Re: [openstack-dev] [infra][nova][all] Pillow breaking gate?

2015-10-01 Thread Carlos Garza
I fixed this on my local ubuntu 14.04 box by doing ³apt-get install libjpeg-dev² Can we just make that a low level package dependency on the images in gate so that We can move forward? On 10/1/15, 5:48 PM, "Kevin L. Mitchell" wrote: >It looks like Pillow (pulled in by blockdiag, pulled in by >sp

Re: [openstack-dev] [Kuryr] tox -egenconfig not working

2015-10-01 Thread Carlos Garza
If its because of an Error like "ValueError: --enable-jpeg requested but jpeg not found, aborting² triggered by a dependency pull of Python pillow which then I got around it by doing an ³apt-get install libjpeg-dev² on my ubuntu build. I agree its seemed odd when it happened on tox but not on p

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-30 Thread Carlos Garza
te's X509 by using getCertificateX509 and returns > SCN and SAN names dict. > > I will appreciate your opinion on this API. > > Thanks, > Evg > > > -Original Message- > From: Carlos Garza [mailto:carlos.ga...@rackspace.com] > Sent: Thursday, July

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-24 Thread Carlos Garza
Sorry I meant to say I'm pretty agreeable just park a stub module so I can populate it. On Jul 24, 2014, at 11:06 AM, Carlos Garza wrote: > I'Just park a module with a stub call that I can populate with > pyasn1. > On Jul 24, 2014, at 10:38 AM, Evgeny Fedoruk

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-24 Thread Carlos Garza
I'Just park a madule with a stub call that I can populate with pyasn1. On Jul 24, 2014, at 10:38 AM, Evgeny Fedoruk wrote: > Hi, > > Following our talk on TLS work items split, > We need to decide how will we validate/extract certificates Barbican TLS > containers. > As we agreed on IRC, the

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-24 Thread Carlos Garza
ybody else who is interested will review this change. >>> There is one specific spot for the common Barbican interactions >>> module API integration. >>> After the IRC meeting tomorrow, we can discuss the work items and >>> decide who is interested/available to do t

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-23 Thread Carlos Garza
make sense? > > Thanks, > Evg > > -----Original Message- > From: Carlos Garza [mailto:carlos.ga...@rackspace.com] > Sent: Wednesday, July 23, 2014 6:15 PM > To: OpenStack Development Mailing List (not for usage questions) > Subject: Re: [openstack-dev] [Neutron][LBaaS] TLS c

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-23 Thread Carlos Garza
oday. It will include lbaas extension v2 > modification, lbaas db v2 modifications, alembic migration for schema changes > and new tests in unit testing for lbaas db v2. > > Thanks, > Evg > > -Original Message- > From: Carlos Garza [mailto:carlos.ga...@rackspace.com] >

[openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-22 Thread Carlos Garza
Since it looks like the TLS blueprint was approved I''m sure were all eager to start coded so how should we divide up work on the source code. I have Pull requests in pyopenssl "https://github.com/pyca/pyopenssl/pull/143";. and a few one liners in pica/cryptography to expose the needed low

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - certificates data persistency

2014-07-22 Thread Carlos Garza
On Jul 20, 2014, at 6:32 AM, Evgeny Fedoruk wrote: > Hi folks, > > In a current version of TLS capabilities RST certificate SubjectCommonName > and SubjectAltName information is cached in a database. > This may be not necessary and here is why: > > 1. TLS containers are immutable, mea

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-22 Thread Carlos Garza
x27;t see harm in extracting these other subjectAltName types from the > x509 cert. It certainly "feels" more correct to treat these for what they > are: the tuples you've described. > > Thanks, > Stephen > > > > On Thu, Jul 17, 2014 at 2:29 PM, Carlos Ga

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-17 Thread Carlos Garza
al of the spec in the next day > or two. > > Thanks, > Stephen > > > > > On Wed, Jul 16, 2014 at 7:31 PM, Stephen Balukoff > wrote: > Just saw this thread after responding to the other: > > I'm in favor of Evgeny's proposal. It sounds li

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - Certificate conflict resolution

2014-07-16 Thread Carlos Garza
the perspective of the SNI standard, there's no difference in how these > fields should be treated, and if we were to treat SANs differently then we're > both breaking the standard and setting a bad precedent. > > Stephen > > > On Tue, Jul 15, 2014 at 9:35 AM,

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SubjectAlternativeNames (SAN)

2014-07-16 Thread Carlos Garza
On Jul 16, 2014, at 3:49 PM, Carlos Garza wrote: > > On Jul 16, 2014, at 12:30 PM, Vijay Venkatachalam > > wrote: > >We will have the code that will parse the X509 in the API scope of the > code. The validation I'm refering to is making sure the key matches th

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SubjectAlternativeNames (SAN)

2014-07-16 Thread Carlos Garza
used by multiple drivers is > going to be necessary. > > If we're extracting the Subject Common Name in any place in the code then we > also need to be extracting the Subject Alternative Names at the same place. > From the perspective of the SNI standard, there's no d

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-16 Thread Carlos Garza
o be necessary. > > If we're extracting the Subject Common Name in any place in the code then we > also need to be extracting the Subject Alternative Names at the same place. > From the perspective of the SNI standard, there's no difference in how these > fields should

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-15 Thread Carlos Garza
On Jul 15, 2014, at 10:55 AM, Samuel Bercovici wrote: > Hi, > > > Obtaining the domain name from the x509 is probably more of a > driver/backend/device capability, it would make sense to have a library that > could be used by anyone wishing to do so in their driver code. You can do wh

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-15 Thread Carlos Garza
On Jul 15, 2014, at 9:24 AM, Evgeny Fedoruk wrote: > The question is about SCN and SAN extraction from X509. > 1. Extraction of SCN/ SAN should be done while provisioning and not > during TLS handshake Yes that makes the most sense. If some strange backend really wants to repeatedly e

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
On Jun 28, 2014, at 12:01 AM, Carlos Garza wrote: >> >> example python script using your example pem file. If using NSS isn't an >> option I'd rather see us provide the necessary binding in pyopenssl than >> handcraft one-off routines. Are you saying y

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
On Jun 27, 2014, at 9:26 AM, John Dennis wrote: > On 06/27/2014 12:21 AM, Carlos Garza wrote: >> I don't know where we can check in experimental code so I have a >> demonstration >> of how to extract CNs subjAltNames or what ever we want from x509 >> cer

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
to. > > -Dustin > > > On Fri, Jun 27, 2014 at 7:26 AM, John Dennis wrote: > On 06/27/2014 12:21 AM, Carlos Garza wrote: > > I don't know where we can check in experimental code so I have a > > demonstration > > of how to extract CNs subjAltNames or

[openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-26 Thread Carlos Garza
I don't know where we can check in experimental code so I have a demonstration of how to extract CNs subjAltNames or what ever we want from x509 certificates. Later on I plan to use the OpenSSL libraries to verify certs coming from barbican are valid and actually do sign the private_key

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 4:06 PM, Clint Byrum wrote: > Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: >>> nobody is calling Barbican "a database". It is a place to store >> >> Š did you at least feel a heavy sense of irony as you typed those two >> statements? ³It¹s not a databa

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 3:22 PM, Doug Wiegley wrote: >> nobody is calling Barbican "a database". It is a place to store > > Š did you at least feel a heavy sense of irony as you typed those two > statements? ³It¹s not a database, it just stores things!² :-) > > The real irony here is that in thi

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
Sorry for responding so late but I don't think we should be doing ref counting at all. In a closed system its hard enough to guarantee they are correct but in an open distributed system I really doubt every service will bother decrementing and incrementing the counters properly. On Jun 16,

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-11 Thread Carlos Garza
On Jun 11, 2014, at 9:31 AM, Evgeny Fedoruk wrote: > Regarding the case when back-end system tries to retrieve secret from deleted > Barbican TLS container, > Is this a real use case? I mean, is there a back-end system which will get > container ID from somewhere, try to retrieve secrets from

Re: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

2014-06-10 Thread Carlos Garza
On Jun 10, 2014, at 3:11 PM, Stephen Balukoff wrote: > Hi Evgeny, > > Comments inline. > > On Tue, Jun 10, 2014 at 4:13 AM, Evgeny Fedoruk wrote: > Hi All, > > > > Carlos, Vivek, German, thanks for reviewing the RST doc. > > There are some issues I want to pinpoint final decision on them

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Carlos Garza
On Jun 10, 2014, at 2:53 PM, Doug Wiegley wrote: >> In any case, it strikes me as misleading to have an explicit delete command >> sent to Barbican not have the effect of making the key unusable in all other >> contexts. It would be less surprising behavior, IMO, to have a deleted >> barbican

Re: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

2014-06-10 Thread Carlos Garza
See adams message re: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas. He's advocating keeping a shadow copy of the private key that is owned by the LBaaS service so that incase a key is tampered with during an LB update migration etc we can still check with the shad

Re: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

2014-06-10 Thread Carlos Garza
Ok but we still need input from Stephen Balukoff and Jorge to see how this will integrate with the API being proposed. I'm not sure if they were intending to use the attributes your discussing as well as which object was going to contain them. On Jun 10, 2014, at 6:13 AM, Evgeny Fedoruk wrote:

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
The use case was that a cert inside the container could be updated while the private key stays the same. IE a new cert would be a resigning of the same old key. By immutable we mean to say that the same UUID would be used on the lbaas side. This is a heavy handed way of expecting the user to

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
The barbican team was considering making the container mutable but I don't think it matters now since every one has chimed in and wants the container to be immutable. The current discussion now is that the TLS container will be immutable but the meta data will not be. I'm not sure what is mea

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
I understand this concern and was advocating that a configuration option be available to disable or enable auto updating of SSL certificates. But since every one is in favor of storing meta data on the barbican container directly I guess this is a moot point now. On Jun 6, 2014, at 5:52 PM,

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Carlos Garza
On May 27, 2014, at 9:13 PM, Stephen Balukoff wrote: > Hi y'all! > > I would advocate that if the user asks the front-end API for the private key > information (ie. "GET" request), what they get back is the key's modulus and > nothing else. This should work to verify whether a given key matc

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread Carlos Garza
Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We kind of are already are implying that they can refer to the key via a private key id. On May 23, 20

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 2nd Session etherpad

2014-05-21 Thread Carlos Garza
:samu...@radware.com>> wrote: Hi Carlos, What is your IRC nick? In what time zone you are located? Regards, -Sam. From: Carlos Garza [mailto:carlos.ga...@rackspace.com<http://rackspace.com>] Sent: Wednesday, May 21, 2014 2:52 AM To: OpenStack Development Mailing List (not fo

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 2nd Session etherpad

2014-05-20 Thread Carlos Garza
I'm reading through the https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL docs as well as the https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7 document that your referencing below and I think who ever wrote the documents may have misunder stood the Association between X509 certificates a

Re: [openstack-dev] [Neutron][LBaaS] Multiple VIPs per loadbalancer

2014-05-10 Thread Carlos Garza
On May 10, 2014, at 1:52 AM, Eugene Nikanorov wrote: > Hi Carlos, > I think you had a chance to hear this argument yourself (from several > different core members: Mark McClain, Salvatore Orlando, Kyle Mestery) on > those meetings we had in past 2 months. > I was advocating 'loadbalancer' (in

Re: [openstack-dev] [Neutron][LBaaS] Multiple VIPs per loadbalancer

2014-05-09 Thread Carlos Garza
On May 9, 2014, at 3:36 PM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Also we've heard objection to this approach several times from other core team members (this discussion has been going for more than half a year now), so I would suggest to move forward with single L2 port ap

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-09 Thread Carlos Garza
On May 9, 2014, at 3:37 PM, Samuel Bercovici mailto:samu...@radware.com>> wrote: It boils down to two aspects: 1. How common is it for tenant to care about affinity or have more than a single VIP used in a way that adding an additional (mandatory) construct makes sense for them to handl

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-09 Thread Carlos Garza
ing such as neutron/lbaas and interpret it to be "Virtual Ips as a service. We've done that with our API in CLB1.0. Carlos. Eugene. On Fri, May 9, 2014 at 8:33 AM, Carlos Garza mailto:carlos.ga...@rackspace.com>> wrote: On May 8, 2014, at 2:45 PM, Eugene Nikanorov mailto:enika

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-08 Thread Carlos Garza
On May 8, 2014, at 2:45 PM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Hi Carlos, Are you saying that we should only have a loadbalancer resource only in the case where we want it to span multiple L2 networks as if it were a router? I don't see how you arrived at that conclu

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-08 Thread Carlos Garza
On May 8, 2014, at 8:01 AM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Hi Adam, My comments inline: 1. We shouldn't be looking at the current model and deciding which object is the root object, or what object to rename as a "loadbalancer"... That's totally backwards! *We don'

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-08 Thread Carlos Garza
ners if you really wanted to (https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container) -Rob From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: 08 May 2014 04:30 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neu

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Carlos Garza
On May 7, 2014, at 10:53 AM, Samuel Bercovici mailto:samu...@radware.com>> wrote: Hi John, If the user already has an SSL certificate that was acquired outside of the barbican Ordering system, how can he store it securely in Barbican as a SSL Certificate? The Container stored this information

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Carlos Garza
I thought the requirement was from the need to ensure the backend was secure. IE people would throw a fit if they find out your storing keys in sqllite or MySQL. Wasn't the purpose to find "A Secure repository"? On May 7, 2014, at 10:38 AM, Zang MingJie wrote: > +1 to implement a modular f

Re: [openstack-dev] [Neutron][LBaaS] Use-Cases with VPNs Distinction

2014-05-01 Thread Carlos Garza
On May 1, 2014, at 7:48 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Hi Trevor, I was the one who wrote that use case based on discussion that came out of the question I wrote the list last week about SSL re-encryption: Someone had stated that sometimes pool members are local,

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-05-01 Thread Carlos Garza
our stingray nodes don't allow you to specify. Its just an enable or disable option. On May 1, 2014, at 7:35 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Question for those of you using the SSL session ID for persistency: About how long do you typically set these sessions to p

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-01 Thread Carlos Garza
Balukoff I'm liking your API spec so far but can you elaborate on what this loadbalancer object you refer to is. on page You declare its immutable and refer to it like an actual primitive object yet I don't see a schema for it. I see loadbalancer_id in the vip request that reference. The to

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-29 Thread Carlos Garza
This blueprint was marked abandoned. On Apr 29, 2014, at 3:55 PM, Vijay B mailto:os.v...@gmail.com>> wrote: Hi Sam, Evgeny, I've reviewed https://review.openstack.org/#/c/74031 with my comments. I am not sure if there is a request with code newer than this link - please do let me know if

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-29 Thread Carlos Garza
On Apr 27, 2014, at 8:35 AM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: On Fri, Apr 25, 2014 at 4:03 AM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Speaking of SSL - we have a few few project-wise issues such as lack of secure storage, lack of secure messaging, req

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-04-29 Thread Carlos Garza
I mis quoted it should be in RFC 5246 not 5264. On Apr 25, 2014, at 2:50 AM, Carlos Garza mailto:carlos.ga...@rackspace.com>> wrote: Trevor is referring to our plans on using the SSL session ID of the ClientHello to provide session persistence. See RFC 5264 section 7.4.1.2 which se

