Difference between revisions of "Neutron/LBaaS/SSL"

Revision as of 15:38, 18 November 2013

Description

This comes to describe the functional aspect of OpenStack Neutron SSL support for LBaaS.

Rationale

Giving user the ability to use SSL on LBaaS.

User should be able to apply SSL certificates on LBaaS and configure SSL on vip, front-end and back-end.

API change

No API change

Resources change

LBaaS extension's resource attributes map should be extended with new parameters:

Database persistent

FrontEndTermination
  [Y/N] default=N, NOT mandatory, visible
FrontEndProtocols
  String (SSL3, TLS1.1, TLS1.0)
FrontEndCipherSuite:
  String (TLS_RSA_WITH_DES_CBC_SHA)
 
BackEndTermination
  [Y/N] default=N, NOT mandatory, visible
BackEndProtocols
  String (SSL3, TLS1.1, TLS1.0)
BackEndCipherSuite:
  String (TLS_RSA_WITH_DES_CBC_SHA)

Transient

Passphrase
Public Key (PEM)
Private Key (PEM)

Data model change

Vip database entity should be extended with new columns:

front_end_termination - Boolean
front_end_protocols - String
front_end_cipher_type: ENUM
back_end_termination - Boolean 
back_end_protocols - String
back_end_cipher_type: ENUM

DB Migration

Vip table should be altered with new columns.

New columns of each existing Vip row should be populated with default values:

front_end_termination - 'N'
front_end_protocols - 
front_end_cipher_type: None
back_end_termination - 'N'
back_end_protocols - 
back_end_cipher_type: None

Implementation Plan

• Modifying LBaaS Vip resources' attribute map with new parameters
• Modifying LBaaS Vip DB Model with new parameters
• Modifying LBaaS Vip DB Model tests to account new parameters if needed