[openstack-dev] [Fuel] Enable SSL between client and API exposed via public URL with HAProxy

David Easter deaster at mirantis.com
Thu Aug 21 19:27:52 UTC 2014


Hi Adam,

 Just to clarify the subtlety of this change - you can still install a
single controller, but that controller will be ³HA-ready² by deploying all
the projects needed for HA onto that controller.  In other words, Fuel will
still be able to support smaller deployments along side larger ones for
those who only need one controller and a few compute nodes.

  This also enables an environment to grow overtime without redeployment.
Since everything is in place for HA, adding another controller just extends
that HA (and removes the single-controller single-point-of-failure).

- David J. Easter
  Director of Product Management,   Mirantis, Inc.
  
http://openstacksv.com/

From:  Adam Lawson <alawson at aqorn.com>
Reply-To:  "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Date:  Thursday, August 21, 2014 at 12:11 PM
To:  "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev at lists.openstack.org>
Subject:  Re: [openstack-dev] [Fuel] Enable SSL between client and API
exposed via public URL with HAProxy

IMHO, removing non-HA mode in Fuel would be a mistake as Fuel is also used
for smaller deployments. HA is required for Production sure but removing
support for smaller deployments would drive consumers of smaller clouds
elsewhere for orchestration. Maintaining support for smaller clouds probably
isn't a priority for Mirantis but I think it should be a priority for the
general community consumer base. This also goes for all of the orchestrators
out there whether it's SUSE, Juju, Piston, Nebulous, etc etc.

Just my two cents.


Adam Lawson
AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072



On Thu, Aug 21, 2014 at 7:24 AM, Guillaume Thouvenin <thouveng at gmail.com>
wrote:
> 
> On Thu, Aug 21, 2014 at 5:02 PM, Mike Scherbakov <mscherbakov at mirantis.com>
> wrote:
>> 
>> 
>> Guillaume, do I understand right that without implementation of
>> https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support will
>> not be fully automated? And, consequently, we can not call it as complete
>> production ready feature for Fuel users?
>> 
> 
> Yes you are right.  Without the implementation of the CA deployment  we can
> not consider it as ready to use.
> To test my deployment I manually copy a self-signed certificate on all
> controllers on a predefined location according to what I have in the puppet
> manifest. So it's really just for testing. I also write a small puppet
> manifest to generate a self signed certificate to deploy it automatically but
> it works only for one controller so this solution is also only for testing.
> 
> So to have the feature ready for production we need to manage certificate
> maybe as a new option into the fuel dashboard.
> 
> Best Regards,
> Guillaume 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 

_______________________________________________ OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/70294b48/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C4B36652-E482-4E57-AF3E-0EC077BA03D9.png
Type: image/png
Size: 10888 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/70294b48/attachment.png>


More information about the OpenStack-dev mailing list