-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I'm not familiar with the low level details of the lbass implementation, so hopefully someone from the lbass team will be able to answer this.
The URL I sent last week for the API docs has been updated though. Here's the current URL: http://docs.openstack.org/developer/barbican/api/index.html - - Douglas On 9/21/15 11:41 AM, Varun Lodaya wrote: > Hey Douglas, > > Thanks for the reply. Will look into barbican ACLs and test it out. > Also, had 1 more follow up questionŠ 1) Currently the HAProxy LBaaS > instance sits on the controller. The certificate download happens > on the controller too. 2) Once we move to service-vm model, where > service-vms could reside on compute hypervisors, where will the > cert download happen? Still on controller in the flow? > > Thanks, Varun > > On 9/18/15, 10:53 PM, "Douglas Mendizábal" > <douglas.mendiza...@rackspace.com> wrote: > >> * PGP Signed by an unknown key >> >> Hi Varun, >> >> I believe the expected workflow for this use case is: >> >> 1. User uploads cert + key to Barbican 2. User grants lbass >> access to the barbican certificate container using the ACL API >> [1] 3. User requests tls container by providing Barbican >> container reference >> >> Since the user grants the lbass user access in step 2, the token >> generated using the conf file credentials will be accepted by >> Barbican and the certificate will be made available to lbass. >> >> - Douglas Mendizábal >> >> [1] >> http://docs.openstack.org/developer/barbican/api/quickstart/acls.htm >> >> l >> >> On 9/19/15 12:13 AM, Varun Lodaya wrote: >>> Hi Guys, >>> >>> With lbaasv2, I noticed that when we try to associate tls >>> containers with lbaas listeners, lbaas tries to validate the >>> container and while doing so, tries to get keystone token based >>> on tenant/user credentials in neutron.conf file. However, the >>> barbican containers could belong to different users in >>> different tenants, in that case, container look up would always >>> fail? Am I missing something? >>> >>> Thanks, Varun >>> >>> >>> ____________________________________________________________________ __ >> >>> ____ >>> >>> >> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> >> >>> * Unknown Key >> * 0x2098B5FB(L) >> >> _____________________________________________________________________ _____ >> >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > ______________________________________________________________________ ____ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWADcHAAoJEB7Z2EQgmLX7Me8QAJ1gTTMecCoWZBReLe+k5t98 8YIdoMjWgcavVTB+v08r5UYlsyLb5CkUQdWVagb+af9fQFThGvrEZKycffI078cb KoNW/ow0MQTTBEhrVDr2x800NuG3uitUAFKdNfPkhiB+4NWXrRnlIYD+XVMAJQ0L 2n7PFIC/F2VckSdUofhTJwAYBVGTRS/OL1G6dsxKh1LD3DEswKxyXb7TgVKaI2AO os5z0BRCiP4Y1Dl+vLN9C4Hj5/juFF9aVe8wmNTCwUUb/auXhjhNiy75BKmNwu1r kL2iPBCjjFFhx4JItZ/WJFhdGkceG+F5C4TeqJM7SUPM7SNXlXbhi2sTeb+WxvQE SjrdjEiRlzM/JCzsj1s634TwgJvLPmmRhxVnOgVm1mlXwgPaAk7b8PMXDik1Wkrq JzIorRb83XnV14yoJAh7kOrxxOlnB1UjnYh7YPr0KwYACkP8QQFkXxuzcePGUkOa cLDmu3kfofASOQEpLsbbn2Eu9/FIzwvJDXVbdr/nDYtzDUJiBi6AitMVal0H7kJs 0IdXZcaR7vt73Ln9RPCr6+3nMC57odB06cgDalLeG1Kn5pPY/MWkYZol7d+v2H7y c+nN7tAGaCsLzyhnhUffvns/ogSjTTW+JH2tfVDwf2pSTQhPvppcXBGXi8w95Ood KFZ5W9p/tAP4BEsWGNtS =6fJ9 -----END PGP SIGNATURE----- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev