[openstack-dev] [octavia]redirection and barbican config
Akshay Kumar Sanghai
akshaykumarsanghai at gmail.com
Tue Aug 2 00:15:52 UTC 2016
Hi Michael,
Thanks. I have few more queries:
- Is it possible to create multiple VIPs on one amphora?
-I created a LB 2 days back. I created all the objects loadbalancer,
listener, pool and members. The curl was successful for the vip. Today I
added one more listener listening on port 443 (Terminated https) and added
pool for it and members for the pool. I have barbican installed and I have
tried ssl offloading with barbican with haproxy namespace driver. The curl
for http and https were giving me code 503, but when I did a curl to the
member, it was working 200 ok. I tried to figure out where its going wrong,
but could not. I could not find any errors in octavia-api.log and
octavia-worker.log. So, I deleted everything and recreated again. Now it
was working. But for a similar future scenario, how should i figure out
where things went wrong or where the packet is dropped. Is it possible to
login to the amphora vm?
Thanks
Akshay
On Sat, Jul 30, 2016 at 11:45 PM, Michael Johnson <johnsomor at gmail.com>
wrote:
> Hi Akshay,
>
> For 80 to 443 redirection, you can accomplish this using the new L7
> rules capability. You would setup a listener on port 80 that has a
> redirect rule to the 443 URL.
>
> On the barbican question, if you are using the octavia driver, you
> will need to set the required settings in the octavia.conf file for
> proper barbican access.
> Those settings are called out here:
>
> http://docs.openstack.org/developer/octavia/config-reference/octavia-config-table.html
>
> Michael
>
>
> On Thu, Jul 28, 2016 at 1:02 PM, Akshay Kumar Sanghai
> <akshaykumarsanghai at gmail.com> wrote:
> > Hi,
> > I have a couple on questions on octavia. Please answer or redirect me to
> > relevant documentation:
> > - Assume listener is listening on 443 and client hits the vip on port 80,
> > the connection will be refused. Is it possible to configure http to
> https
> > direction?
> >
> > - For the barbican config, the only config item i can find is
> > cert_manager_type in neutron_lbaas.conf. How do we configure the barbican
> > access for lbaas. I assume since we do the access config for nova and
> > keystone in neutron.conf, there should be some config file where we
> define
> > the barbican access(username, password, auth_url).
> >
> > The community has been very helpful to me. Thanks a lot Guys. Appreciate
> > your efforts.
> >
> > Thanks
> > Akshay Sanghai
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160801/7e7ad18b/attachment.html>
More information about the OpenStack-dev
mailing list