[openstack-dev] [Fuel] Enable SSL between client and API exposed via public URL with HAProxy

Andrew Woodward xarses at gmail.com
Mon Aug 25 16:19:02 UTC 2014


Mike,

I've started a separate thread titled 'removing single mode' so that we
don't thread jack the ssl conversation.



On Thu, Aug 21, 2014 at 12:27 PM, David Easter <deaster at mirantis.com> wrote:

> Hi Adam,
>
>  Just to clarify the subtlety of this change - you can still install a
> single controller, but that controller will be “HA-ready” by deploying all
> the projects needed for HA onto that controller.  In other words, Fuel will
> still be able to support smaller deployments along side larger ones for
> those who only need one controller and a few compute nodes.
>
>   This also enables an environment to grow overtime without redeployment.
>  Since everything is in place for HA, adding another controller just
> extends that HA (and removes the single-controller single-point-of-failure).
>
> - David J. Easter
>   Director of Product Management,   Mirantis, Inc.
>
> http://openstacksv.com/
>
> From: Adam Lawson <alawson at aqorn.com>
> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> Date: Thursday, August 21, 2014 at 12:11 PM
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] [Fuel] Enable SSL between client and API
> exposed via public URL with HAProxy
>
> IMHO, removing non-HA mode in Fuel would be a mistake as Fuel is also used
> for smaller deployments. HA is required for Production sure but removing
> support for smaller deployments would drive consumers of smaller clouds
> elsewhere for orchestration. Maintaining support for smaller clouds
> probably isn't a priority for Mirantis but I think it should be a priority
> for the general community consumer base. This also goes for all of the
> orchestrators out there whether it's SUSE, Juju, Piston, Nebulous, etc etc.
>
> Just my two cents.
>
>
> *Adam Lawson*
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW ext. 101
> International: +1 302-387-4660
> Direct: +1 916-246-2072
>
>
>
> On Thu, Aug 21, 2014 at 7:24 AM, Guillaume Thouvenin <thouveng at gmail.com>
> wrote:
>
>>
>> On Thu, Aug 21, 2014 at 5:02 PM, Mike Scherbakov <
>> mscherbakov at mirantis.com> wrote:
>>
>>>
>>>
>>> Guillaume, do I understand right that without implementation of
>>> https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support
>>> will not be fully automated? And, consequently, we can not call it as
>>> complete production ready feature for Fuel users?
>>>
>>>
>> Yes you are right.  Without the implementation of the CA deployment  we
>> can not consider it as ready to use.
>> To test my deployment I manually copy a self-signed certificate on all
>> controllers on a predefined location according to what I have in the puppet
>> manifest. So it's really just for testing. I also write a small puppet
>> manifest to generate a self signed certificate to deploy it automatically
>> but it works only for one controller so this solution is also only for
>> testing.
>>
>> So to have the feature ready for production we need to manage certificate
>> maybe as a new option into the fuel dashboard.
>>
>> Best Regards,
>> Guillaume
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> _______________________________________________ OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Andrew
Mirantis
Ceph community
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140825/f0d0d3ae/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C4B36652-E482-4E57-AF3E-0EC077BA03D9.png
Type: image/png
Size: 10888 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140825/f0d0d3ae/attachment.png>


More information about the OpenStack-dev mailing list