> [1] https://review.openstack.org/102273
>> [2] https://review.openstack.org/114909
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Yours Faithfully,
> Vladimir Kuklin,
> Fuel Library Tech Lead,
> Mirantis, Inc.
> +7 (495) 640-49-04
> +7 (926) 702-39-68
> Skype kuklinvv
> 45bk3, Vorontsovskaya Str.
> Moscow, Russia,
> www.mirantis.com <http://www.mirantis.ru/>
> www.mirantis.ru
> vkuklin at mirantis.com
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Mike Scherbakov
#mihgen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/04cc6659/attachment.html>

More information about the OpenStack-dev mailing list