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-04-25 Thread Carlos Garza
Trevor is referring to our plans on using the SSL session ID of the ClientHello to provide session persistence. See RFC 5264 section 7.4.1.2 which sends an SSL session ID in the clear (Unencrypted) so that a load balancer with out the decrypting key can use it to make decisions on which back

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-21 Thread Carlos Garza
members. What are people seeing "in the wild"? Are your users using inconsistently-signed or per-node self-signed certs in a single pool? Thanks, Stephen On Fri, Apr 18, 2014 at 5:56 PM, Carlos Garza mailto:carlos.ga...@rackspace.com>> wrote: On Apr 18, 2014, at 12:36 PM, Ste

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-20 Thread Carlos Garza
end certs are all individually self-signed (ie. no single CA used for all nodes), then certs must be associated with members. I'm not invested in an argument this far in. What are people seeing "in the wild"? Are your users using inconsistently-signed or per-node self

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 12:36 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Dang. I was hoping this wasn't the case. (I personally think it's a little silly not to trust your service provider to secure a network when they have root access to all the machines powering your cloud... b

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 12:59 PM, Vijay Venkatachalam mailto:vijay.venkatacha...@citrix.com>> wrote: There is no reasoning mentioned in AWS, but they do allow re-encryption. Is their also no reason to mention: BigIp's F5 LoadBalancers http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/p

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 10:21 AM, Stephen Balukoff wrote: > Howdy, folks! > > Could someone explain to me the SSL usage scenario where it makes sense to > re-encrypt traffic traffic destined for members of a back-end pool? SSL > termination on the load balancer makes sense to me, but I'm having

Re: [openstack-dev] [Neutron][LBaas] "Single call" API discussion

2014-04-18 Thread Carlos Garza
On Apr 17, 2014, at 8:39 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Hello German and Brandon! Responses in-line: On Thu, Apr 17, 2014 at 3:46 PM, Brandon Logan mailto:brandon.lo...@rackspace.com>> wrote: Stephen, I have responded to your questions below. On 04/17/2014 01:0

Re: [openstack-dev] [Neutron][LBaaS] HA functionality discussion

2014-04-17 Thread Carlos Garza
On Apr 17, 2014, at 5:49 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Heyas, y'all! So, given both the prioritization and usage info on HA functionality for Neutron LBaaS here: https://docs.google.com/spreadsheet/ccc?key=0Ar1FuMFYRhgadDVXZ25NM2NfbGtLTkR0TDFNUWJQUWc&usp=sharing

Re: [openstack-dev] [Neutron][LBaas] "Single call" API discussion

2014-04-17 Thread Carlos Garza
On Apr 17, 2014, at 2:11 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Oh! One other question: 5. Should "single-call" stuff work for the lifecycle of a load balancing service? That is to say, should "delete" functionality also clean up all primitives associated with the service

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-17 Thread Carlos Garza
On Apr 17, 2014, at 8:45 AM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Brandon, Towards the bottom of that document it does mention content switching and how it would work with this. I know its a huge text document and hard to navigate but it is there. Yeah, i should have b

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
but could probably have a draft to show y'all at next week's meeting if y'all think it would be helpful to produce such a thing. Anyway, we can discuss this at tomorrow's meeting… Yes we are very interested in your concrete ideas. So far all we saw on ssl is an entr

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
On Apr 16, 2014, at 4:31 PM, Eugene Nikanorov mailto:enikano...@mirantis.com>> wrote: Hi folks, I've briefly looked over the doc. I think whole idea to base the API on Atlas misses the content switching use case, which is very important: We need multiple pools within loadbalancer, and API doe

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
On Apr 14, 2014, at 8:20 PM, Stephen Balukoff mailto:sbaluk...@bluebox.net>> wrote: Hello y'all! Over the last few months, I feel like we've seen a renewed vigor for participation in making the LBaaS project successful. After the (still unresolved) object model discussion started in January,