Hi German,
>> So if you have some 3rd party hardware you only need to change the database
>> (your steps 1-5) since the 3rd party hardware will just keep load balancing…
This is not the case with NetScaler it has to go through a Delete of V1
followed by Create in V2 if a smooth
Hi ,
How to integrate a physical appliance into the virtual OpenStack infrastructure
(with L2 population)? Can you please point me to any relevant material.
We want to add the capability to "properly" schedule the port on the physical
appliance, so that the rest of the virtual infrastructure
https://wiki.openstack.org/wiki/Neutron/L2-GW
There are also other possible solutions, depending what you are trying to do
and what is the physical applicance job.
On Mon, Feb 1, 2016 at 3:44 PM, Vijay Venkatachalam
<vijay.venkatacha...@citrix.com<mailto:vijay.venkatacha...@citrix.com>> wrote:
Hi ,
Hi,
Can we enable GET of secrets to work irrespective of Tenant name in the login?
Consider there is an "admin" with "admin" role in "demo" tenant. I tried to
query the "demo" tenant's secret using a login token which was generated from
"admin" user & "admin" tenant. And I am getting a
ely on it working).
--Adam
https://keybase.io/rm_you
From: Vijay Venkatachalam
<vijay.venkatacha...@citrix.com<mailto:vijay.venkatacha...@citrix.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev@lists.openstack.org<mailto:
Typos corrected.
From: Vijay Venkatachalam
Sent: 18 September 2015 00:36
To: OpenStack Development Mailing List (not for usage questions)
<openstack-dev@lists.openstack.org>
Subject: RE: [openstack-dev] [Barbican] Providing service user read access to
all tenant's certificates
Ye
ue
is greatly appreciated! I just want to make sure the expected workflow is fully
understood.
--Adam
https://keybase.io/rm_you
From: Vijay Venkatachalam
<vijay.venkatacha...@citrix.com<mailto:vijay.venkatacha...@citrix.com>>
Reply-To: "OpenStack Development Mailing List
I would think OpenStack as Self Service portal.
Anyway, tenant’s admin need not play cloud admin’s role.
Only the cloud admin who sets up and manages openstack infrastructure (like
controller Nodes etc) could know about the LBaaS service user. As much as
possible the tenant admin should not be
, should also do Step 2.
From: Vijay Venkatachalam
<vijay.venkatacha...@citrix.com<mailto:vijay.venkatacha...@citrix.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)"
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.opensta
? Even better would be to help with the instance
user spec and combined with lbaas doing step 2, you could restrict secret
access to just the amphora that need the secret?
Thanks,
Kevin
From: Vijay Venkatachalam
Sent: Tuesday, September 15, 2015 7:06:39 PM
To: Ope
] Providing service user read access to
all tenant's certificates
A user with the role "observer" in a project will have read access to all
secrets and containers for that project, using the default settings in the
policy.json file.
--Dave McCowan
From: Vijay Venkatachalam
<vijay
Hi,
Is there a way to provide read access to a certain user to all
secrets/containers of all project/tenant's certificates?
This user with universal "read" privilege's will be used as a
service user by LBaaS plugin to read tenant's certificates during LB
the credentials of the admin tenant, and is
granted access to the user’s container.
--Adam
https://keybase.io/rm_you
From: Vijay Venkatachalam
<vijay.venkatacha...@citrix.com<mailto:vijay.venkatacha...@citrix.com>>
Reply-To: "OpenStack Development Mailing List (not for usage qu
Hi,
Has anyone tried configuring SSL Offload as a tenant?
During listener creation there is an error thrown saying 'could
not locate/find container'.
The lbaas plugin is not able to fetch the tenant's certificate.
From the code it looks
We would like to participate as well.
Monday-Friday Morning US time works for me..
Thanks,
Vijay V.
