Hi Adam, Just to clarify the subtlety of this change - you can still install a single controller, but that controller will be ³HA-ready² by deploying all the projects needed for HA onto that controller. In other words, Fuel will still be able to support smaller deployments along side larger ones for those who only need one controller and a few compute nodes.
This also enables an environment to grow overtime without redeployment. Since everything is in place for HA, adding another controller just extends that HA (and removes the single-controller single-point-of-failure). - David J. Easter Director of Product Management, Mirantis, Inc. http://openstacksv.com/ From: Adam Lawson <alaw...@aqorn.com> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> Date: Thursday, August 21, 2014 at 12:11 PM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [Fuel] Enable SSL between client and API exposed via public URL with HAProxy IMHO, removing non-HA mode in Fuel would be a mistake as Fuel is also used for smaller deployments. HA is required for Production sure but removing support for smaller deployments would drive consumers of smaller clouds elsewhere for orchestration. Maintaining support for smaller clouds probably isn't a priority for Mirantis but I think it should be a priority for the general community consumer base. This also goes for all of the orchestrators out there whether it's SUSE, Juju, Piston, Nebulous, etc etc. Just my two cents. Adam Lawson AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW ext. 101 International: +1 302-387-4660 Direct: +1 916-246-2072 On Thu, Aug 21, 2014 at 7:24 AM, Guillaume Thouvenin <thouv...@gmail.com> wrote: > > On Thu, Aug 21, 2014 at 5:02 PM, Mike Scherbakov <mscherba...@mirantis.com> > wrote: >> >> >> Guillaume, do I understand right that without implementation of >> https://blueprints.launchpad.net/fuel/+spec/ca-deployment, SSL support will >> not be fully automated? And, consequently, we can not call it as complete >> production ready feature for Fuel users? >> > > Yes you are right. Without the implementation of the CA deployment we can > not consider it as ready to use. > To test my deployment I manually copy a self-signed certificate on all > controllers on a predefined location according to what I have in the puppet > manifest. So it's really just for testing. I also write a small puppet > manifest to generate a self signed certificate to deploy it automatically but > it works only for one controller so this solution is also only for testing. > > So to have the feature ready for production we need to manage certificate > maybe as a new option into the fuel dashboard. > > Best Regards, > Guillaume > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
