[openstack-dev] [Octavia] Questions about the Octavia project
phillip.toohill at RACKSPACE.COM
Tue Jan 6 20:33:21 UTC 2015
Ill answer inline what I can, others can chime in to clear up anything and
answer the rest.
On 1/6/15 10:38 AM, "Andrew Hutchings" <andrew at linuxjedi.co.uk> wrote:
>I¹m looking into the Octavia project in relation to something my team are
>working on inside HP and I have a bunch of questions. I realise it is
>early days for the project and some of these could be too low level at
>Some of these questions come from the fact that I could not get the
>documentation to compile and the docs site for Octavia is down. The
>v0.5-component-design.dot file crashes Graphviz 2.38 in every OS I tried
>and unfortunately all my dev machines have that version or 2.36 which is
>too low to render it correctly. It also requires at least 5 extra
>dependencies (Sphinx modules) to build the docs but doesn¹t try to
>I¹ll guess I¹ll start from the most obvious question:
>1. Octavia looks a lot like Libra but with integration into Neutron and
>Barbican (both were planned for Libra) as well as few other changes. So
>the most obvious question is: why not just develop Libra for integration
There was many discussions with many contributors that included HP,
Rackspace, Bluebox A10 etc.. In regards to this decision. In the docs we
should have links to the reasonings behind some of these.
>2. I see a lot of building blocks for the controller and Amphorae but not
>a lot about communication. What protocol / method is to be used to
>communicate to the Amphorae instances?
In the docs/specs the communication protocols are defined.
>3. How are Amphorae instances to be spun up on-demand? I see a reference
>to Heat but not sure if that is why it is there
The specs define how this is to happen
>4. There is mention of Docker in some of the deploy scripts. Is this for
>multi-tenancy or just separation of the Amphorae processes?
>5. I take it Amphorae is designed to be single-AZ for now?
>6. It seems like you are going to have SSL termination support and are
>going to use HAProxy, which means that you will have unencrypted data
>between the LB and web servers. How do you plan to work around this
Not sure what the 'problem' is, ultimately its up to the user, but a
private network can be configured between the LB and Web server
>7. Someone in the specification there is talk of a 1 minute cache of
>security certificates. How are you going to ensure that the cache will
>actually erase that cache after the 1 minute? Also why cache them at
>all? It seems to me to be a potential security risk
>8. More a comment than a question. There is talk of using Pecan+WSME.
>Libra had a 5K patch on top of WSME just to make it behave correctly with
>Pecan and correct JSON specifications in certain situations, judging by
>the planned API you will also hit those same situations. I admit I¹ve
>not looked at WSME for a year and there was an effort to strip it out of
>Libra completely at one point. So that one is mainly my 2c :)
>Many thanks for your time.
>Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
More information about the OpenStack-dev