From: Samuel Bercovici [mailto:samu...@radware.com]
Sent: 26 May 2015 21:39
To: OpenStack Development Mailing List (not for usage questions)
Cc: kunalhgan...@gmail.com; v.jain...@gmail.com;
List (not for usage questions)
Cc: Vijay Venkatachalam; Evgeny Fedoruk; Adam Harwell; Kyle Mestery; Brandon
Logan; Johnson, Michael (HP Cloud - Corvallis); Doug Wiegley
Subject: Re: [openstack-dev] [neutron][lbaas]LBaaSv2 movies / links
I would say: 1-2 minutes, no audio, mp4, must highlight lbaas
To: OpenStack Development Mailing List (not for usage questions)
Cc: Vijay Venkatachalam; Evgeny Fedoruk; Adam Harwell; Kyle Mestery; Brandon
Logan; Johnson, Michael (HP Cloud - Corvallis); Doug Wiegley
Subject: Re: [openstack-dev] [neutron][lbaas]LBaaSv2 movies / links
I would say: 1-2 minutes, no audio
Hi Sam,
Thanks for probing. How many seconds/mins you have thought per vendor? By when
do you need this? Will tomorrow work fine?
Thanks,
Vijay V.
Sent from Surface
From: Samuel Bercovicimailto:samu...@radware.com
Sent: Friday, 15 May 2015 00:30
To: OpenStack Development Mailing
Congratulations Phil!
-Original Message-
From: Tom Creighton [mailto:tom.creigh...@rackspace.com]
Sent: Wednesday, 22 April 2015 12:14 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [neutron][lbaas] adding lbaas core
Congratulations
+1 For on demand meeting.
On demand lbaas meetings will happen in neutron meeting and not in Octavia
meetings, right?
Sent from Surface
From: Susanne Ballemailto:sleipnir...@gmail.com
Sent: Friday, 20 March 2015 20:20
To: OpenStack Development Mailing List (not for usage
Hi:
The LBaaS API tests are failing to run because test_pools.py(and other tests as
well) are importing data_utils from tempest.common.utils.
Looks like data_utils is moved to tempest_lib now and the API tests need to
change to import from tempest_lib.
Is someone tracking this?
We are
On Tue, Feb 3, 2015 at 7:13 AM, Vijay Venkatachalam
vijay.venkatacha...@citrix.commailto:vijay.venkatacha...@citrix.com wrote:
Hi:
In OpenStack neutron lbaas implementation, when entities are created/updated by
the user, they might not be associated with the root entity, which is
loadbalancer
Hi:
In OpenStack neutron lbaas implementation, when entities are created/updated by
the user, they might not be associated with the root entity, which is
loadbalancer.
Since root entity has the driver information, the driver cannot be called by
lbaas plugin during these operations by user.
Any day 16:00 UTC is fine with me.
17:00 UTC+ is quite late in India.
-Original Message-
From: Doug Wiegley [mailto:do...@a10networks.com]
Sent: 04 November 2014 08:42
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [neutron][lbaas] rescheduling
directly on the LB appliance. Here there is no
private IP involved.
Pros:
Not much changes in the LBaaS API, there is only one IP as part of the VIP.
We can ensure backward compatibility with the driver as well by having Step (1)
implemented in abstract driver.
Thanks,
Vjay
From: Vijay
on the LB.
Thank you for responses! There is definitely a more thought out discussion to
be had, and glad these ideas are being brought up now rather than later.
From: Vijay Venkatachalam
vijay.venkatacha...@citrix.commailto:vijay.venkatacha...@citrix.com
Reply-To: OpenStack Development Mailing List
Thanks for the doc.
The floating IP could be hosted directly by the lb backend/lb appliance as well?
It depends on the appliance deployment.
From: Susanne Balle [mailto:sleipnir...@gmail.com]
Sent: 14 October 2014 21:15
To: OpenStack Development Mailing List (not for usage questions)
Subject:
Hi,
I am writing a unit testcase with context as subnet, code here [1].
When the context exits a delete of subnet is attempted and
I am getting a MismatchError . Traceback posted here [2].
What could be going wrong here?
