[openstack-dev] [Fuel] Enable SSL between client and API exposed via public URL with HAProxy

Adam Lawson alawson at aqorn.com
Thu Aug 21 19:11:22 UTC 2014


IMHO, removing non-HA mode in Fuel would be a mistake as Fuel is also used
for smaller deployments. HA is required for Production sure but removing
support for smaller deployments would drive consumers of smaller clouds
elsewhere for orchestration. Maintaining support for smaller clouds
probably isn't a priority for Mirantis but I think it should be a priority
for the general community consumer base. This also goes for all of the
orchestrators out there whether it's SUSE, Juju, Piston, Nebulous, etc etc.

Just my two cents.


*Adam Lawson*
AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072



On Thu, Aug 21, 2014 at 7:24 AM, Guillaume Thouvenin <thouveng at gmail.com>
wrote:

>
> On Thu, Aug 21, 2014 at 5:02 PM, Mike Scherbakov <mscherbakov at mirantis.com
> > wrote:
>
>>
>>
>> Guillaume, do I understand right that without implementation of
>> https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support
>> will not be fully automated? And, consequently, we can not call it as
>> complete production ready feature for Fuel users?
>>
>>
> Yes you are right.  Without the implementation of the CA deployment  we
> can not consider it as ready to use.
> To test my deployment I manually copy a self-signed certificate on all
> controllers on a predefined location according to what I have in the puppet
> manifest. So it's really just for testing. I also write a small puppet
> manifest to generate a self signed certificate to deploy it automatically
> but it works only for one controller so this solution is also only for
> testing.
>
> So to have the feature ready for production we need to manage certificate
> maybe as a new option into the fuel dashboard.
>
> Best Regards,
> Guillaume
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/13071bd4/attachment-0001.html>


More information about the OpenStack-dev mailing list