Mike, I've started a separate thread titled 'removing single mode' so that we don't thread jack the ssl conversation.
On Thu, Aug 21, 2014 at 12:27 PM, David Easter <deas...@mirantis.com> wrote: > Hi Adam, > > Just to clarify the subtlety of this change - you can still install a > single controller, but that controller will be “HA-ready” by deploying all > the projects needed for HA onto that controller. In other words, Fuel will > still be able to support smaller deployments along side larger ones for > those who only need one controller and a few compute nodes. > > This also enables an environment to grow overtime without redeployment. > Since everything is in place for HA, adding another controller just > extends that HA (and removes the single-controller single-point-of-failure). > > - David J. Easter > Director of Product Management, Mirantis, Inc. > > http://openstacksv.com/ > > From: Adam Lawson <alaw...@aqorn.com> > Reply-To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Date: Thursday, August 21, 2014 at 12:11 PM > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Subject: Re: [openstack-dev] [Fuel] Enable SSL between client and API > exposed via public URL with HAProxy > > IMHO, removing non-HA mode in Fuel would be a mistake as Fuel is also used > for smaller deployments. HA is required for Production sure but removing > support for smaller deployments would drive consumers of smaller clouds > elsewhere for orchestration. Maintaining support for smaller clouds > probably isn't a priority for Mirantis but I think it should be a priority > for the general community consumer base. This also goes for all of the > orchestrators out there whether it's SUSE, Juju, Piston, Nebulous, etc etc. > > Just my two cents. > > > *Adam Lawson* > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (844) 4-AQORN-NOW ext. 101 > International: +1 302-387-4660 > Direct: +1 916-246-2072 > > > > On Thu, Aug 21, 2014 at 7:24 AM, Guillaume Thouvenin <thouv...@gmail.com> > wrote: > >> >> On Thu, Aug 21, 2014 at 5:02 PM, Mike Scherbakov < >> mscherba...@mirantis.com> wrote: >> >>> >>> >>> Guillaume, do I understand right that without implementation of >>> https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support >>> will not be fully automated? And, consequently, we can not call it as >>> complete production ready feature for Fuel users? >>> >>> >> Yes you are right. Without the implementation of the CA deployment we >> can not consider it as ready to use. >> To test my deployment I manually copy a self-signed certificate on all >> controllers on a predefined location according to what I have in the puppet >> manifest. So it's really just for testing. I also write a small puppet >> manifest to generate a self signed certificate to deploy it automatically >> but it works only for one controller so this solution is also only for >> testing. >> >> So to have the feature ready for production we need to manage certificate >> maybe as a new option into the fuel dashboard. >> >> Best Regards, >> Guillaume >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > _______________________________________________ OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Andrew Mirantis Ceph community
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev