[openstack-dev] FW: [Neutron][LBaaS] TLS capability - work division
Evgeny Fedoruk
EvgenyF at Radware.com
Thu Jul 24 11:38:13 UTC 2014
Hi Doug,
I agree with Brandon, since there is no flavors framework yet, each driver not supporting TLS is in charge of throwing the unsupported exception.
The driver can do it once getting a listener with TERMINATED-HTTPS protocol.
Evg
-----Original Message-----
From: Brandon Logan [mailto:brandon.logan at RACKSPACE.COM]
Sent: Wednesday, July 23, 2014 9:09 PM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] FW: [Neutron][LBaaS] TLS capability - work division
@Evgeny: Did you intend on adding another patchset in the reviews I've been working on? If so I don't really see any changes, so if they're are some changes you needed in there let me know.
@Doug: I think if the drivers see the TERMINATED_HTTPS protocol then they can throw an exception. I don't think a driver interface change is needed.
Thanks,
Brandon
On Wed, 2014-07-23 at 17:02 +0000, Doug Wiegley wrote:
> Do we want any driver interface changes for this? At one level, with
> the current interface, conforming drivers could just reference
> listener.sni_containers, with no changes. But, do we want something
> in place so that the API can return an unsupported error for non-TLS
> v2 drivers? Or must all v2 drivers support TLS?
>
> doug
>
>
>
> On 7/23/14, 10:54 AM, "Evgeny Fedoruk" <EvgenyF at Radware.com> wrote:
>
> >My code is here:
> >https://review.openstack.org/#/c/109035/1
> >
> >
> >
> >-----Original Message-----
> >From: Evgeny Fedoruk
> >Sent: Wednesday, July 23, 2014 6:54 PM
> >To: OpenStack Development Mailing List (not for usage questions)
> >Subject: RE: [openstack-dev] [Neutron][LBaaS] TLS capability - work
> >division
> >
> >Hi Carlos,
> >
> >As I understand you are working on common module for Barbican
> >interactions.
> >I will commit my code later today and I will appreciate if you and
> >anybody else who is interested will review this change.
> >There is one specific spot for the common Barbican interactions
> >module API integration.
> >After the IRC meeting tomorrow, we can discuss the work items and
> >decide who is interested/available to do them.
> >Does it make sense?
> >
> >Thanks,
> >Evg
> >
> >-----Original Message-----
> >From: Carlos Garza [mailto:carlos.garza at rackspace.com]
> >Sent: Wednesday, July 23, 2014 6:15 PM
> >To: OpenStack Development Mailing List (not for usage questions)
> >Subject: Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work
> >division
> >
> > Do you have any idea as to how we can split up the work?
> >
> >On Jul 23, 2014, at 6:01 AM, Evgeny Fedoruk <EvgenyF at Radware.com>
> > wrote:
> >
> >> Hi,
> >>
> >> I'm working on TLS integration with loadbalancer v2 extension and db.
> >> Basing on Brandon's patches
> >>https://review.openstack.org/#/c/105609 ,
> >>https://review.openstack.org/#/c/105331/ ,
> >>https://review.openstack.org/#/c/105610/
> >> I will abandon previous 2 patches for TLS which are
> >>https://review.openstack.org/#/c/74031/ and
> >>https://review.openstack.org/#/c/102837/
> >> Managing to submit my change later today. It will include lbaas
> >>extension v2 modification, lbaas db v2 modifications, alembic
> >>migration for schema changes and new tests in unit testing for lbaas db v2.
> >>
> >> Thanks,
> >> Evg
> >>
> >> -----Original Message-----
> >> From: Carlos Garza [mailto:carlos.garza at rackspace.com]
> >> Sent: Wednesday, July 23, 2014 3:54 AM
> >> To: OpenStack Development Mailing List (not for usage questions)
> >> Subject: [openstack-dev] [Neutron][LBaaS] TLS capability - work
> >> division
> >>
> >> Since it looks like the TLS blueprint was approved I''m sure were
> >>all eager to start coded so how should we divide up work on the source code.
> >>I have Pull requests in pyopenssl
> >>"https://github.com/pyca/pyopenssl/pull/143". and a few one liners
> >>in pica/cryptography to expose the needed low-level that I'm hoping
> >>will be added pretty soon to that PR 143 test's can pass. Incase it
> >>doesn't we will fall back to using the pyasn1_modules as it already
> >>also has a means to fetch what we want at a lower level.
> >> I'm just hoping that we can split the work up so that we can
> >>collaborate together on this with out over serializing the work were
> >>people become dependent on waiting for some one else to complete
> >>their work or worse one person ending up doing all the work.
> >>
> >>
> >> Carlos D. Garza
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >>
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >_______________________________________________
> >OpenStack-dev mailing list
> >OpenStack-dev at lists.openstack.org
> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >_______________________________________________
> >OpenStack-dev mailing list
> >OpenStack-dev at lists.openstack.org
> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list