git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL offloading for Virtual Routers / Loadbalancer


Hi Wei!

It would be very kind if you could provide some commits.

If it's ok for you, I'ld start a clone on github and try to port
your changes into 4.11 branch (if i find time also into master)

Thanks in advance!

cheers,

- Stephan




Am Donnerstag, den 12.04.2018, 11:36 +0200 schrieb Wei ZHOU:
> Hi Stephan,
> 
> It is done in our own fork based on cloudstack 4.7.1 . We are planning to
> port all our changes to 4.11 with pull requests.
> 
> If you need in urgently, I can share some commits with you (it might not
> work on 4.11).
> 
> -Wei
> 
> 2018-04-12 11:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:
> 
> > 
> > Thank's for your feedback Wei!
> > 
> > I'll dscuss the configuration via tags/values with some collegues, but I
> > think that's a very practical way of configuring some LB specialities.
> > 
> > AFAIK there'll be some changes necessary to the codebase. Have you've done
> > that changes internally or do I live in an ideal world and it's available
> > maybe as pullrequest on github?
> > In short, may we use that work? :)
> > 
> > cheers,
> > 
> > - Stephan
> > 
> > Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> > > 
> > > Hi Stephan,
> > > 
> > > We (Leaseweb in Netherlands) had some work on it. It is implemented by
> > > network tags and lb tags.
> > > Here is our KB:
> > > https://kb.leaseweb.com/display/KB/Network%3A+
> > CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIP
> > AddressofanIsolatedNetwork
> > > 
> > > 
> > > -Wei
> > > 
> > > 2018-04-12 10:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:
> > > 
> > > > 
> > > > 
> > > > Hi!
> > > > 
> > > > We've got some projects where it would be very reasonable to have SSL
> > > > offloading for https available at the loadbalancing component in the
> > VR.
> > > 
> > > > 
> > > > 
> > > > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > > > configure (at least for the haproxy.conf).
> > > > 
> > > > I wonder if there's some documentation for the management <-> VR
> > > > communication. IMHO we need to add
> > > > - upload/update of ssl certs from the management node to the
> > respective VR
> > > 
> > > > 
> > > > - configuring/updating SSL as additional LB method (besides the
> > > > tcp-oproxy, tcp and udp methods)
> > > > - some VR's feedback or canary code to inform the management node about
> > > > the LB capabilities(?)
> > > > 
> > > > It would be really nice if someone could share some information. How
> > would
> > > 
> > > > 
> > > > you start that?
> > > > 
> > > > 
> > > > Thanks!
> > > > 
> > > > - Stephan
> > > > 
> > Mit freundlichen Grüßen,
> > 
> > Stephan Seitz
> > 
> > --
> > 
> > Heinlein Support GmbH
> > Schwedter Str. 8/9b, 10119 Berlin
> > 
> > http://www.heinlein-support.de
> > 
> > Tel: 030 / 405051-44
> > Fax: 030 / 405051-19
> > 
> > Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
> > Berlin-Charlottenburg,
> > Geschäftsführer: Peer Heinlein -- Sitz: Berlin
> > 
> > 
> > 
Mit freundlichen Grüßen,

Stephan Seitz

--

Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-44
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin


Attachment: signature.asc
Description: This is a digitally signed message part



( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache-cloudstack-development/msg07236.html on line 206
Call Stack
#TimeMemoryFunctionLocation
10.0008368840{main}( ).../msg07236.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache-cloudstack-development/msg07236.html on line 206
Call Stack
#TimeMemoryFunctionLocation
10.0008368840{main}( ).../msg07236.html:0