Testcase is written like the following
--
with
() as subnet:
blah1
with self.loadbalancer() as lb:
blah2
blah3
--
-Original Message-
From: Vijay Venkatachalam [mailto:vijay.venkatacha...@citrix.com]
Sent: 20 August 2014 19:12
To: OpenStack Development Mailing List (openstack-dev@lists.openstack.org
,
Brandon
On Wed, 2014-08-20 at 14:27 +, Vijay Venkatachalam wrote:
I observed the following text as well One or more ports have an IP
allocation from this subnet.
Looks like loadbalancer context exit at blah2 is not cleaning up the port
that was created.
This ultimately resulted in failure
Hi Brandon,
I am trying to rebase Netscaler driver to the latest v2 patches as mentioned in
https://wiki.openstack.org/wiki/GerritWorkflow
But it failed during review submit
It failed with the following error
remote: Processing changes: refs: 1, done
To
rebases, cherry-picks, etc without
accidentally pushing more patch sets to dependent reviews. I've been meaning
to do I've just been lazy about doing that.
Thanks,
Brandon
From: Vijay Venkatachalam [vijay.venkatacha...@citrix.com]
Sent: Sunday, August 17, 2014
-a --amend git log -n5 --decorate --pretty=oneline git
review
If you¹re not making any changes, then you can just hit the Œrebase¹ button in
the gerrit ui.
Thanks,
doug
On 8/17/14, 8:19 PM, Vijay Venkatachalam
vijay.venkatacha...@citrix.com wrote:
Hi Brandon,
I am trying to rebase Netscaler driver
Hi:
Continuing from last week's LBaaS meeting...
Currently an entity cannot be sent to driver unless it is linked to
loadbalancer because loadbalancer is the root object and driver information is
only available with loadbalancer.
The request to the driver is delayed because of which error
.), there should be
one provider.
Having provider defined in multiple places does not make sense.
-San.
From: Vijay Venkatachalam [mailto:vijay.venkatacha...@citrix.com]
Sent: Monday, August 11, 2014 2:43 PM
To: OpenStack Development Mailing List
(openstack-dev@lists.openstack.org)
Subject
Thanks Brandon for constant improvisation.
I agree with Doug. Please update current one. We already hv more number of
reviews :-). It will be difficult to manage if we add more.
Thanks,
Vijay
Sent using CloudMagic
On Sun, Aug 10, 2014 at 3:23 AM, Doug Wiegley
:28 +, Vijay Venkatachalam wrote:
Hi:
I think we had some discussions around ‘status’
attribute earlier, I don’t recollect the conclusion.
Does it reflect the deployment status?
Meaning, if the status of an entity is ACTIVE, the user
has to infer
I couldn't edit the wiki. Want to add 2 items
1. Separating deployment and operational status.
2. Can driver interface be called for every API request?
Ex. It is not called for create pool.
Sent using
CloudMagichttps://cloudmagic.com/k/d/mailapp?ct=pacv=5.0.32pv=4.2.2
On Thu, Aug 07,
Hi:
I think we had some discussions around 'status' attribute
earlier, I don't recollect the conclusion.
Does it reflect the deployment status?
Meaning, if the status of an entity is ACTIVE, the user has to
infer that the entity is deployed successfully in the
during SSL negotiation
2. SAN support
I will send out 2 separate mails on this.
From: Samuel Bercovici [mailto:samu...@radware.com]
Sent: Tuesday, July 15, 2014 11:52 PM
To: OpenStack Development Mailing List (not for usage questions); Vijay
Venkatachalam
Subject: RE: [openstack-dev
(not for usage questions); Vijay
Venkatachalam
Subject: RE: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting
SubjectCommonName and/or SubjectAlternativeNames from X509
OK.
Let me be more precise, extracting the information for view sake / validation
would be good.
Providing values
driver could either throw an
error if certs with SAN are used or ignore it.
Does anyone see a requirement for detailing?
Thanks,
Vijay V.
From: Vijay Venkatachalam
Sent: Wednesday, July 16, 2014 8:54 AM
To: 'Samuel Bercovici'; 'OpenStack Development Mailing List (not for usage
questions
Hi Kyle,
There is indeed a NetScaler CI and is currently running API and scenario tests
on LBAAS changes + driver changes. It also votes. What time is the Monday 3rd
party meeting?
Thanks,
Vijay.
Sent using
CloudMagichttps://cloudmagic.com/k/d/mailapp?ct=pacv=1.0.21.3pv=4.2.2
On Fri, Jul
Hi,
I didn't attend the flavor framework meeting that was scheduled on irc
#openstack-meeting-3 last Friday. Will be interested to see the meeting
log/minutes. Was it captured?
Thanks,
Vijay V
___
OpenStack-dev mailing list
Hi:
In the LBaaS TLS termination capability specification proposal
https://review.openstack.org/#/c/98640/
TLS settings like default certificate container id and SNI cert list are part
of the listener properties.
I think it is better to have this as a separate entity so that the
Hi:
In the LBaaS TLS termination capability specification proposal
https://review.openstack.org/#/c/98640/
TLS settings like default certificate container id and SNI cert list are part
of the listener properties.
I think it is better to have this as a separate entity so that the
+, Vijay Venkatachalam wrote:
Hi:
In the LBaaS TLS termination capability specification
proposal
https://review.openstack.org/#/c/98640/
TLS settings like default certificate container id and SNI
/
additional tooling for lifecycle management if required but at the same
time the simplest case (I want a cert and I want LBaaS) is met without
massive code overhead for edge-cases.
From: Vijay Venkatachalam
vijay.venkatacha...@citrix.commailto:vijay.venkatacha...@citrix.commailto:vijay.venkatacha
My vote is for option #2 (without the registration). It is simpler to start
with this approach. How is delete handled though?
Ex. What is the expectation when user attempts to delete a
certificate/container which is referred by an entity like LBaaS listener?
1. Will there be validation
: [openstack-dev] [Neutron][LBaaS]LBaaS 1st Session etherpad
Hi,
If a tenant wishes to expose his application (listener, pool(s), etc.) via
multiple different virtual IP addresses you can do so.
-Sam.
From: Vijay Venkatachalam [mailto:vijay.venkatacha...@citrix.com]
Sent: Thursday, May 15, 2014 12:21 AM
Hi Stephen:
* The LBtoListener object is grayed out because it will need to exist in the
database (to allow Listeners to be re-used, solving the IPv4 + IPv6 common use
case), but should not be directly addressable via the user API. (This is also
the reason it's got no tenant_id.)
When you
Hi,
I see the following statement in the doc.
multiple loadbalancers may referenece the same listener
Does this mean listeners are independent of loadbalancer?
Thanks,
Vijay V.
From: Samuel Bercovici [mailto:samu...@radware.com]
Sent: Thursday, May 15, 2014 9:26 AM
To: OpenStack Development
Excellent documentation. Thanks once again!
I see the VIP creation is documented as a POST to the following URL
http://client.url.com/v2.0/neutron/lbaas/vips
I think the VIP should be outside the purview of LBaaS and remain in general
neutron. Today an IP gets reserved as part of creation of a
I am expecting to be more active on community on the LBaaS front.
May be reviewing and picking-up a few items to work as well.
I had a look at the proposal. Seeing Single Multi-Call approach for each
workflow
makes it easy to understand.
Thanks for the clear documentation, it is
,
Comments in-line, hope I can clear some of this up for you :)
-Trevor
On Thu, 2014-05-01 at 13:16 +, Vijay Venkatachalam wrote:
I am expecting to be more active on community on the LBaaS front.
May be reviewing and picking-up a few items to work as well.
I had a look at the proposal
There is no reasoning mentioned in AWS, but they do allow re-encryption.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-backend-auth.html
For reasons I don’t understand, the workflow allows to configure backend-server
certificates to be trusted and it doesn’t
The document has Vendor column, it should be from Cloud
Operator?
