[openstack-dev] [octavia]redirection and barbican config
Hi, I updated the description accordingly. Please update the status https://bugs.launchpad.net/devstack/+bug/1655656 Thanks, Abed __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [octavia]redirection and barbican config
Hi, Please consider the bug: https://bugs.launchpad.net/devstack/+bug/1655656 Thanks, Abed Abu dbai __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [octavia]redirection and barbican config
Hi Akshay, Currently we are only allowing one VIP per amphora. You can log into the amphora if you specify a ssh keypair loaded into nova in the octavia.conf file. When that is specified you can log into the amphora via SSH on the management network interface. Michael On Mon, Aug 1, 2016 at 5:15 PM, Akshay Kumar Sanghai wrote: > Hi Michael, > Thanks. I have few more queries: > - Is it possible to create multiple VIPs on one amphora? > > -I created a LB 2 days back. I created all the objects loadbalancer, > listener, pool and members. The curl was successful for the vip. Today I > added one more listener listening on port 443 (Terminated https) and added > pool for it and members for the pool. I have barbican installed and I have > tried ssl offloading with barbican with haproxy namespace driver. The curl > for http and https were giving me code 503, but when I did a curl to the > member, it was working 200 ok. I tried to figure out where its going wrong, > but could not. I could not find any errors in octavia-api.log and > octavia-worker.log. So, I deleted everything and recreated again. Now it was > working. But for a similar future scenario, how should i figure out where > things went wrong or where the packet is dropped. Is it possible to login to > the amphora vm? > > Thanks > Akshay > > On Sat, Jul 30, 2016 at 11:45 PM, Michael Johnson > wrote: >> >> Hi Akshay, >> >> For 80 to 443 redirection, you can accomplish this using the new L7 >> rules capability. You would setup a listener on port 80 that has a >> redirect rule to the 443 URL. >> >> On the barbican question, if you are using the octavia driver, you >> will need to set the required settings in the octavia.conf file for >> proper barbican access. >> Those settings are called out here: >> >> http://docs.openstack.org/developer/octavia/config-reference/octavia-config-table.html >> >> Michael >> >> >> On Thu, Jul 28, 2016 at 1:02 PM, Akshay Kumar Sanghai >> wrote: >> > Hi, >> > I have a couple on questions on octavia. Please answer or redirect me to >> > relevant documentation: >> > - Assume listener is listening on 443 and client hits the vip on port >> > 80, >> > the connection will be refused. Is it possible to configure http to >> > https >> > direction? >> > >> > - For the barbican config, the only config item i can find is >> > cert_manager_type in neutron_lbaas.conf. How do we configure the >> > barbican >> > access for lbaas. I assume since we do the access config for nova and >> > keystone in neutron.conf, there should be some config file where we >> > define >> > the barbican access(username, password, auth_url). >> > >> > The community has been very helpful to me. Thanks a lot Guys. Appreciate >> > your efforts. >> > >> > Thanks >> > Akshay Sanghai >> > >> > >> > __ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [octavia]redirection and barbican config
Hi Michael, Thanks. I have few more queries: - Is it possible to create multiple VIPs on one amphora? -I created a LB 2 days back. I created all the objects loadbalancer, listener, pool and members. The curl was successful for the vip. Today I added one more listener listening on port 443 (Terminated https) and added pool for it and members for the pool. I have barbican installed and I have tried ssl offloading with barbican with haproxy namespace driver. The curl for http and https were giving me code 503, but when I did a curl to the member, it was working 200 ok. I tried to figure out where its going wrong, but could not. I could not find any errors in octavia-api.log and octavia-worker.log. So, I deleted everything and recreated again. Now it was working. But for a similar future scenario, how should i figure out where things went wrong or where the packet is dropped. Is it possible to login to the amphora vm? Thanks Akshay On Sat, Jul 30, 2016 at 11:45 PM, Michael Johnson wrote: > Hi Akshay, > > For 80 to 443 redirection, you can accomplish this using the new L7 > rules capability. You would setup a listener on port 80 that has a > redirect rule to the 443 URL. > > On the barbican question, if you are using the octavia driver, you > will need to set the required settings in the octavia.conf file for > proper barbican access. > Those settings are called out here: > > http://docs.openstack.org/developer/octavia/config-reference/octavia-config-table.html > > Michael > > > On Thu, Jul 28, 2016 at 1:02 PM, Akshay Kumar Sanghai > wrote: > > Hi, > > I have a couple on questions on octavia. Please answer or redirect me to > > relevant documentation: > > - Assume listener is listening on 443 and client hits the vip on port 80, > > the connection will be refused. Is it possible to configure http to > https > > direction? > > > > - For the barbican config, the only config item i can find is > > cert_manager_type in neutron_lbaas.conf. How do we configure the barbican > > access for lbaas. I assume since we do the access config for nova and > > keystone in neutron.conf, there should be some config file where we > define > > the barbican access(username, password, auth_url). > > > > The community has been very helpful to me. Thanks a lot Guys. Appreciate > > your efforts. > > > > Thanks > > Akshay Sanghai > > > > > __ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [octavia]redirection and barbican config
Hi Akshay, For 80 to 443 redirection, you can accomplish this using the new L7 rules capability. You would setup a listener on port 80 that has a redirect rule to the 443 URL. On the barbican question, if you are using the octavia driver, you will need to set the required settings in the octavia.conf file for proper barbican access. Those settings are called out here: http://docs.openstack.org/developer/octavia/config-reference/octavia-config-table.html Michael On Thu, Jul 28, 2016 at 1:02 PM, Akshay Kumar Sanghai wrote: > Hi, > I have a couple on questions on octavia. Please answer or redirect me to > relevant documentation: > - Assume listener is listening on 443 and client hits the vip on port 80, > the connection will be refused. Is it possible to configure http to https > direction? > > - For the barbican config, the only config item i can find is > cert_manager_type in neutron_lbaas.conf. How do we configure the barbican > access for lbaas. I assume since we do the access config for nova and > keystone in neutron.conf, there should be some config file where we define > the barbican access(username, password, auth_url). > > The community has been very helpful to me. Thanks a lot Guys. Appreciate > your efforts. > > Thanks > Akshay Sanghai > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [octavia]redirection and barbican config
Hi, I have a couple on questions on octavia. Please answer or redirect me to relevant documentation: - Assume listener is listening on 443 and client hits the vip on port 80, the connection will be refused. Is it possible to configure http to https direction? - For the barbican config, the only config item i can find is cert_manager_type in neutron_lbaas.conf. How do we configure the barbican access for lbaas. I assume since we do the access config for nova and keystone in neutron.conf, there should be some config file where we define the barbican access(username, password, auth_url). The community has been very helpful to me. Thanks a lot Guys. Appreciate your efforts. Thanks Akshay Sanghai __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev