[openstack-dev] [Octavia] Questions about the Octavia project
Andrew Hutchings
andrew at linuxjedi.co.uk
Tue Jan 6 16:38:03 UTC 2015
Hi,
I’m looking into the Octavia project in relation to something my team are working on inside HP and I have a bunch of questions. I realise it is early days for the project and some of these could be too low level at this time.
Some of these questions come from the fact that I could not get the documentation to compile and the docs site for Octavia is down. The v0.5-component-design.dot file crashes Graphviz 2.38 in every OS I tried and unfortunately all my dev machines have that version or 2.36 which is too low to render it correctly. It also requires at least 5 extra dependencies (Sphinx modules) to build the docs but doesn’t try to install them.
I’ll guess I’ll start from the most obvious question:
1. Octavia looks a lot like Libra but with integration into Neutron and Barbican (both were planned for Libra) as well as few other changes. So the most obvious question is: why not just develop Libra for integration with Neutron?
Amphorae stuff:
2. I see a lot of building blocks for the controller and Amphorae but not a lot about communication. What protocol / method is to be used to communicate to the Amphorae instances?
3. How are Amphorae instances to be spun up on-demand? I see a reference to Heat but not sure if that is why it is there
4. There is mention of Docker in some of the deploy scripts. Is this for multi-tenancy or just separation of the Amphorae processes?
5. I take it Amphorae is designed to be single-AZ for now?
Load Balancing:
6. It seems like you are going to have SSL termination support and are going to use HAProxy, which means that you will have unencrypted data between the LB and web servers. How do you plan to work around this problem?
Security:
7. Someone in the specification there is talk of a 1 minute cache of security certificates. How are you going to ensure that the cache will actually erase that cache after the 1 minute? Also why cache them at all? It seems to me to be a potential security risk
API:
8. More a comment than a question. There is talk of using Pecan+WSME. Libra had a 5K patch on top of WSME just to make it behave correctly with Pecan and correct JSON specifications in certain situations, judging by the planned API you will also hit those same situations. I admit I’ve not looked at WSME for a year and there was an effort to strip it out of Libra completely at one point. So that one is mainly my 2c :)
Many thanks for your time.
Kind Regards
--
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150106/cfbd5bf3/attachment.pgp>
More information about the OpenStack-dev
mailing list