Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Stephen Balukoff
(not for usage questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Of what use is a database that randomly delete rows? That is, in effect, what you’re allowing. The secrets are only useful when paired with a service

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Clint Byrum
Excerpts from Doug Wiegley's message of 2014-06-10 14:41:29 -0700: Of what use is a database that randomly delete rows? That is, in effect, what you’re allowing. The secrets are only useful when paired with a service. And unless I’m mistaken, there’s no undo. So you’re letting users

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Doug Wiegley
nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a database, it just stores things!² :-) The real irony here is that in this rather firm stand of keeping the user in control of their

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Clint Byrum
Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a database, it just stores things!² :-) Not at all, though I

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
, June 10, 2014 at 2:41 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Of what use is a database that randomly delete rows? That is, in effect, what

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Doug Wiegley
Hi Clint, Comments below. On 6/16/14, 3:06 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 3:22 PM, Doug Wiegley do...@a10networks.com wrote: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a database, it just stores things!² :-) The real irony here

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 4:06 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Doug Wiegley
Look, I'm talking a lot and not showing up with code, so I'm squelching myself. Noted, and ditto. Thanks for the dialog. Doug On 6/16/14, 5:54 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Doug Wiegley's message of 2014-06-16 16:10:51 -0700: Hi Clint, Comments below. On

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Clint Byrum
Excerpts from Carlos Garza's message of 2014-06-16 16:25:10 -0700: On Jun 16, 2014, at 4:06 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: nobody is calling Barbican a database. It is a place to store Š did you at least feel

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-13 Thread Jain, Vivek
Date: Tuesday, June 10, 2014 at 2:41 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Of what use is a database

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-11 Thread Clint Byrum
Excerpts from Adam Harwell's message of 2014-06-10 12:04:41 -0700: So, it looks like any sort of validation on Deletes in Barbican is going to be a no-go. I'd like to propose a third option, which might be the safest route to take for LBaaS while still providing some of the convenience of

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-11 Thread Carlos Garza
Development Mailing List (not for usage questions) Subject: [Caution: Message contains Suspicious URL content] Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas +1 – Warning on a deletion of certificate in use can be considered as a “nice-to-have” feature

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-11 Thread Vijay Venkatachalam
V. From: Adam Harwell [mailto:adam.harw...@rackspace.com] Sent: Wednesday, June 11, 2014 2:48 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Doug: Right, we actually have a blueprint draft

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Clint Byrum
Excerpts from Vijay Venkatachalam's message of 2014-06-09 21:48:43 -0700: My vote is for option #2 (without the registration). It is simpler to start with this approach. How is delete handled though? Ex. What is the expectation when user attempts to delete a certificate/container which

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Clark, Robert Graham
05:48 To: OpenStack List openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas My vote is for option #2 (without the registration). It is simpler to start with this approach. How

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Stephen Balukoff
2014 05:48 To: OpenStack List openstack-dev@lists.openstack.orgmailto: openstack-...@lists.openstack.or g Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas My vote is for option #2 (without the registration). It is simpler to start with this approach

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Adam Harwell
) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas In any case, it strikes me as misleading to have an explicit delete command sent to Barbican not have the effect of making the key

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Stephen Balukoff
questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Adam-- Wouldn't the user see the duplicate key/cert copy in their barbican interface, or are you proposing storing these secrets in a not-assigned

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Doug Wiegley
@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Doug: The reasons a LB might be reprovisioned are fairly important — mostly around HA, for fail overs or capacity — exactly the times we're trying

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Stephen Balukoff
(not for usage questions) openstack-dev@lists.openstack.org Date: Tuesday, June 10, 2014 at 2:19 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Doug

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Doug Wiegley
@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Right, service VMs are the biggest case for this, because then we WILL need to be tracking the barbicanID even in the backend. I also agree that it would be more useful for OpenStack

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Douglas Mendizabal
@lists.openstack.org Date: Tuesday, June 10, 2014 at 4:17 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Doug: Right, we actually have a blueprint draft for EXACTLY

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Stephen Balukoff
: Tuesday, June 10, 2014 4:10 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas A third option, that is neither shadow copying nor policy enforcement

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-10 Thread Doug Wiegley
, June 10, 2014 at 3:26 PM To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas I think that having Barbican decide whether

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Samuel Bercovici
Miramontes [mailto:jorge.miramon...@rackspace.com] Sent: Friday, June 06, 2014 10:16 PM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey everyone, Per our IRC discussion yesterday I'd like

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Evgeny Fedoruk
- From: Samuel Bercovici Sent: Monday, June 09, 2014 9:49 AM To: OpenStack Development Mailing List (not for usage questions) Cc: Samuel Bercovici; Evgeny Fedoruk Subject: RE: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hi, I think that option 2 should be preferred