Thanks,
Vijay V.
From: Eugene Nikanorov [mailto:enikano...@mirantis.com]
Sent: Thursday, April 3, 2014 11:23 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev]
Answered Inline!
From: Vijay B [mailto:os.v...@gmail.com]
Sent: Wednesday, April 2, 2014 7:14 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [Neutron LBaaS] Need help with LBaaS drivers
Hi,
I'm trying to understand how LBaaS drivers work and so
Can you include the following in the agenda?
1. External/3rd Party testing
2. Common code for collecting status/statistics
From: Eugene Nikanorov [mailto:enikano...@mirantis.com]
Sent: Wednesday, January 08, 2014 7:58 PM
To: OpenStack Development Mailing List
Subject:
Hi Eugene et al,
As of today, during a stats API query, a pool member's status
is gathered along with the pool stats and stored in the db. Subsequent GETs to
the members will have the correct member status. In this approach, only when a
North Bound API call for stats is
can be renamed
6. Renamed Certificate's public key to certificate.
There are still keys used in place of certificate
public_key : PEM-formatted string
Regards,
Evg
-Original Message-
From: Vijay Venkatachalam [mailto:vijay.venkatacha...@citrix.com]
Sent: Wednesday, December 11
Termination (Revised)
Hi,
I would be happy with this model. Yes, longer term it might be nice
to have an independent certificate store so that when you need to be
able to validate ssl you can, but this is a good intermediate step.
Cheers,
On 02/12/13 09:16, Vijay Venkatachalam
/1fFHbg3beRtmlyiryHiXlpWpRo1oWj8FqVeZISh07iGs/edit?usp=sharing
Thanks,
Vijay V.
-Original Message-
From: Vijay Venkatachalam
Sent: Friday, November 29, 2013 2:18 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [Neutron][LBaaS] Vote required for certificate as
first level citizen
To summarize:
Certificate will be a first level citizen which can be reused and
For certificate management nothing sophisticated is required.
Can you please Vote (+1, -1)?
We can move on if there is consensus around this.
-Original Message-
From: Stephen Gran
BIOS to query. Finally we're not clear on the
use case here - What's the use case for needing to know whether you VM is
running under OpenStack or not?
Bob
From: Vijay Venkatachalam [mailto:vijay.venkatacha...@citrix.com]
Sent: 26 November 2013 01:44
To: OpenStack Development Mailing List
Hi,
The CLI example is capturing the requirement concisely. Thanks.
One suggestion, you could bring the --policy policy1 to the beginning of
create-lb-l7rule command.
Also, could rename associate-lb-pool-vip to associate-lb-vip-pool
It will be best to define the db model to reflect the cli.
Hi,
Replies Inline!
-Original Message-
From: Stephen Gran [mailto:stephen.g...@guardian.co.uk]
Sent: Wednesday, November 20, 2013 2:59 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up
-Original Message-
From: Stephen Gran [mailto:stephen.g...@guardian.co.uk]
Sent: Wednesday, November 20, 2013 3:01 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up
Hi,
On Wed, 2013-11-20
-
From: Samuel Bercovici [mailto:samu...@radware.com]
Sent: Wednesday, November 20, 2013 5:40 PM
To: OpenStack Development Mailing List (not for usage questions);
stephen.g...@guardian.co.uk; Vijay Venkatachalam
Subject: RE: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up
HI
Hi Sam, Eugene, Avishay, etal,
Today I spent some time to create a write-up for SSL
Termination not exactly design doc. Please share your comments!
https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2nYTvMkMJ_inbo/edit
Would like comments/discussion especially on
Hi,
I am new to openstack, please pardon if the questions are dumb.
Attempting to run a neutron dev setup with openvswitch plugin with VLAN
isolation and 2 hosts.
DISCLAIMER: I am not using devstack. Attempting to install the services in a
controller node - Ubuntu12.04 VM.
71 matches
Mail list logo