Neutron/LBaaS/SSL - OpenStack

Jump to: navigation, search

< Neutron‎ | LBaaS

Revision as of 12:58, 18 November 2013 by Evgeny.fedoruk (talk | contribs) (→‎Data model change)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Contents

1 Description
2 Rationale
3 API change
4 Resources change
5 Data model change
6 DB Migration
7 Implementation Plan

Description

This comes to describe the functional aspect of OpenStack Neutron SSL support for LBaaS.

Rationale

Giving user the ability to use SSL on LBaaS User should be able to apply SSL certificates on LBaaS and configure SSL on vip, front-end and back-end.

API change

No API change

Resources change

LBaaS extension's resource attributes map should be extended with new parameters:

Database persistent

FrontEndTermination
  [Y/N] default=N, NOT mandatory, visible
FrontEndProtocols
  SSL3, TLS1.1, TLS1.0 ?
FrontEndCipherType:
 
BackEndTermination
  [Y/N] default=N, NOT mandatory, visible
BackEndProtocols
  SSL3, TLS1.1, TLS1.0 ?
BackEndCipherType:

Transient

Passphrase
Public Key (PEM)
Private Key (PEM)

Data model change

Vip database entity will be extended with new columns:

front_end_termination - Boolean front_end_protocols - String front_end_cipher_type: ENUM

back_end_termination - Boolean back_end_protocols - String back_end_cipher_type: ENUM

DB Migration

Implementation Plan

Retrieved from "https://wiki.openstack.org/w/index.php?title=Neutron/LBaaS/SSL&oldid=35671"