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Jorge Miramontes
:05 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey John, Correct, I was envisioning that the Barbican request would not be affected, but rather, the GUI operator or API user could use

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas +1 for option 2. In addition as an additional safeguard, the LBaaS service could check with Barbican when failing to use an existing secret to see if the secret

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Jain, Vivek
To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey everyone, Per our IRC discussion yesterday I'd like to continue the discussion on how Barbican and Neutron LBaaS will interact

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Samuel Bercovici
: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas +1 for the idea of making certificate immutable. However, if Barbican allows updating certs/containers then versioning is a must. Thanks, Vivek On 6/8/14, 11:48 PM, Samuel Bercovici samu...@radware.com wrote: Hi

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Tiwari, Arvind
:31 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas As far as I understand the Current Barbican implementation is immutable. Can anyone from Barbican comment on this? -Original Message

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
: Jain, Vivek [mailto:vivekj...@ebay.com] Sent: Monday, June 09, 2014 8:34 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas +1 for the idea of making certificate immutable. However

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Douglas Mendizabal
- From: Samuel Bercovici [mailto:samu...@radware.com] Sent: Monday, June 09, 2014 1:31 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas As far as I understand the Current Barbican implementation

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread John Wood
questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas As per current implementation, containers are immutable. Do we have any use case to make it mutable? Can we live with new container instead of updating an existing container? Arvind -Original Message

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
(not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas As far as I understand the Current Barbican implementation is immutable. Can anyone from Barbican comment on this? -Original Message- From: Jain, Vivek [mailto:vivekj

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Douglas Mendizabal
Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas As per current implementation, containers are immutable. Do we have any use case to make it mutable? Can we live with new container instead of updating

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Clint Byrum
Excerpts from Douglas Mendizabal's message of 2014-06-09 16:08:02 -0700: Hi all, I’m strongly in favor of having immutable TLS-typed containers, and very much opposed to storing every revision of changes done to a container. I think that storing versioned containers would add too much

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Stephen Balukoff
Weighing in here: I'm all for option #2 as well. Stephen On Mon, Jun 9, 2014 at 4:42 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Douglas Mendizabal's message of 2014-06-09 16:08:02 -0700: Hi all, I’m strongly in favor of having immutable TLS-typed containers, and very much

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Vijay Venkatachalam
: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Weighing in here: I'm all for option #2 as well. Stephen On Mon, Jun 9, 2014 at 4:42 PM, Clint Byrum cl...@fewbar.commailto:cl...@fewbar.com wrote: Excerpts from Douglas Mendizabal's message of 2014-06-09 16:08:02

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-08 Thread Brandon Logan
(not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey John, Correct, I was envisioning that the Barbican request would not be affected, but rather

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-08 Thread Clint Byrum
Excerpts from Eichberger, German's message of 2014-06-06 15:52:54 -0700: Jorge + John, I am most concerned with a user changing his secret in barbican and then the LB trying to update and causing downtime. Some users like to control when the downtime occurs. Couldn't you allow a user to

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-07 Thread Jain, Vivek
[mailto:jorge.miramon...@rackspace.com] Sent: Friday, June 06, 2014 3:05 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey John, Correct, I was envisioning that the Barbican request would

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-07 Thread Eugene Nikanorov
...@rackspace.com] Sent: Friday, June 06, 2014 3:05 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey John, Correct, I was envisioning that the Barbican request would not be affected

[openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-06 Thread Jorge Miramontes
Hey everyone, Per our IRC discussion yesterday I'd like to continue the discussion on how Barbican and Neutron LBaaS will interact. There are currently two ideas in play and both will work. If you have another idea please free to add it so that we may evaluate all the options relative to each

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-06 Thread Youcef Laribi
] Sent: Friday, June 06, 2014 12:16 PM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey everyone, Per our IRC discussion yesterday I'd like to continue the discussion on how Barbican and Neutron

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-06 Thread John Wood
Miramontes [mailto:jorge.miramon...@rackspace.com] Sent: Friday, June 06, 2014 12:16 PM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey everyone, Per our IRC discussion yesterday I'd like

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-06 Thread Jorge Miramontes
[mailto:jorge.miramon...@rackspace.com] Sent: Friday, June 06, 2014 12:16 PM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey everyone, Per our IRC discussion yesterday I'd like to continue the discussion on how

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-06 Thread Eichberger, German
Message- From: Jorge Miramontes [mailto:jorge.miramon...@rackspace.com] Sent: Friday, June 06, 2014 3:05 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas Hey John, Correct, I